From 2119e0502ddeed63152cf42445e16416ed1ac682 Mon Sep 17 00:00:00 2001 From: Marcus Watts Date: Thu, 7 Jul 2022 03:33:31 -0400 Subject: [PATCH] rgw: better tenant id from the uri on anonymous access MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit When anonymous tries access public bucket, it gets 404, because rgw doesn't check tenant correctly. A previous fix for this broke legacy implicit tenants, because it didn't check for anonymous access. This version restricts its behavior to the anonymous user. Fixes: https://tracker.ceph.com/issues/48001 https://tracker.ceph.com/issues/48382 Original fix by Author: Rafał Wądołowski Signed-off-by: Rafał Wądołowski This fix Signed-off-by: Marcus Watts (cherry picked from commit b5880caa505e2df7ff035537c19a8be3a3a8bb8f) --- src/rgw/rgw_rest_swift.cc | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/rgw/rgw_rest_swift.cc b/src/rgw/rgw_rest_swift.cc index 9daf1b17ea41d..1c7fdedbbb6a6 100644 --- a/src/rgw/rgw_rest_swift.cc +++ b/src/rgw/rgw_rest_swift.cc @@ -2810,7 +2810,12 @@ int RGWHandler_REST_SWIFT::postauth_init(optional_yield y) struct req_init_state* t = &s->init_state; /* XXX Stub this until Swift Auth sets account into URL. */ - s->bucket_tenant = s->user->get_tenant(); + if (g_conf()->rgw_swift_account_in_url + && s->user->get_id().id == RGW_USER_ANON_ID) { + s->bucket_tenant = s->account_name; + } else { + s->bucket_tenant = s->user->get_tenant(); + } s->bucket_name = t->url_bucket; if (!s->object) { -- 2.39.5