From 42db6e38e55bc2410297a99c2af3bea03faa938c Mon Sep 17 00:00:00 2001
From: Megh Bhatt <meghb@juniper.net>
Date: Fri, 29 Jul 2016 14:22:46 -0700
Subject: [PATCH] Changes to bring analytics authenticated access in sync with
 config

1. Rename aaa_mode value cloud-admin-only to cloud-admin
2. CLOUD_ADMIN_ROLE defaults to admin instead of cloud-admin

Change-Id: Id7d5af81b136a5072c8f7e1e933dcd51521b0709
Partial-Bug: #1607563
---
 src/opserver/opserver.py       | 8 ++++----
 src/sandesh/common/vns.sandesh | 6 ++++--
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/opserver/opserver.py b/src/opserver/opserver.py
index 1e646e2d875..34c7b4e419f 100644
--- a/src/opserver/opserver.py
+++ b/src/opserver/opserver.py
@@ -47,8 +47,8 @@
      ModuleCategoryMap, Module2NodeType, NodeTypeNames, ModuleIds,\
      INSTANCE_ID_DEFAULT, COLLECTOR_DISCOVERY_SERVICE_NAME,\
      ANALYTICS_API_SERVER_DISCOVERY_SERVICE_NAME, ALARM_GENERATOR_SERVICE_NAME, \
-     OpServerAdminPort, CLOUD_ADMIN_ROLE, AnalyticsAPIAAAModes, \
-     AAA_MODE_CLOUD_ADMIN_ONLY, AAA_MODE_NO_AUTH
+     OpServerAdminPort, CLOUD_ADMIN_ROLE, APIAAAModes, \
+     AAA_MODE_CLOUD_ADMIN, AAA_MODE_NO_AUTH
 from sandesh.viz.constants import _TABLES, _OBJECT_TABLES,\
     _OBJECT_TABLE_SCHEMA, _OBJECT_TABLE_COLUMN_VALUES, \
     _STAT_TABLES, STAT_OBJECTID_FIELD, STAT_VT_PREFIX, \
@@ -778,7 +778,7 @@ def _parse_args(self, args_str=' '.join(sys.argv[1:])):
             'partitions'        : 15,
             'sandesh_send_rate_limit': SandeshSystem. \
                  get_sandesh_send_rate_limit(),
-            'aaa_mode'          : AAA_MODE_CLOUD_ADMIN_ONLY,
+            'aaa_mode'          : AAA_MODE_CLOUD_ADMIN,
             'api_server'        : '127.0.0.1:8082',
             'admin_port'        : OpServerAdminPort,
             'cloud_admin_role'  : CLOUD_ADMIN_ROLE,
@@ -907,7 +907,7 @@ def _parse_args(self, args_str=' '.join(sys.argv[1:])):
             help="Sandesh send rate limit in messages/sec")
         parser.add_argument("--cloud_admin_role",
             help="Name of cloud-admin role")
-        parser.add_argument("--aaa_mode", choices=AnalyticsAPIAAAModes,
+        parser.add_argument("--aaa_mode", choices=APIAAAModes,
             help="AAA mode")
         parser.add_argument("--auth_host",
             help="IP address of keystone server")
diff --git a/src/sandesh/common/vns.sandesh b/src/sandesh/common/vns.sandesh
index 0e4d3618184..0d1d6f2ced4 100644
--- a/src/sandesh/common/vns.sandesh
+++ b/src/sandesh/common/vns.sandesh
@@ -507,12 +507,14 @@ const list<string> ThreadPoolNames = [
     COMPACTIONEXECUTOR,
 ]
 
-const string CLOUD_ADMIN_ROLE = "cloud-admin"
+const string CLOUD_ADMIN_ROLE = "admin"
 
 const string AAA_MODE_NO_AUTH = "no-auth"
+const string AAA_MODE_CLOUD_ADMIN = "cloud-admin"
 const string AAA_MODE_CLOUD_ADMIN_ONLY = "cloud-admin-only"
 
-const list <string> AnalyticsAPIAAAModes = [
+const list <string> APIAAAModes = [
     AAA_MODE_NO_AUTH,
+    AAA_MODE_CLOUD_ADMIN,
     AAA_MODE_CLOUD_ADMIN_ONLY,
 ]