Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DNM] rgw: Rework of s3 Keystone Authentication code. #10536

Closed
wants to merge 1 commit into from
Closed

[DNM] rgw: Rework of s3 Keystone Authentication code. #10536

wants to merge 1 commit into from

Conversation

pritha-srivastava
Copy link
Contributor

The Keystone authentication code has been reworked based on the new authentication infrastructure.

Signed-off-by: Pritha Srivastava prsrivas@redhat.com

@pritha-srivastava
Copy link
Contributor Author

The keystone rework includes the commit from local auth rework also, since the some classes are common between the two.

rzarzynski
rzarzynski reviewed Aug 4, 2016
View reviewed changes
src/rgw/rgw_rest_s3.cc
s->perm_mask = RGW_PERM_FULL_CONTROL;
}
} else if (store->ctx()->_conf->rgw_s3_auth_use_ldap &&
if (keyauth.is_applicable()) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I bet that in the future we'll want to have a cascade of authentication engines like in the case of Swift API.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, I will make the relevant changes, once I rebase with local auth code and ldap code changes. Going step by step here.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Got it.

@pritha-srivastava
Copy link
Contributor Author

The following are the things that I have done:

  1. Optimized the code to make sure that the auth keys for v2 are getting parsed only once since they are the same for all auth engines. For that there is a class called RGWS3V2AuthKeys. Each auth engine contains a pointer to RGWS3V2AuthKeys, so that when an object of type RGWS3V2AuthKeys is created, the auth keys are extracted only once and are used by all the auth engines.
  2. There are two extractor classes one for get_policy() method and the other one for authorize_v2() method.
  3. Also, cascaded all three auth engines in authorize_v2 method.

@pritha-srivastava
Copy link
Contributor Author

@rzarzynski : Please re-review. I have explained what changes I have made in the comment above.

@pritha-srivastava
rgw: Rework of s3 Keystone Authentication code.
f319217 
The Keystone authentication code has been reworked based
on the new authentication infrastructure.

Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
@oritwas
Copy link
Member

oritwas commented Apr 3, 2017

@pritha-srivastava , please rebase

@oritwas oritwas added the cleanup label Apr 3, 2017
@rzarzynski
Copy link
Contributor

It seems that the clean-up of S3/Keystone integration has been made in #12893. @pritha-srivastava, may we close this PR?

@pritha-srivastava
Copy link
Contributor Author

@rzarzynski : Yes you are right. This PR can be closed.

@rzarzynski
Copy link
Contributor

The clean-up of S3/Keystone integration has been merged in #12893.

@rzarzynski rzarzynski closed this Apr 3, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@mattbenjamin mattbenjamin

@rzarzynski rzarzynski

Labels
cleanup rgw
Projects
None yet
Milestone
No milestone
4 participants
@pritha-srivastava @oritwas @rzarzynski @mattbenjamin