From 136433d5217c605640f78fa9fcacd57f5acef7af Mon Sep 17 00:00:00 2001 From: Radoslaw Zarzynski Date: Fri, 29 Jan 2016 12:14:41 +0100 Subject: [PATCH] rgw: support admin credentials in S3-related Keystone authentication. Fixes: #13302 Backport: infernalis, hammer Signed-off-by: Radoslaw Zarzynski --- src/rgw/rgw_rest_s3.cc | 14 +++++++++++++- src/rgw/rgw_swift.cc | 18 +++++++++++++++--- src/rgw/rgw_swift.h | 4 ++++ 3 files changed, 32 insertions(+), 4 deletions(-) diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc index 40db6fcbed44..95721937e04d 100644 --- a/src/rgw/rgw_rest_s3.cc +++ b/src/rgw/rgw_rest_s3.cc @@ -21,6 +21,10 @@ #include "rgw_client_io.h" +/* This header consists several Keystone-related primitives + * we want to reuse here. */ +#include "rgw_swift.h" + #include // for 'typeid' #define dout_subsys ceph_subsys_rgw @@ -2560,8 +2564,16 @@ int RGW_Auth_S3_Keystone_ValidateToken::validate_s3token(const string& auth_id, keystone_url.append("/"); keystone_url.append("v2.0/s3tokens"); + /* get authentication token for Keystone. */ + string admin_token_id; + int r = RGWSwift::get_keystone_admin_token(cct, admin_token_id); + if (r < 0) { + ldout(cct, 2) << "s3 keystone: cannot get token for keystone access" << dendl; + return r; + } + /* set required headers for keystone request */ - append_header("X-Auth-Token", cct->_conf->rgw_keystone_admin_token); + append_header("X-Auth-Token", admin_token_id); append_header("Content-Type", "application/json"); /* encode token */ diff --git a/src/rgw/rgw_swift.cc b/src/rgw/rgw_swift.cc index b51d37f8afa6..76eda3c76ec6 100644 --- a/src/rgw/rgw_swift.cc +++ b/src/rgw/rgw_swift.cc @@ -229,7 +229,8 @@ static int decode_b64_cms(CephContext *cct, const string& signed_b64, bufferlist return 0; } -int RGWSwift::get_keystone_url(std::string& url) +int RGWSwift::get_keystone_url(CephContext * const cct, + std::string& url) { bufferlist bl; RGWGetRevokedTokens req(cct, &bl); @@ -244,11 +245,22 @@ int RGWSwift::get_keystone_url(std::string& url) return 0; } -int RGWSwift::get_keystone_admin_token(std::string& token) +int RGWSwift::get_keystone_url(std::string& url) +{ + return RGWSwift::get_keystone_url(cct, url); +} + +int RGWSwift::get_keystone_admin_token(std::string& token) +{ + return RGWSwift::get_keystone_admin_token(cct, token); +} + +int RGWSwift::get_keystone_admin_token(CephContext * const cct, + std::string& token) { std::string token_url; - if (get_keystone_url(token_url) < 0) + if (get_keystone_url(cct, token_url) < 0) return -EINVAL; if (cct->_conf->rgw_keystone_admin_token.empty()) { token_url.append("v2.0/tokens"); diff --git a/src/rgw/rgw_swift.h b/src/rgw/rgw_swift.h index 63596e0a78bd..8a081aaa1a15 100644 --- a/src/rgw/rgw_swift.h +++ b/src/rgw/rgw_swift.h @@ -70,6 +70,10 @@ public: bool verify_swift_token(RGWRados *store, req_state *s); bool going_down(); + + /* Static methods shared between Swift API and S3. */ + static int get_keystone_url(CephContext *cct, std::string& url); + static int get_keystone_admin_token(CephContext *cct, std::string& token); }; extern RGWSwift *rgw_swift; -- 2.47.3