rgw: AWSv4's completer_factory takes the secret_key optionally.

Signed-off-by: Radoslaw Zarzynski <rzarzynski@mirantis.com>

diff --git a/src/rgw/rgw_auth_keystone.cc b/src/rgw/rgw_auth_keystone.cc
index 99a257178730e63051738de91d001531495f5fc0..614f837cecb7f45d9c383df6538a168e8706c99f 100644 (file)
--- a/src/rgw/rgw_auth_keystone.cc
+++ b/src/rgw/rgw_auth_keystone.cc
@@ -475,7 +475,7 @@ rgw::auth::Engine::result_t EC2Engine::authenticate(
 
     auto apl = apl_factory->create_apl_remote(cct, s, get_acl_strategy(*t),
                                               get_creds_info(*t, accepted_roles.admin));
-    return result_t::grant(std::move(apl), completer_factory());
+    return result_t::grant(std::move(apl), completer_factory(boost::none));
   }
 }
 

diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index 2bd30f974c21963e23b8f95851ddd1762ba813a7..42950811591bf95d77cf2a540fae9e82846c99f4 100644 (file)
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -4210,7 +4210,7 @@ rgw::auth::s3::LDAPEngine::authenticate(
 
   auto apl = apl_factory->create_apl_remote(cct, s, get_acl_strategy(),
                                             get_creds_info(base64_token));
-  return result_t::grant(std::move(apl), completer_factory());
+  return result_t::grant(std::move(apl), completer_factory(boost::none));
 }
 
 
@@ -4258,5 +4258,5 @@ rgw::auth::s3::LocalEngine::authenticate(
   }
 
   auto apl = apl_factory->create_apl_local(cct, s, user_info, k.subuser);
-  return result_t::grant(std::move(apl), completer_factory());
+  return result_t::grant(std::move(apl), completer_factory(k.key));
 }

diff --git a/src/rgw/rgw_rest_s3.h b/src/rgw/rgw_rest_s3.h
index df23f210a74459578e8ba267162d42d5a05753fe..0cb51bfb6e117b564774175f655c37269a523c8d 100644 (file)
--- a/src/rgw/rgw_rest_s3.h
+++ b/src/rgw/rgw_rest_s3.h
@@ -689,9 +689,11 @@ public:
                                 const std::string& string_to_sign)>;
 
     /* Return an instance of Completer for verifying the payload's fingerprint
-     * if necessary. Otherwise caller gets nullptr. */
+     * if necessary. Otherwise caller gets nullptr. Caller may provide secret
+     * key */
     using completer_factory_t = \
-      std::function<rgw::auth::Completer::cmplptr_t(void)>;
+      std::function<rgw::auth::Completer::cmplptr_t(
+        const boost::optional<std::string>& secret_key)>;
 
     virtual std::tuple<access_key_id_t,
                        signature_t,