Modify admin_api policy rule

Magnum API's magnum_service:get_all is enforced by admin_api.
Modifying the rule to use context_is_admin. Also changing the to_dict()
call to include change in roles.

Change-Id: I44dda27857945dfd3ad43fa28ea458ce2966388c
Closes-Bug: #1503402

etc/magnum/policy.json

@@ -2,7 +2,7 @@
     "context_is_admin":  "role:admin",
     "admin_or_owner":  "is_admin:True or project_id:%(project_id)s",
     "default": "rule:admin_or_owner",
-    "admin_api": "is_admin:True",
+    "admin_api": "rule:context_is_admin",
 
     "bay:create": "rule:default",
     "bay:delete": "rule:default",

magnum/common/context.py

@@ -65,6 +65,7 @@ class RequestContext(context.RequestContext):
                       'is_admin': self.is_admin,
                       'is_public_api': self.is_public_api,
                       'read_only': self.read_only,
+                      'roles': self.roles,
                       'show_deleted': self.show_deleted,
                       'request_id': self.request_id,
                       'trust_id': self.trust_id,

magnum/tests/fake_policy.py

@@ -18,7 +18,7 @@ policy_data = """
     "context_is_admin":  "role:admin",
     "admin_or_owner":  "is_admin:True or project_id:%(project_id)s",
     "default": "rule:admin_or_owner",
-    "admin_api": "is_admin:True",
+    "admin_api": "rule:context_is_admin",
 
     "bay:create": "",
     "bay:delete": "",

magnum/tests/unit/common/test_context.py

@@ -27,6 +27,7 @@ class ContextTestCase(base.TestCase):
                                              user_id='user-id1',
                                              project_name='tenant1',
                                              project_id='tenant-id1',
+                                             roles=['admin', 'service'],
                                              is_admin=True,
                                              is_public_api=True,
                                              read_only=True,
@@ -46,6 +47,8 @@ class ContextTestCase(base.TestCase):
         self.assertEqual("user-id1", ctx.user_id)
         self.assertEqual("tenant1", ctx.project_name)
         self.assertEqual("tenant-id1", ctx.project_id)
+        for role in ctx.roles:
+            self.assertTrue(role in ['admin', 'service'])
         self.assertTrue(ctx.is_admin)
         self.assertTrue(ctx.is_public_api)
         self.assertTrue(ctx.read_only)
@@ -70,6 +73,7 @@ class ContextTestCase(base.TestCase):
         self.assertEqual(ctx.is_admin, ctx2.is_admin)
         self.assertEqual(ctx.is_public_api, ctx2.is_public_api)
         self.assertEqual(ctx.read_only, ctx2.read_only)
+        self.assertEqual(ctx.roles, ctx2.roles)
         self.assertEqual(ctx.show_deleted, ctx2.show_deleted)
         self.assertEqual(ctx.request_id, ctx2.request_id)
         self.assertEqual(ctx.trust_id, ctx2.trust_id)