diff options
| author | Yehuda Sadeh <yehuda@inktank.com> | 2012-11-06 14:28:42 -0800 |
|---|---|---|
| committer | Yehuda Sadeh <yehuda@inktank.com> | 2012-11-08 13:24:30 -0800 |
| commit | 5fda39e6a343cbeb3a8beef408e114f497c70c73 (patch) | |
| tree | 3bb869ceca302bfd11e3202af357142ecd2b9609 | |
| parent | a99b0fac88322f4e7505ec594fd77d25cad4e22b (diff) | |
| download | ceph-5fda39e6a343cbeb3a8beef408e114f497c70c73.tar.gz | |
rgw: change configurable
rgw keystone accepted roles
Signed-off-by: Yehuda Sadeh <yehuda@inktank.com>
| -rw-r--r-- | src/common/config_opts.h | 2 | ||||
| -rw-r--r-- | src/rgw/rgw_swift.cc | 4 |
2 files changed, 3 insertions, 3 deletions
diff --git a/src/common/config_opts.h b/src/common/config_opts.h index c9c5b4943b6..1a0cf43ad94 100644 --- a/src/common/config_opts.h +++ b/src/common/config_opts.h @@ -426,7 +426,7 @@ OPTION(rgw_swift_auth_entry, OPT_STR, "auth") // entry point for which a url is OPTION(rgw_swift_use_keystone, OPT_BOOL, false) // should swift use keystone? OPTION(rgw_keystone_url, OPT_STR, "") // url for keystone server OPTION(rgw_keystone_admin_token, OPT_STR, "") // keystone admin token (shared secret) -OPTION(rgw_keystone_operator_roles, OPT_STR, "swiftoperator, admin") // roles required to serve requests +OPTION(rgw_keystone_accepted_roles, OPT_STR, "Member, admin") // roles required to serve requests OPTION(rgw_keystone_token_cache_size, OPT_INT, 10000) // max number of entries in keystone token cache OPTION(rgw_keystone_revocation_interval, OPT_INT, 15 * 60) // seconds between tokens revocation check OPTION(rgw_admin_entry, OPT_STR, "admin") // entry point for which a url is considered an admin request diff --git a/src/rgw/rgw_swift.cc b/src/rgw/rgw_swift.cc index 002c380444a..2ce04074a03 100644 --- a/src/rgw/rgw_swift.cc +++ b/src/rgw/rgw_swift.cc @@ -493,7 +493,7 @@ int RGWSwift::parse_keystone_token_response(const string& token, bufferlist& bl, } if (!found) { - ldout(cct, 0) << "user does not hold a matching role; required roles: " << g_conf->rgw_keystone_operator_roles << dendl; + ldout(cct, 0) << "user does not hold a matching role; required roles: " << g_conf->rgw_keystone_accepted_roles << dendl; return -EPERM; } @@ -677,7 +677,7 @@ bool RGWSwift::verify_swift_token(RGWRados *store, req_state *s) void RGWSwift::init() { - get_str_list(cct->_conf->rgw_keystone_operator_roles, roles_list); + get_str_list(cct->_conf->rgw_keystone_accepted_roles, roles_list); keystone_token_cache = new RGWKeystoneTokenCache(cct, cct->_conf->rgw_keystone_token_cache_size); |