OPTION(rgw_keystone_revocation_interval, OPT_INT, 15 * 60) // seconds between tokens revocation check
OPTION(rgw_keystone_verify_ssl, OPT_BOOL, true) // should we try to verify keystone's ssl
OPTION(rgw_keystone_implicit_tenants, OPT_BOOL, false) // create new users in their own tenants of the same name
+OPTION(rgw_cross_domain_policy, OPT_STR, "<allow-access-from domain=\"*\" secure=\"false\" />")
+OPTION(rgw_healthcheck_disabling_path, OPT_STR, "") // path that existence causes the healthcheck to respond 503
OPTION(rgw_s3_auth_use_rados, OPT_BOOL, true) // should we try to use the internal credentials for s3?
OPTION(rgw_s3_auth_use_keystone, OPT_BOOL, false) // should we try to use keystone for s3?
+ OPTION(rgw_s3_auth_aws4_force_boto2_compat, OPT_BOOL, true) // force aws4 auth boto2 compatibility
/* OpenLDAP-style LDAP parameter strings */
/* rgw_ldap_uri space-separated list of LDAP servers in URI format */
class RGW_Auth_S3 {
private:
- static std::mutex mtx;
- static rgw::LDAPHelper* ldh;
-
static int authorize_v2(RGWRados *store, struct req_state *s);
- static int authorize_v4(RGWRados *store, struct req_state *s);
+ static int authorize_v4(RGWRados *store, struct req_state *s, bool force_boto2_compat = true);
static int authorize_v4_complete(RGWRados *store, struct req_state *s,
const string& request_payload,
bool unsigned_payload);
projects / ceph-ci.git / commitdiff