From c38d160f0ba33aefce4f2538315255eaf97e7031 Mon Sep 17 00:00:00 2001
From: Deepinder Setia <dsetia@juniper.net>
Date: Tue, 20 Dec 2016 15:23:05 -0800
Subject: [PATCH] Change in aaa mode should be reflected in runtime auth
 pipeline. Avoid using deprecated multi_tenancy flag. Instead peek at API
 server object to manipulate the pipeline

Change-Id: Iea5ca7652ffd5c89102cb2639f7888db651a9fbb
Closes-Bug: #1650417
---
 src/config/api-server/vnc_auth_keystone.py  | 12 ++++--------
 src/config/api-server/vnc_cfg_api_server.py |  5 +++--
 2 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/src/config/api-server/vnc_auth_keystone.py b/src/config/api-server/vnc_auth_keystone.py
index 59efc81d0a3..81895e20c1e 100644
--- a/src/config/api-server/vnc_auth_keystone.py
+++ b/src/config/api-server/vnc_auth_keystone.py
@@ -82,17 +82,14 @@ def start_http_server(self):
 
 class AuthPreKeystone(object):
 
-    def __init__(self, app, conf, multi_tenancy, server_mgr):
+    def __init__(self, app, conf, server_mgr):
         self.app = app
         self.conf = conf
-        self.mt = multi_tenancy
         self.server_mgr = server_mgr
 
-    def get_mt(self):
-        return self.mt
-
-    def set_mt(self, value):
-        self.mt = value
+    @property
+    def mt(self):
+        return self.server_mgr.is_multi_tenancy_set()
 
     def path_in_white_list(self, path):
         for pattern in self.server_mgr.white_list:
@@ -217,7 +214,6 @@ def get_middleware_app(self):
         app = AuthPreKeystone(
             auth_middleware,
             None,
-            self._multi_tenancy,
             self._server_mgr)
 
         return app
diff --git a/src/config/api-server/vnc_cfg_api_server.py b/src/config/api-server/vnc_cfg_api_server.py
index ac67ce6dd7d..39efa7878c4 100644
--- a/src/config/api-server/vnc_cfg_api_server.py
+++ b/src/config/api-server/vnc_cfg_api_server.py
@@ -1837,7 +1837,7 @@ def obj_perms_http_get(self):
                 'token_info': None,
                 'is_cloud_admin_role': False,
                 'is_global_read_only_role': False,
-                'permissions': PERMS_RWX
+                'permissions': 'RWX'
             }
             return result
 
@@ -3556,8 +3556,9 @@ def set_mt(self, multi_tenancy):
         self._args.multi_tenancy = multi_tenancy
     # end
 
+    # check if token validatation needed
     def is_multi_tenancy_set(self):
-        return self._args.multi_tenancy or self.aaa_mode != 'no-auth'
+        return self.aaa_mode != 'no-auth'
 
     def is_rbac_enabled(self):
         return self.aaa_mode == 'rbac'