rgw: fixing tempest ObjectTestACLs and ObjectACLsNegativeTest cases

The issue was introduced in https://github.com/ceph/ceph/commit/d82ff164505cd7a7abe6937879052ad03f1da939
and backported to Squid by: https://github.com/ceph/ceph/commit/f0fb48d19409c012ae8422304b63ca013c1055db

As a result rgw couldn't find the correct bucket in case the user from different tenant
was given access to the container using ACL, because rgw started to look inside the
user's tenant, but not the tenant from the request.
This partial revert helps to fix the issue

Signed-off-by: Alexey Odinokov <alexey.odinokov.82@gmail.com>
(cherry picked from commit a413adcf8b281f50a72d3fa4dcb30302e599be8c)

diff --git a/src/rgw/rgw_rest_swift.cc b/src/rgw/rgw_rest_swift.cc
index bde5925dfd1a91759fef5db470d66b13e2235b9c..ff20e67c5e5a067983abaf098c3f130a5021f32d 100644 (file)
--- a/src/rgw/rgw_rest_swift.cc
+++ b/src/rgw/rgw_rest_swift.cc
@@ -2950,7 +2950,10 @@ int RGWHandler_REST_SWIFT::postauth_init(optional_yield y)
       && s->user->get_id().id == RGW_USER_ANON_ID) {
     s->bucket_tenant = s->account_name;
   } else {
-    s->bucket_tenant = s->auth.identity->get_tenant();
+    /* tenant must be taken from request. Can't use auth.identity->get_tenant(),
+       because there are cases when users from different tenant may be granted
+       access via ACL to this bucket */
+    s->bucket_tenant = s->user->get_tenant();
   }
   s->bucket_name = t->url_bucket;