From 799c59ae89c9a70f08d9bf2e7624d25e6641d41f Mon Sep 17 00:00:00 2001 From: Yehuda Sadeh Date: Wed, 19 Dec 2012 14:34:53 -0800 Subject: [PATCH] rgw: remove useless configurable, fix swift auth error handling Fixes: #3649 No need to have an extra configurable to use keystone. Use keystone whenever keystone url has been specified. Also, fix a bad error handling that turned a failure to authenticate into successfully authenticating a bad user. Signed-off-by: Yehuda Sadeh --- src/common/config_opts.h | 1 - src/rgw/rgw_swift.cc | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/src/common/config_opts.h b/src/common/config_opts.h index 6bc4b1facbf40..720dbe38fa571 100644 --- a/src/common/config_opts.h +++ b/src/common/config_opts.h @@ -448,7 +448,6 @@ OPTION(rgw_swift_url, OPT_STR, "") // the swift url, being published OPTION(rgw_swift_url_prefix, OPT_STR, "swift") // entry point for which a url is considered a swift url OPTION(rgw_swift_auth_url, OPT_STR, "") // default URL to go and verify tokens for v1 auth (if not using internal swift auth) OPTION(rgw_swift_auth_entry, OPT_STR, "auth") // entry point for which a url is considered a swift auth url -OPTION(rgw_swift_use_keystone, OPT_BOOL, false) // should swift use keystone? OPTION(rgw_keystone_url, OPT_STR, "") // url for keystone server OPTION(rgw_keystone_admin_token, OPT_STR, "") // keystone admin token (shared secret) OPTION(rgw_keystone_accepted_roles, OPT_STR, "Member, admin") // roles required to serve requests diff --git a/src/rgw/rgw_swift.cc b/src/rgw/rgw_swift.cc index 2ce04074a03ce..9eda1eda07147 100644 --- a/src/rgw/rgw_swift.cc +++ b/src/rgw/rgw_swift.cc @@ -644,14 +644,14 @@ bool RGWSwift::verify_swift_token(RGWRados *store, req_state *s) int ret; - if (g_conf->rgw_swift_use_keystone) { + if (!cct->_conf->rgw_keystone_url.empty()) { ret = validate_keystone_token(store, s->os_auth_token, &info, s->user); return (ret >= 0); } ret = validate_token(s->os_auth_token, &info); if (ret < 0) - return ret; + return false; if (info.user.empty()) { ldout(cct, 5) << "swift auth didn't authorize a user" << dendl; -- 2.39.5