diff options
author | Thiago da Silva <thiago@redhat.com> | 2013-12-03 18:06:21 -0500 |
---|---|---|
committer | Luis Pabon <lpabon@redhat.com> | 2013-12-11 04:13:12 -0800 |
commit | 6cbe54cea2ae4279850d53c49843dfde8f67adb3 (patch) | |
tree | 171e90543fe491314b5f2ede655b914a00b79053 /gluster | |
parent | cc2b0b7ae5bfc4cf3d24eeaf92646363f693fc2c (diff) |
fix issue with swauth-clean-token returning 403 errors
The issue was due to missing a necessary change that was made when changing
the auth account name from .auth to metadata volume.
the auth account has a group of the same name, so the .auth account
also had a .auth group, so we needed to change that too to the
metadata volume (e.g., gsmetadata)
Change-Id: Iaa3b7a1b2628f5b863807932e863593be0011a82
Signed-off-by: Thiago da Silva <thiago@redhat.com>
Reviewed-on: http://review.gluster.org/6416
Reviewed-by: Luis Pabon <lpabon@redhat.com>
Tested-by: Luis Pabon <lpabon@redhat.com>
Reviewed-on: http://review.gluster.org/6465
Diffstat (limited to 'gluster')
-rw-r--r-- | gluster/swift/common/middleware/gswauth/swauth/middleware.py | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/gluster/swift/common/middleware/gswauth/swauth/middleware.py b/gluster/swift/common/middleware/gswauth/swauth/middleware.py index c791423..648203e 100644 --- a/gluster/swift/common/middleware/gswauth/swauth/middleware.py +++ b/gluster/swift/common/middleware/gswauth/swauth/middleware.py @@ -386,7 +386,7 @@ class Swauth(object): user_groups = (req.remote_user or '').split(',') if '.reseller_admin' in user_groups and \ account != self.reseller_prefix and \ - account[len(self.reseller_prefix):] != 'gsmetadata': + account[len(self.reseller_prefix):] != self.metadata_volume: req.environ['swift_owner'] = True return None if account in user_groups and \ @@ -1359,7 +1359,8 @@ class Swauth(object): memcache_client.set( memcache_key, (self.itoken_expires, - '.auth,.reseller_admin,%s.auth' % self.reseller_prefix), + '%s,.reseller_admin,%s' % (self.metadata_volume, + self.auth_account)), timeout=self.token_life) return self.itoken |