reulan
diff --git a/‎doc/source/command-objects/role-assignment.rst‎
Lines changed: 8 additions & 0 deletions b/‎doc/source/command-objects/role-assignment.rst‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎doc/source/command-objects/role.rst‎
Lines changed: 46 additions & 1 deletion b/‎doc/source/command-objects/role.rst‎
Lines changed: 46 additions & 1 deletion
diff --git a/‎openstackclient/identity/common.py‎
Lines changed: 10 additions & 0 deletions b/‎openstackclient/identity/common.py‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎openstackclient/identity/v3/role.py‎
Lines changed: 89 additions & 14 deletions b/‎openstackclient/identity/v3/role.py‎
Lines changed: 89 additions & 14 deletions
@@ -14,6 +14,7 @@ List role assignments
 
     os role assignment list
         [--role <role>]
+        [--role-domain <role-domain>]
         [--user <user>]
         [--user-domain <user-domain>]
         [--group <group>]
@@ -31,6 +32,13 @@ List role assignments
 
     .. versionadded:: 3
 
+.. option:: --role-domain <role-domain>
+
+    Domain the role belongs to (name or ID).
+    This can be used in case collisions between role names exist.
+
+    .. versionadded:: 3
+
 .. option:: --user <user>
 
     User to filter (name or ID)
 
@@ -15,6 +15,7 @@ Add role assignment to a user or group in a project or domain
     os role add
         --domain <domain> | --project <project> [--project-domain <project-domain>]
         --user <user> [--user-domain <user-domain>] | --group <group> [--group-domain <group-domain>]
+        --role-domain <role-domain>
         --inherited
         <role>
 
@@ -65,6 +66,13 @@ Add role assignment to a user or group in a project or domain
 
     .. versionadded:: 3
 
+.. option:: --role-domain <role-domain>
+
+    Domain the role belongs to (name or ID).
+    This must be specified when the name of a domain specific role is used.
+
+    .. versionadded:: 3
+
 .. describe:: <role>
 
     Role to add to <project>:<user> (name or ID)
@@ -79,8 +87,15 @@ Create new role
 
     os role create
         [--or-show]
+        [--domain <domain>]
         <name>
 
+.. option:: --domain <domain>
+
+    Domain the role belongs to (name or ID).
+
+    .. versionadded:: 3
+
 .. option:: --or-show
 
     Return existing role
@@ -101,11 +116,18 @@ Delete role(s)
 
     os role delete
         <role> [<role> ...]
+        [--domain <domain>]
 
 .. describe:: <role>
 
     Role to delete (name or ID)
 
+.. option:: --domain <domain>
+
+    Domain the role belongs to (name or ID).
+
+    .. versionadded:: 3
+
 role list
 ---------
 
@@ -123,7 +145,8 @@ List roles
 
     Filter roles by <domain> (name or ID)
 
-    (Deprecated, please use ``role assignment list`` instead)
+    (Deprecated if being used to list assignments in conjunction with the
+    ``--user <user>``, option, please use ``role assignment list`` instead)
 
 .. option:: --project <project>
 
@@ -189,6 +212,7 @@ Remove role assignment from domain/project : user/group
     os role remove
         --domain <domain> | --project <project> [--project-domain <project-domain>]
         --user <user> [--user-domain <user-domain>] | --group <group> [--group-domain <group-domain>]
+        --role-domain <role-domain>
         --inherited
         <role>
 
@@ -239,6 +263,13 @@ Remove role assignment from domain/project : user/group
 
     .. versionadded:: 3
 
+.. option:: --role-domain <role-domain>
+
+    Domain the role belongs to (name or ID).
+    This must be specified when the name of a domain specific role is used.
+
+    .. versionadded:: 3
+
 .. describe:: <role>
 
     Role to remove (name or ID)
@@ -255,12 +286,19 @@ Set role properties
 
     os role set
         [--name <name>]
+        [--domain <domain>]
         <role>
 
 .. option:: --name <name>
 
     Set role name
 
+.. option:: --domain <domain>
+
+    Domain the role belongs to (name or ID).
+
+    .. versionadded:: 3
+
 .. describe:: <role>
 
     Role to modify (name or ID)
@@ -274,8 +312,15 @@ Display role details
 .. code:: bash
 
     os role show
+        [--domain <domain>]
         <role>
 
+.. option:: --domain <domain>
+
+    Domain the role belongs to (name or ID).
+
+    .. versionadded:: 3
+
 .. describe:: <role>
 
     Role to display (name or ID)
@@ -201,6 +201,16 @@ def add_project_domain_option_to_parser(parser):
     )
 
 
+def add_role_domain_option_to_parser(parser):
+    parser.add_argument(
+        '--role-domain',
+        metavar='<role-domain>',
+        help=_('Domain the role belongs to (name or ID). '
+               'This must be specified when the name of a domain specific '
+               'role is used.'),
+    )
+
+
 def add_inherited_option_to_parser(parser):
     parser.add_argument(
         '--inherited',
 
@@ -109,7 +109,7 @@ def _process_identity_and_resource_options(parsed_args,
 
 
 class AddRole(command.Command):
-    """Adds a role to a user or group on a domain or project"""
+    """Adds a role assignment to a user or group on a domain or project"""
 
     def get_parser(self, prog_name):
         parser = super(AddRole, self).get_parser(prog_name)
@@ -119,6 +119,7 @@ def get_parser(self, prog_name):
             help=_('Role to add to <user> (name or ID)'),
         )
         _add_identity_and_resource_options_to_parser(parser)
+        common.add_role_domain_option_to_parser(parser)
         return parser
 
     def take_action(self, parsed_args):
@@ -127,9 +128,15 @@ def take_action(self, parsed_args):
         if (not parsed_args.user and not parsed_args.domain
                 and not parsed_args.group and not parsed_args.project):
             return
+
+        domain_id = None
+        if parsed_args.role_domain:
+            domain_id = common.find_domain(identity_client,
+                                           parsed_args.role_domain).id
         role = utils.find_resource(
             identity_client.roles,
             parsed_args.role,
+            domain_id=domain_id
         )
 
         kwargs = _process_identity_and_resource_options(
@@ -153,6 +160,11 @@ def get_parser(self, prog_name):
             metavar='<role-name>',
             help=_('New role name'),
         )
+        parser.add_argument(
+            '--domain',
+            metavar='<domain>',
+            help=_('Domain the role belongs to (name or ID)'),
+        )
         parser.add_argument(
             '--or-show',
             action='store_true',
@@ -163,12 +175,20 @@ def get_parser(self, prog_name):
     def take_action(self, parsed_args):
         identity_client = self.app.client_manager.identity
 
+        domain_id = None
+        if parsed_args.domain:
+            domain_id = common.find_domain(identity_client,
+                                           parsed_args.domain).id
+
         try:
-            role = identity_client.roles.create(name=parsed_args.name)
+            role = identity_client.roles.create(
+                name=parsed_args.name, domain=domain_id)
+
         except ks_exc.Conflict:
             if parsed_args.or_show:
                 role = utils.find_resource(identity_client.roles,
-                                           parsed_args.name)
+                                           parsed_args.name,
+                                           domain_id=domain_id)
                 LOG.info(_('Returning existing role %s'), role.name)
             else:
                 raise
@@ -188,15 +208,26 @@ def get_parser(self, prog_name):
             nargs="+",
             help=_('Role(s) to delete (name or ID)'),
         )
+        parser.add_argument(
+            '--domain',
+            metavar='<domain>',
+            help=_('Domain the role belongs to (name or ID)'),
+        )
         return parser
 
     def take_action(self, parsed_args):
         identity_client = self.app.client_manager.identity
 
+        domain_id = None
+        if parsed_args.domain:
+            domain_id = common.find_domain(identity_client,
+                                           parsed_args.domain).id
+
         for role in parsed_args.roles:
             role_obj = utils.find_resource(
                 identity_client.roles,
                 role,
+                domain_id=domain_id
             )
             identity_client.roles.delete(role_obj.id)
 
@@ -206,6 +237,18 @@ class ListRole(command.Lister):
 
     def get_parser(self, prog_name):
         parser = super(ListRole, self).get_parser(prog_name)
+
+        # TODO(henry-nash): The use of the List Role command to list
+        # assignments (as well as roles) has been deprecated. In order
+        # to support domain specific roles, we are overriding the domain
+        # option to allow specification of the domain for the role. This does
+        # not conflict with any existing commands, since for the deprecated
+        # assignments listing you were never allowed to only specify a domain
+        # (you also needed to specify a user).
+        #
+        # Once we have removed the deprecated options entirely, we must
+        # replace the call to _add_identity_and_resource_options_to_parser()
+        # below with just adding the domain option into the parser.
         _add_identity_and_resource_options_to_parser(parser)
         return parser
 
@@ -239,8 +282,14 @@ def take_action(self, parsed_args):
 
         # no user or group specified, list all roles in the system
         if not parsed_args.user and not parsed_args.group:
-            columns = ('ID', 'Name')
-            data = identity_client.roles.list()
+            if not parsed_args.domain:
+                columns = ('ID', 'Name')
+                data = identity_client.roles.list()
+            else:
+                columns = ('ID', 'Name', 'Domain')
+                data = identity_client.roles.list(domain_id=domain.id)
+                for role in data:
+                    role.domain = domain.name
         elif parsed_args.user and parsed_args.domain:
             columns = ('ID', 'Name', 'Domain', 'User')
             data = identity_client.roles.list(
@@ -322,7 +371,7 @@ def take_action(self, parsed_args):
 
 
 class RemoveRole(command.Command):
-    """Remove role from domain/project : user/group"""
+    """Removes a role assignment from domain/project : user/group"""
 
     def get_parser(self, prog_name):
         parser = super(RemoveRole, self).get_parser(prog_name)
@@ -332,6 +381,8 @@ def get_parser(self, prog_name):
             help=_('Role to remove (name or ID)'),
         )
         _add_identity_and_resource_options_to_parser(parser)
+        common.add_role_domain_option_to_parser(parser)
+
         return parser
 
     def take_action(self, parsed_args):
@@ -342,9 +393,15 @@ def take_action(self, parsed_args):
             sys.stderr.write(_("Incorrect set of arguments provided. "
                                "See openstack --help for more details\n"))
             return
+
+        domain_id = None
+        if parsed_args.role_domain:
+            domain_id = common.find_domain(identity_client,
+                                           parsed_args.role_domain).id
         role = utils.find_resource(
             identity_client.roles,
             parsed_args.role,
+            domain_id=domain_id
         )
 
         kwargs = _process_identity_and_resource_options(
@@ -367,6 +424,11 @@ def get_parser(self, prog_name):
             metavar='<role>',
             help=_('Role to modify (name or ID)'),
         )
+        parser.add_argument(
+            '--domain',
+            metavar='<domain>',
+            help=_('Domain the role belongs to (name or ID)'),
+        )
         parser.add_argument(
             '--name',
             metavar='<name>',
@@ -377,10 +439,14 @@ def get_parser(self, prog_name):
     def take_action(self, parsed_args):
         identity_client = self.app.client_manager.identity
 
-        role = utils.find_resource(
-            identity_client.roles,
-            parsed_args.role,
-        )
+        domain_id = None
+        if parsed_args.domain:
+            domain_id = common.find_domain(identity_client,
+                                           parsed_args.domain).id
+
+        role = utils.find_resource(identity_client.roles,
+                                   parsed_args.role,
+                                   domain_id=domain_id)
 
         identity_client.roles.update(role.id, name=parsed_args.name)
 
@@ -395,15 +461,24 @@ def get_parser(self, prog_name):
             metavar='<role>',
             help=_('Role to display (name or ID)'),
         )
+        parser.add_argument(
+            '--domain',
+            metavar='<domain>',
+            help=_('Domain the role belongs to (name or ID)'),
+        )
         return parser
 
     def take_action(self, parsed_args):
         identity_client = self.app.client_manager.identity
 
-        role = utils.find_resource(
-            identity_client.roles,
-            parsed_args.role,
-        )
+        domain_id = None
+        if parsed_args.domain:
+            domain_id = common.find_domain(identity_client,
+                                           parsed_args.domain).id
+
+        role = utils.find_resource(identity_client.roles,
+                                   parsed_args.role,
+                                   domain_id=domain_id)
 
         role._info.pop('links')
         return zip(*sorted(six.iteritems(role._info)))