From 92d44fe3a12f96dbf80be0b2954d92472ba2d722 Mon Sep 17 00:00:00 2001 From: Radoslaw Zarzynski Date: Tue, 7 Feb 2017 19:10:18 +0100 Subject: [PATCH] rgw: parametrize the implicit tenancy of rgw::auth::RemoteApplier. Signed-off-by: Radoslaw Zarzynski --- src/rgw/rgw_auth.cc | 6 +++--- src/rgw/rgw_auth.h | 7 +++++-- src/rgw/rgw_auth_s3.h | 3 ++- src/rgw/rgw_rest_s3.h | 3 ++- src/rgw/rgw_swift_auth.h | 4 ++-- 5 files changed, 14 insertions(+), 9 deletions(-) diff --git a/src/rgw/rgw_auth.cc b/src/rgw/rgw_auth.cc index df8193ae8d62..111c81692974 100644 --- a/src/rgw/rgw_auth.cc +++ b/src/rgw/rgw_auth.cc @@ -309,9 +309,9 @@ void rgw::auth::RemoteApplier::create_account(const rgw_user& acct_user, user_info.type = info.acct_type; } - /* Administrator may enforce creating new accounts within their own tenants. - * The config parameter name is kept due to legacy. */ - if (new_acct_user.tenant.empty() && g_conf->rgw_keystone_implicit_tenants) { + /* An upper layer may enforce creating new accounts within their own + * tenants. */ + if (new_acct_user.tenant.empty() && implicit_tenants) { new_acct_user.tenant = new_acct_user.id; } diff --git a/src/rgw/rgw_auth.h b/src/rgw/rgw_auth.h index 458f0ccae63a..0eed70748411 100644 --- a/src/rgw/rgw_auth.h +++ b/src/rgw/rgw_auth.h @@ -369,6 +369,7 @@ protected: const acl_strategy_t extra_acl_strategy; const AuthInfo info; + const bool implicit_tenants; virtual void create_account(const rgw_user& acct_user, RGWUserInfo& user_info) const; /* out */ @@ -377,11 +378,13 @@ public: RemoteApplier(CephContext* const cct, RGWRados* const store, acl_strategy_t&& extra_acl_strategy, - const AuthInfo& info) + const AuthInfo& info, + const bool implicit_tenants) : cct(cct), store(store), extra_acl_strategy(std::move(extra_acl_strategy)), - info(info) { + info(info), + implicit_tenants(implicit_tenants) { } uint32_t get_perms_from_aclspec(const aclspec_t& aclspec) const override; diff --git a/src/rgw/rgw_auth_s3.h b/src/rgw/rgw_auth_s3.h index f52cc7752da7..4e0fa6fb0ae5 100644 --- a/src/rgw/rgw_auth_s3.h +++ b/src/rgw/rgw_auth_s3.h @@ -37,7 +37,8 @@ class ExternalAuthStrategy : public rgw::auth::Strategy, const rgw::auth::RemoteApplier::AuthInfo info ) const override { auto apl = rgw::auth::add_sysreq(cct, store, s, - rgw::auth::RemoteApplier(cct, store, std::move(acl_alg), info)); + rgw::auth::RemoteApplier(cct, store, std::move(acl_alg), info, + false /* no implicit tenants */)); /* TODO(rzarzynski): replace with static_ptr. */ return aplptr_t(new decltype(apl)(std::move(apl))); } diff --git a/src/rgw/rgw_rest_s3.h b/src/rgw/rgw_rest_s3.h index dcd9311d18c4..863195b35b19 100644 --- a/src/rgw/rgw_rest_s3.h +++ b/src/rgw/rgw_rest_s3.h @@ -787,7 +787,8 @@ public: const rgw::auth::RemoteApplier::AuthInfo info ) const override { return aplptr_t( - new rgw::auth::RemoteApplier(cct, store, std::move(acl_alg), info)); + new rgw::auth::RemoteApplier(cct, store, std::move(acl_alg), info, + false /* no implicit tenants */)); } aplptr_t create_apl_local(CephContext* const cct, diff --git a/src/rgw/rgw_swift_auth.h b/src/rgw/rgw_swift_auth.h index a05ae3233b91..3b5397f43b53 100644 --- a/src/rgw/rgw_swift_auth.h +++ b/src/rgw/rgw_swift_auth.h @@ -168,8 +168,8 @@ class DefaultStrategy : public rgw::auth::Strategy, auto apl = \ rgw::auth::add_3rdparty(store, s->account_name, rgw::auth::add_sysreq(cct, store, s, - rgw::auth::RemoteApplier(cct, store, std::move(extra_acl_strategy), - info))); + rgw::auth::RemoteApplier(cct, store, std::move(extra_acl_strategy), info, + cct->_conf->rgw_keystone_implicit_tenants))); /* TODO(rzarzynski): replace with static_ptr. */ return aplptr_t(new decltype(apl)(std::move(apl))); } -- 2.47.3