rgw: fixing tempest ObjectTestACLs and ObjectACLsNegativeTest cases

The issue was introduced in https://github.com/ceph/ceph/commit/d82ff164505cd7a7abe6937879052ad03f1da939
and backported to Squid by: https://github.com/ceph/ceph/commit/f0fb48d19409c012ae8422304b63ca013c1055db

As a result rgw couldn't find the correct bucket in case the user from different tenant
was given access to the container using ACL, because rgw started to look inside the
user's tenant, but not the tenant from the request.
This partial revert helps to fix the issue

Signed-off-by: Alexey Odinokov <alexey.odinokov.82@gmail.com>

diff --git a/src/rgw/rgw_rest_swift.cc b/src/rgw/rgw_rest_swift.cc
index 88af0fc9c273600b36553223bb20579404e37231..52f3b4fb2b8141f12665967a5021236f9b358105 100644 (file)
--- a/src/rgw/rgw_rest_swift.cc
+++ b/src/rgw/rgw_rest_swift.cc
@@ -2947,7 +2947,10 @@ int RGWHandler_REST_SWIFT::postauth_init(optional_yield y)
       && s->user->get_id().id == RGW_USER_ANON_ID) {
     s->bucket_tenant = s->account_name;
   } else {
-    s->bucket_tenant = s->auth.identity->get_tenant();
+    /* tenant must be taken from request. Can't use auth.identity->get_tenant(),
+       because there are cases when users from different tenant may be granted
+       access via ACL to this bucket */
+    s->bucket_tenant = s->user->get_tenant();
   }
   s->bucket_name = t->url_bucket;