From da76c6c402c2a5a2fe90901010c2ca00fedafd9d Mon Sep 17 00:00:00 2001
From: Deepinder Setia <dsetia@juniper.net>
Date: Wed, 3 Aug 2016 00:19:05 -0700
Subject: [PATCH] When rbac is configured (aaa_mode is rbac), setup neutron
 pipeline to pass user token to API server

Change-Id: I0d9e9b6559423ae74ba042333e1a5b54f0e91c84
Closes-Bug: #1583241
---
 contrail_provisioning/config/openstack.py                 | 1 +
 .../config/scripts/quantum-server-setup.sh                | 8 ++++++++
 2 files changed, 9 insertions(+)

diff --git a/contrail_provisioning/config/openstack.py b/contrail_provisioning/config/openstack.py
index b9f3bdac..4285e658 100755
--- a/contrail_provisioning/config/openstack.py
+++ b/contrail_provisioning/config/openstack.py
@@ -141,6 +141,7 @@ def build_ctrl_details(self):
         else:
             ctrl_infos.append('QUANTUM=%s' % self.cfgm_ip)
         ctrl_infos.append('QUANTUM_PORT=%s' % self._args.quantum_port)
+        ctrl_infos.append('AAA_MODE=%s' % (self._args.aaa_mode or ''))
 
         self.update_vips_in_ctrl_details(ctrl_infos)
 
diff --git a/contrail_provisioning/config/scripts/quantum-server-setup.sh b/contrail_provisioning/config/scripts/quantum-server-setup.sh
index c7cccc1f..52afcd97 100755
--- a/contrail_provisioning/config/scripts/quantum-server-setup.sh
+++ b/contrail_provisioning/config/scripts/quantum-server-setup.sh
@@ -145,6 +145,14 @@ if [ -d /etc/neutron ]; then
 
     openstack-config --del /etc/neutron/neutron.conf service_providers service_provider
     openstack-config --set /etc/neutron/neutron.conf service_providers service_provider LOADBALANCER:Opencontrail:neutron_plugin_contrail.plugins.opencontrail.loadbalancer.driver.OpencontrailLoadbalancerDriver:default
+
+    ret_val=`grep "keystone = user_token" /etc/neutron/api-paste.ini > /dev/null;echo $?`
+    if [ "$AAA_MODE" == "rbac" ] && [ $ret_val == 1 ]; then
+        sed -i 's/keystone =/keystone = user_token/' /etc/neutron/api-paste.ini
+        openstack-config --set /etc/neutron/api-paste.ini filter:user_token paste.filter_factory neutron_plugin_contrail.plugins.opencontrail.neutron_middleware:token_factory
+    elif [ "$AAA_MODE" != "rbac" ] && [ $ret_val != 1 ]; then
+        sed -i 's/keystone = user_token/keystone =/' /etc/neutron/api-paste.ini
+    fi
 else
     openstack-config --set /etc/quantum/quantum.conf DEFAULT core_plugin quantum.plugins.contrail.ContrailPlugin.ContrailPlugin