From 517ab7612a218e14afd3f1bfd42b72ebb789ceb1 Mon Sep 17 00:00:00 2001
From: N Balachandran <nithya.balachandran@ibm.com>
Date: Fri, 4 Jul 2025 16:21:01 +0530
Subject: [PATCH] rgw: fix bucket logging AuthType field

Bucket logging now detects the AuthType log record field for unauthenticated
requests correctly.

Fixes: https://tracker.ceph.com/issues/71731

Signed-off-by: N Balachandran <nithya.balachandran@ibm.com>
---
 doc/radosgw/bucket_logging.rst |  2 +-
 src/rgw/rgw_auth_s3.cc         | 15 ++++++++++-----
 src/rgw/rgw_bucket_logging.cc  |  2 +-
 3 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/doc/radosgw/bucket_logging.rst b/doc/radosgw/bucket_logging.rst
index 9a1ca46182a4e..09425ee55675c 100644
--- a/doc/radosgw/bucket_logging.rst
+++ b/doc/radosgw/bucket_logging.rst
@@ -241,7 +241,7 @@ based on `AWS Logging Record Format`_.
   - host id taken from "x-amz-id-2" (or dash if empty)
   - signature version (or dash if empty)
   - cipher suite (or dash if empty)
-  - authentication type (or dash if empty)
+  - authentication type ("AuthHeader" for regular auth, "QueryString" for presigned URL or dash if unauthenticated)
   - host header (or dash if empty)
   - TLS version (or dash if empty)
   - access point ARN (not supported, always a dash)
diff --git a/src/rgw/rgw_auth_s3.cc b/src/rgw/rgw_auth_s3.cc
index 8e243d89ce6ee..8de07e566c434 100644
--- a/src/rgw/rgw_auth_s3.cc
+++ b/src/rgw/rgw_auth_s3.cc
@@ -1757,13 +1757,18 @@ void get_aws_version_and_auth_type(const req_state* s, string& aws_version, stri
       aws_version = "SigV2";
     }
   } else {
-    auth_type = "QueryString";
-    if (s->info.args.get("x-amz-algorithm") == AWS4_HMAC_SHA256_STR) {
+    if (!s->info.args.get("x-amz-credential").empty()) {
+      auth_type = "QueryString";
+      if (s->info.args.get("x-amz-algorithm") == AWS4_HMAC_SHA256_STR) {
       /* AWS v4 */
-      aws_version = "SigV4";
-    } else if (!s->info.args.get("AWSAccessKeyId").empty()) {
+	aws_version = "SigV4";
+      } else if (!s->info.args.get("AWSAccessKeyId").empty()) {
       /* AWS v2 */
-      aws_version = "SigV2";
+	aws_version = "SigV2";
+      }
+    } else {
+      // Unauthenticated
+      auth_type.clear();
     }
   }
 }
diff --git a/src/rgw/rgw_bucket_logging.cc b/src/rgw/rgw_bucket_logging.cc
index e96c71a808aa3..1fadb903e2da4 100644
--- a/src/rgw/rgw_bucket_logging.cc
+++ b/src/rgw/rgw_bucket_logging.cc
@@ -572,7 +572,7 @@ int log_record(rgw::sal::Driver* driver,
         s->info.x_meta_map.contains("x-amz-id-2") ? s->info.x_meta_map.at("x-amz-id-2") : "-",
         aws_version,
         s->info.env->get("SSL_CIPHER", "-"),
-        auth_type,
+        dash_if_empty(auth_type),
         dash_if_empty(fqdn),
         s->info.env->get("TLS_VERSION", "-"),
         "-", // no access point ARN
-- 
2.39.5