Expose context to create grant and delete grant

To correctly issue a CADF audit event for a change in role
assignments, we need to expose the context at the manager level.
Note that the driver signatures are *not* changing, just the
manager needs to know the context.

implements bp role-assignment-notifications

Change-Id: I116b185f5d1fc3f9cbb03ffcf3ce64c56a73d969

keystone/assignment/controllers.py

@@ -520,7 +520,7 @@ class RoleV3(controller.V3Controller):
 
         self.assignment_api.create_grant(
             role_id, user_id, group_id, domain_id, project_id,
-            self._check_if_inherited(context))
+            self._check_if_inherited(context), context)
 
     @controller.protected(callback=_check_grant_protection)
     def list_grants(self, context, user_id=None,
@@ -554,7 +554,7 @@ class RoleV3(controller.V3Controller):
 
         self.assignment_api.delete_grant(
             role_id, user_id, group_id, domain_id, project_id,
-            self._check_if_inherited(context))
+            self._check_if_inherited(context), context)
 
 
 @dependency.requires('assignment_api', 'identity_api')

keystone/assignment/core.py

@@ -504,9 +504,15 @@ class Manager(manager.Manager):
             self.revoke_api.revoke_by_grant(role_id, user_id=user_id,
                                             project_id=tenant_id)
 
+    def create_grant(self, role_id, user_id=None, group_id=None,
+                     domain_id=None, project_id=None,
+                     inherited_to_projects=False, context=None):
+        self.driver.create_grant(role_id, user_id, group_id, domain_id,
+                                 project_id, inherited_to_projects)
+
     def delete_grant(self, role_id, user_id=None, group_id=None,
                      domain_id=None, project_id=None,
-                     inherited_to_projects=False):
+                     inherited_to_projects=False, context=None):
         user_ids = []
         if group_id is None:
             if self.revoke_api: