role case sensitivity

Bug #1010519 reported by Alexej Ababilov on 2012-06-08
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Alexej Ababilov

Bug Description

Nova and Keystone are case insensitive when checking roles.
        if self.is_admin is None:
            self.is_admin = 'admin' in [x.lower() for x in self.roles]

    def _check_role(self, match, target_dict, cred_dict):
        """Check that there is a matching role in the cred dict."""
        return match.lower() in [x.lower() for x in cred_dict['roles']]

However, glance is case sensitive:
        roles_header = req.headers.get('X-Roles', '')
        roles = [r.strip() for r in roles_header.split(',')]
 'is_admin': self.conf.admin_role in roles,

By default, self.conf.admin_role == 'admin', so, keystone's `Admin` role (that could migrate from a diablo database) will not be acceptable.

Let's fix it:
roles = [r.strip().lower() for r in roles_header.split(',')]

Fix proposed to branch: master

Changed in glance:
assignee: nobody → Alessio Ababilov (aababilov)
status: New → In Progress
Brian Waldon (bcwaldon) on 2012-06-08
Changed in glance:
status: In Progress → Opinion
Brian Waldon (bcwaldon) wrote :

Based on this mailing list thread, we're going to move forward with this:

Changed in glance:
status: Opinion → In Progress
importance: Undecided → High
milestone: none → folsom-2

Submitter: Jenkins
Branch: master

commit 081823ad862cabc74977299876d000cafaa6f40d
Author: Alessio Ababilov <email address hidden>
Date: Fri Jun 8 18:15:47 2012 +0300

    make roles case-insensitive

    Fix bug #1010519

    Change-Id: I5b4a50e2d546ba8b4b018178af09707bc4d31fce

Changed in glance:
status: In Progress → Fix Committed
Thierry Carrez (ttx) on 2012-07-04
Changed in glance:
status: Fix Committed → Fix Released
Thierry Carrez (ttx) on 2012-09-27
Changed in glance:
milestone: folsom-2 → 2012.2
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers