GET /tokens/{token_id}: Exposing both role ID's and Name's

Change-Id: I80931b133562a7ad70f1d185ce481e48927887b4

keystone/logic/service.py

@@ -24,7 +24,8 @@ import keystone.backends.api as api
 import keystone.backends.models as models
 from keystone.logic.types import fault
 from keystone.logic.types.tenant import Tenant, Tenants
-from keystone.logic.types.role import Role, RoleRef, RoleRefs, Roles
+from keystone.logic.types.role import Role, RoleRef, RoleRefs, Roles, \
+    UserRole, UserRoles
 from keystone.logic.types.service import Service, Services
 from keystone.logic.types.user import User, User_Update, Users
 from keystone.logic.types.endpoint import Endpoint, Endpoints, \
@@ -446,15 +447,17 @@ class IdentityService(object):
             drole_refs = api.ROLE.ref_get_all_tenant_roles(duser.id,
                 dtoken.tenant_id)
             for drole_ref in drole_refs:
-                ts.append(RoleRef(drole_ref.id, drole_ref.role_id,
+                drole = api.ROLE.get(drole_ref.role_id)
+                ts.append(UserRole(drole_ref.role_id, drole.name,
                     drole_ref.tenant_id))
         drole_refs = api.ROLE.ref_get_all_global_roles(duser.id)
         for drole_ref in drole_refs:
-            ts.append(RoleRef(drole_ref.id, drole_ref.role_id,
+            drole = api.ROLE.get(drole_ref.role_id)
+            ts.append(UserRole(drole_ref.role_id, drole.name,
                 drole_ref.tenant_id))
 
         user = auth.User(duser.id, duser.name, duser.tenant_id,
-            RoleRefs(ts, []))
+            UserRoles(ts, []))
 
         return auth.ValidateData(token, user)
 

keystone/logic/types/role.py

@@ -224,3 +224,84 @@ class RoleRefs(object):
     def to_json_values(self):
         values = [t.to_dict()["role"] for t in self.values]
         return values
+
+
+class UserRole(object):
+    """A role granted to a user"""
+
+    def __init__(self, role_id, role_name, tenant_id):
+        self.role_id = role_id
+        self.role_name = role_name
+        self.tenant_id = tenant_id
+
+    @staticmethod
+    def from_xml(xml_str):
+        try:
+            dom = etree.Element("root")
+            dom.append(etree.fromstring(xml_str))
+
+            root = dom.find("{http://docs.openstack.org/identity/api/v2.0}" \
+                            "role")
+            if root == None:
+                raise fault.BadRequestFault("Expecting Role")
+
+            role_id = root.get("id")
+            role_name = root.get("name")
+            tenant_id = root.get("tenantId")
+
+            if role_id is None:
+                raise fault.BadRequestFault("Expecting Role ID")
+
+            return UserRole(role_id, role_name, tenant_id)
+        except etree.LxmlError as e:
+            raise fault.BadRequestFault("Cannot parse Role", str(e))
+
+    @staticmethod
+    def from_json(json_str):
+        try:
+            obj = json.loads(json_str)
+            if not "role" in obj:
+                raise fault.BadRequestFault("Expecting Role")
+            role = obj["role"]
+
+            role_id = role.get('id')
+            role_name = role.get('name')
+            tenant_id = role.get('tenantId')
+
+            if role_id is None:
+                raise fault.BadRequestFault("Expecting Role ID")
+
+            return RoleRef(role_id, role_name, tenant_id)
+        except (ValueError, TypeError) as e:
+            raise fault.BadRequestFault("Cannot parse Role", str(e))
+
+    def to_dom(self):
+        dom = etree.Element("role",
+                        xmlns="http://docs.openstack.org/identity/api/v2.0")
+        if self.role_id:
+            dom.set("id", unicode(self.role_id))
+        if self.role_name:
+            dom.set("name", unicode(self.role_name))
+        if self.tenant_id:
+            dom.set("tenantId", unicode(self.tenant_id))
+        return dom
+
+    def to_xml(self):
+        return etree.tostring(self.to_dom())
+
+    def to_dict(self):
+        role = {}
+        if self.role_id:
+            role["id"] = unicode(self.role_id)
+        if self.role_name:
+            role["name"] = unicode(self.role_name)
+        if self.tenant_id:
+            role["tenantId"] = unicode(self.tenant_id)
+        return {'role': role}
+
+    def to_json(self):
+        return json.dumps(self.to_dict())
+
+
+class UserRoles(RoleRefs):
+    "A collection of roles granted to a user."

keystone/test/functional/test_token.py

@@ -38,7 +38,9 @@ class ValidateToken(common.FunctionalTestCase):
 
         self.assertIsNotNone(r.json['access']['user']["roles"])
         self.assertEqual(r.json['access']['user']["roles"][0]['id'],
-            self.role_ref['id'])
+            self.role['id'])
+        self.assertEqual(r.json['access']['user']["roles"][0]['name'],
+            self.role['name'])
 
     def test_validate_token_true_using_service_token(self):
         self.admin_token = self.service_admin_token
@@ -47,7 +49,9 @@ class ValidateToken(common.FunctionalTestCase):
 
         self.assertIsNotNone(r.json['access']['user']["roles"])
         self.assertEqual(r.json['access']['user']["roles"][0]['id'],
-            self.role_ref['id'])
+            self.role['id'])
+        self.assertEqual(r.json['access']['user']["roles"][0]['name'],
+            self.role['name'])
 
     def test_validate_token_true_xml(self):
         r = self.get_token_belongsto(self.token['id'], self.tenant['id'],
@@ -63,7 +67,8 @@ class ValidateToken(common.FunctionalTestCase):
 
         role = roles.find('{%s}role' % self.xmlns)
         self.assertIsNotNone(role)
-        self.assertEqual(self.role_ref['id'], role.get("id"))
+        self.assertEqual(self.role['id'], role.get("id"))
+        self.assertEqual(self.role['name'], role.get("name"))
 
     def test_validate_token_expired(self):
         self.get_token(self.expired_admin_token, assert_status=403)