Ignore case in policy role checks.

Update the default policy brain so that role checks ignore case.
Fixes an issue where roles in keystone didn't exactly match the
case of the role as specified in policy.json.

Fixes LP Bug #922660.

Change-Id: I05792755c9293e4dd80d642cb8eef6b0adda2ed4

nova/common/policy.py

@@ -164,7 +164,7 @@ class Brain(object):
 
     def _check_role(self, match, target_dict, cred_dict):
         """Check that there is a matching role in the cred dict."""
-        return match in cred_dict['roles']
+        return match.lower() in [x.lower() for x in cred_dict['roles']]
 
     def _check_generic(self, match, target_dict, cred_dict):
         """Check an individual match.