diff --git a/nova/api/auth.py b/nova/api/auth.py index feb9c4d838f6..9ac7c59906ae 100644 --- a/nova/api/auth.py +++ b/nova/api/auth.py @@ -160,12 +160,5 @@ class NovaKeystoneContext(wsgi.Middleware): def _get_roles(self, req): """Get the list of roles.""" - if 'X_ROLES' in req.headers: - roles = req.headers.get('X_ROLES', '') - else: - # Fallback to deprecated role header: - roles = req.headers.get('X_ROLE', '') - if roles: - LOG.warning(_LW("Sourcing roles from deprecated X-Role HTTP " - "header")) + roles = req.headers.get('X_ROLES', '') return [r.strip() for r in roles.split(',')] diff --git a/nova/tests/unit/api/test_auth.py b/nova/tests/unit/api/test_auth.py index 18ed8bc8af20..0da727fef7da 100644 --- a/nova/tests/unit/api/test_auth.py +++ b/nova/tests/unit/api/test_auth.py @@ -106,9 +106,7 @@ class TestKeystoneMiddlewareRoles(test.NoDBTestCase): self.roles = "pawn, knight, rook" def test_roles(self): - # Test that the newer style role header takes precedence. self.request.headers['X_ROLES'] = 'pawn,knight,rook' - self.request.headers['X_ROLE'] = 'bad' response = self.request.get_response(self.middleware) self.assertEqual(response.status, '200 Role Match') @@ -118,18 +116,6 @@ class TestKeystoneMiddlewareRoles(test.NoDBTestCase): response = self.request.get_response(self.middleware) self.assertEqual(response.status, '200 No Roles') - def test_deprecated_role(self): - # Test fallback to older role header. - self.request.headers['X_ROLE'] = 'pawn,knight,rook' - - response = self.request.get_response(self.middleware) - self.assertEqual(response.status, '200 Role Match') - - def test_role_empty(self): - self.request.headers['X_ROLE'] = '' - response = self.request.get_response(self.middleware) - self.assertEqual(response.status, '200 No Roles') - def test_no_role_headers(self): # Test with no role headers set.