ceph/src/rgw/services/svc_config_key_rados.cc

   1
   2 #include "svc_rados.h"
   3 #include "svc_config_key_rados.h"
   4
   5 int RGWSI_ConfigKey_RADOS::do_start(optional_yield)
   6 {
   7   maybe_insecure_mon_conn = !svc.rados->check_secure_mon_conn();
   8
   9   return 0;
  10 }
  11
  12 void RGWSI_ConfigKey_RADOS::warn_if_insecure()
  13 {
  14   if (!maybe_insecure_mon_conn ||
  15       warned_insecure.test_and_set()) {
  16     return;
  17   }
  18
  19   string s = "rgw is configured to optionally allow insecure connections to the monitors (auth_supported, ms_mon_client_mode), ssl certificates stored at the monitor configuration could leak";
  20
  21   svc.rados->clog_warn(s);
  22
  23   lderr(ctx()) << __func__ << "(): WARNING: " << s << dendl;
  24 }
  25
  26 int RGWSI_ConfigKey_RADOS::get(const string& key, bool secure, bufferlist *result)
  27 {
  28   string cmd =
  29     "{"
  30       "\"prefix\": \"config-key get\", "
  31       "\"key\": \"" + key + "\""
  32     "}";
  33
  34   bufferlist inbl;
  35   auto handle = svc.rados->handle();
  36   int ret = handle.mon_command(cmd, inbl, result, nullptr);
  37   if (ret < 0) {
  38     return ret;
  39   }
  40
  41   if (secure) {
  42     warn_if_insecure();
  43   }
  44
  45   return 0;
  46 }