Modify 'admin' used by fixed string

When we do "member update" on domain and project page,
'admin' role is used by fixed string in internal processing.
However, since kilo we can use OPENSTACK_KEYSTONE_ADMIN_ROLES
and it mean the list of roles that have administrator
privileges. So this patch modify to use this setting.

Change-Id: I3817b168e7ac448997f41c1a4f4b3a3606994297
Closes-Bug: #1527457

openstack_dashboard/dashboards/identity/domains/workflows.py

@@ -26,6 +26,7 @@ from horizon import workflows
 from openstack_dashboard import api
 
 from openstack_dashboard.dashboards.identity.domains import constants
+from openstack_dashboard.utils.identity import IdentityMixIn
 
 LOG = logging.getLogger(__name__)
 
@@ -294,7 +295,7 @@ class UpdateDomainInfo(workflows.Step):
                    "enabled")
 
 
-class UpdateDomain(workflows.Workflow):
+class UpdateDomain(workflows.Workflow, IdentityMixIn):
     slug = "update_domain"
     name = _("Edit Domain")
     finalize_button_name = _("Save")
@@ -352,8 +353,11 @@ class UpdateDomain(workflows.Workflow):
                 # domain_id == request.user.domain_id
                 is_current_domain = True
 
-                available_admin_role_ids = [role.id for role in available_roles
-                                            if role.name.lower() == 'admin']
+                _admin_roles = self.get_admin_roles()
+                available_admin_role_ids = [role.id for role in
+                                            available_roles
+                                            if role.name.lower() in
+                                            _admin_roles]
                 admin_role_ids = [role for role in current_role_ids
                                   if role in available_admin_role_ids]
                 if len(admin_role_ids):

openstack_dashboard/dashboards/identity/projects/tests.py

@@ -1778,3 +1778,8 @@ class SeleniumTests(test.SeleniumAdminTestCase):
 
         for user in users:
             self.assertIn(user.name, members.text)
+
+    def test_get_admin_roles(self):
+        mix_in = workflows.IdentityMixIn()
+        admin_roles = mix_in.get_admin_roles()
+        self.assertEqual(['foo', 'bar', 'admin'], admin_roles)

openstack_dashboard/dashboards/identity/projects/workflows.py

@@ -33,6 +33,7 @@ from openstack_dashboard.api import cinder
 from openstack_dashboard.api import keystone
 from openstack_dashboard.api import nova
 from openstack_dashboard.usage import quotas
+from openstack_dashboard.utils.identity import IdentityMixIn
 
 INDEX_URL = "horizon:identity:projects:index"
 ADD_USER_URL = "horizon:identity:projects:create_user"
@@ -572,7 +573,7 @@ class UpdateProjectInfo(workflows.Step):
                    "enabled")
 
 
-class UpdateProject(CommonQuotaWorkflow):
+class UpdateProject(CommonQuotaWorkflow, IdentityMixIn):
     slug = "update_project"
     name = _("Edit Project")
     finalize_button_name = _("Save")
@@ -662,8 +663,9 @@ class UpdateProject(CommonQuotaWorkflow):
                                      available_roles, current_role_ids):
         is_current_user = user_id == request.user.id
         is_current_project = project_id == request.user.tenant_id
+        _admin_roles = self.get_admin_roles()
         available_admin_role_ids = [role.id for role in available_roles
-                                    if role.name.lower() == 'admin']
+                                    if role.name.lower() in _admin_roles]
         admin_roles = [role for role in current_role_ids
                        if role in available_admin_role_ids]
         if len(admin_roles):

openstack_dashboard/test/settings.py

@@ -231,3 +231,4 @@ REST_API_SETTING_2 = 'bar'
 REST_API_SECURITY = 'SECURITY'
 REST_API_REQUIRED_SETTINGS = ['REST_API_SETTING_1']
 REST_API_ADDITIONAL_SETTINGS = ['REST_API_SETTING_2']
+OPENSTACK_KEYSTONE_ADMIN_ROLES = ['foO', 'BAR', 'admin']

openstack_dashboard/test/tests/utils.py

@@ -18,6 +18,7 @@ import uuid
 
 from openstack_dashboard.test import helpers as test
 from openstack_dashboard.utils import filters
+from openstack_dashboard.utils import identity
 from openstack_dashboard.utils import metering
 
 
@@ -63,3 +64,10 @@ class UtilsMeteringTests(test.TestCase):
     def test_calc_date_args_invalid(self):
         self.assertRaises(
             ValueError, metering.calc_date_args, object, object, "other")
+
+
+class IdentityTests(test.BaseAdminViewTests):
+    def test_get_admin_roles(self):
+        mix_in = identity.IdentityMixIn()
+        admin_roles = mix_in.get_admin_roles()
+        self.assertEqual(['foo', 'bar', 'admin'], admin_roles)

openstack_dashboard/utils/identity.py

@@ -0,0 +1,25 @@
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+from django.conf import settings
+
+from horizon.utils.memoized import memoized  # noqa
+
+
+class IdentityMixIn(object):
+    @memoized
+    def get_admin_roles(self):
+        _admin_roles = [role.lower() for role in getattr(
+            settings,
+            'OPENSTACK_KEYSTONE_ADMIN_ROLES',
+            ['admin'])]
+        return _admin_roles