rgw/multisite: forwarded bucket create requests reflect empty tenants as they

are requested by system user. this fix overloads SysReqApplier::get_tenant()
with effective_owner's tenant to ensure proper bucket ownership when there
is tenant involved.

Signed-off-by: Shilpa Jagannath <smanjara@redhat.com>
(cherry picked from commit da3545d5847b8f9fe7c89851ee6a1d103a07d808)

Fixes: https://tracker.ceph.com/issues/70269
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>

diff --git a/qa/suites/rgw/multisite/tasks/test_multi.yaml b/qa/suites/rgw/multisite/tasks/test_multi.yaml
index 422535db6099c0f6dfafaeed22a31a4e651e1ae7..a72ac028a4a6428caebb2ef5328f7f24de7bef00 100644 (file)
--- a/qa/suites/rgw/multisite/tasks/test_multi.yaml
+++ b/qa/suites/rgw/multisite/tasks/test_multi.yaml
@@ -15,3 +15,4 @@ tasks:
 - rgw-multisite-tests:
     config:
       reconfigure_delay: 90
+      tenant: testx

diff --git a/src/rgw/rgw_auth_filters.h b/src/rgw/rgw_auth_filters.h
index a93641e8b8eddc30c4ad0cbb2819183ef3b08f55..f9c5b3fdd6963c0cdacc1a69092f5ad947a44f12 100644 (file)
--- a/src/rgw/rgw_auth_filters.h
+++ b/src/rgw/rgw_auth_filters.h
@@ -233,6 +233,7 @@ class SysReqApplier : public DecoratedApplier<T> {
   const RGWHTTPArgs& args;
   mutable boost::tribool is_system;
   mutable std::optional<ACLOwner> effective_owner;
+  mutable std::optional<std::string> effective_tenant;
 
 public:
   template <typename U>
@@ -257,6 +258,14 @@ public:
     }
     return DecoratedApplier<T>::get_aclowner();
   }
+
+  const std::string& get_tenant() const override {
+    if (effective_tenant) {
+      return *effective_tenant;
+    }
+    return DecoratedApplier<T>::get_tenant();
+  }
+
 };
 
 template <typename T>
@@ -282,6 +291,7 @@ void SysReqApplier<T>::load_acct_info(const DoutPrefixProvider* dpp, RGWUserInfo
     std::string str = args.sys_get(RGW_SYS_PARAM_PREFIX "uid");
     if (!str.empty()) {
       effective_owner.emplace();
+
       effective_owner->id = parse_owner(str);
 
       if (const auto* uid = std::get_if<rgw_user>(&effective_owner->id); uid) {
@@ -291,7 +301,17 @@ void SysReqApplier<T>::load_acct_info(const DoutPrefixProvider* dpp, RGWUserInfo
           throw -EACCES;
         }
         effective_owner->display_name = user->get_display_name();
-      }
+        effective_tenant = uid->tenant;
+      } else if (const auto* id = std::get_if<rgw_account_id>(&effective_owner->id); id) {
+        RGWAccountInfo info;
+        rgw::sal::Attrs attrs;
+        RGWObjVersionTracker objv;
+        int r = driver->load_account_by_id(dpp, null_yield, *id, info, attrs, objv);
+        if (r < 0) {
+          throw -EACCES;
+        }
+        effective_tenant = info.tenant;
+     }
     }
   }
 }