Change in aaa mode should be reflected in runtime auth pipeline.

Avoid using deprecated multi_tenancy flag. Instead peek at API
server object to manipulate the pipeline

Change-Id: Iea5ca7652ffd5c89102cb2639f7888db651a9fbb
Closes-Bug: #1650417

src/config/api-server/vnc_auth_keystone.py

@@ -82,17 +82,14 @@ def start_http_server(self):
 
 class AuthPreKeystone(object):
 
-    def __init__(self, app, conf, multi_tenancy, server_mgr):
+    def __init__(self, app, conf, server_mgr):
         self.app = app
         self.conf = conf
-        self.mt = multi_tenancy
         self.server_mgr = server_mgr
 
-    def get_mt(self):
-        return self.mt
-
-    def set_mt(self, value):
-        self.mt = value
+    @property
+    def mt(self):
+        return self.server_mgr.is_multi_tenancy_set()
 
     def path_in_white_list(self, path):
         for pattern in self.server_mgr.white_list:
@@ -217,7 +214,6 @@ def get_middleware_app(self):
         app = AuthPreKeystone(
             auth_middleware,
             None,
-            self._multi_tenancy,
             self._server_mgr)
 
         return app

src/config/api-server/vnc_cfg_api_server.py

@@ -1837,7 +1837,7 @@ def obj_perms_http_get(self):
                 'token_info': None,
                 'is_cloud_admin_role': False,
                 'is_global_read_only_role': False,
-                'permissions': PERMS_RWX
+                'permissions': 'RWX'
             }
             return result
 
@@ -3556,8 +3556,9 @@ def set_mt(self, multi_tenancy):
         self._args.multi_tenancy = multi_tenancy
     # end
 
+    # check if token validatation needed
     def is_multi_tenancy_set(self):
-        return self._args.multi_tenancy or self.aaa_mode != 'no-auth'
+        return self.aaa_mode != 'no-auth'
 
     def is_rbac_enabled(self):
         return self.aaa_mode == 'rbac'