bool is_expired(const std::string& expires) const;
class SignatureHelper;
+ class PrefixableSignatureHelper;
public:
TempURLEngine(CephContext* const cct,
public rgw::auth::LocalApplier::Factory,
public rgw::auth::swift::TempURLApplier::Factory {
RGWRados* const store;
+ ImplicitTenants& implicit_tenant_context;
/* The engines. */
const rgw::auth::swift::TempURLEngine tempurl_engine;
const rgw::auth::swift::SignedTokenEngine signed_engine;
- const rgw::auth::keystone::TokenEngine keystone_engine;
+ boost::optional <const rgw::auth::keystone::TokenEngine> keystone_engine;
const rgw::auth::swift::ExternalTokenEngine external_engine;
const rgw::auth::swift::SwiftAnonymousEngine anon_engine;
rgw::auth::add_3rdparty(store, s->account_name,
rgw::auth::add_sysreq(cct, store, s,
rgw::auth::RemoteApplier(cct, store, std::move(extra_acl_strategy), info,
- cct->_conf->rgw_keystone_implicit_tenants)));
+ implicit_tenant_context,
+ rgw::auth::ImplicitTenants::IMPLICIT_TENANTS_SWIFT)));
/* TODO(rzarzynski): replace with static_ptr. */
return aplptr_t(new decltype(apl)(std::move(apl)));
}
public:
DefaultStrategy(CephContext* const cct,
+ ImplicitTenants& implicit_tenant_context,
RGWRados* const store)
: store(store),
+ implicit_tenant_context(implicit_tenant_context),
tempurl_engine(cct,
store,
static_cast<rgw::auth::swift::TempURLApplier::Factory*>(this)),
store,
static_cast<rgw::auth::TokenExtractor*>(this),
static_cast<rgw::auth::LocalApplier::Factory*>(this)),
- keystone_engine(cct,
- static_cast<rgw::auth::TokenExtractor*>(this),
- static_cast<rgw::auth::RemoteApplier::Factory*>(this),
- keystone_config_t::get_instance(),
- keystone_cache_t::get_instance<keystone_config_t>()),
external_engine(cct,
store,
static_cast<rgw::auth::TokenExtractor*>(this),
/* The auth strategy is responsible for deciding whether a parcular
* engine is disabled or not. */
if (! cct->_conf->rgw_keystone_url.empty()) {
- add_engine(Control::SUFFICIENT, keystone_engine);
+ keystone_engine.emplace(cct,
+ static_cast<rgw::auth::TokenExtractor*>(this),
+ static_cast<rgw::auth::RemoteApplier::Factory*>(this),
+ keystone_config_t::get_instance(),
+ keystone_cache_t::get_instance<keystone_config_t>());
+
+ add_engine(Control::SUFFICIENT, *keystone_engine);
}
if (! cct->_conf->rgw_swift_auth_url.empty()) {
add_engine(Control::SUFFICIENT, external_engine);