Handle 403 error on creating trust

Currently, creating trust requires permission to list roles, but
non-admin users don't have permission to do that by default. This
commit adds exception handling on listing roles, and continue to
create trust if server returns 403.

Closes-Bug: #1658582
Change-Id: I4f016b76cb46ae07ef65ed54780881bbcd6210d3

openstackclient/identity/v3/trust.py

@@ -16,6 +16,7 @@
 import datetime
 import logging
 
+from keystoneclient import exceptions as identity_exc
 from osc_lib.command import command
 from osc_lib import exceptions
 from osc_lib import utils
@@ -105,10 +106,13 @@ class CreateTrust(command.ShowOne):
 
         role_names = []
         for role in parsed_args.role:
-            role_name = utils.find_resource(
-                identity_client.roles,
-                role,
-            ).name
+            try:
+                role_name = utils.find_resource(
+                    identity_client.roles,
+                    role,
+                ).name
+            except identity_exc.Forbidden:
+                role_name = role
             role_names.append(role_name)
 
         expires_at = None

releasenotes/notes/bug-1658582-80a76f6b0af0ca12.yaml

@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Correctly handle non-admin in ``create trust`` command when looking
+    up role names.
+    [Bug `1658582 <https://bugs.launchpad.net/python-openstackclient/+bug/1658582>`_]