Refactor the getting roles logic in _keystone_identity

The list_from_csv in swift.common.utils is used from the composite
auth token support and this method has been used in
_integral_keystone_identity. There is same logic in
_keystone_identity so the logic would be replaced with list_from_csv.

Change-Id: I3d72a34e6fc21fbe1d7331954695b1e3e1b67816

swift/common/middleware/keystoneauth.py

@@ -246,9 +246,7 @@ class KeystoneAuth(object):
             or environ.get(
                 'HTTP_X_SERVICE_IDENTITY_STATUS') not in (None, 'Confirmed')):
             return
-        roles = []
+        roles = list_from_csv(environ.get('HTTP_X_ROLES', ''))
-        if 'HTTP_X_ROLES' in environ:
-            roles = environ['HTTP_X_ROLES'].split(',')
         identity = {'user': environ.get('HTTP_X_USER_NAME'),
                     'tenant': (environ.get('HTTP_X_TENANT_ID'),
                                environ.get('HTTP_X_TENANT_NAME')),

test/unit/common/middleware/test_keystoneauth.py

@@ -879,6 +879,25 @@ class TestAuthorize(BaseTestAuthorize):
         acl = '%s:%s' % (id['HTTP_X_TENANT_ID'], id['HTTP_X_USER_ID'])
         self._check_authenticate(acl=acl, identity=id, env=env)
 
+    def test_keystone_identity(self):
+        user_name = 'U_NAME'
+        project = ('P_ID', 'P_NAME')
+        roles = ('ROLE1', 'ROLE2')
+
+        req = Request.blank('/v/a/c/o')
+        req.headers.update({'X-Identity-Status': 'Confirmed',
+                            'X-Roles': ' %s , %s ' % roles,
+                            'X-User-Name': user_name,
+                            'X-Tenant-Id': project[0],
+                            'X-Tenant-Name': project[1]})
+
+        expected = {'user': user_name,
+                    'tenant': project,
+                    'roles': list(roles)}
+        data = self.test_auth._keystone_identity(req.environ)
+
+        self.assertEquals(expected, data)
+
     def test_integral_keystone_identity(self):
         user = ('U_ID', 'U_NAME')
         roles = ('ROLE1', 'ROLE2')