From b5488d296bbbf7fe422947262e4bfad05f6a529e Mon Sep 17 00:00:00 2001
From: Deepinder Setia <dsetia@juniper.net>
Date: Tue, 24 Jan 2017 14:31:36 -0800
Subject: [PATCH] If auth parameter is missing or not set to 'keystone', turn
 off keystone authentication

Closes-Bug: #1659389

Change-Id: Ib5f9760249318a5eb6f93502172d7d65edc403b8
---
 src/config/api-server/tests/test_rbac.py    | 28 +++++++++++++++++++++
 src/config/api-server/vnc_cfg_api_server.py |  2 +-
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/src/config/api-server/tests/test_rbac.py b/src/config/api-server/tests/test_rbac.py
index 33f0d47543d..6329bd6696c 100644
--- a/src/config/api-server/tests/test_rbac.py
+++ b/src/config/api-server/tests/test_rbac.py
@@ -370,6 +370,34 @@ def tearDown(self):
         super(TestRbacAaaModeInvalid, self).tearDown()
     # end tearDown
 
+class TestAuthModeInvalid(test_case.ApiServerTestCase):
+
+    @classmethod
+    def setUpClass(cls):
+        cls.console_handler = logging.StreamHandler()
+        cls.console_handler.setLevel(logging.DEBUG)
+        logger.addHandler(cls.console_handler)
+        extra_config_knobs = [
+            ('DEFAULTS', 'auth', 'no-auth'),
+        ]
+        super(TestAuthModeInvalid, cls).setUpClass(extra_config_knobs=extra_config_knobs)
+
+    @classmethod
+    def tearDownClass(cls, *args, **kwargs):
+        logger.removeHandler(cls.console_handler)
+        super(TestAuthModeInvalid, cls).tearDownClass(*args, **kwargs)
+
+    def setUp(self):
+        super(TestAuthModeInvalid, self).setUp()
+
+    def test_aaa_mode(self):
+        rv = self._api_server.is_auth_disabled()
+        self.assertEquals(rv, True)
+
+    def tearDown(self):
+        super(TestAuthModeInvalid, self).tearDown()
+    # end tearDown
+
 class TestRbac(test_case.ApiServerTestCase):
 
     @classmethod
diff --git a/src/config/api-server/vnc_cfg_api_server.py b/src/config/api-server/vnc_cfg_api_server.py
index d46a90bea4a..c5e77ac6210 100644
--- a/src/config/api-server/vnc_cfg_api_server.py
+++ b/src/config/api-server/vnc_cfg_api_server.py
@@ -1766,7 +1766,7 @@ def get_rabbit_health_check_interval(self):
     # end get_rabbit_health_check_interval
 
     def is_auth_disabled(self):
-        return self._args.auth is None
+        return self._args.auth is None or self._args.auth.lower() != 'keystone'
 
     def is_admin_request(self):
         if not self.is_multi_tenancy_set():