git-server-git.apps.pok.os.sepia.ceph.com Git

author	Matthew Oliver <moliver@suse.com>
	Thu, 9 Jul 2020 06:13:05 +0000 (06:13 +0000)
committer	Nathan Cutler <ncutler@suse.com>
	Wed, 23 Sep 2020 11:17:44 +0000 (13:17 +0200)
commit	a015f4c21f2d89eb9bbd3d2611615ecd7f0e6d6d
tree	c549861e755d2080eeaad3bb3a7ad0bfe2b35585	tree \| snapshot
parent	0d7baa7913276f22ad2cbd8273df8c572134ced3	commit \| diff

rgw: Swift API anonymous access should 401

There was a previous patch to fix this but turns out that only fixed it
for the Swift V1 auth. And it actaully broke keystone because it didn't
take into account the idiosyncrasies of multi tenancy. Which resulted in
the incorect behaviour for keystone. Worse, because it didn't take
tenants properly into account keystone ACLs where broken.

This patch reworks, and simplifies the original patch to work for both
auths. It even extends the ThirdPartyAccountApplier to check for an ANON
user and properly scope it to a tenant.

Fixes: https://tracker.ceph.com/issues/46295
Signed-off-by: Matthew Oliver <moliver@suse.com>
(cherry picked from commit 67081098dc2dddd80d52d5acd166e68954cae618)

src/rgw/rgw_auth.h		diff \| blob \| history
src/rgw/rgw_auth_filters.h		diff \| blob \| history
src/rgw/rgw_swift_auth.h		diff \| blob \| history