Change in aaa mode should be reflected in runtime auth pipeline.

Avoid using deprecated multi_tenancy flag. Instead peek at API server object to manipulate the pipeline Change-Id: Iea5ca7652ffd5c89102cb2639f7888db651a9fbb Closes-Bug: #1650417 (cherry picked from commit c38d160)
Juniper · Apr 10, 2017 · e481bee · e481bee
1 parent fae7a01
commit e481bee
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 20 deletions.
diff --git a/src/config/api-server/vnc_auth_keystone.py b/src/config/api-server/vnc_auth_keystone.py
@@ -82,17 +82,14 @@ def start_http_server(self):
 
 class AuthPreKeystone(object):
 
-    def __init__(self, app, conf, multi_tenancy, server_mgr):
+    def __init__(self, app, conf, server_mgr):
         self.app = app
         self.conf = conf
-        self.mt = multi_tenancy
         self.server_mgr = server_mgr
 
-    def get_mt(self):
-        return self.mt
-
-    def set_mt(self, value):
-        self.mt = value
+    @property
+    def mt(self):
+        return self.server_mgr.is_multi_tenancy_set()
 
     def path_in_white_list(self, path):
         for pattern in self.conf['api_server'].white_list:
@@ -216,7 +213,6 @@ def get_middleware_app(self):
         app = AuthPreKeystone(
             auth_middleware,
             { 'api_server': self._server_mgr },
-            self._multi_tenancy,
             self._server_mgr)
 
         return app

diff --git a/src/config/api-server/vnc_cfg_api_server.py b/src/config/api-server/vnc_cfg_api_server.py
@@ -1863,7 +1863,7 @@ def obj_perms_http_get(self):
                 'token_info': None,
                 'is_cloud_admin_role': False,
                 'is_global_read_only_role': False,
-                'permissions': PERMS_RWX
+                'permissions': 'RWX'
             }
             return result
 
@@ -3495,17 +3495,9 @@ def vn_subnet_ip_count_http_post(self, id):
         return result
     # end vn_subnet_ip_count_http_post
 
-    def set_mt(self, multi_tenancy):
-        pipe_start_app = self.get_pipe_start_app()
-        try:
-            pipe_start_app.set_mt(multi_tenancy)
-        except AttributeError:
-            pass
-        self._args.multi_tenancy = multi_tenancy
-    # end
-
+    # check if token validatation needed
     def is_multi_tenancy_set(self):
-        return self._args.multi_tenancy or self.aaa_mode != 'no-auth'
+        return self.aaa_mode != 'no-auth'
 
     def is_rbac_enabled(self):
         return self.aaa_mode == 'rbac'
@@ -3530,7 +3522,7 @@ def mt_http_put(self):
         if data is None:
             raise cfgm_common.exceptions.HttpError(403, " Permission denied")
 
-        self.set_mt(multi_tenancy)
+        self.aaa_mode = "cloud-admin" if multi_tenancy else "no-auth"
         return {'enabled': self.is_multi_tenancy_set()}
     # end