projects / ceph.git / blame
| Commit | Line | Data |
|---|---|---|
| 9f95a23c TL |
1 | |
| 2 | #include "svc_rados.h" | |
| 3 | #include "svc_config_key_rados.h" | |
| 4 | ||
| b3b6e05e | 5 | int RGWSI_ConfigKey_RADOS::do_start(optional_yield, const DoutPrefixProvider *dpp) |
| 9f95a23c TL |
6 | { |
| 7 | maybe_insecure_mon_conn = !svc.rados->check_secure_mon_conn(); | |
| 8 | ||
| 9 | return 0; | |
| 10 | } | |
| 11 | ||
| 12 | void RGWSI_ConfigKey_RADOS::warn_if_insecure() | |
| 13 | { | |
| 14 | if (!maybe_insecure_mon_conn || | |
| 15 | warned_insecure.test_and_set()) { | |
| 16 | return; | |
| 17 | } | |
| 18 | ||
| 19 | string s = "rgw is configured to optionally allow insecure connections to the monitors (auth_supported, ms_mon_client_mode), ssl certificates stored at the monitor configuration could leak"; | |
| 20 | ||
| 21 | svc.rados->clog_warn(s); | |
| 22 | ||
| 23 | lderr(ctx()) << __func__ << "(): WARNING: " << s << dendl; | |
| 24 | } | |
| 25 | ||
| 26 | int RGWSI_ConfigKey_RADOS::get(const string& key, bool secure, bufferlist *result) | |
| 27 | { | |
| 28 | string cmd = | |
| 29 | "{" | |
| 30 | "\"prefix\": \"config-key get\", " | |
| 31 | "\"key\": \"" + key + "\"" | |
| 32 | "}"; | |
| 33 | ||
| 34 | bufferlist inbl; | |
| 35 | auto handle = svc.rados->handle(); | |
| 36 | int ret = handle.mon_command(cmd, inbl, result, nullptr); | |
| 37 | if (ret < 0) { | |
| 38 | return ret; | |
| 39 | } | |
| 40 | ||
| 41 | if (secure) { | |
| 42 | warn_if_insecure(); | |
| 43 | } | |
| 44 | ||
| 45 | return 0; | |
| 46 | } |