// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
// vim: ts=8 sw=2 smarttab ft=cpp
-
-#ifndef CEPH_RGW_AUTH_KEYSTONE_H
-#define CEPH_RGW_AUTH_KEYSTONE_H
+#pragma once
#include <string_view>
#include <utility>
using result_t = rgw::auth::Engine::result_t;
using token_envelope_t = rgw::keystone::TokenEnvelope;
- const rgw::auth::TokenExtractor* const extractor;
+ const rgw::auth::TokenExtractor* const auth_token_extractor;
+ const rgw::auth::TokenExtractor* const service_token_extractor;
const rgw::auth::RemoteApplier::Factory* const apl_factory;
rgw::keystone::Config& config;
rgw::keystone::TokenCache& token_cache;
bool is_applicable(const std::string& token) const noexcept;
boost::optional<token_envelope_t>
- get_from_keystone(const DoutPrefixProvider* dpp, const std::string& token) const;
+ get_from_keystone(const DoutPrefixProvider* dpp, const std::string& token, bool allow_expired) const;
acl_strategy_t get_acl_strategy(const token_envelope_t& token) const;
auth_info_t get_creds_info(const token_envelope_t& token,
) const noexcept;
result_t authenticate(const DoutPrefixProvider* dpp,
const std::string& token,
+ const std::string& service_token,
const req_state* s) const;
public:
TokenEngine(CephContext* const cct,
- const rgw::auth::TokenExtractor* const extractor,
+ const rgw::auth::TokenExtractor* const auth_token_extractor,
+ const rgw::auth::TokenExtractor* const service_token_extractor,
const rgw::auth::RemoteApplier::Factory* const apl_factory,
rgw::keystone::Config& config,
rgw::keystone::TokenCache& token_cache)
: cct(cct),
- extractor(extractor),
+ auth_token_extractor(auth_token_extractor),
+ service_token_extractor(service_token_extractor),
apl_factory(apl_factory),
config(config),
token_cache(token_cache) {
result_t authenticate(const DoutPrefixProvider* dpp, const req_state* const s,
optional_yield y) const override {
- return authenticate(dpp, extractor->get_token(s), s);
+ return authenticate(dpp, auth_token_extractor->get_token(s), service_token_extractor->get_token(s), s);
}
}; /* class TokenEngine */
const std::string_view& access_key_id,
const std::string& string_to_sign,
const std::string_view& signature) const;
- std::pair<boost::optional<token_envelope_t>, int>
+
+ struct access_token_result {
+ boost::optional<token_envelope_t> token;
+ boost::optional<std::string> secret_key;
+ int failure_reason = 0;
+ };
+ access_token_result
get_access_token(const DoutPrefixProvider* dpp,
const std::string_view& access_key_id,
const std::string& string_to_sign,
}; /* namespace keystone */
}; /* namespace auth */
}; /* namespace rgw */
-
-#endif /* CEPH_RGW_AUTH_KEYSTONE_H */