rgw: log identity applier metadata in ops logs
As relevant, logs the access key id, subuser, and whether a request was made
via a temp_url in the ops logs for auditing purposes.
Fixes: https://tracker.ceph.com/issues/53367
Signed-off-by: Cory Snyder <csnyder@iland.com>
(cherry picked from commit
ebf4209fa74e6cfa56aa364e8164304b86fca0b3)
Conflicts:
src/rgw/rgw_auth.cc
src/rgw/rgw_auth.h
src/rgw/rgw_auth_s3.h
src/rgw/rgw_rest_s3.cc
src/rgw/rgw_swift_auth.cc
src/rgw/rgw_swift_auth.h
Cherry-pick notes:
rgw_auth.h:
- get_role_tenant, get_acct_name, get_subuser return non-qualified string in Pacific
- LocalApplier constructor uses boost::optional for perm_mask in Pacific
- create_apl_local uses boost::optional for perm_mask in Pacific
rgw_auth.cc:
- AnonymousEngine::authenticate call to apl_factory->create_apl_local takes boost::none in Pacific
rgw_auth_s3.h:
- create_apl_remote formatting different in Pacific
- create_apl_local uses boost::optional for perm_mask in Pacific
rgw_rest_s3.cc:
- LocalEngine::authenticate call to apl_factory->create_apl_local takes boost::none in Pacific
- STSEngine::authenticate call to apl_factory->create_apl_local takes boost::none in Pacific
rgw_swift_auth.cc:
- ExternalTokenEngine::authenticate call to apl_factory->create_apl_local takes boost::none in Pacific
- SignedTokenEngine::authenticate call to apl_factory->create_apl_local takes boost::none in Pacific
rgw_swift_auth.h:
- TempURLApplier constructor initialization of LocalApplier takes boost::none in Pacific
- SwiftAnonymousApplier constructor initialization of LocalApplier takes boost::none in Pacific
- create_apl_local uses boost::optional for perm_mask in Pacific
projects / ceph.git / commit