change get_roles to have a flag for project_roles or not. Don't show 'projectmanager' in list of roles

nova/auth/manager.py

@@ -463,19 +463,18 @@ class AuthManager(object):
         with self.driver() as drv:
             drv.remove_role(User.safe_id(user), role, Project.safe_id(project))
 
-    def get_roles(self):
+    def get_roles(self, project_roles=True):
         """Get list of allowed roles"""
-        return FLAGS.allowed_roles
+        if project_roles:
+            return list(set(FLAGS.allowed_roles) - set(FLAGS.global_roles))
+        else:
+            return FLAGS.allowed_roles
 
     def get_user_roles(self, user, project=None):
         """Get user global or per-project roles"""
-        roles = []
         with self.driver() as drv:
-            roles = drv.get_user_roles(User.safe_id(user),
+            return drv.get_user_roles(User.safe_id(user),
-                                       Project.safe_id(project))
+                                      Project.safe_id(project))
-        if project is not None and self.is_project_manager(user, project):
-            roles.append('projectmanager')
-        return roles
 
     def get_project(self, pid):
         """Get project object by id"""

nova/tests/auth_unittest.py

@@ -186,11 +186,9 @@ class AuthTestCase(test.BaseTestCase):
         roles = self.manager.get_user_roles(user)
         self.assertTrue('sysadmin' in roles)
         self.assertFalse('netadmin' in roles)
-        self.assertFalse('projectmanager' in roles)
         project_roles = self.manager.get_user_roles(user, project)
         self.assertTrue('sysadmin' in project_roles)
         self.assertTrue('netadmin' in project_roles)
-        self.assertTrue('projectmanager' in project_roles)
         # has role should be false because global role is missing
         self.assertFalse(self.manager.has_role(user, 'netadmin', project))