From: Christophe Courtaut <christophe.courtaut@gmail.com>
Date: Thu, 4 Jul 2013 07:57:56 +0000 (+0200)
Subject: rgw: Use keystone password to validate token too
X-Git-Tag: v0.73~53^2~1
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=5733f9cebf06511bda5186fb0073b907273dc28b;p=ceph.git

rgw: Use keystone password to validate token too

Adds the alternative use of password, instead of admin token,
to validate tokens.

Signed-off-by: Christophe Courtaut <christophe.courtaut@gmail.com>
---

diff --git a/src/rgw/rgw_swift.cc b/src/rgw/rgw_swift.cc
index d68dbe882285..00af259a8561 100644
--- a/src/rgw/rgw_swift.cc
+++ b/src/rgw/rgw_swift.cc
@@ -489,10 +489,16 @@ int RGWSwift::validate_keystone_token(RGWRados *store, const string& token, stru
     }
     if (url[url.size() - 1] != '/')
       url.append("/");
+    std::string admin_token;
+    if (get_keystone_admin_token(admin_token) < 0)
+      return -EINVAL;
+    if (get_keystone_url(url) < 0)
+      return -EINVAL;
+
     url.append("v2.0/tokens/");
     url.append(token);
 
-    validate.append_header("X-Auth-Token", g_conf->rgw_keystone_admin_token);
+    validate.append_header("X-Auth-Token", admin_token);
 
     int ret = validate.process(url.c_str());
     if (ret < 0)