From: Yuval Lifshitz <ylifshit@redhat.com>
Date: Thu, 24 Jun 2021 14:55:24 +0000 (+0300)
Subject: rgw/notifications: support v4 auth for topics and notifications
X-Git-Tag: v16.2.7~113^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=7f0db99ce9d83fbac344cb3e651683e671da29f2;p=ceph.git

rgw/notifications: support v4 auth for topics and notifications

Fixes: https://tracker.ceph.com/issues/50039

Signed-off-by: Yuval Lifshitz <ylifshit@redhat.com>
(cherry picked from commit d1b5084cd7700012947bf4686e45f807965e0b1d)

Conflicts:
	src/test/rgw/bucket_notification/api.py
	src/test/rgw/rgw_multi/zone_ps.py
---

diff --git a/examples/boto3/README.md b/examples/boto3/README.md
index be6799da9c2a..52f43746d980 100644
--- a/examples/boto3/README.md
+++ b/examples/boto3/README.md
@@ -14,11 +14,6 @@ The standard [AWS CLI](https://docs.aws.amazon.com/cli/latest/) may also be used
 aws --endpoint-url http://localhost:8000 s3api list-objects --bucket=mybucket --allow-unordered
 ```
 
-- Use the following command to set SNS signature to s3v2:
-```
-aws configure set default.sns.signature_version s3
-```
-
 - Topic creation with endpoint:
 ```
 aws --endpoint-url http://localhost:8000 sns create-topic --name=mytopic --attributes='{"push-endpoint": "amqp://localhost:5672", "amqp-exchange": "ex1", "amqp-ack-level": "broker"}'
diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index a7998eadf40a..204706b4bee9 100644
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -5263,7 +5263,11 @@ AWSGeneralAbstractor::get_auth_data_v4(const req_state* const s,
       s->op_type == RGW_OP_CREATE_OIDC_PROVIDER ||
       s->op_type == RGW_OP_DELETE_OIDC_PROVIDER ||
       s->op_type == RGW_OP_GET_OIDC_PROVIDER ||
-      s->op_type == RGW_OP_LIST_OIDC_PROVIDERS) {
+      s->op_type == RGW_OP_LIST_OIDC_PROVIDERS ||
+      s->op_type == RGW_OP_PUBSUB_TOPIC_CREATE ||
+      s->op_type == RGW_OP_PUBSUB_TOPICS_LIST ||
+      s->op_type == RGW_OP_PUBSUB_TOPIC_GET ||
+      s->op_type == RGW_OP_PUBSUB_TOPIC_DELETE) {
     is_non_s3_op = true;
   }
 
@@ -5361,6 +5365,8 @@ AWSGeneralAbstractor::get_auth_data_v4(const req_state* const s,
         case RGW_OP_PUT_LC:
         case RGW_OP_SET_REQUEST_PAYMENT:
         case RGW_OP_PUBSUB_NOTIF_CREATE:
+        case RGW_OP_PUBSUB_NOTIF_DELETE:
+        case RGW_OP_PUBSUB_NOTIF_LIST:
         case RGW_OP_PUT_BUCKET_OBJ_LOCK:
         case RGW_OP_PUT_OBJ_RETENTION:
         case RGW_OP_PUT_OBJ_LEGAL_HOLD:
diff --git a/src/test/rgw/rgw_multi/zone_ps.py b/src/test/rgw/rgw_multi/zone_ps.py
index 9f55626d2118..0553f8061b70 100644
--- a/src/test/rgw/rgw_multi/zone_ps.py
+++ b/src/test/rgw/rgw_multi/zone_ps.py
@@ -18,8 +18,7 @@ def put_object_tagging(conn, bucket_name, key, tags):
     client = boto3.client('s3',
             endpoint_url='http://'+conn.host+':'+str(conn.port),
             aws_access_key_id=conn.aws_access_key_id,
-            aws_secret_access_key=conn.aws_secret_access_key,
-            config=Config(signature_version='s3'))
+            aws_secret_access_key=conn.aws_secret_access_key)
     return client.put_object(Body='aaaaaaaaaaa', Bucket=bucket_name, Key=key, Tagging=tags)
 
 
@@ -27,8 +26,7 @@ def get_object_tagging(conn, bucket, object_key):
     client = boto3.client('s3',
             endpoint_url='http://'+conn.host+':'+str(conn.port),
             aws_access_key_id=conn.aws_access_key_id,
-            aws_secret_access_key=conn.aws_secret_access_key,
-            config=Config(signature_version='s3'))
+            aws_secret_access_key=conn.aws_secret_access_key)
     return client.get_object_tagging(
                 Bucket=bucket, 
                 Key=object_key
@@ -156,8 +154,7 @@ def delete_all_s3_topics(zone, region):
                 aws_access_key_id=conn.aws_access_key_id,
                 aws_secret_access_key=conn.aws_secret_access_key,
                 region_name=region,
-                verify='./cert.pem',
-                config=Config(signature_version='s3'))
+                verify='./cert.pem')
 
         topics = client.list_topics()['Topics']
         for topic in topics:
@@ -206,8 +203,7 @@ class PSTopicS3:
                            aws_access_key_id=conn.aws_access_key_id,
                            aws_secret_access_key=conn.aws_secret_access_key,
                            region_name=region,
-                           verify='./cert.pem',
-                           config=Config(signature_version='s3'))
+                           verify='./cert.pem')
 
 
     def get_config(self):
@@ -335,8 +331,7 @@ class PSNotificationS3:
         self.client = boto3.client('s3',
                                    endpoint_url='http://'+conn.host+':'+str(conn.port),
                                    aws_access_key_id=conn.aws_access_key_id,
-                                   aws_secret_access_key=conn.aws_secret_access_key,
-                                   config=Config(signature_version='s3'))
+                                   aws_secret_access_key=conn.aws_secret_access_key)
 
     def send_request(self, method, parameters=None):
         """send request to radosgw"""