From d3b04dfed7accc7af7bb79ec4faa911e37dee15f Mon Sep 17 00:00:00 2001
From: Radoslaw Zarzynski <rzarzynski@mirantis.com>
Date: Sat, 18 Mar 2017 16:16:02 +0100
Subject: [PATCH] rgw: the S3's local v2 auth engine becomes a fallback
 conditionally.

Signed-off-by: Radoslaw Zarzynski <rzarzynski@mirantis.com>
---
 src/rgw/rgw_auth.h    |  4 ++++
 src/rgw/rgw_auth_s3.h | 12 ++++++++++--
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/src/rgw/rgw_auth.h b/src/rgw/rgw_auth.h
index fb72c5c5351cb..b7346f65f5b1e 100644
--- a/src/rgw/rgw_auth.h
+++ b/src/rgw/rgw_auth.h
@@ -305,6 +305,10 @@ public:
 
   Engine::result_t authenticate(const req_state* s) const override final;
 
+  bool is_empty() const {
+    return auth_stack.empty();
+  }
+
 private:
   /* Using the reference wrapper here to explicitly point out we are not
    * interested in storing nulls while preserving the dynamic polymorphism. */
diff --git a/src/rgw/rgw_auth_s3.h b/src/rgw/rgw_auth_s3.h
index 4e0fa6fb0ae5c..cbc0bee69af0c 100644
--- a/src/rgw/rgw_auth_s3.h
+++ b/src/rgw/rgw_auth_s3.h
@@ -105,10 +105,18 @@ public:
       external_engines(cct, store, &extractor),
       local_engine(cct, store, extractor,
                    static_cast<rgw::auth::LocalApplier::Factory*>(this)) {
-    add_engine(Control::SUFFICIENT, external_engines);
+
+    Control local_engine_mode;
+    if (! external_engines.is_empty()) {
+      add_engine(Control::SUFFICIENT, external_engines);
+
+      local_engine_mode = Control::FALLBACK;
+    } else {
+      local_engine_mode = Control::SUFFICIENT;
+    }
 
     if (cct->_conf->rgw_s3_auth_use_rados) {
-      add_engine(Control::FALLBACK, local_engine);
+      add_engine(local_engine_mode, local_engine);
     }
   }
 
-- 
2.39.5