From 77a106a85febf66929d0e5b5f317e8540ee95843 Mon Sep 17 00:00:00 2001
From: Luigi Toscano <ltoscano@redhat.com>
Date: Wed, 8 Aug 2018 16:11:19 +0200
Subject: [PATCH] Adapt to Keystone changes: use member instead of Member

Keystone now provides "member" by default.
It should not be a problem for upgrades when the configuration
is the default one, because Keystone is case-preserving and
Member and member are the considered the same:
https://docs.openstack.org/keystone/latest/admin/identity-case-insensitive.html

Change-Id: I3bd72631d57546dcf8b887833539fe3ccaac4e47
---
 devstack/upgrade/resources.sh                               | 2 +-
 doc/source/admin/advanced-configuration-guide.rst           | 4 ++--
 .../notes/proxy-user-lowercase-f116f7b7e89274cb.yaml        | 6 ++++++
 sahara/utils/proxy.py                                       | 2 +-
 4 files changed, 10 insertions(+), 4 deletions(-)
 create mode 100644 releasenotes/notes/proxy-user-lowercase-f116f7b7e89274cb.yaml

diff --git a/devstack/upgrade/resources.sh b/devstack/upgrade/resources.sh
index 2d7d4bdb15..3b0c886eaa 100755
--- a/devstack/upgrade/resources.sh
+++ b/devstack/upgrade/resources.sh
@@ -59,7 +59,7 @@ function create_user {
     resource_save sahara user_id $id
 
     # Workaround for bug: https://bugs.launchpad.net/keystone/+bug/1662911
-    openstack role add Member --user $id --project $project_id
+    openstack role add member --user $id --project $project_id
 }
 
 function create_keypair {
diff --git a/doc/source/admin/advanced-configuration-guide.rst b/doc/source/admin/advanced-configuration-guide.rst
index 22c9f6107d..457e7a509a 100644
--- a/doc/source/admin/advanced-configuration-guide.rst
+++ b/doc/source/admin/advanced-configuration-guide.rst
@@ -490,7 +490,7 @@ access. Please see the :keystone-doc:`Keystone documentation
 With the domain created, sahara's configuration file should be updated to
 include the new domain name and any potential roles that will be needed. For
 this example let's assume that the name of the proxy domain is
-``sahara_proxy`` and the roles needed by proxy users will be ``Member`` and
+``sahara_proxy`` and the roles needed by proxy users will be ``member`` and
 ``SwiftUser``.
 
 .. sourcecode:: cfg
@@ -498,7 +498,7 @@ this example let's assume that the name of the proxy domain is
     [DEFAULT]
     use_domain_for_proxy_users=true
     proxy_user_domain_name=sahara_proxy
-    proxy_user_role_names=Member,SwiftUser
+    proxy_user_role_names=member,SwiftUser
 
 A note on the use of roles. In the context of the proxy user, any roles
 specified here are roles intended to be delegated to the proxy user from the
diff --git a/releasenotes/notes/proxy-user-lowercase-f116f7b7e89274cb.yaml b/releasenotes/notes/proxy-user-lowercase-f116f7b7e89274cb.yaml
new file mode 100644
index 0000000000..645073910b
--- /dev/null
+++ b/releasenotes/notes/proxy-user-lowercase-f116f7b7e89274cb.yaml
@@ -0,0 +1,6 @@
+---
+upgrade:
+  - |
+    The default proxy role for Swift is now member instead of Member.
+    Keystone now creates the former by default,
+    even if the latter is recognized to be the same (case preserving).
diff --git a/sahara/utils/proxy.py b/sahara/utils/proxy.py
index 569f3e4ff8..3fe2a5fa29 100644
--- a/sahara/utils/proxy.py
+++ b/sahara/utils/proxy.py
@@ -47,7 +47,7 @@ opts = [
                help='The domain Sahara will use to create new proxy users '
                     'for Swift object access.'),
     cfg.ListOpt('proxy_user_role_names',
-                default=['Member'],
+                default=['member'],
                 help='A list of the role names that the proxy user should '
                      'assume through trust for Swift object access.')
 ]