]>
Commit | Line | Data |
---|---|---|
9f95a23c TL |
1 | |
2 | #include "svc_rados.h" | |
3 | #include "svc_config_key_rados.h" | |
4 | ||
20effc67 TL |
5 | using namespace std; |
6 | ||
7 | RGWSI_ConfigKey_RADOS::~RGWSI_ConfigKey_RADOS(){} | |
8 | ||
b3b6e05e | 9 | int RGWSI_ConfigKey_RADOS::do_start(optional_yield, const DoutPrefixProvider *dpp) |
9f95a23c | 10 | { |
20effc67 | 11 | maybe_insecure_mon_conn = !svc.rados->check_secure_mon_conn(dpp); |
9f95a23c TL |
12 | |
13 | return 0; | |
14 | } | |
15 | ||
16 | void RGWSI_ConfigKey_RADOS::warn_if_insecure() | |
17 | { | |
18 | if (!maybe_insecure_mon_conn || | |
19 | warned_insecure.test_and_set()) { | |
20 | return; | |
21 | } | |
22 | ||
23 | string s = "rgw is configured to optionally allow insecure connections to the monitors (auth_supported, ms_mon_client_mode), ssl certificates stored at the monitor configuration could leak"; | |
24 | ||
25 | svc.rados->clog_warn(s); | |
26 | ||
27 | lderr(ctx()) << __func__ << "(): WARNING: " << s << dendl; | |
28 | } | |
29 | ||
30 | int RGWSI_ConfigKey_RADOS::get(const string& key, bool secure, bufferlist *result) | |
31 | { | |
32 | string cmd = | |
33 | "{" | |
34 | "\"prefix\": \"config-key get\", " | |
35 | "\"key\": \"" + key + "\"" | |
36 | "}"; | |
37 | ||
38 | bufferlist inbl; | |
39 | auto handle = svc.rados->handle(); | |
40 | int ret = handle.mon_command(cmd, inbl, result, nullptr); | |
41 | if (ret < 0) { | |
42 | return ret; | |
43 | } | |
44 | ||
45 | if (secure) { | |
46 | warn_if_insecure(); | |
47 | } | |
48 | ||
49 | return 0; | |
50 | } |