rgw: the S3's local v2 auth engine becomes a fallback conditionally.

Signed-off-by: Radoslaw Zarzynski <rzarzynski@mirantis.com>

diff --git a/src/rgw/rgw_auth.h b/src/rgw/rgw_auth.h
index fb72c5c5351cb078630b4afa1b0b48f699929f05..b7346f65f5b1e609cb2ee28d3f2814282562d741 100644 (file)
--- a/src/rgw/rgw_auth.h
+++ b/src/rgw/rgw_auth.h
@@ -305,6 +305,10 @@ public:
 
   Engine::result_t authenticate(const req_state* s) const override final;
 
+  bool is_empty() const {
+    return auth_stack.empty();
+  }
+
 private:
   /* Using the reference wrapper here to explicitly point out we are not
    * interested in storing nulls while preserving the dynamic polymorphism. */

diff --git a/src/rgw/rgw_auth_s3.h b/src/rgw/rgw_auth_s3.h
index 4e0fa6fb0ae5c5f317892c14b06c6e8bbe93708c..cbc0bee69af0c1fea710c9fd44e59ff7fb534009 100644 (file)
--- a/src/rgw/rgw_auth_s3.h
+++ b/src/rgw/rgw_auth_s3.h
@@ -105,10 +105,18 @@ public:
       external_engines(cct, store, &extractor),
       local_engine(cct, store, extractor,
                    static_cast<rgw::auth::LocalApplier::Factory*>(this)) {
-    add_engine(Control::SUFFICIENT, external_engines);
+
+    Control local_engine_mode;
+    if (! external_engines.is_empty()) {
+      add_engine(Control::SUFFICIENT, external_engines);
+
+      local_engine_mode = Control::FALLBACK;
+    } else {
+      local_engine_mode = Control::SUFFICIENT;
+    }
 
     if (cct->_conf->rgw_s3_auth_use_rados) {
-      add_engine(Control::FALLBACK, local_engine);
+      add_engine(local_engine_mode, local_engine);
     }
   }