]>
Commit | Line | Data |
---|---|---|
9f95a23c TL |
1 | |
2 | #include "svc_rados.h" | |
3 | #include "svc_config_key_rados.h" | |
4 | ||
b3b6e05e | 5 | int RGWSI_ConfigKey_RADOS::do_start(optional_yield, const DoutPrefixProvider *dpp) |
9f95a23c TL |
6 | { |
7 | maybe_insecure_mon_conn = !svc.rados->check_secure_mon_conn(); | |
8 | ||
9 | return 0; | |
10 | } | |
11 | ||
12 | void RGWSI_ConfigKey_RADOS::warn_if_insecure() | |
13 | { | |
14 | if (!maybe_insecure_mon_conn || | |
15 | warned_insecure.test_and_set()) { | |
16 | return; | |
17 | } | |
18 | ||
19 | string s = "rgw is configured to optionally allow insecure connections to the monitors (auth_supported, ms_mon_client_mode), ssl certificates stored at the monitor configuration could leak"; | |
20 | ||
21 | svc.rados->clog_warn(s); | |
22 | ||
23 | lderr(ctx()) << __func__ << "(): WARNING: " << s << dendl; | |
24 | } | |
25 | ||
26 | int RGWSI_ConfigKey_RADOS::get(const string& key, bool secure, bufferlist *result) | |
27 | { | |
28 | string cmd = | |
29 | "{" | |
30 | "\"prefix\": \"config-key get\", " | |
31 | "\"key\": \"" + key + "\"" | |
32 | "}"; | |
33 | ||
34 | bufferlist inbl; | |
35 | auto handle = svc.rados->handle(); | |
36 | int ret = handle.mon_command(cmd, inbl, result, nullptr); | |
37 | if (ret < 0) { | |
38 | return ret; | |
39 | } | |
40 | ||
41 | if (secure) { | |
42 | warn_if_insecure(); | |
43 | } | |
44 | ||
45 | return 0; | |
46 | } |