rgw/multisite: forwarded bucket create requests reflect empty tenants as they

are requested by system user. this fix overloads SysReqApplier::get_tenant()
with effective_owner's tenant to ensure proper bucket ownership when there
is tenant involved.

Signed-off-by: Shilpa Jagannath <smanjara@redhat.com>

diff --git a/qa/suites/rgw/multisite/tasks/test_multi.yaml b/qa/suites/rgw/multisite/tasks/test_multi.yaml
index 422535db6099c0f6dfafaeed22a31a4e651e1ae7..a72ac028a4a6428caebb2ef5328f7f24de7bef00 100644 (file)
--- a/qa/suites/rgw/multisite/tasks/test_multi.yaml
+++ b/qa/suites/rgw/multisite/tasks/test_multi.yaml
@@ -15,3 +15,4 @@ tasks:
 - rgw-multisite-tests:
     config:
       reconfigure_delay: 90
+      tenant: testx

diff --git a/src/rgw/rgw_auth_filters.h b/src/rgw/rgw_auth_filters.h
index 7d264197c5267021d13d3be6b0b820f61b0324f3..928389804de48b5b43ec8cd717e58c7f5499fa52 100644 (file)
--- a/src/rgw/rgw_auth_filters.h
+++ b/src/rgw/rgw_auth_filters.h
@@ -238,6 +238,7 @@ class SysReqApplier : public DecoratedApplier<T> {
   const RGWHTTPArgs& args;
   mutable boost::tribool is_system;
   mutable std::optional<ACLOwner> effective_owner;
+  mutable std::optional<std::string> effective_tenant;
 
 public:
   template <typename U>
@@ -262,6 +263,14 @@ public:
     }
     return DecoratedApplier<T>::get_aclowner();
   }
+
+  const std::string& get_tenant() const override {
+    if (effective_tenant) {
+      return *effective_tenant;
+    }
+    return DecoratedApplier<T>::get_tenant();
+  }
+
 };
 
 template <typename T>
@@ -287,6 +296,7 @@ auto SysReqApplier<T>::load_acct_info(const DoutPrefixProvider* dpp) const -> st
     std::string str = args.sys_get(RGW_SYS_PARAM_PREFIX "uid");
     if (!str.empty()) {
       effective_owner.emplace();
+
       effective_owner->id = parse_owner(str);
 
       if (const auto* uid = std::get_if<rgw_user>(&effective_owner->id); uid) {
@@ -296,7 +306,17 @@ auto SysReqApplier<T>::load_acct_info(const DoutPrefixProvider* dpp) const -> st
           throw -EACCES;
         }
         effective_owner->display_name = user->get_display_name();
-      }
+        effective_tenant = uid->tenant;
+      } else if (const auto* id = std::get_if<rgw_account_id>(&effective_owner->id); id) {
+        RGWAccountInfo info;
+        rgw::sal::Attrs attrs;
+        RGWObjVersionTracker objv;
+        int r = driver->load_account_by_id(dpp, null_yield, *id, info, attrs, objv);
+        if (r < 0) {
+          throw -EACCES;
+        }
+        effective_tenant = info.tenant;
+     }
     }
   }
   return user;