void KeystoneAdminTokenRequestVer3::dump(Formatter * const f) const
{
f->open_object_section("token_request");
- f->open_object_section("auth");
- f->open_object_section("identity");
- f->open_array_section("methods");
- f->dump_string("", "password");
+ f->open_object_section("auth");
+ f->open_object_section("identity");
+ f->open_array_section("methods");
+ f->dump_string("", "password");
+ f->close_section();
+ f->open_object_section("password");
+ f->open_object_section("user");
+ f->open_object_section("domain");
+ encode_json("name", cct->_conf->rgw_keystone_admin_domain, f);
+ f->close_section();
+ encode_json("name", cct->_conf->rgw_keystone_admin_user, f);
+ encode_json("password", cct->_conf->rgw_keystone_admin_password, f);
+ f->close_section();
+ f->close_section();
f->close_section();
- f->open_object_section("password");
- f->open_object_section("user");
+ f->open_object_section("scope");
+ f->open_object_section("project");
+ if (!cct->_conf->rgw_keystone_admin_project.empty()) {
+ encode_json("name", cct->_conf->rgw_keystone_admin_project, f);
+ } else {
+ encode_json("name", cct->_conf->rgw_keystone_admin_tenant, f);
+ }
f->open_object_section("domain");
encode_json("name", cct->_conf->rgw_keystone_admin_domain, f);
f->close_section();
- encode_json("name", cct->_conf->rgw_keystone_admin_user, f);
- encode_json("password", cct->_conf->rgw_keystone_admin_password, f);
f->close_section();
f->close_section();
f->close_section();
- f->open_object_section("scope");
- f->open_object_section("project");
- if (!cct->_conf->rgw_keystone_admin_project.empty()) {
- encode_json("name", cct->_conf->rgw_keystone_admin_project, f);
- }
- else {
- encode_json("name", cct->_conf->rgw_keystone_admin_tenant, f);
- }
- f->open_object_section("domain");
- encode_json("name", cct->_conf->rgw_keystone_admin_domain, f);
- f->close_section();
- f->close_section();
- f->close_section();
- f->close_section();
f->close_section();
}
const string& auth_id, const string& auth_token, const string& auth_sign) {
/* prepare keystone url */
string keystone_url = cct->_conf->rgw_keystone_url;
- string keystone_version = cct->_conf->rgw_keystone_api_version;
- if (keystone_url[keystone_url.size() - 1] != '/')
+ if (keystone_url[keystone_url.size() - 1] != '/') {
keystone_url.append("/");
+ }
+
if (KeystoneService::get_api_version() == KeystoneApiVersion::VER_3) {
keystone_url.append("v3/s3tokens");
- }
- else {
+ } else {
keystone_url.append("v2.0/s3tokens");
}
}
/* everything seems fine, continue with this user */
- ldout(cct, 5) << "s3 keystone: validated token: " << response.get_project_name() << ":" << response.get_user_name() << " expires: " << response.get_expires() << dendl;
+ ldout(cct, 5) << "s3 keystone: validated token: " << response.get_project_name()
+ << ":" << response.get_user_name()
+ << " expires: " << response.get_expires() << dendl;
return 0;
}
char *l = line;
char *tok = strsep(&l, " \t:");
if (tok) {
- while (l && *l == ' ')
+ while (l && *l == ' ') {
l++;
+ }
if (strcasecmp(tok, "X-Subject-Token") == 0) {
subject_token = l;
}
}
}
- if (s != end)
+ if (s != end) {
*p++ = *s++;
+ }
}
return 0;
}
bufferlist bl;
RGWGetRevokedTokens req(cct, &bl);
- if (get_keystone_admin_token(token) < 0)
+ if (get_keystone_admin_token(token) < 0) {
return -EINVAL;
- if (get_keystone_url(url) < 0)
+ }
+ if (get_keystone_url(url) < 0) {
return -EINVAL;
+ }
req.append_header("X-Auth-Token", token);
const auto keystone_version = KeystoneService::get_api_version();
} else if (keystone_version == KeystoneApiVersion::VER_3) {
url.append("v3/auth/tokens/OS-PKI/revoked");
}
+
req.set_send_length(0);
int ret = req.process(url.c_str());
- if (ret < 0)
+ if (ret < 0) {
return ret;
+ }
bl.append((char)0); // NULL terminate for debug output
}
if (!found) {
- ldout(cct, 0) << "user does not hold a matching role; required roles: " << g_conf->rgw_keystone_accepted_roles << dendl;
+ ldout(cct, 0) << "user does not hold a matching role; required roles: "
+ << g_conf->rgw_keystone_accepted_roles << dendl;
return -EPERM;
}
- ldout(cct, 0) << "validated token: " << t.get_project_name() << ":" << t.get_user_name() << " expires: " << t.get_expires() << dendl;
+ ldout(cct, 0) << "validated token: " << t.get_project_name()
+ << ":" << t.get_user_name()
+ << " expires: " << t.get_expires() << dendl;
rgw_set_keystone_token_auth_info(t, info);
return ret;
if (t.expired()) {
- ldout(cct, 0) << "got expired token: " << t.get_project_name() << ":" << t.get_user_name() << " expired: " << t.get_expires() << dendl;
+ ldout(cct, 0) << "got expired token: " << t.get_project_name()
+ << ":" << t.get_user_name()
+ << " expired: " << t.get_expires() << dendl;
return -EPERM;
}
projects / ceph.git / commitdiff