Add role assignment in keystone wrapper for both v2 and v3

This patch is to adding role assignment (add/remove) in keystone wrapper 
to support both keystone v2 and v3.

Change-Id: I1e664bc0989120022b5d324943b91cf72982617e

rally/plugins/openstack/wrappers/keystone.py

@@ -94,6 +94,14 @@ class KeystoneWrapper(object):
         """List all roles."""
         return map(KeystoneWrapper._wrap_role, self.client.roles.list())
 
+    @abc.abstractmethod
+    def add_role(self, role_id, user_id, project_id):
+        """Assign role to user."""
+
+    @abc.abstractmethod
+    def remove_role(self, role_id, user_id, project_id):
+        """Remove role from user."""
+
     @staticmethod
     def _wrap_service(service):
         return Service(id=service.id, name=service.name)
@@ -143,6 +151,12 @@ class KeystoneV2Wrapper(KeystoneWrapper):
         return map(KeystoneV2Wrapper._wrap_v2_tenant,
                    self.client.tenants.list())
 
+    def add_role(self, user_id, role_id, project_id):
+        self.client.roles.add_user_role(user_id, role_id, tenant=project_id)
+
+    def remove_role(self, user_id, role_id, project_id):
+        self.client.roles.remove_user_role(user_id, role_id, tenant=project_id)
+
 
 class KeystoneV3Wrapper(KeystoneWrapper):
     def _get_domain_id(self, domain_name_or_id):
@@ -204,6 +218,12 @@ class KeystoneV3Wrapper(KeystoneWrapper):
         return map(KeystoneV3Wrapper._wrap_v3_project,
                    self.client.projects.list())
 
+    def add_role(self, role_id, user_id, project_id):
+        self.client.roles.grant(role_id, user=user_id, project=project_id)
+
+    def remove_role(self, role_id, user_id, project_id):
+        self.client.roles.revoke(role_id, user=user_id, project=project_id)
+
 
 def wrap(client):
     """Returns keystone wrapper based on keystone client version."""

tests/unit/plugins/openstack/wrappers/test_keystone.py

@@ -124,6 +124,18 @@ class KeystoneV2WrapperTestCase(test.TestCase, KeystoneWrapperTestBase):
         self.assertEqual("default", result[0].domain_id)
         self.assertFalse(hasattr(result[0], "extra_field"))
 
+    def test_add_role(self):
+        self.wrapped_client.add_role("fake_role_id", "fake_user_id",
+                                     "fake_project_id")
+        self.client.roles.add_user_role.assert_called_once_with(
+            "fake_role_id", "fake_user_id", tenant="fake_project_id")
+
+    def test_remove_role(self):
+        self.wrapped_client.remove_role("fake_role_id", "fake_user_id",
+                                        "fake_project_id")
+        self.client.roles.remove_user_role.assert_called_once_with(
+            "fake_role_id", "fake_user_id", tenant="fake_project_id")
+
 
 class KeystoneV3WrapperTestCase(test.TestCase, KeystoneWrapperTestBase):
     def setUp(self):
@@ -206,3 +218,15 @@ class KeystoneV3WrapperTestCase(test.TestCase, KeystoneWrapperTestBase):
         self.assertEqual("project_id", result[0].project_id)
         self.assertEqual("domain_id", result[0].domain_id)
         self.assertFalse(hasattr(result[0], "extra_field"))
+
+    def test_add_role(self):
+        self.wrapped_client.add_role("fake_role_id", "fake_user_id",
+                                     "fake_project_id")
+        self.client.roles.grant.assert_called_once_with(
+            "fake_role_id", user="fake_user_id", project="fake_project_id")
+
+    def test_remove_role(self):
+        self.wrapped_client.remove_role("fake_role_id", "fake_user_id",
+                                        "fake_project_id")
+        self.client.roles.revoke.assert_called_once_with(
+            "fake_role_id", user="fake_user_id", project="fake_project_id")