From 597215293442f8d17a56ee52cfd87c3c79f60dea Mon Sep 17 00:00:00 2001
From: Shilpa Jagannath <smanjara@redhat.com>
Date: Fri, 17 Jan 2025 17:37:04 +0000
Subject: [PATCH] rgw/multisite: forwarded bucket create requests reflect empty
 tenants as they are requested by system user. this fix overloads
 SysReqApplier::get_tenant() with effective_owner's tenant to ensure proper
 bucket ownership when there is tenant involved.

Signed-off-by: Shilpa Jagannath <smanjara@redhat.com>
(cherry picked from commit da3545d5847b8f9fe7c89851ee6a1d103a07d808)

Fixes: https://tracker.ceph.com/issues/70269
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
---
 qa/suites/rgw/multisite/tasks/test_multi.yaml |  1 +
 src/rgw/rgw_auth_filters.h                    | 22 ++++++++++++++++++-
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/qa/suites/rgw/multisite/tasks/test_multi.yaml b/qa/suites/rgw/multisite/tasks/test_multi.yaml
index 422535db609..a72ac028a4a 100644
--- a/qa/suites/rgw/multisite/tasks/test_multi.yaml
+++ b/qa/suites/rgw/multisite/tasks/test_multi.yaml
@@ -15,3 +15,4 @@ tasks:
 - rgw-multisite-tests:
     config:
       reconfigure_delay: 90
+      tenant: testx
diff --git a/src/rgw/rgw_auth_filters.h b/src/rgw/rgw_auth_filters.h
index a93641e8b8e..f9c5b3fdd69 100644
--- a/src/rgw/rgw_auth_filters.h
+++ b/src/rgw/rgw_auth_filters.h
@@ -233,6 +233,7 @@ class SysReqApplier : public DecoratedApplier<T> {
   const RGWHTTPArgs& args;
   mutable boost::tribool is_system;
   mutable std::optional<ACLOwner> effective_owner;
+  mutable std::optional<std::string> effective_tenant;
 
 public:
   template <typename U>
@@ -257,6 +258,14 @@ public:
     }
     return DecoratedApplier<T>::get_aclowner();
   }
+
+  const std::string& get_tenant() const override {
+    if (effective_tenant) {
+      return *effective_tenant;
+    }
+    return DecoratedApplier<T>::get_tenant();
+  }
+
 };
 
 template <typename T>
@@ -282,6 +291,7 @@ void SysReqApplier<T>::load_acct_info(const DoutPrefixProvider* dpp, RGWUserInfo
     std::string str = args.sys_get(RGW_SYS_PARAM_PREFIX "uid");
     if (!str.empty()) {
       effective_owner.emplace();
+
       effective_owner->id = parse_owner(str);
 
       if (const auto* uid = std::get_if<rgw_user>(&effective_owner->id); uid) {
@@ -291,7 +301,17 @@ void SysReqApplier<T>::load_acct_info(const DoutPrefixProvider* dpp, RGWUserInfo
           throw -EACCES;
         }
         effective_owner->display_name = user->get_display_name();
-      }
+        effective_tenant = uid->tenant;
+      } else if (const auto* id = std::get_if<rgw_account_id>(&effective_owner->id); id) {
+        RGWAccountInfo info;
+        rgw::sal::Attrs attrs;
+        RGWObjVersionTracker objv;
+        int r = driver->load_account_by_id(dpp, null_yield, *id, info, attrs, objv);
+        if (r < 0) {
+          throw -EACCES;
+        }
+        effective_tenant = info.tenant;
+     }
     }
   }
 }
-- 
2.39.5