summaryrefslogtreecommitdiffstats
path: root/gluster
diff options
context:
space:
mode:
authorThiago da Silva <thiago@redhat.com>2013-12-03 18:06:21 -0500
committerLuis Pabon <lpabon@redhat.com>2013-12-05 09:18:30 -0800
commit2d818c06b805b051996d605ef8ef5b5415bd6293 (patch)
tree76d82bf425c1fb4b43f937e4866d862b1d84d8c5 /gluster
parentb36fe03702e76294d530d405ca61f45a7a382057 (diff)
fix issue with swauth-clean-token returning 403 errors
The issue was due to missing a necessary change that was made when changing the auth account name from .auth to metadata volume. the auth account has a group of the same name, so the .auth account also had a .auth group, so we needed to change that too to the metadata volume (e.g., gsmetadata) Change-Id: Iaa3b7a1b2628f5b863807932e863593be0011a82 Signed-off-by: Thiago da Silva <thiago@redhat.com> Reviewed-on: http://review.gluster.org/6416 Reviewed-by: Luis Pabon <lpabon@redhat.com> Tested-by: Luis Pabon <lpabon@redhat.com>
Diffstat (limited to 'gluster')
-rw-r--r--gluster/swift/common/middleware/gswauth/swauth/middleware.py5
1 files changed, 3 insertions, 2 deletions
diff --git a/gluster/swift/common/middleware/gswauth/swauth/middleware.py b/gluster/swift/common/middleware/gswauth/swauth/middleware.py
index 996228d..bc5d085 100644
--- a/gluster/swift/common/middleware/gswauth/swauth/middleware.py
+++ b/gluster/swift/common/middleware/gswauth/swauth/middleware.py
@@ -386,7 +386,7 @@ class Swauth(object):
user_groups = (req.remote_user or '').split(',')
if '.reseller_admin' in user_groups and \
account != self.reseller_prefix and \
- account[len(self.reseller_prefix):] != 'gsmetadata':
+ account[len(self.reseller_prefix):] != self.metadata_volume:
req.environ['swift_owner'] = True
return None
if account in user_groups and \
@@ -1357,7 +1357,8 @@ class Swauth(object):
memcache_client.set(
memcache_key,
(self.itoken_expires,
- '.auth,.reseller_admin,%s.auth' % self.reseller_prefix),
+ '%s,.reseller_admin,%s' % (self.metadata_volume,
+ self.auth_account)),
timeout=self.token_life)
return self.itoken