]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph.git/commit
projects / ceph.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 99067b8) | patch
rgw: Swift API anonymous access should 401 35984/head
authorMatthew Oliver <moliver@suse.com>
Thu, 9 Jul 2020 06:13:05 +0000 (06:13 +0000)
committerMatthew Oliver <moliver@suse.com>
Mon, 13 Jul 2020 05:49:17 +0000 (05:49 +0000)
commit67081098dc2dddd80d52d5acd166e68954cae618
tree5f8c3235b00398dc9b9da9187cd629fe9a36165btree | snapshot
parent99067b8dc6422fdef08f8d29d1a0307306baae99commit | diff
rgw: Swift API anonymous access should 401

There was a previous patch to fix this but turns out that only fixed it
for the Swift V1 auth. And it actaully broke keystone because it didn't
take into account the idiosyncrasies of multi tenancy. Which resulted in
the incorect behaviour for keystone. Worse, because it didn't take
tenants properly into account keystone ACLs where broken.

This patch reworks, and simplifies the original patch to work for both
auths. It even extends the ThirdPartyAccountApplier to check for an ANON
user and properly scope it to a tenant.

Fixes: https://tracker.ceph.com/issues/46295
Signed-off-by: Matthew Oliver <moliver@suse.com>
src/rgw/rgw_auth.h diff | blob | history
src/rgw/rgw_auth_filters.h diff | blob | history
src/rgw/rgw_swift_auth.h diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.