From: Yehuda Sadeh Date: Fri, 16 Dec 2016 16:42:10 +0000 (-0800) Subject: Merge pull request #10160 from jmunhoz/bugfix-16463-presigned-url X-Git-Tag: v11.1.1~38 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=ed3e9c1d4d6a60d4873d288baa60595290cabebf;p=ceph.git Merge pull request #10160 from jmunhoz/bugfix-16463-presigned-url rgw: aws4: add presigned url bugfix in runtime Reviewed-by: Yehuda Sadeh --- ed3e9c1d4d6a60d4873d288baa60595290cabebf diff --cc src/common/config_opts.h index 9479e07a96d8,e8ef9b3b8aae..c46dcdd5ecf3 --- a/src/common/config_opts.h +++ b/src/common/config_opts.h @@@ -1399,10 -1329,9 +1399,11 @@@ OPTION(rgw_keystone_token_cache_size, O OPTION(rgw_keystone_revocation_interval, OPT_INT, 15 * 60) // seconds between tokens revocation check OPTION(rgw_keystone_verify_ssl, OPT_BOOL, true) // should we try to verify keystone's ssl OPTION(rgw_keystone_implicit_tenants, OPT_BOOL, false) // create new users in their own tenants of the same name +OPTION(rgw_cross_domain_policy, OPT_STR, "") +OPTION(rgw_healthcheck_disabling_path, OPT_STR, "") // path that existence causes the healthcheck to respond 503 OPTION(rgw_s3_auth_use_rados, OPT_BOOL, true) // should we try to use the internal credentials for s3? OPTION(rgw_s3_auth_use_keystone, OPT_BOOL, false) // should we try to use keystone for s3? + OPTION(rgw_s3_auth_aws4_force_boto2_compat, OPT_BOOL, true) // force aws4 auth boto2 compatibility /* OpenLDAP-style LDAP parameter strings */ /* rgw_ldap_uri space-separated list of LDAP servers in URI format */ diff --cc src/rgw/rgw_rest_s3.h index f6bce8394f95,b7f49306d561..91c73613ab67 --- a/src/rgw/rgw_rest_s3.h +++ b/src/rgw/rgw_rest_s3.h @@@ -451,8 -445,11 +451,8 @@@ public class RGW_Auth_S3 { private: - static std::mutex mtx; - static rgw::LDAPHelper* ldh; - static int authorize_v2(RGWRados *store, struct req_state *s); - static int authorize_v4(RGWRados *store, struct req_state *s); + static int authorize_v4(RGWRados *store, struct req_state *s, bool force_boto2_compat = true); static int authorize_v4_complete(RGWRados *store, struct req_state *s, const string& request_payload, bool unsigned_payload);