rgw: parametrize the implicit tenancy of rgw::auth::RemoteApplier.

Signed-off-by: Radoslaw Zarzynski <rzarzynski@mirantis.com>

diff --git a/src/rgw/rgw_auth.cc b/src/rgw/rgw_auth.cc
index df8193ae8d62e964c28d4d0892de0b746ac9adcc..111c81692974fa4db665ba7630743ef23c960b23 100644 (file)
--- a/src/rgw/rgw_auth.cc
+++ b/src/rgw/rgw_auth.cc
@@ -309,9 +309,9 @@ void rgw::auth::RemoteApplier::create_account(const rgw_user& acct_user,
     user_info.type = info.acct_type;
   }
 
-  /* Administrator may enforce creating new accounts within their own tenants.
-   * The config parameter name is kept due to legacy. */
-  if (new_acct_user.tenant.empty() && g_conf->rgw_keystone_implicit_tenants) {
+  /* An upper layer may enforce creating new accounts within their own
+   * tenants. */
+  if (new_acct_user.tenant.empty() && implicit_tenants) {
     new_acct_user.tenant = new_acct_user.id;
   }
 

diff --git a/src/rgw/rgw_auth.h b/src/rgw/rgw_auth.h
index 458f0ccae63a90e88f9a54300c1ef0a3ce9dab61..0eed7074841138378347b2130e691d2feda9d06f 100644 (file)
--- a/src/rgw/rgw_auth.h
+++ b/src/rgw/rgw_auth.h
@@ -369,6 +369,7 @@ protected:
   const acl_strategy_t extra_acl_strategy;
 
   const AuthInfo info;
+  const bool implicit_tenants;
 
   virtual void create_account(const rgw_user& acct_user,
                               RGWUserInfo& user_info) const;          /* out */
@@ -377,11 +378,13 @@ public:
   RemoteApplier(CephContext* const cct,
                 RGWRados* const store,
                 acl_strategy_t&& extra_acl_strategy,
-                const AuthInfo& info)
+                const AuthInfo& info,
+                const bool implicit_tenants)
     : cct(cct),
       store(store),
       extra_acl_strategy(std::move(extra_acl_strategy)),
-      info(info) {
+      info(info),
+      implicit_tenants(implicit_tenants) {
   }
 
   uint32_t get_perms_from_aclspec(const aclspec_t& aclspec) const override;

diff --git a/src/rgw/rgw_auth_s3.h b/src/rgw/rgw_auth_s3.h
index f52cc7752da725b5dc50a1bdc39236bdb03a157a..4e0fa6fb0ae5c5f317892c14b06c6e8bbe93708c 100644 (file)
--- a/src/rgw/rgw_auth_s3.h
+++ b/src/rgw/rgw_auth_s3.h
@@ -37,7 +37,8 @@ class ExternalAuthStrategy : public rgw::auth::Strategy,
                              const rgw::auth::RemoteApplier::AuthInfo info
                             ) const override {
     auto apl = rgw::auth::add_sysreq(cct, store, s,
-      rgw::auth::RemoteApplier(cct, store, std::move(acl_alg), info));
+      rgw::auth::RemoteApplier(cct, store, std::move(acl_alg), info,
+                               false /* no implicit tenants */));
     /* TODO(rzarzynski): replace with static_ptr. */
     return aplptr_t(new decltype(apl)(std::move(apl)));
   }

diff --git a/src/rgw/rgw_rest_s3.h b/src/rgw/rgw_rest_s3.h
index dcd9311d18c464ab628162bd7409cca8c3d501eb..863195b35b192c247e70b475ef400c0518413210 100644 (file)
--- a/src/rgw/rgw_rest_s3.h
+++ b/src/rgw/rgw_rest_s3.h
@@ -787,7 +787,8 @@ public:
                              const rgw::auth::RemoteApplier::AuthInfo info
                             ) const override {
     return aplptr_t(
-      new rgw::auth::RemoteApplier(cct, store, std::move(acl_alg), info));
+      new rgw::auth::RemoteApplier(cct, store, std::move(acl_alg), info,
+                                   false /* no implicit tenants */));
   }
 
   aplptr_t create_apl_local(CephContext* const cct,

diff --git a/src/rgw/rgw_swift_auth.h b/src/rgw/rgw_swift_auth.h
index a05ae3233b91b532131640d50434316ad8a566ac..3b5397f43b535bdada11c6f52b3fd5398fa30844 100644 (file)
--- a/src/rgw/rgw_swift_auth.h
+++ b/src/rgw/rgw_swift_auth.h
@@ -168,8 +168,8 @@ class DefaultStrategy : public rgw::auth::Strategy,
     auto apl = \
       rgw::auth::add_3rdparty(store, s->account_name,
         rgw::auth::add_sysreq(cct, store, s,
-          rgw::auth::RemoteApplier(cct, store, std::move(extra_acl_strategy),
-                                   info)));
+          rgw::auth::RemoteApplier(cct, store, std::move(extra_acl_strategy), info,
+                                   cct->_conf->rgw_keystone_implicit_tenants)));
     /* TODO(rzarzynski): replace with static_ptr. */
     return aplptr_t(new decltype(apl)(std::move(apl)));
   }