Request token authorize

Command doc and tweaks to the code

Change-Id: I8f251bf9ca77f16b01a509844e79ddde82048b0d

2 files changed, 26 insertions, 12 deletions

diff --git a/openstackclient/identity/v3/token.py b/openstackclient/identity/v3/token.py
index 86f31a2a..bea2ddeb 100644
--- a/openstackclient/identity/v3/token.py
+++ b/openstackclient/identity/v3/token.py
@@ -25,7 +25,7 @@ from openstackclient.identity import common
 
 
 class AuthorizeRequestToken(show.ShowOne):
-    """Authorize request token"""
+    """Authorize a request token"""
 
     log = logging.getLogger(__name__ + '.AuthorizeRequestToken')
 
@@ -34,13 +34,16 @@ class AuthorizeRequestToken(show.ShowOne):
         parser.add_argument(
             '--request-key',
             metavar='<request-key>',
-            help='Request token key',
+            help='Request token to authorize (ID only) (required)',
             required=True
         )
         parser.add_argument(
-            '--role-ids',
-            metavar='<role-ids>',
-            help='Requested role IDs',
+            '--role',
+            metavar='<role>',
+            action='append',
+            default=[],
+            help='Roles to authorize (name or ID) '
+                 '(repeat to set multiple values) (required)',
             required=True
         )
         return parser
@@ -49,17 +52,20 @@ class AuthorizeRequestToken(show.ShowOne):
         self.log.debug('take_action(%s)' % parsed_args)
         identity_client = self.app.client_manager.identity
 
+        # NOTE(stevemar): We want a list of role ids
         roles = []
-        for r_id in parsed_args.role_ids.split():
-            roles.append(r_id)
+        for role in parsed_args.role:
+            role_id = utils.find_resource(
+                identity_client.roles,
+                role,
+            ).id
+            roles.append(role_id)
 
         verifier_pin = identity_client.oauth1.request_tokens.authorize(
             parsed_args.request_key,
             roles)
 
-        info = {}
-        info.update(verifier_pin._info)
-        return zip(*sorted(six.iteritems(info)))
+        return zip(*sorted(six.iteritems(verifier_pin._info)))
 
 
 class CreateAccessToken(show.ShowOne):
diff --git a/openstackclient/tests/identity/v3/test_oauth.py b/openstackclient/tests/identity/v3/test_oauth.py
index 36a65e4c..435042d1 100644
--- a/openstackclient/tests/identity/v3/test_oauth.py
+++ b/openstackclient/tests/identity/v3/test_oauth.py
@@ -28,6 +28,8 @@ class TestOAuth1(identity_fakes.TestOAuth1):
         self.request_tokens_mock.reset_mock()
         self.projects_mock = identity_client.projects
         self.projects_mock.reset_mock()
+        self.roles_mock = identity_client.roles
+        self.roles_mock.reset_mock()
 
 
 class TestRequestTokenCreate(TestOAuth1):
@@ -85,6 +87,12 @@ class TestRequestTokenAuthorize(TestOAuth1):
     def setUp(self):
         super(TestRequestTokenAuthorize, self).setUp()
 
+        self.roles_mock.get.return_value = fakes.FakeResource(
+            None,
+            copy.deepcopy(identity_fakes.ROLE),
+            loaded=True,
+        )
+
         copied_verifier = copy.deepcopy(identity_fakes.OAUTH_VERIFIER)
         resource = fakes.FakeResource(None, copied_verifier, loaded=True)
         self.request_tokens_mock.authorize.return_value = resource
@@ -93,11 +101,11 @@ class TestRequestTokenAuthorize(TestOAuth1):
     def test_authorize_request_tokens(self):
         arglist = [
             '--request-key', identity_fakes.request_token_id,
-            '--role-ids', identity_fakes.role_id,
+            '--role', identity_fakes.role_name,
         ]
         verifylist = [
             ('request_key', identity_fakes.request_token_id),
-            ('role_ids', identity_fakes.role_id),
+            ('role', [identity_fakes.role_name]),
         ]
         parsed_args = self.check_parser(self.cmd, arglist, verifylist)
         columns, data = self.cmd.take_action(parsed_args)