fix issue with swauth-clean-token returning 403 errors

The issue was due to missing a necessary change that was made when changing
the auth account name from .auth to metadata volume.

the auth account has a group of the same name, so the .auth account
also had a .auth group, so we needed to change that too to the
metadata volume (e.g., gsmetadata)

Change-Id: Iaa3b7a1b2628f5b863807932e863593be0011a82
Signed-off-by: Thiago da Silva <thiago@redhat.com>
Reviewed-on: http://review.gluster.org/6416
Reviewed-by: Luis Pabon <lpabon@redhat.com>
Tested-by: Luis Pabon <lpabon@redhat.com>
Reviewed-on: http://review.gluster.org/6465

2 files changed, 9 insertions, 4 deletions

diff --git a/gluster/swift/common/middleware/gswauth/swauth/middleware.py b/gluster/swift/common/middleware/gswauth/swauth/middleware.py
index c791423..648203e 100644
--- a/gluster/swift/common/middleware/gswauth/swauth/middleware.py
+++ b/gluster/swift/common/middleware/gswauth/swauth/middleware.py
@@ -386,7 +386,7 @@ class Swauth(object):
         user_groups = (req.remote_user or '').split(',')
         if '.reseller_admin' in user_groups and \
                 account != self.reseller_prefix and \
-                account[len(self.reseller_prefix):] != 'gsmetadata':
+                account[len(self.reseller_prefix):] != self.metadata_volume:
             req.environ['swift_owner'] = True
             return None
         if account in user_groups and \
@@ -1359,7 +1359,8 @@ class Swauth(object):
             memcache_client.set(
                 memcache_key,
                 (self.itoken_expires,
-                 '.auth,.reseller_admin,%s.auth' % self.reseller_prefix),
+                 '%s,.reseller_admin,%s' % (self.metadata_volume,
+                 self.auth_account)),
                 timeout=self.token_life)
         return self.itoken
 
diff --git a/test/unit/common/middleware/gswauth/swauth/test_middleware.py b/test/unit/common/middleware/gswauth/swauth/test_middleware.py
index 00e6453..f01c34f 100644
--- a/test/unit/common/middleware/gswauth/swauth/test_middleware.py
+++ b/test/unit/common/middleware/gswauth/swauth/test_middleware.py
@@ -805,6 +805,7 @@ class TestAuth(unittest.TestCase):
         self.assertEquals(self.test_auth.app.calls, 2)
 
     def test_get_token_for_auth_acct_success(self):
+        fmc = FakeMemcache()
         local_auth = \
             auth.filter_factory({
                 'super_admin_key': 'supertest',
@@ -814,7 +815,7 @@ class TestAuth(unittest.TestCase):
         resp = Request.blank(
             '/auth/v1.0',
             environ={'REQUEST_METHOD': 'GET',
-                     'swift.cache': FakeMemcache()},
+                     'swift.cache': fmc},
             headers={'X-Auth-User': 'act:.super_admin',
                      'X-Auth-Key': 'supertest'}).get_response(local_auth)
         self.assertEquals(resp.status_int, 200)
@@ -822,6 +823,9 @@ class TestAuth(unittest.TestCase):
         self.assertTrue(itk.startswith('AUTH_itk'), itk)
         self.assertEquals(resp.headers.get('x-storage-url'),
                           'http://127.0.0.1:8080/v1/AUTH_gsmd')
+        expires, groups = fmc.get('AUTH_/auth/%s' % itk)
+        self.assertEquals(groups,
+            'gsmd,.reseller_admin,AUTH_gsmd')
 
     def test_get_token_for_auth_acct_fail_passwd(self):
         local_auth = \
@@ -3870,7 +3874,7 @@ class TestAuth(unittest.TestCase):
         self.assert_(expires > time(), expires)
         self.assertEquals(
             groups,
-            '.auth,.reseller_admin,AUTH_.auth')
+            'gsmetadata,.reseller_admin,AUTH_gsmetadata')
 
     def test_get_admin_detail_fail_no_colon(self):
         self.test_auth.app = FakeApp(iter([]))