s3token: Only replace access_key_id in account

Change-Id: Ifccedbe7662925db55d0d8cd9e2e66a03126f661 Closes-Bug: #1816181
author: Tim Burke <tim.burke@gmail.com> 2022-05-31 10:10:57 -0700
committer: Tim Burke <tim.burke@gmail.com> 2022-05-31 11:24:56 -0700
commit: 70864396dcbdf4c391fdb5e8e8b8ccea24c8fa4c (patch)
tree: 26136c51b3e4a8be34776d03a5c1677c63dbfd46
parent: 0c8a0886649f86570f935abce9feec9ab2261fcd (diff)
download: swift-70864396dcbdf4c391fdb5e8e8b8ccea24c8fa4c.tar.gz
2 files changed, 14 insertions, 2 deletions
diff --git a/swift/common/middleware/s3api/s3token.py b/swift/common/middleware/s3api/s3token.py
index c376dac5f..3693b2f28 100644
--- a/swift/common/middleware/s3api/s3token.py
+++ b/swift/common/middleware/s3api/s3token.py
@@ -403,8 +403,8 @@ class S3Token(object):
             tenant_to_connect = tenant_to_connect.encode('utf-8')
         self._logger.debug('Connecting with tenant: %s', tenant_to_connect)
         new_tenant_name = '%s%s' % (self._reseller_prefix, tenant_to_connect)
-        environ['PATH_INFO'] = environ['PATH_INFO'].replace(account,
-                                                            new_tenant_name)
+        environ['PATH_INFO'] = environ['PATH_INFO'].replace(
+            account, new_tenant_name, 1)
         return self._app(environ, start_response)
 
 
diff --git a/test/unit/common/middleware/s3api/test_s3token.py b/test/unit/common/middleware/s3api/test_s3token.py
index 16df82e3e..ba9559ab6 100644
--- a/test/unit/common/middleware/s3api/test_s3token.py
+++ b/test/unit/common/middleware/s3api/test_s3token.py
@@ -956,6 +956,18 @@ class S3TokenMiddlewareTestV3(S3TokenMiddlewareTestBase):
         self._assert_authorized(req, account_path='/v1/')
         self.assertEqual(req.environ['PATH_INFO'], '/v1/AUTH_PROJECT_ID/c/o')
 
+    def test_authorize_with_access_key_in_container(self):
+        req = Request.blank('/v1/accesskey/accesskey.c/o')
+        req.environ['s3api.auth_details'] = {
+            'access_key': u'access',
+            'signature': u'signature',
+            'string_to_sign': u'token',
+        }
+        req.get_response(self.middleware)
+        self._assert_authorized(req, account_path='/v1/')
+        self.assertEqual(req.environ['PATH_INFO'],
+                         '/v1/AUTH_PROJECT_ID/accesskey.c/o')
+
     def test_authorize_with_access_key_and_unquote_chars(self):
         req = Request.blank('/v1/ab%c=/c/o')
         req.environ['s3api.auth_details'] = {
author	Tim Burke <tim.burke@gmail.com>	2022-05-31 10:10:57 -0700
committer	Tim Burke <tim.burke@gmail.com>	2022-05-31 11:24:56 -0700
commit	70864396dcbdf4c391fdb5e8e8b8ccea24c8fa4c (patch)
tree	26136c51b3e4a8be34776d03a5c1677c63dbfd46
parent	0c8a0886649f86570f935abce9feec9ab2261fcd (diff)
download	swift-70864396dcbdf4c391fdb5e8e8b8ccea24c8fa4c.tar.gz