3 files changed, 95 insertions, 44 deletions

diff --git a/doc/source/command-objects/role.rst b/doc/source/command-objects/role.rst
index 02766b03..5fcbe825 100644
--- a/doc/source/command-objects/role.rst
+++ b/doc/source/command-objects/role.rst
@@ -37,6 +37,27 @@ Add role to a user or group in a project or domain
 
     .. versionadded:: 3
 
+.. option:: --user-domain <user-domain>
+
+    Domain the user belongs to (name or ID).
+    This can be used in case collisions between user names exist.
+
+    .. versionadded:: 3
+
+.. option:: --group-domain <group-domain>
+
+    Domain the group belongs to (name or ID).
+    This can be used in case collisions between group names exist.
+
+    .. versionadded:: 3
+
+.. option:: --project-domain <project-domain>
+
+    Domain the project belongs to (name or ID).
+    This can be used in case collisions between project names exist.
+
+    .. versionadded:: 3
+
 .. describe:: <role>
 
     Role to add to `<project>`:`<user>` (name or ID)
diff --git a/openstackclient/identity/common.py b/openstackclient/identity/common.py
index 2cc68c8d..a6e674c0 100644
--- a/openstackclient/identity/common.py
+++ b/openstackclient/identity/common.py
@@ -48,23 +48,23 @@ def find_domain(identity_client, name_or_id):
                                    domains.Domain)
 
 
-def find_group(identity_client, name_or_id):
+def find_group(identity_client, name_or_id, domain_id=None):
     return _find_identity_resource(identity_client.groups, name_or_id,
-                                   groups.Group)
+                                   groups.Group, domain_id=domain_id)
 
 
-def find_project(identity_client, name_or_id):
+def find_project(identity_client, name_or_id, domain_id=None):
     return _find_identity_resource(identity_client.projects, name_or_id,
-                                   projects.Project)
+                                   projects.Project, domain_id=domain_id)
 
 
-def find_user(identity_client, name_or_id):
+def find_user(identity_client, name_or_id, domain_id=None):
     return _find_identity_resource(identity_client.users, name_or_id,
-                                   users.User)
+                                   users.User, domain_id=domain_id)
 
 
 def _find_identity_resource(identity_client_manager, name_or_id,
-                            resource_type):
+                            resource_type, **kwargs):
     """Find a specific identity resource.
 
     Using keystoneclient's manager, attempt to find a specific resource by its
@@ -92,7 +92,7 @@ def _find_identity_resource(identity_client_manager, name_or_id,
 
     try:
         identity_resource = utils.find_resource(identity_client_manager,
-                                                name_or_id)
+                                                name_or_id, **kwargs)
         if identity_resource is not None:
             return identity_resource
     except identity_exc.Forbidden:
diff --git a/openstackclient/identity/v3/role.py b/openstackclient/identity/v3/role.py
index 3dd998ba..bc64f7f8 100644
--- a/openstackclient/identity/v3/role.py
+++ b/openstackclient/identity/v3/role.py
@@ -63,6 +63,27 @@ class AddRole(command.Command):
             metavar='<group>',
             help='Include <group> (name or ID)',
         )
+        parser.add_argument(
+            '--user-domain',
+            metavar='<user-domain>',
+            help=('Domain the user belongs to (name or ID). '
+                  'This can be used in case collisions between user names '
+                  'exist.')
+        )
+        parser.add_argument(
+            '--group-domain',
+            metavar='<group-domain>',
+            help=('Domain the group belongs to (name or ID). '
+                  'This can be used in case collisions between group names '
+                  'exist.')
+        )
+        parser.add_argument(
+            '--project-domain',
+            metavar='<project-domain>',
+            help=('Domain the project belongs to (name or ID). '
+                  'This can be used in case collisions between project names '
+                  'exist.')
+        )
         return parser
 
     def take_action(self, parsed_args):
@@ -78,67 +99,76 @@ class AddRole(command.Command):
             parsed_args.role,
         )
 
+        kwargs = {}
         if parsed_args.user and parsed_args.domain:
-            user = common.find_user(
+            user_domain_id = self._get_domain_id_if_requested(
+                parsed_args.user_domain)
+            kwargs['user'] = common.find_user(
                 identity_client,
                 parsed_args.user,
-            )
-            domain = common.find_domain(
+                user_domain_id,
+            ).id
+            kwargs['domain'] = common.find_domain(
                 identity_client,
                 parsed_args.domain,
-            )
-            identity_client.roles.grant(
-                role.id,
-                user=user.id,
-                domain=domain.id,
-            )
+            ).id
         elif parsed_args.user and parsed_args.project:
-            user = common.find_user(
+            user_domain_id = self._get_domain_id_if_requested(
+                parsed_args.user_domain)
+            kwargs['user'] = common.find_user(
                 identity_client,
                 parsed_args.user,
-            )
-            project = common.find_project(
+                user_domain_id,
+            ).id
+            project_domain_id = self._get_domain_id_if_requested(
+                parsed_args.project_domain)
+            kwargs['project'] = common.find_project(
                 identity_client,
                 parsed_args.project,
-            )
-            identity_client.roles.grant(
-                role.id,
-                user=user.id,
-                project=project.id,
-            )
+                project_domain_id,
+            ).id
         elif parsed_args.group and parsed_args.domain:
-            group = common.find_group(
+            group_domain_id = self._get_domain_id_if_requested(
+                parsed_args.group_domain)
+            kwargs['group'] = common.find_group(
                 identity_client,
                 parsed_args.group,
-            )
-            domain = common.find_domain(
+                group_domain_id,
+            ).id
+            kwargs['domain'] = common.find_domain(
                 identity_client,
                 parsed_args.domain,
-            )
-            identity_client.roles.grant(
-                role.id,
-                group=group.id,
-                domain=domain.id,
-            )
+            ).id
         elif parsed_args.group and parsed_args.project:
-            group = common.find_group(
+            group_domain_id = self._get_domain_id_if_requested(
+                parsed_args.group_domain)
+            kwargs['group'] = common.find_group(
                 identity_client,
                 parsed_args.group,
-            )
-            project = common.find_project(
+                group_domain_id,
+            ).id
+            project_domain_id = self._get_domain_id_if_requested(
+                parsed_args.project_domain)
+            kwargs['project'] = common.find_project(
                 identity_client,
                 parsed_args.project,
-            )
-            identity_client.roles.grant(
-                role.id,
-                group=group.id,
-                project=project.id,
-            )
+                project_domain_id,
+            ).id
         else:
             sys.stderr.write("Role not added, incorrect set of arguments \
             provided. See openstack --help for more details\n")
+            return
+
+        identity_client.roles.grant(role.id, **kwargs)
         return
 
+    def _get_domain_id_if_requested(self, domain_name_or_id):
+        if domain_name_or_id is None:
+            return None
+        domain = common.find_domain(self.app.client_manager.identity,
+                                    domain_name_or_id)
+        return domain.id
+
 
 class CreateRole(show.ShowOne):
     """Create new role"""