From c4411c1e17bb3d6539cf61d49cd5a4a28d4e7c16 Mon Sep 17 00:00:00 2001
From: Dan Prince <dprince@redhat.com>
Date: Fri, 24 Feb 2012 13:31:38 -0500
Subject: Fix case of admin role in middleware.

Fixes LP Bug #940521.

Change-Id: I1d31c805651cb633dee7efc708cd2c86bb32c3b2
---
 keystone/middleware/auth_token.py        | 2 +-
 keystone/middleware/glance_auth_token.py | 2 +-
 keystone/middleware/nova_auth_token.py   | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/keystone/middleware/auth_token.py b/keystone/middleware/auth_token.py
index 90e38d25..3ec6f7a9 100644
--- a/keystone/middleware/auth_token.py
+++ b/keystone/middleware/auth_token.py
@@ -340,7 +340,7 @@ class AuthProtocol(object):
         role_refs = token_info['access']['user']['roles']
         if role_refs != None:
             for role_ref in role_refs:
-                # Nova looks for the non case-sensitive role 'Admin'
+                # Nova looks for the non case-sensitive role 'admin'
                 # to determine admin-ness
                 roles.append(role_ref['name'])
 
diff --git a/keystone/middleware/glance_auth_token.py b/keystone/middleware/glance_auth_token.py
index 911f5bb8..be69a208 100644
--- a/keystone/middleware/glance_auth_token.py
+++ b/keystone/middleware/glance_auth_token.py
@@ -55,7 +55,7 @@ class KeystoneContextMiddleware(context.ContextMiddleware):
         user = req.headers.get('X_USER')
         tenant = req.headers.get('X_TENANT')
         roles = [r.strip() for r in req.headers.get('X_ROLE', '').split(',')]
-        is_admin = 'Admin' in roles
+        is_admin = 'admin' in roles
 
         # Construct the context
         req.context = self.make_context(auth_tok=auth_tok,
diff --git a/keystone/middleware/nova_auth_token.py b/keystone/middleware/nova_auth_token.py
index f79cae22..d5b280c2 100644
--- a/keystone/middleware/nova_auth_token.py
+++ b/keystone/middleware/nova_auth_token.py
@@ -67,7 +67,7 @@ class KeystoneAuthShim(wsgi.Middleware):
         # FIXME: keystone-admin-role value from keystone.conf is not
         # used neither here nor in glance_auth_token!
         roles = [r.strip() for r in req.headers.get('X_ROLE', '').split(',')]
-        is_admin = 'Admin' in roles
+        is_admin = 'admin' in roles
         if user_ref.is_admin() != is_admin:
             self.auth.modify_user(user_ref, admin=is_admin)
 
@@ -96,7 +96,7 @@ class KeystoneAuthShim(wsgi.Middleware):
 
         # Build a context, including the auth_token...
         ctx = context.RequestContext(user_id, project_id,
-                                     is_admin=('Admin' in roles),
+                                     is_admin=('admin' in roles),
                                      auth_token=auth_token)
 
         req.environ['nova.context'] = ctx
-- 
cgit