Juniper Openstack

rbac: updating aaa_mode to no-auth via rest api doesnt reset mt flag

Bug #1650417 reported by Senthilnathan Murugappan on 2016-12-15

This bug affects 1 person

	Status	Importance	Assigned to	Milestone
Juniper Openstack	Status tracked in Trunk
R3.1	Fix Committed	Medium	Deepinder Setia	Juniper Openstack r3.1.3.0
R3.2	Fix Committed	Medium	Deepinder Setia	Juniper Openstack r3.2.1.0
Trunk	Fix Committed	Medium	Deepinder Setia	Juniper Openstack r4.0.0.0-fcs "r4.0.0.0"

Bug Description

1) Update aaa_mode to no-auth from rbac via rest api
2) create VN
3) read back the VN would fail with below traces

aaa_mode_http_put should reset self._multi_tenancy flag when aaa-mode is updated to 'no-auth' via rest api.

self = <vnc_cfg_api_server.vnc_perms.VncPermissions object>
self.validate_perms = <bound method VncPermissions.validate_perms of <vnc_cfg_api_server.vnc_perms.VncPermissions object>>
request = <BaseRequest: GET http://127.0.0.1/virtual-netwo...961d-363a71968567&exclude_hrefs=True&detail=True>
id = 'a893db67-7c76-4ab8-a2a9-ec2c1f5c6be8'
global PERMS_R = 4
id_perms = {'global_access': 5, 'owner': 'cloud-admin', 'owner_access': 7, 'share': []}

/usr/lib/python2.7/dist-packages/vnc_cfg_api_server/vnc_perms.py in validate_perms(self=<vnc_cfg_api_server.vnc_perms.VncPermissions object>, request=<BaseRequest: GET http://127.0.0.1/virtual-netwo...961d-363a71968567&exclude_hrefs=True&detail=True>, uuid='a893db67-7c76-4ab8-a2a9-ec2c1f5c6be8', mode=4, id_perms={'global_access': 5, 'owner': 'cloud-admin', 'owner_access': 7, 'share': []})
   62 return (True, 'R')
   63
   64 owner = id_perms['permissions']['owner']
   65 group = id_perms['permissions']['group']
   66 perms = id_perms['permissions']['owner_access'] << 6 | \
owner undefined
id_perms = {'global_access': 5, 'owner': 'cloud-admin', 'owner_access': 7, 'share': []}

Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/vnc_cfg_api_server/vnc_cfg_api_server.py", line 1697, in handler_trap_exception
    response = handler(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/cfgm_common/vnc_api_stats.py", line 17, in wrapper
    response = func(api_server_obj, resource_type, *args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/vnc_cfg_api_server/vnc_cfg_api_server.py", line 1126, in http_resource_list
    req_fields, include_shared, exclude_hrefs)
  File "/usr/lib/python2.7/dist-packages/vnc_cfg_api_server/vnc_cfg_api_server.py", line 3116, in _list_collection
    obj_result = self.obj_view(resource_type, obj_result)
  File "/usr/lib/python2.7/dist-packages/vnc_cfg_api_server/vnc_cfg_api_server.py", line 738, in obj_view
    if self._permissions.check_perms_read(get_request(), l['uuid'], id_perms=uuid_to_perms2[l['uuid']])[0] == True]
  File "/usr/lib/python2.7/dist-packages/vnc_cfg_api_server/vnc_perms.py", line 214, in check_perms_read
    return self.validate_perms(request, id, PERMS_R, id_perms)
  File "/usr/lib/python2.7/dist-packages/vnc_cfg_api_server/vnc_perms.py", line 64, in validate_perms
    owner = id_perms['permissions']['owner']
KeyError: 'permissions'

Tags:

Senthilnathan Murugappan (msenthil) on 2016-12-15

Changed in juniperopenstack:
importance:	Undecided → Medium