Ceph » rgw

See the discussion here https://github.com/ceph/ceph/pull/55236#discussion_r1484848663

we can refactor a lot of code in keystone EC2engine auth to get rid of keystone admin token usage

Now looking at it again I'm thinking that the logic in EC2Engine::get_from_keystone() might be flawed, we don't not need to pass an admin token in there because the API is public [1] [2], and with that said I think we can also refactor EC2Engine::get_secret_from_keystone() to pass in the user token in that function and get rid of the admin token requirement for Keystone auth EC2Engine [3] since policies changed in the past to not require admin access for the identity:ec2_get_credentialpolicy [4].