git.apps.os.sepia.ceph.com Git

author	Abhishek Lekshmanan <abhishek@suse.com>
	Thu, 1 Mar 2018 16:22:33 +0000 (17:22 +0100)
committer	Prashant D <pdhange@redhat.com>
	Wed, 4 Jul 2018 01:38:11 +0000 (21:38 -0400)
commit	3325319eb0dee359621e58728b308898675e2b3b
tree	adb675476f3738e6bfb51ffc2cebced27274b975	tree \| snapshot
parent	538558b9815a893d9a84dd918fac50557e2d93fe	commit \| diff

rgw: have a configurable authentication order

This implements a configurable authentication order, currently used only for s3
authentication and only supporting external & local authentication, though there
is potential for more finegrained control by allowing for a map of various
engines and the control strategy (required vs sufficient vs fallback)

The current implementation just focuses on setting control fallback if the
engine is the last in the order (and hence the stack) and just sets sufficient to
every other element, so that errors from the last sufficient engine is returned.

The configuration option is rgw_s3_auth_order which takes a comma/space seperated
list of authentication engines where currently we support the keywords `external`
and `local`.

Fixes: http://tracker.ceph.com/issues/23089
Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
(cherry picked from commit 9c7fc682ca23259037115db3437c2bc9dd91fa22)

src/common/legacy_config_opts.h		diff \| blob \| history
src/common/options.cc		diff \| blob \| history
src/rgw/rgw_auth_s3.h		diff \| blob \| history