Ceph » rgw

See https://github.com/ceph/ceph/pull/43755.

The behavior must have changed since Styra contributed the original OPA integration, seemingly. Casey wondered in bug scrub, could older setups be relying on the old behavior?

I'm not sure about that. The commit that introduced OPA integration is https://github.com/ceph/ceph/commit/631a036a6b02d30d12d0a1c6cae25c9aa0c38af1, dating back to 2018, and OPA v0.9.0 would have been current. And even there, I don't see any mention of `X-Auth-Token`, but the `Authorization` header is documented instead: https://github.com/open-policy-agent/opa/blob/v0.9.0/docs/book/security.md?plain=1#L171-L184.

Hi Matt! Could you take another look at this?

As mentioned, I doubt this feature ever worked given that OPA doesn't seem to have supported the `X-Auth-Token` in the past.

Let me know how you wish to proceed.

Ok, I'll try to have an update shortly. I don't think we have proper test automation for OPA. Do you have the ability to construct a minimal reproducer?

Matt