update ceph source to reef 18.1.2

[ceph.git] / ceph / src / rgw / rgw_auth_keystone.h

diff --git a/ceph/src/rgw/rgw_auth_keystone.h b/ceph/src/rgw/rgw_auth_keystone.h
index b986fc2a6aef6f7d9eaa47f60f344bbe2d05fbbd..9d79bc87826e90fb5855209e6c1b269692c150ba 100644 (file)
--- a/ceph/src/rgw/rgw_auth_keystone.h
+++ b/ceph/src/rgw/rgw_auth_keystone.h
@@ -1,9 +1,7 @@
 // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
 // vim: ts=8 sw=2 smarttab ft=cpp
 
-
-#ifndef CEPH_RGW_AUTH_KEYSTONE_H
-#define CEPH_RGW_AUTH_KEYSTONE_H
+#pragma once
 
 #include <string_view>
 #include <utility>
@@ -30,7 +28,8 @@ class TokenEngine : public rgw::auth::Engine {
   using result_t = rgw::auth::Engine::result_t;
   using token_envelope_t = rgw::keystone::TokenEnvelope;
 
-  const rgw::auth::TokenExtractor* const extractor;
+  const rgw::auth::TokenExtractor* const auth_token_extractor;
+  const rgw::auth::TokenExtractor* const service_token_extractor;
   const rgw::auth::RemoteApplier::Factory* const apl_factory;
   rgw::keystone::Config& config;
   rgw::keystone::TokenCache& token_cache;
@@ -39,7 +38,7 @@ class TokenEngine : public rgw::auth::Engine {
   bool is_applicable(const std::string& token) const noexcept;
 
   boost::optional<token_envelope_t>
-  get_from_keystone(const DoutPrefixProvider* dpp, const std::string& token) const;
+  get_from_keystone(const DoutPrefixProvider* dpp, const std::string& token, bool allow_expired) const;
 
   acl_strategy_t get_acl_strategy(const token_envelope_t& token) const;
   auth_info_t get_creds_info(const token_envelope_t& token,
@@ -47,16 +46,19 @@ class TokenEngine : public rgw::auth::Engine {
                             ) const noexcept;
   result_t authenticate(const DoutPrefixProvider* dpp,
                         const std::string& token,
+                        const std::string& service_token,
                         const req_state* s) const;
 
 public:
   TokenEngine(CephContext* const cct,
-              const rgw::auth::TokenExtractor* const extractor,
+              const rgw::auth::TokenExtractor* const auth_token_extractor,
+              const rgw::auth::TokenExtractor* const service_token_extractor,
               const rgw::auth::RemoteApplier::Factory* const apl_factory,
               rgw::keystone::Config& config,
               rgw::keystone::TokenCache& token_cache)
     : cct(cct),
-      extractor(extractor),
+      auth_token_extractor(auth_token_extractor),
+      service_token_extractor(service_token_extractor),
       apl_factory(apl_factory),
       config(config),
       token_cache(token_cache) {
@@ -68,7 +70,7 @@ public:
 
   result_t authenticate(const DoutPrefixProvider* dpp, const req_state* const s,
                        optional_yield y) const override {
-    return authenticate(dpp, extractor->get_token(s), s);
+    return authenticate(dpp, auth_token_extractor->get_token(s), service_token_extractor->get_token(s), s);
   }
 }; /* class TokenEngine */
 
@@ -146,7 +148,13 @@ class EC2Engine : public rgw::auth::s3::AWSEngine {
                     const std::string_view& access_key_id,
                     const std::string& string_to_sign,
                     const std::string_view& signature) const;
-  std::pair<boost::optional<token_envelope_t>, int>
+
+  struct access_token_result {
+    boost::optional<token_envelope_t> token;
+    boost::optional<std::string> secret_key;
+    int failure_reason = 0;
+  };
+  access_token_result
   get_access_token(const DoutPrefixProvider* dpp,
                    const std::string_view& access_key_id,
                    const std::string& string_to_sign,
@@ -192,5 +200,3 @@ public:
 }; /* namespace keystone */
 }; /* namespace auth */
 }; /* namespace rgw */
-
-#endif /* CEPH_RGW_AUTH_KEYSTONE_H */