- name: rgw_s3_auth_disable_signature_url
type: bool
level: advanced
- desc: Should authentification with presigned URLs be disabled
+ desc: Should authentication with presigned URLs be disabled
long_desc: 'If enabled, any request that is presigned with either V2 or V4 signature will be denied'
default: false
services:
- rgw
+ with_legacy: true
- name: rgw_barbican_url
type: str
level: advanced
AwsRoute route;
std::tie(version, route) = discover_aws_flavour(s->info);
- if (! s->cct->_conf->rgw_s3_auth_disable_signature_url) {
- if (version == AwsVersion::V2) {
- return get_auth_data_v2(s);
- } else if (version == AwsVersion::V4) {
- return get_auth_data_v4(s, route == AwsRoute::QUERY_STRING);
- } else {
- /* FIXME(rzarzynski): handle anon user. */
- throw -EINVAL;
- }
- } else {
- ldpp_dout(s, 0) << "Presigned URLs are disabled by admin" << dendl;
+ if (s->cct->_conf->rgw_s3_auth_disable_signature_url) {
+ ldpp_dout(s, 10) << "Presigned URLs are disabled by admin" << dendl;
throw -ERR_PRESIGNED_URL_DISABLED;
}
+
+ if (version == AwsVersion::V2) {
+ return get_auth_data_v2(s);
+ } else if (version == AwsVersion::V4) {
+ return get_auth_data_v4(s, route == AwsRoute::QUERY_STRING);
+ } else {
+ /* FIXME(rzarzynski): handle anon user. */
+ throw -EINVAL;
+ }
+
}
boost::optional<std::string>
projects / ceph.git / commitdiff