rgw: remove useless configurable, fix swift auth error handling

Fixes: #3649
No need to have an extra configurable to use keystone. Use keystone
whenever keystone url has been specified. Also, fix a bad error
handling that turned a failure to authenticate into successfully
authenticating a bad user.

Signed-off-by: Yehuda Sadeh <yehuda@inktank.com>

2 files changed, 2 insertions, 3 deletions

diff --git a/src/common/config_opts.h b/src/common/config_opts.h
index 6bc4b1facbf..720dbe38fa5 100644
--- a/src/common/config_opts.h
+++ b/src/common/config_opts.h
@@ -448,7 +448,6 @@ OPTION(rgw_swift_url, OPT_STR, "")             // the swift url, being published
 OPTION(rgw_swift_url_prefix, OPT_STR, "swift") // entry point for which a url is considered a swift url
 OPTION(rgw_swift_auth_url, OPT_STR, "")        // default URL to go and verify tokens for v1 auth (if not using internal swift auth)
 OPTION(rgw_swift_auth_entry, OPT_STR, "auth")  // entry point for which a url is considered a swift auth url
-OPTION(rgw_swift_use_keystone, OPT_BOOL, false)  // should swift use keystone?
 OPTION(rgw_keystone_url, OPT_STR, "")  // url for keystone server
 OPTION(rgw_keystone_admin_token, OPT_STR, "")  // keystone admin token (shared secret)
 OPTION(rgw_keystone_accepted_roles, OPT_STR, "Member, admin")  // roles required to serve requests
diff --git a/src/rgw/rgw_swift.cc b/src/rgw/rgw_swift.cc
index 2ce04074a03..9eda1eda071 100644
--- a/src/rgw/rgw_swift.cc
+++ b/src/rgw/rgw_swift.cc
@@ -644,14 +644,14 @@ bool RGWSwift::verify_swift_token(RGWRados *store, req_state *s)
 
   int ret;
 
-  if (g_conf->rgw_swift_use_keystone) {
+  if (!cct->_conf->rgw_keystone_url.empty()) {
     ret = validate_keystone_token(store, s->os_auth_token, &info, s->user);
     return (ret >= 0);
   }
 
   ret = validate_token(s->os_auth_token, &info);
   if (ret < 0)
-    return ret;
+    return false;
 
   if (info.user.empty()) {
     ldout(cct, 5) << "swift auth didn't authorize a user" << dendl;