From cfce057aaa01ed72bd84d53fe6e64b2e0f912f75 Mon Sep 17 00:00:00 2001
From: Jesse Andrews <anotherjesse@gmail.com>
Date: Thu, 9 Jun 2011 19:02:12 -0700
Subject: set nova admin role if keystone user has "Admin" role

---
 keystone/auth_protocols/nova_auth_token.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/keystone/auth_protocols/nova_auth_token.py b/keystone/auth_protocols/nova_auth_token.py
index e9d61b74..3a3221ec 100644
--- a/keystone/auth_protocols/nova_auth_token.py
+++ b/keystone/auth_protocols/nova_auth_token.py
@@ -61,6 +61,9 @@ class KeystoneAuthShim(wsgi.Middleware):
             user_ref = self.auth.get_user(user_id)
         except:
             user_ref = self.auth.create_user(user_id)
+        # set admin if user has admin role
+        if user_ref.is_admin() != (req.headers.get('X_ROLE', None) == 'Admin'):
+            self.auth.modify_user(user_ref, admin=req.headers.get('X_ROLE') == 'Admin')
         project_id = req.headers['X_TENANT']
         try:
             project_ref = self.auth.get_project(project_id)
-- 
cgit