Merge "When creating a trust, send role_ids instead or role_names"

openstackclient/identity/v3/trust.py

@@ -104,16 +104,16 @@ class CreateTrust(command.ShowOne):
                                          parsed_args.project,
                                          parsed_args.project_domain).id
 
-        role_names = []
+        role_ids = []
         for role in parsed_args.role:
             try:
-                role_name = utils.find_resource(
+                role_id = utils.find_resource(
                     identity_client.roles,
                     role,
-                ).name
+                ).id
             except identity_exc.Forbidden:
-                role_name = role
-            role_names.append(role_name)
+                role_id = role
+            role_ids.append(role_id)
 
         expires_at = None
         if parsed_args.expiration:
@@ -124,7 +124,7 @@ class CreateTrust(command.ShowOne):
             trustee_id, trustor_id,
             impersonation=parsed_args.impersonate,
             project=project_id,
-            role_names=role_names,
+            role_ids=role_ids,
             expires_at=expires_at,
         )
 

openstackclient/tests/unit/identity/v3/test_trust.py

@@ -94,7 +94,7 @@ class TestTrustCreate(TestTrust):
         kwargs = {
             'impersonation': False,
             'project': identity_fakes.project_id,
-            'role_names': [identity_fakes.role_name],
+            'role_ids': [identity_fakes.role_id],
             'expires_at': None,
         }
         # TrustManager.create(trustee_id, trustor_id, impersonation=,

releasenotes/notes/bug-1696111-e2cf9233fa872eb7.yaml

@@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    Fixed an issue where a trust could not be created if multiple roles had
+    the same name. A role's ID is now sent to the identity service instead.
+
+    [Bug '1696111 <https://bugs.launchpad.net/keystone/+bug/1696111>'_]