From 0ab224550f06ddb395fbe1635dd9488d9437c2d5 Mon Sep 17 00:00:00 2001 From: Deepika Upadhyay Date: Mon, 28 Oct 2024 14:49:52 +0530 Subject: [PATCH] rgw: make keystone work without admin token(service ac requirement) Ceph RGW admin credentials must not be a requirement. Both ec2 auth and keystone token validation work without an admin token. And the user token verification will use its own token. The only requirement for the service admin user token is the allow_expired, but in our case we don't use this parameter. fixes: https://tracker.ceph.com/issues/68327 Co-authored-by: @kayrus Signed-off-by: Deepika Upadhyay (cherry picked from commit 55ce1782e159190fd9202b6e270a1a2c470b0626) --- src/rgw/rgw_auth_keystone.cc | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/rgw/rgw_auth_keystone.cc b/src/rgw/rgw_auth_keystone.cc index 7f3bd66a1b9..e74fe97bf77 100644 --- a/src/rgw/rgw_auth_keystone.cc +++ b/src/rgw/rgw_auth_keystone.cc @@ -78,7 +78,12 @@ admin_token_retry: throw -EINVAL; } - validate.append_header("X-Auth-Token", admin_token); + if (allow_expired) { + validate.append_header("X-Auth-Token", admin_token); + } else { + validate.append_header("X-Auth-Token", token); + } + validate.set_send_length(0); validate.set_url(url); -- 2.47.3