From 2d818c06b805b051996d605ef8ef5b5415bd6293 Mon Sep 17 00:00:00 2001 From: Thiago da Silva Date: Tue, 3 Dec 2013 18:06:21 -0500 Subject: fix issue with swauth-clean-token returning 403 errors The issue was due to missing a necessary change that was made when changing the auth account name from .auth to metadata volume. the auth account has a group of the same name, so the .auth account also had a .auth group, so we needed to change that too to the metadata volume (e.g., gsmetadata) Change-Id: Iaa3b7a1b2628f5b863807932e863593be0011a82 Signed-off-by: Thiago da Silva Reviewed-on: http://review.gluster.org/6416 Reviewed-by: Luis Pabon Tested-by: Luis Pabon --- gluster/swift/common/middleware/gswauth/swauth/middleware.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'gluster/swift/common/middleware') diff --git a/gluster/swift/common/middleware/gswauth/swauth/middleware.py b/gluster/swift/common/middleware/gswauth/swauth/middleware.py index 996228d..bc5d085 100644 --- a/gluster/swift/common/middleware/gswauth/swauth/middleware.py +++ b/gluster/swift/common/middleware/gswauth/swauth/middleware.py @@ -386,7 +386,7 @@ class Swauth(object): user_groups = (req.remote_user or '').split(',') if '.reseller_admin' in user_groups and \ account != self.reseller_prefix and \ - account[len(self.reseller_prefix):] != 'gsmetadata': + account[len(self.reseller_prefix):] != self.metadata_volume: req.environ['swift_owner'] = True return None if account in user_groups and \ @@ -1357,7 +1357,8 @@ class Swauth(object): memcache_client.set( memcache_key, (self.itoken_expires, - '.auth,.reseller_admin,%s.auth' % self.reseller_prefix), + '%s,.reseller_admin,%s' % (self.metadata_volume, + self.auth_account)), timeout=self.token_life) return self.itoken -- cgit