git.apps.os.sepia.ceph.com Git

author	Abhishek Lekshmanan <abhishek@suse.com>
	Thu, 1 Mar 2018 16:22:33 +0000 (17:22 +0100)
committer	Abhishek Lekshmanan <abhishek@suse.com>
	Thu, 9 Aug 2018 08:02:21 +0000 (10:02 +0200)
commit	1b1a317c9d39ffdf003f72e8e9853f0e25a1948c
tree	00c3dde8412601788756ed82cced13081c96fd51	tree \| snapshot
parent	038739ce44531168e90ae95857d8f2ef657665b3	commit \| diff

rgw: have a configurable authentication order

This implements a configurable authentication order, currently used only for s3
authentication and only supporting external & local authentication, though there
is potential for more finegrained control by allowing for a map of various
engines and the control strategy (required vs sufficient vs fallback)

The current implementation just focuses on setting control fallback if the
engine is the last in the order (and hence the stack) and just sets sufficient to
every other element, so that errors from the last sufficient engine is returned.

The configuration option is rgw_s3_auth_order which takes a comma/space seperated
list of authentication engines where currently we support the keywords `external`
and `local`.

Luminous specific changes:
std::string_view -> boost::string_view
auto function return -> return type std::vector<std::string>
if initializer list dropped

Fixes: http://tracker.ceph.com/issues/23089
Signed-off-by: Abhishek Lekshmanan <abhishek@suse.com>
(cherry picked from commit 9c7fc682ca23259037115db3437c2bc9dd91fa22)

src/common/legacy_config_opts.h		diff \| blob \| history
src/common/options.cc		diff \| blob \| history
src/rgw/rgw_auth_s3.h		diff \| blob \| history