From: Deepika Upadhyay <deepika.upadhyay@clyso.com>
Date: Mon, 28 Oct 2024 09:19:52 +0000 (+0530)
Subject: rgw: make keystone work without admin token(service ac requirement)
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=55ce1782e159190fd9202b6e270a1a2c470b0626;p=ceph.git

rgw: make keystone work without admin token(service ac requirement)

Ceph RGW admin credentials must not be a requirement.
Both ec2 auth and keystone token validation work without an admin token.

And the user token verification will use its own token. The only
requirement for the service admin user token is the allow_expired, but
in our case we don't use this parameter.

fixes: https://tracker.ceph.com/issues/68327

Co-authored-by: @kayrus
Signed-off-by: Deepika Upadhyay <deepika.upadhyay@clyso.com>
---

diff --git a/src/rgw/rgw_auth_keystone.cc b/src/rgw/rgw_auth_keystone.cc
index 7f3bd66a1b95..e74fe97bf778 100644
--- a/src/rgw/rgw_auth_keystone.cc
+++ b/src/rgw/rgw_auth_keystone.cc
@@ -78,7 +78,12 @@ admin_token_retry:
     throw -EINVAL;
   }
 
-  validate.append_header("X-Auth-Token", admin_token);
+  if (allow_expired) {
+    validate.append_header("X-Auth-Token", admin_token);
+  } else {
+    validate.append_header("X-Auth-Token", token);
+  }
+
   validate.set_send_length(0);
 
   validate.set_url(url);