From 03a77f2dbe279a90765a50d2b7b8a09826c0a685 Mon Sep 17 00:00:00 2001
From: Radoslaw Zarzynski <rzarzynski@mirantis.com>
Date: Fri, 19 Feb 2016 19:20:31 +0100
Subject: [PATCH] rgw: rework handling of rgw_keystone_accepted_[admin_]roles.

Signed-off-by: Radoslaw Zarzynski <rzarzynski@mirantis.com>
---
 src/rgw/rgw_rest_s3.cc |  7 ++++---
 src/rgw/rgw_rest_s3.h  |  4 ++--
 src/rgw/rgw_swift.cc   | 23 +++++++++++++++--------
 3 files changed, 21 insertions(+), 13 deletions(-)

diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc
index 79bf2df9a0d47..1f772376835fa 100644
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -3004,10 +3004,11 @@ int RGW_Auth_S3_Keystone_ValidateToken::validate_s3token(
 
   /* check if we have a valid role */
   bool found = false;
-  list<string>::iterator iter;
-  for (iter = roles_list.begin(); iter != roles_list.end(); ++iter) {
-    if ((found=response.has_role(*iter))==true)
+  for (const auto role : accepted_roles) {
+    if (response.has_role(role) == true) {
+      found = true;
       break;
+    }
   }
 
   if (!found) {
diff --git a/src/rgw/rgw_rest_s3.h b/src/rgw/rgw_rest_s3.h
index 83c46ddadff12..85d0eea5f1377 100644
--- a/src/rgw/rgw_rest_s3.h
+++ b/src/rgw/rgw_rest_s3.h
@@ -362,7 +362,7 @@ private:
   bufferlist rx_buffer;
   bufferlist tx_buffer;
   bufferlist::iterator tx_buffer_it;
-  list<string> roles_list;
+  vector<string> accepted_roles;
 
 public:
   KeystoneToken response;
@@ -378,7 +378,7 @@ private:
 public:
   explicit RGW_Auth_S3_Keystone_ValidateToken(CephContext *_cct)
       : RGWHTTPClient(_cct) {
-    get_str_list(cct->_conf->rgw_keystone_accepted_roles, roles_list);
+    get_str_vec(cct->_conf->rgw_keystone_accepted_roles, accepted_roles);
   }
 
   int receive_header(void *ptr, size_t len) {
diff --git a/src/rgw/rgw_swift.cc b/src/rgw/rgw_swift.cc
index 081357457d385..cafb26a5ae4e1 100644
--- a/src/rgw/rgw_swift.cc
+++ b/src/rgw/rgw_swift.cc
@@ -17,7 +17,8 @@
 
 #define dout_subsys ceph_subsys_rgw
 
-static list<string> roles_list;
+static vector<string> accepted_roles;
+static vector<string> accepted_admin_roles;
 
 class RGWValidateSwiftToken : public RGWHTTPClient {
   struct rgw_swift_auth_info *info;
@@ -335,10 +336,9 @@ int RGWSwift::parse_keystone_token_response(const string& token,
   }
 
   bool found = false;
-  list<string>::iterator iter;
-  for (iter = roles_list.begin(); iter != roles_list.end(); ++iter) {
-    const string& role = *iter;
-    if ((found=t.has_role(role))==true)
+  for (const auto role : accepted_roles) {
+    if (t.has_role(role) == true) {
+      found = true;
       break;
   }
 
@@ -746,9 +746,16 @@ bool RGWSwift::do_verify_swift_token(RGWRados *store, req_state *s)
 
 void RGWSwift::init()
 {
-  get_str_list(cct->_conf->rgw_keystone_accepted_roles, roles_list);
-  if (supports_keystone())
-      init_keystone();
+  get_str_vec(cct->_conf->rgw_keystone_accepted_roles, accepted_roles);
+  get_str_vec(cct->_conf->rgw_keystone_accepted_admin_roles,
+              accepted_admin_roles);
+
+  accepted_roles.insert(accepted_roles.end(), accepted_admin_roles.begin(),
+                        accepted_admin_roles.end());
+
+  if (supports_keystone()) {
+    init_keystone();
+  }
 }
 
 
-- 
2.39.5