From 0aa9df3b76d85706c12320eaa199aa52eaafebb3 Mon Sep 17 00:00:00 2001
From: Jamie Lennox <jamielennox@redhat.com>
Date: Wed, 18 Jun 2014 11:48:56 +1000
Subject: [PATCH] Add role ids to the AccessInfo

Role Names are already there, add ids as well.

Change-Id: Ie6f14a60b182ec2f4ab97c6ced564e63a2f5169a
---
 keystoneclient/access.py                     | 17 +++++++++++++++
 keystoneclient/fixture/v2.py                 | 13 ++++++++----
 keystoneclient/tests/v2_0/client_fixtures.py |  3 +--
 keystoneclient/tests/v2_0/test_access.py     | 22 ++++++++++++++++++--
 keystoneclient/tests/v3/test_access.py       |  3 +++
 5 files changed, 50 insertions(+), 8 deletions(-)

diff --git a/keystoneclient/access.py b/keystoneclient/access.py
index 7120fd9c6..3ef4d72cb 100644
--- a/keystoneclient/access.py
+++ b/keystoneclient/access.py
@@ -163,6 +163,15 @@ class AccessInfo(dict):
         """
         raise NotImplementedError()
 
+    @property
+    def role_ids(self):
+        """Returns a list of role ids of the user associated with the
+        authentication request.
+
+        :returns: a list of strings of role ids
+        """
+        raise NotImplementedError()
+
     @property
     def role_names(self):
         """Returns a list of role names of the user associated with the
@@ -370,6 +379,10 @@ class AccessInfoV2(AccessInfo):
     def user_domain_name(self):
         return 'Default'
 
+    @property
+    def role_ids(self):
+        return self.get('metadata', {}).get('roles', [])
+
     @property
     def role_names(self):
         return [r['name'] for r in self['user'].get('roles', [])]
@@ -528,6 +541,10 @@ class AccessInfoV3(AccessInfo):
     def user_domain_name(self):
         return self['user']['domain']['name']
 
+    @property
+    def role_ids(self):
+        return [r['id'] for r in self.get('roles', [])]
+
     @property
     def role_names(self):
         return [r['name'] for r in self.get('roles', [])]
diff --git a/keystoneclient/fixture/v2.py b/keystoneclient/fixture/v2.py
index 3482519da..871410302 100644
--- a/keystoneclient/fixture/v2.py
+++ b/keystoneclient/fixture/v2.py
@@ -129,6 +129,10 @@ class Token(dict):
     def tenant_name(self, value):
         self._token.setdefault('tenant', {})['name'] = value
 
+    @property
+    def _metadata(self):
+        return self.root.setdefault('metadata', {})
+
     def validate(self):
         scoped = 'tenant' in self.token
         catalog = self.root.get('serviceCatalog')
@@ -142,11 +146,12 @@ class Token(dict):
             raise exception.FixtureValidationError(msg)
 
     def add_role(self, name=None, id=None):
+        id = id or uuid.uuid4().hex
+        name = name or uuid.uuid4().hex
         roles = self._user.setdefault('roles', [])
-        data = {'id': id or uuid.uuid4().hex,
-                'name': name or uuid.uuid4().hex}
-        roles.append(data)
-        return data
+        roles.append({'name': name})
+        self._metadata.setdefault('roles', []).append(id)
+        return {'id': id, 'name': name}
 
     def add_service(self, type, name=None):
         name = name or uuid.uuid4().hex
diff --git a/keystoneclient/tests/v2_0/client_fixtures.py b/keystoneclient/tests/v2_0/client_fixtures.py
index 178b1487a..39d808eb1 100644
--- a/keystoneclient/tests/v2_0/client_fixtures.py
+++ b/keystoneclient/tests/v2_0/client_fixtures.py
@@ -32,8 +32,7 @@ def project_scoped_token():
                         user_id='c4da488862bd435c9e6c0275a0d0e49a',
                         user_name='exampleuser')
 
-    f.add_role(id='edc12489faa74ee0aca0b8a0b4d74a74',
-               name='Member')
+    f.add_role(id='member_id', name='Member')
 
     s = f.add_service('volume', 'Volume Service')
     s.add_endpoint(public='http://public.com:8776/v1/%s' % _TENANT_ID,
diff --git a/keystoneclient/tests/v2_0/test_access.py b/keystoneclient/tests/v2_0/test_access.py
index 2982eb9dc..862bf5a5a 100644
--- a/keystoneclient/tests/v2_0/test_access.py
+++ b/keystoneclient/tests/v2_0/test_access.py
@@ -15,6 +15,7 @@ import datetime
 import testresources
 
 from keystoneclient import access
+from keystoneclient import fixture
 from keystoneclient.openstack.common import timeutils
 from keystoneclient.tests import client_fixtures as token_data
 from keystoneclient.tests.v2_0 import client_fixtures
@@ -37,6 +38,7 @@ class AccessInfoTest(utils.TestCase, testresources.ResourcedTestCase):
         self.assertEqual(auth_ref.username, 'exampleuser')
         self.assertEqual(auth_ref.user_id, 'c4da488862bd435c9e6c0275a0d0e49a')
 
+        self.assertEqual(auth_ref.role_ids, [])
         self.assertEqual(auth_ref.role_names, [])
 
         self.assertIsNone(auth_ref.tenant_name)
@@ -67,8 +69,8 @@ class AccessInfoTest(utils.TestCase, testresources.ResourcedTestCase):
         self.assertFalse(auth_ref.will_expire_soon())
 
     def test_building_scoped_accessinfo(self):
-        auth_ref = access.AccessInfo.factory(
-            body=client_fixtures.project_scoped_token())
+        token = client_fixtures.project_scoped_token()
+        auth_ref = access.AccessInfo.factory(body=token)
 
         self.assertTrue(auth_ref)
         self.assertIn('token', auth_ref)
@@ -80,6 +82,7 @@ class AccessInfoTest(utils.TestCase, testresources.ResourcedTestCase):
         self.assertEqual(auth_ref.username, 'exampleuser')
         self.assertEqual(auth_ref.user_id, 'c4da488862bd435c9e6c0275a0d0e49a')
 
+        self.assertEqual(auth_ref.role_ids, ['member_id'])
         self.assertEqual(auth_ref.role_names, ['Member'])
 
         self.assertEqual(auth_ref.tenant_name, 'exampleproject')
@@ -130,6 +133,21 @@ class AccessInfoTest(utils.TestCase, testresources.ResourcedTestCase):
         self.assertEqual(auth_ref.user_domain_name, 'Default')
         self.assertEqual(auth_ref.role_names, ['role1', 'role2'])
 
+    def test_v2_roles(self):
+        role_id = 'a'
+        role_name = 'b'
+
+        token = fixture.V2Token()
+        token.set_scope()
+        token.add_role(id=role_id, name=role_name)
+
+        auth_ref = access.AccessInfo.factory(body=token)
+
+        self.assertEqual([role_id], auth_ref.role_ids)
+        self.assertEqual([role_id], auth_ref['metadata']['roles'])
+        self.assertEqual([role_name], auth_ref.role_names)
+        self.assertEqual([{'name': role_name}], auth_ref['user']['roles'])
+
 
 def load_tests(loader, tests, pattern):
     return testresources.OptimisingTestSuite(tests)
diff --git a/keystoneclient/tests/v3/test_access.py b/keystoneclient/tests/v3/test_access.py
index cae09f978..938a4b639 100644
--- a/keystoneclient/tests/v3/test_access.py
+++ b/keystoneclient/tests/v3/test_access.py
@@ -40,6 +40,7 @@ class AccessInfoTest(utils.TestCase):
         self.assertEqual(auth_ref.username, 'exampleuser')
         self.assertEqual(auth_ref.user_id, 'c4da488862bd435c9e6c0275a0d0e49a')
 
+        self.assertEqual(auth_ref.role_ids, [])
         self.assertEqual(auth_ref.role_names, [])
 
         self.assertIsNone(auth_ref.project_name)
@@ -84,6 +85,7 @@ class AccessInfoTest(utils.TestCase):
         self.assertEqual(auth_ref.username, 'exampleuser')
         self.assertEqual(auth_ref.user_id, 'c4da488862bd435c9e6c0275a0d0e49a')
 
+        self.assertEqual(auth_ref.role_ids, ['76e72a', 'f4f392'])
         self.assertEqual(auth_ref.role_names, ['admin', 'member'])
 
         self.assertEqual(auth_ref.domain_name, 'anotherdomain')
@@ -117,6 +119,7 @@ class AccessInfoTest(utils.TestCase):
         self.assertEqual(auth_ref.username, 'exampleuser')
         self.assertEqual(auth_ref.user_id, 'c4da488862bd435c9e6c0275a0d0e49a')
 
+        self.assertEqual(auth_ref.role_ids, ['76e72a', 'f4f392'])
         self.assertEqual(auth_ref.role_names, ['admin', 'member'])
 
         self.assertIsNone(auth_ref.domain_name)