From e481beef3470a00afc06c2738b0989ab6097f892 Mon Sep 17 00:00:00 2001
From: Deepinder Setia <dsetia@juniper.net>
Date: Tue, 20 Dec 2016 15:23:05 -0800
Subject: [PATCH] Change in aaa mode should be reflected in runtime auth
 pipeline. Avoid using deprecated multi_tenancy flag. Instead peek at API
 server object to manipulate the pipeline

Change-Id: Iea5ca7652ffd5c89102cb2639f7888db651a9fbb
Closes-Bug: #1650417
(cherry picked from commit c38d160f0ba33aefce4f2538315255eaf97e7031)
---
 src/config/api-server/vnc_auth_keystone.py  | 12 ++++--------
 src/config/api-server/vnc_cfg_api_server.py | 16 ++++------------
 2 files changed, 8 insertions(+), 20 deletions(-)

diff --git a/src/config/api-server/vnc_auth_keystone.py b/src/config/api-server/vnc_auth_keystone.py
index 6e3969bd0ed..9c714e57aa5 100644
--- a/src/config/api-server/vnc_auth_keystone.py
+++ b/src/config/api-server/vnc_auth_keystone.py
@@ -82,17 +82,14 @@ def start_http_server(self):
 
 class AuthPreKeystone(object):
 
-    def __init__(self, app, conf, multi_tenancy, server_mgr):
+    def __init__(self, app, conf, server_mgr):
         self.app = app
         self.conf = conf
-        self.mt = multi_tenancy
         self.server_mgr = server_mgr
 
-    def get_mt(self):
-        return self.mt
-
-    def set_mt(self, value):
-        self.mt = value
+    @property
+    def mt(self):
+        return self.server_mgr.is_multi_tenancy_set()
 
     def path_in_white_list(self, path):
         for pattern in self.conf['api_server'].white_list:
@@ -216,7 +213,6 @@ def get_middleware_app(self):
         app = AuthPreKeystone(
             auth_middleware,
             { 'api_server': self._server_mgr },
-            self._multi_tenancy,
             self._server_mgr)
 
         return app
diff --git a/src/config/api-server/vnc_cfg_api_server.py b/src/config/api-server/vnc_cfg_api_server.py
index 54a37b5c618..ccc13ce683d 100644
--- a/src/config/api-server/vnc_cfg_api_server.py
+++ b/src/config/api-server/vnc_cfg_api_server.py
@@ -1863,7 +1863,7 @@ def obj_perms_http_get(self):
                 'token_info': None,
                 'is_cloud_admin_role': False,
                 'is_global_read_only_role': False,
-                'permissions': PERMS_RWX
+                'permissions': 'RWX'
             }
             return result
 
@@ -3495,17 +3495,9 @@ def vn_subnet_ip_count_http_post(self, id):
         return result
     # end vn_subnet_ip_count_http_post
 
-    def set_mt(self, multi_tenancy):
-        pipe_start_app = self.get_pipe_start_app()
-        try:
-            pipe_start_app.set_mt(multi_tenancy)
-        except AttributeError:
-            pass
-        self._args.multi_tenancy = multi_tenancy
-    # end
-
+    # check if token validatation needed
     def is_multi_tenancy_set(self):
-        return self._args.multi_tenancy or self.aaa_mode != 'no-auth'
+        return self.aaa_mode != 'no-auth'
 
     def is_rbac_enabled(self):
         return self.aaa_mode == 'rbac'
@@ -3530,7 +3522,7 @@ def mt_http_put(self):
         if data is None:
             raise cfgm_common.exceptions.HttpError(403, " Permission denied")
 
-        self.set_mt(multi_tenancy)
+        self.aaa_mode = "cloud-admin" if multi_tenancy else "no-auth"
         return {'enabled': self.is_multi_tenancy_set()}
     # end