From: Radoslaw Zarzynski Date: Fri, 15 Jan 2016 14:16:40 +0000 (+0100) Subject: rgw: improve support for Swift's URL schema with account name inside. X-Git-Tag: v10.1.0~163^2~5 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=a99f58278d29fc231122651ae93c61c21d35e334;p=ceph.git rgw: improve support for Swift's URL schema with account name inside. Fixes: #11163 Signed-off-by: Radoslaw Zarzynski --- diff --git a/src/common/config_opts.h b/src/common/config_opts.h index 03d4c6abf008..b006753becf1 100644 --- a/src/common/config_opts.h +++ b/src/common/config_opts.h @@ -1180,6 +1180,7 @@ OPTION(rgw_swift_url_prefix, OPT_STR, "swift") // entry point for which a url is OPTION(rgw_swift_auth_url, OPT_STR, "") // default URL to go and verify tokens for v1 auth (if not using internal swift auth) OPTION(rgw_swift_auth_entry, OPT_STR, "auth") // entry point for which a url is considered a swift auth url OPTION(rgw_swift_tenant_name, OPT_STR, "") // tenant name to use for swift access +OPTION(rgw_swift_account_in_url, OPT_BOOL, false) // assume that URL always contain the account (aka tenant) part OPTION(rgw_swift_enforce_content_length, OPT_BOOL, false) // enforce generation of Content-Length even in cost of performance or scalability OPTION(rgw_keystone_url, OPT_STR, "") // url for keystone server OPTION(rgw_keystone_admin_token, OPT_STR, "") // keystone admin token (shared secret) diff --git a/src/rgw/rgw_common.h b/src/rgw/rgw_common.h index a36484b7faa0..1cb82bec49cd 100644 --- a/src/rgw/rgw_common.h +++ b/src/rgw/rgw_common.h @@ -1176,6 +1176,8 @@ struct req_state { utime_t header_time; /* Set once when url_bucket is parsed and not violated thereafter. */ + string account_name; + string bucket_tenant; string bucket_name; diff --git a/src/rgw/rgw_rest_swift.cc b/src/rgw/rgw_rest_swift.cc index 64ddad702a3c..e0d72e4ac110 100644 --- a/src/rgw/rgw_rest_swift.cc +++ b/src/rgw/rgw_rest_swift.cc @@ -1489,9 +1489,27 @@ int RGWHandler_REST_SWIFT::init_from_header(struct req_state *s) next_tok(req, ver, '/'); - string tenant; - if (!tenant_path.empty()) { - next_tok(req, tenant, '/'); + if (!tenant_path.empty() || g_conf->rgw_swift_account_in_url) { + string account_name; + next_tok(req, account_name, '/'); + + /* Erase all pre-defined prefixes like "AUTH_" or "KEY_". */ + const vector skipped_prefixes = { "AUTH_", "KEY_" }; + + for (const auto pfx : skipped_prefixes) { + const size_t comp_len = min(account_name.length(), pfx.length()); + if (account_name.compare(0, comp_len, pfx) == 0) { + /* Prefix is present. Drop it. */ + account_name = account_name.substr(comp_len); + break; + } + } + + if (account_name.empty()) { + return -ERR_PRECONDITION_FAILED; + } else { + s->account_name = account_name; + } } s->os_auth_token = s->info.env->get("HTTP_X_AUTH_TOKEN"); diff --git a/src/rgw/rgw_swift_auth.cc b/src/rgw/rgw_swift_auth.cc index a689aa2b4c43..32234d7f2c1e 100644 --- a/src/rgw/rgw_swift_auth.cc +++ b/src/rgw/rgw_swift_auth.cc @@ -213,6 +213,9 @@ void RGW_SWIFT_Auth_Get::execute() if (!g_conf->rgw_swift_tenant_name.empty()) { tenant_path = "/AUTH_"; tenant_path.append(g_conf->rgw_swift_tenant_name); + } else if (g_conf->rgw_swift_account_in_url) { + tenant_path = "/AUTH_"; + tenant_path.append(user_str); } STREAM_IO(s)->print("X-Storage-Url: %s/%s/v1%s\r\n", swift_url.c_str(),