git.apps.os.sepia.ceph.com Git

author	Matthew Oliver <moliver@suse.com>
	Thu, 9 Jul 2020 06:13:05 +0000 (06:13 +0000)
committer	Vicente Cheng <freeze.bilsted@gmail.com>
	Mon, 28 Sep 2020 15:07:39 +0000 (15:07 +0000)
commit	82b49688f7a1b8a852732957e5351d7cc2ddca18
tree	4d8ee5f777b82f3d6527c59288ed7442a4a4bc6b	tree \| snapshot
parent	2bf2ca91a57923b012f596959fe621391bbe1f3b	commit \| diff

rgw: Swift API anonymous access should 401

There was a previous patch to fix this but turns out that only fixed it
for the Swift V1 auth. And it actaully broke keystone because it didn't
take into account the idiosyncrasies of multi tenancy. Which resulted in
the incorect behaviour for keystone. Worse, because it didn't take
tenants properly into account keystone ACLs where broken.

This patch reworks, and simplifies the original patch to work for both
auths. It even extends the ThirdPartyAccountApplier to check for an ANON
user and properly scope it to a tenant.

Fixes: https://tracker.ceph.com/issues/46295
Signed-off-by: Matthew Oliver <moliver@suse.com>
(cherry picked from commit 67081098dc2dddd80d52d5acd166e68954cae618)

Conflicts:
src/rgw/rgw_swift_auth.h
- only need to modify the user related code to rgw_user construct

src/rgw/rgw_auth.h		diff \| blob \| history
src/rgw/rgw_auth_filters.h		diff \| blob \| history
src/rgw/rgw_swift_auth.h		diff \| blob \| history