# Pastebin JE4eFJMG
    target = {}
    if role_id:
        target['role'] = PROVIDERS.role_api.get_role(role_id)
    if user_id:
        try:
            target['user'] = PROVIDERS.identity_api.get_user(user_id)
        except exception.UserNotFound:
            if not allow_non_existing:
                raise
    else:
        try:
            target['group'] = PROVIDERS.identity_api.get_group(group_id)
        except exception.GroupNotFound:
            if not allow_non_existing:
                raise

    # NOTE(lbragstad): This if/else check will need to be expanded in the
    # future to handle system hierarchies if that is implemented.
    if domain_id:
        target['domain'] = PROVIDERS.resource_api.get_domain(domain_id)
    elif project_id:
        target['project'] = PROVIDERS.resource_api.get_project(project_id)

    return target