From: Radoslaw Zarzynski Date: Thu, 27 Oct 2016 15:42:06 +0000 (+0200) Subject: rgw: only move Keystone-related things into rgw::keystone namespace. X-Git-Tag: v12.0.2~305^2~42 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=f82af9ca95efb6db51b4190aab6643b3f3d96bf8;p=ceph.git rgw: only move Keystone-related things into rgw::keystone namespace. Signed-off-by: Radoslaw Zarzynski Signed-off-by: Matt Benjamin --- diff --git a/src/rgw/rgw_auth.cc b/src/rgw/rgw_auth.cc index 7f1458b10a2..060b10c1235 100644 --- a/src/rgw/rgw_auth.cc +++ b/src/rgw/rgw_auth.cc @@ -284,7 +284,8 @@ bool RGWKeystoneAuthEngine::is_applicable() const noexcept return ! cct->_conf->rgw_keystone_url.empty(); } -KeystoneToken RGWKeystoneAuthEngine::decode_pki_token(const std::string& token) const +rgw::keystone::TokenEnvelope +RGWKeystoneAuthEngine::decode_pki_token(const std::string& token) const { bufferlist token_body_bl; int ret = rgw_decode_b64_cms(cct, token, token_body_bl); @@ -295,7 +296,7 @@ KeystoneToken RGWKeystoneAuthEngine::decode_pki_token(const std::string& token) ldout(cct, 20) << "successfully decoded pki token" << dendl; } - KeystoneToken token_body; + rgw::keystone::TokenEnvelope token_body; ret = token_body.parse(cct, token, token_body_bl); if (ret < 0) { throw ret; @@ -304,28 +305,30 @@ KeystoneToken RGWKeystoneAuthEngine::decode_pki_token(const std::string& token) return token_body; } -KeystoneToken RGWKeystoneAuthEngine::get_from_keystone(const std::string& token) const +rgw::keystone::TokenEnvelope +RGWKeystoneAuthEngine::get_from_keystone(const std::string& token) const { - using RGWValidateKeystoneToken = KeystoneService::RGWValidateKeystoneToken; + using RGWValidateKeystoneToken + = rgw::keystone::Service::RGWValidateKeystoneToken; bufferlist token_body_bl; RGWValidateKeystoneToken validate(cct, &token_body_bl); std::string url; - if (KeystoneService::get_keystone_url(cct, url) < 0) { + if (rgw::keystone::Service::get_keystone_url(cct, url) < 0) { throw -EINVAL; } - const auto keystone_version = KeystoneService::get_api_version(); - if (keystone_version == KeystoneApiVersion::VER_2) { + const auto keystone_version = rgw::keystone::Service::get_api_version(); + if (keystone_version == rgw::keystone::ApiVersion::VER_2) { url.append("v2.0/tokens/" + token); - } else if (keystone_version == KeystoneApiVersion::VER_3) { + } else if (keystone_version == rgw::keystone::ApiVersion::VER_3) { url.append("v3/auth/tokens"); validate.append_header("X-Subject-Token", token); } std::string admin_token; - if (KeystoneService::get_keystone_admin_token(cct, admin_token) < 0) { + if (rgw::keystone::Service::get_keystone_admin_token(cct, admin_token) < 0) { throw -EINVAL; } @@ -355,7 +358,7 @@ KeystoneToken RGWKeystoneAuthEngine::get_from_keystone(const std::string& token) throw -EACCES; } - KeystoneToken token_body; + rgw::keystone::TokenEnvelope token_body; ret = token_body.parse(cct, token, token_body_bl); if (ret < 0) { throw ret; @@ -365,7 +368,7 @@ KeystoneToken RGWKeystoneAuthEngine::get_from_keystone(const std::string& token) } RGWRemoteAuthApplier::AuthInfo -RGWKeystoneAuthEngine::get_creds_info(const KeystoneToken& token, +RGWKeystoneAuthEngine::get_creds_info(const rgw::keystone::TokenEnvelope& token, const std::vector& admin_roles ) const noexcept { @@ -399,7 +402,7 @@ static inline const std::string make_spec_item(const std::string& tenant, } RGWKeystoneAuthEngine::acl_strategy_t -RGWKeystoneAuthEngine::get_acl_strategy(const KeystoneToken& token) const +RGWKeystoneAuthEngine::get_acl_strategy(const rgw::keystone::TokenEnvelope& token) const { /* The primary identity is constructed upon UUIDs. */ const auto& tenant_uuid = token.get_project_id(); @@ -439,7 +442,7 @@ RGWKeystoneAuthEngine::get_acl_strategy(const KeystoneToken& token) const RGWAuthApplier::aplptr_t RGWKeystoneAuthEngine::authenticate() const { - KeystoneToken t; + rgw::keystone::TokenEnvelope t; /* This will be initialized on the first call to this method. In C++11 it's * also thread-safe. */ @@ -462,7 +465,7 @@ RGWAuthApplier::aplptr_t RGWKeystoneAuthEngine::authenticate() const ldout(cct, 20) << "token_id=" << token_id << dendl; /* Check cache first. */ - if (RGWKeystoneTokenCache::get_instance().find(token_id, t)) { + if (rgw::keystone::TokenCache::get_instance().find(token_id, t)) { ldout(cct, 20) << "cached token.project.id=" << t.get_project_id() << dendl; return apl_factory->create_apl_remote(cct, @@ -497,7 +500,7 @@ RGWAuthApplier::aplptr_t RGWKeystoneAuthEngine::authenticate() const ldout(cct, 0) << "validated token: " << t.get_project_name() << ":" << t.get_user_name() << " expires: " << t.get_expires() << dendl; - RGWKeystoneTokenCache::get_instance().add(token_id, t); + rgw::keystone::TokenCache::get_instance().add(token_id, t); return apl_factory->create_apl_remote(cct, get_acl_strategy(t), get_creds_info(t, roles.admin)); diff --git a/src/rgw/rgw_auth.h b/src/rgw/rgw_auth.h index 0e6fba73f56..f24eeb09bd8 100644 --- a/src/rgw/rgw_auth.h +++ b/src/rgw/rgw_auth.h @@ -301,13 +301,15 @@ public: class RGWKeystoneAuthEngine : public RGWTokenBasedAuthEngine { protected: using acl_strategy_t = RGWRemoteAuthApplier::acl_strategy_t; + using token_envelope_t = rgw::keystone::TokenEnvelope; + const RGWRemoteAuthApplier::Factory * const apl_factory; /* Helper methods. */ - KeystoneToken decode_pki_token(const std::string& token) const; - KeystoneToken get_from_keystone(const std::string& token) const; - acl_strategy_t get_acl_strategy(const KeystoneToken& token) const; - RGWRemoteAuthApplier::AuthInfo get_creds_info(const KeystoneToken& token, + token_envelope_t decode_pki_token(const std::string& token) const; + token_envelope_t get_from_keystone(const std::string& token) const; + acl_strategy_t get_acl_strategy(const token_envelope_t& token) const; + RGWRemoteAuthApplier::AuthInfo get_creds_info(const token_envelope_t& token, const std::vector& admin_roles ) const noexcept; public: diff --git a/src/rgw/rgw_json_enc.cc b/src/rgw/rgw_json_enc.cc index 0b90ac4a990..b16452b7830 100644 --- a/src/rgw/rgw_json_enc.cc +++ b/src/rgw/rgw_json_enc.cc @@ -1160,7 +1160,7 @@ void RGWRealm::decode_json(JSONObj *obj) JSONDecoder::decode_json("epoch", epoch, obj); } -void KeystoneToken::Token::decode_json(JSONObj *obj) +void rgw::keystone::TokenEnvelope::Token::decode_json(JSONObj *obj) { string expires_iso8601; struct tm t; @@ -1177,26 +1177,26 @@ void KeystoneToken::Token::decode_json(JSONObj *obj) } } -void KeystoneToken::Role::decode_json(JSONObj *obj) +void rgw::keystone::TokenEnvelope::Role::decode_json(JSONObj *obj) { JSONDecoder::decode_json("id", id, obj); JSONDecoder::decode_json("name", name, obj, true); } -void KeystoneToken::Domain::decode_json(JSONObj *obj) +void rgw::keystone::TokenEnvelope::Domain::decode_json(JSONObj *obj) { JSONDecoder::decode_json("id", id, obj, true); JSONDecoder::decode_json("name", name, obj, true); } -void KeystoneToken::Project::decode_json(JSONObj *obj) +void rgw::keystone::TokenEnvelope::Project::decode_json(JSONObj *obj) { JSONDecoder::decode_json("id", id, obj, true); JSONDecoder::decode_json("name", name, obj, true); JSONDecoder::decode_json("domain", domain, obj); } -void KeystoneToken::User::decode_json(JSONObj *obj) +void rgw::keystone::TokenEnvelope::User::decode_json(JSONObj *obj) { JSONDecoder::decode_json("id", id, obj, true); JSONDecoder::decode_json("name", name, obj, true); @@ -1204,13 +1204,13 @@ void KeystoneToken::User::decode_json(JSONObj *obj) JSONDecoder::decode_json("roles", roles_v2, obj); } -void KeystoneToken::decode_json(JSONObj *root_obj) +void rgw::keystone::TokenEnvelope::decode_json(JSONObj *root_obj) { JSONDecoder::decode_json("user", user, root_obj, true); - const auto version = KeystoneService::get_api_version(); + const auto version = rgw::keystone::Service::get_api_version(); - if (version == KeystoneApiVersion::VER_3) { + if (version == rgw::keystone::ApiVersion::VER_3) { string expires_iso8601; if (JSONDecoder::decode_json("expires_at", expires_iso8601, root_obj)) { /* VER_3 */ @@ -1233,7 +1233,7 @@ void KeystoneToken::decode_json(JSONObj *root_obj) roles = user.roles_v2; project = token.tenant_v2; } - } else if (version == KeystoneApiVersion::VER_2) { + } else if (version == rgw::keystone::ApiVersion::VER_2) { if (JSONDecoder::decode_json("token", token, root_obj)) { /* VER_2 */ roles = user.roles_v2; @@ -1344,7 +1344,7 @@ void rgw_sync_error_info::dump(Formatter *f) const { encode_json("message", message, f); } -void KeystoneAdminTokenRequestVer2::dump(Formatter * const f) const +void rgw::keystone::AdminTokenRequestVer2::dump(Formatter* const f) const { f->open_object_section("token_request"); f->open_object_section("auth"); @@ -1357,7 +1357,7 @@ void KeystoneAdminTokenRequestVer2::dump(Formatter * const f) const f->close_section(); } -void KeystoneAdminTokenRequestVer3::dump(Formatter * const f) const +void rgw::keystone::AdminTokenRequestVer3::dump(Formatter* const f) const { f->open_object_section("token_request"); f->open_object_section("auth"); diff --git a/src/rgw/rgw_keystone.cc b/src/rgw/rgw_keystone.cc index 9e98ec537a4..97116f5cd88 100644 --- a/src/rgw/rgw_keystone.cc +++ b/src/rgw/rgw_keystone.cc @@ -138,22 +138,25 @@ bool rgw_decode_pki_token(CephContext * const cct, } -KeystoneApiVersion KeystoneService::get_api_version() +namespace rgw { +namespace keystone { + +ApiVersion Service::get_api_version() { const int keystone_version = g_ceph_context->_conf->rgw_keystone_api_version; if (keystone_version == 3) { - return KeystoneApiVersion::VER_3; + return ApiVersion::VER_3; } else if (keystone_version == 2) { - return KeystoneApiVersion::VER_2; + return ApiVersion::VER_2; } else { dout(0) << "ERROR: wrong Keystone API version: " << keystone_version << "; falling back to v2" << dendl; - return KeystoneApiVersion::VER_2; + return ApiVersion::VER_2; } } -int KeystoneService::get_keystone_url(CephContext * const cct, +int Service::get_keystone_url(CephContext* const cct, std::string& url) { url = cct->_conf->rgw_keystone_url; @@ -169,8 +172,8 @@ int KeystoneService::get_keystone_url(CephContext * const cct, return 0; } -int KeystoneService::get_keystone_admin_token(CephContext * const cct, - std::string& token) +int Service::get_keystone_admin_token(CephContext* const cct, + std::string& token) { std::string token_url; @@ -183,10 +186,10 @@ int KeystoneService::get_keystone_admin_token(CephContext * const cct, return 0; } - KeystoneToken t; + TokenEnvelope t; /* Try cache first. */ - if (RGWKeystoneTokenCache::get_instance().find_admin(t)) { + if (TokenCache::get_instance().find_admin(t)) { ldout(cct, 20) << "found cached admin token" << dendl; token = t.token.id; return 0; @@ -197,9 +200,9 @@ int KeystoneService::get_keystone_admin_token(CephContext * const cct, token_req.append_header("Content-Type", "application/json"); JSONFormatter jf; - const auto keystone_version = KeystoneService::get_api_version(); - if (keystone_version == KeystoneApiVersion::VER_2) { - KeystoneAdminTokenRequestVer2 req_serializer(cct); + const auto keystone_version = Service::get_api_version(); + if (keystone_version == ApiVersion::VER_2) { + AdminTokenRequestVer2 req_serializer(cct); req_serializer.dump(&jf); std::stringstream ss; @@ -208,8 +211,8 @@ int KeystoneService::get_keystone_admin_token(CephContext * const cct, token_req.set_send_length(ss.str().length()); token_url.append("v2.0/tokens"); - } else if (keystone_version == KeystoneApiVersion::VER_3) { - KeystoneAdminTokenRequestVer3 req_serializer(cct); + } else if (keystone_version == ApiVersion::VER_3) { + AdminTokenRequestVer3 req_serializer(cct); req_serializer.dump(&jf); std::stringstream ss; @@ -236,12 +239,13 @@ int KeystoneService::get_keystone_admin_token(CephContext * const cct, return -EINVAL; } - RGWKeystoneTokenCache::get_instance().add_admin(t); + TokenCache::get_instance().add_admin(t); token = t.token.id; return 0; } -bool KeystoneToken::has_role(const string& r) const + +bool TokenEnvelope::has_role(const std::string& r) const { list::const_iterator iter; for (iter = roles.cbegin(); iter != roles.cend(); ++iter) { @@ -252,9 +256,9 @@ bool KeystoneToken::has_role(const string& r) const return false; } -int KeystoneToken::parse(CephContext * const cct, - const string& token_str, - bufferlist& bl) +int TokenEnvelope::parse(CephContext* const cct, + const std::string& token_str, + ceph::bufferlist& bl) { JSONParser parser; if (!parser.parse(bl.c_str(), bl.length())) { @@ -263,16 +267,16 @@ int KeystoneToken::parse(CephContext * const cct, } try { - const auto version = KeystoneService::get_api_version(); + const auto version = rgw::keystone::Service::get_api_version(); - if (version == KeystoneApiVersion::VER_2) { + if (version == rgw::keystone::ApiVersion::VER_2) { if (!JSONDecoder::decode_json("access", *this, &parser)) { - /* Token structure doesn't follow Identity API v2, so the token + /* TokenEnvelope structure doesn't follow Identity API v2, so the token * must be in v3. Otherwise we can assume it's wrongly formatted. */ JSONDecoder::decode_json("token", *this, &parser, true); token.id = token_str; } - } else if (version == KeystoneApiVersion::VER_3) { + } else if (version == rgw::keystone::ApiVersion::VER_3) { if (!JSONDecoder::decode_json("token", *this, &parser)) { /* If the token cannot be parsed according to V3, try V2. */ JSONDecoder::decode_json("access", *this, &parser, true); @@ -293,19 +297,22 @@ int KeystoneToken::parse(CephContext * const cct, return 0; } -RGWKeystoneTokenCache& RGWKeystoneTokenCache::get_instance() +TokenCache& TokenCache::get_instance() { /* In C++11 this is thread safe. */ - static RGWKeystoneTokenCache instance; + static TokenCache instance; return instance; } -bool RGWKeystoneTokenCache::find(const string& token_id, KeystoneToken& token) + +bool TokenCache::find(const std::string& token_id, + rgw::keystone::TokenEnvelope& token) { Mutex::Locker l(lock); return find_locked(token_id, token); } -bool RGWKeystoneTokenCache::find_locked(const string& token_id, KeystoneToken& token) +bool TokenCache::find_locked(const std::string& token_id, + rgw::keystone::TokenEnvelope& token) { assert(lock.is_locked_by_me()); map::iterator iter = tokens.find(token_id); @@ -332,22 +339,22 @@ bool RGWKeystoneTokenCache::find_locked(const string& token_id, KeystoneToken& t return true; } -bool RGWKeystoneTokenCache::find_admin(KeystoneToken& token) +bool TokenCache::find_admin(rgw::keystone::TokenEnvelope& token) { Mutex::Locker l(lock); return find_locked(admin_token_id, token); } -void RGWKeystoneTokenCache::add(const string& token_id, - const KeystoneToken& token) +void TokenCache::add(const std::string& token_id, + const rgw::keystone::TokenEnvelope& token) { Mutex::Locker l(lock); add_locked(token_id, token); } -void RGWKeystoneTokenCache::add_locked(const string& token_id, - const KeystoneToken& token) +void TokenCache::add_locked(const std::string& token_id, + const rgw::keystone::TokenEnvelope& token) { assert(lock.is_locked_by_me()); map::iterator iter = tokens.find(token_id); @@ -370,7 +377,7 @@ void RGWKeystoneTokenCache::add_locked(const string& token_id, } } -void RGWKeystoneTokenCache::add_admin(const KeystoneToken& token) +void TokenCache::add_admin(const rgw::keystone::TokenEnvelope& token) { Mutex::Locker l(lock); @@ -378,7 +385,7 @@ void RGWKeystoneTokenCache::add_admin(const KeystoneToken& token) add_locked(admin_token_id, token); } -void RGWKeystoneTokenCache::invalidate(const string& token_id) +void TokenCache::invalidate(const std::string& token_id) { Mutex::Locker l(lock); map::iterator iter = tokens.find(token_id); @@ -391,7 +398,7 @@ void RGWKeystoneTokenCache::invalidate(const string& token_id) tokens.erase(iter); } -int RGWKeystoneTokenCache::RevokeThread::check_revoked() +int TokenCache::RevokeThread::check_revoked() { std::string url; std::string token; @@ -399,18 +406,18 @@ int RGWKeystoneTokenCache::RevokeThread::check_revoked() bufferlist bl; RGWGetRevokedTokens req(cct, &bl); - if (KeystoneService::get_keystone_admin_token(cct, token) < 0) { + if (rgw::keystone::Service::get_keystone_admin_token(cct, token) < 0) { return -EINVAL; } - if (KeystoneService::get_keystone_url(cct, url) < 0) { + if (rgw::keystone::Service::get_keystone_url(cct, url) < 0) { return -EINVAL; } req.append_header("X-Auth-Token", token); - const auto keystone_version = KeystoneService::get_api_version(); - if (keystone_version == KeystoneApiVersion::VER_2) { + const auto keystone_version = rgw::keystone::Service::get_api_version(); + if (keystone_version == rgw::keystone::ApiVersion::VER_2) { url.append("v2.0/tokens/revoked"); - } else if (keystone_version == KeystoneApiVersion::VER_3) { + } else if (keystone_version == rgw::keystone::ApiVersion::VER_3) { url.append("v3/auth/tokens/OS-PKI/revoked"); } @@ -489,12 +496,12 @@ int RGWKeystoneTokenCache::RevokeThread::check_revoked() return 0; } -bool RGWKeystoneTokenCache::going_down() const +bool TokenCache::going_down() const { return (down_flag.read() != 0); } -void * RGWKeystoneTokenCache::RevokeThread::entry() +void* TokenCache::RevokeThread::entry() { do { ldout(cct, 2) << "keystone revoke thread: start" << dendl; @@ -517,8 +524,11 @@ void * RGWKeystoneTokenCache::RevokeThread::entry() return nullptr; } -void RGWKeystoneTokenCache::RevokeThread::stop() +void TokenCache::RevokeThread::stop() { Mutex::Locker l(lock); cond.Signal(); } + +}; /* namespace keystone */ +}; /* namespace rgw */ diff --git a/src/rgw/rgw_keystone.h b/src/rgw/rgw_keystone.h index 2fb0346c51e..c59ebbd0e60 100644 --- a/src/rgw/rgw_keystone.h +++ b/src/rgw/rgw_keystone.h @@ -27,12 +27,15 @@ bool rgw_decode_pki_token(CephContext *cct, const string& token, bufferlist& bl); -enum class KeystoneApiVersion { +namespace rgw { +namespace keystone { + +enum class ApiVersion { VER_2, VER_3 }; -class KeystoneService { +class Service { public: class RGWKeystoneHTTPTransceiver : public RGWHTTPTransceiver { public: @@ -57,7 +60,7 @@ public: typedef RGWKeystoneHTTPTransceiver RGWGetKeystoneAdminToken; typedef RGWKeystoneHTTPTransceiver RGWGetRevokedTokens; - static KeystoneApiVersion get_api_version(); + static ApiVersion get_api_version(); static int get_keystone_url(CephContext * const cct, std::string& url); @@ -65,7 +68,8 @@ public: std::string& token); }; -class KeystoneToken { + +class TokenEnvelope { public: class Domain { public: @@ -113,7 +117,7 @@ public: public: // FIXME: default ctor needs to be eradicated here - KeystoneToken() = default; + TokenEnvelope() = default; time_t get_expires() const { return token.expires; } const std::string& get_domain_id() const {return project.domain.id;}; const std::string& get_domain_name() const {return project.domain.name;}; @@ -133,27 +137,29 @@ public: }; -class RGWKeystoneTokenCache { +class TokenCache { struct token_entry { - KeystoneToken token; + TokenEnvelope token; list::iterator lru_iter; }; + const rgw::keystone::Config& config; atomic_t down_flag; class RevokeThread : public Thread { - friend class RGWKeystoneTokenCache; + friend class TokenCache; typedef RGWPostHTTPData RGWGetRevokedTokens; CephContext * const cct; - RGWKeystoneTokenCache * const cache; + TokenCache* const cache; Mutex lock; Cond cond; - RevokeThread(CephContext * const cct, RGWKeystoneTokenCache * cache) + RevokeThread(CephContext* const cct, + TokenCache* const cache) : cct(cct), cache(cache), - lock("RGWKeystoneTokenCache::RevokeThread") { + lock("rgw::keystone::TokenCache::RevokeThread") { } void *entry() override; void stop(); @@ -170,15 +176,16 @@ class RGWKeystoneTokenCache { const size_t max; - RGWKeystoneTokenCache() + TokenCache() : revocator(g_ceph_context, this), cct(g_ceph_context), - lock("RGWKeystoneTokenCache"), + lock("rgw::keystone::TokenCache"), max(cct->_conf->rgw_keystone_token_cache_size) { /* The thread name has been kept for backward compliance. */ revocator.create("rgw_swift_k_rev"); } - ~RGWKeystoneTokenCache() { + + ~TokenCache() { down_flag.set(1); revocator.stop(); @@ -186,48 +193,56 @@ class RGWKeystoneTokenCache { } public: - RGWKeystoneTokenCache(const RGWKeystoneTokenCache&) = delete; - void operator=(const RGWKeystoneTokenCache&) = delete; + TokenCache(const TokenCache&) = delete; + void operator=(const TokenCache&) = delete; - static RGWKeystoneTokenCache& get_instance(); + static TokenCache& get_instance(); - bool find(const string& token_id, KeystoneToken& token); - bool find_admin(KeystoneToken& token); - void add(const string& token_id, const KeystoneToken& token); - void add_admin(const KeystoneToken& token); - void invalidate(const string& token_id); + /* In C++11 this is thread safe. */ + static TokenCache instance(ConfigT::get_instance()); + return instance; + } + + bool find(const std::string& token_id, TokenEnvelope& token); + bool find_admin(TokenEnvelope& token); + void add(const std::string& token_id, const TokenEnvelope& token); + void add_admin(const TokenEnvelope& token); + void invalidate(const std::string& token_id); bool going_down() const; private: - void add_locked(const string& token_id, const KeystoneToken& token); - bool find_locked(const string& token_id, KeystoneToken& token); + void add_locked(const std::string& token_id, const TokenEnvelope& token); + bool find_locked(const std::string& token_id, TokenEnvelope& token); }; -class KeystoneAdminTokenRequest { +class AdminTokenRequest { public: - virtual ~KeystoneAdminTokenRequest() = default; - virtual void dump(Formatter *f) const = 0; + virtual ~AdminTokenRequest() = default; + virtual void dump(Formatter* f) const = 0; }; -class KeystoneAdminTokenRequestVer2 : public KeystoneAdminTokenRequest { - CephContext *cct; +class AdminTokenRequestVer2 : public AdminTokenRequest { + CephContext* cct; public: - KeystoneAdminTokenRequestVer2(CephContext * const _cct) - : cct(_cct) { + AdminTokenRequestVer2(CephContext* const cct) + : cct(cct) { } void dump(Formatter *f) const override; }; -class KeystoneAdminTokenRequestVer3 : public KeystoneAdminTokenRequest { - CephContext *cct; +class AdminTokenRequestVer3 : public AdminTokenRequest { + CephContext* cct; public: - KeystoneAdminTokenRequestVer3(CephContext * const _cct) - : cct(_cct) { + AdminTokenRequestVer3(CephContext* const cct) + : cct(cct) { } void dump(Formatter *f) const override; }; +}; /* namespace keystone */ +}; /* namespace rgw */ + #endif diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc index 277ff62c256..edb147c4ba0 100644 --- a/src/rgw/rgw_rest_s3.cc +++ b/src/rgw/rgw_rest_s3.cc @@ -3302,7 +3302,7 @@ int RGW_Auth_S3_Keystone_ValidateToken::validate_s3token( keystone_url.append("/"); } - if (KeystoneService::get_api_version() == KeystoneApiVersion::VER_3) { + if (rgw::keystone::Service::get_api_version() == rgw::keystone::ApiVersion::VER_3) { keystone_url.append("v3/s3tokens"); } else { keystone_url.append("v2.0/s3tokens"); @@ -3310,7 +3310,7 @@ int RGW_Auth_S3_Keystone_ValidateToken::validate_s3token( /* get authentication token for Keystone. */ string admin_token_id; - int r = KeystoneService::get_keystone_admin_token(cct, admin_token_id); + int r = rgw::keystone::Service::get_keystone_admin_token(cct, admin_token_id); if (r < 0) { ldout(cct, 2) << "s3 keystone: cannot get token for keystone access" << dendl; return r; diff --git a/src/rgw/rgw_rest_s3.h b/src/rgw/rgw_rest_s3.h index c89e7c32980..9ad533a758a 100644 --- a/src/rgw/rgw_rest_s3.h +++ b/src/rgw/rgw_rest_s3.h @@ -414,7 +414,7 @@ private: vector accepted_roles; public: - KeystoneToken response; + rgw::keystone::TokenEnvelope response; private: void set_tx_buffer(const string& d) {