Backport #22259
Updated by Nathan Cutler over 6 years ago
https://github.com/ceph/ceph/pull/19194 In ceph jewel, it is possible to store swift read acls of the form ".r:*", but these do not have the expected effect of allowing "anonymous" access to the bucket contents. In more recent versions of ceph (luminous/master), this works fine. This problem manifests when using keystone and rgw_swift_account_in_url. From the logs, it appears that the tenant from the URL is being ignored. luminous/master have very different code for this functionality, so this isn't a simple backport. However, the fix appears to be easy: just a few lines in rgw_rest_swift.cc to set the tenant seems to suffice.