summaryrefslogtreecommitdiffstats
path: root/src/rgw/services/svc_config_key_rados.cc
blob: 5edb02ea7f34c9052b5036f5849dcfeabc062842 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#include "svc_rados.h"
#include "svc_config_key_rados.h"

using namespace std;

RGWSI_ConfigKey_RADOS::~RGWSI_ConfigKey_RADOS(){}

int RGWSI_ConfigKey_RADOS::do_start(optional_yield, const DoutPrefixProvider *dpp)
{
  maybe_insecure_mon_conn = !svc.rados->check_secure_mon_conn(dpp);

  return 0;
}

void RGWSI_ConfigKey_RADOS::warn_if_insecure()
{
  if (!maybe_insecure_mon_conn ||
      warned_insecure.test_and_set()) {
    return;
  }

  string s = "rgw is configured to optionally allow insecure connections to the monitors (auth_supported, ms_mon_client_mode), ssl certificates stored at the monitor configuration could leak";

  svc.rados->clog_warn(s);

  lderr(ctx()) << __func__ << "(): WARNING: " << s << dendl;
}

int RGWSI_ConfigKey_RADOS::get(const string& key, bool secure, bufferlist *result)
{
  string cmd =
    "{"
      "\"prefix\": \"config-key get\", "
      "\"key\": \"" + key + "\""
    "}";

  bufferlist inbl;
  auto handle = svc.rados->handle();
  int ret = handle.mon_command(cmd, inbl, result, nullptr);
  if (ret < 0) {
    return ret;
  }

  if (secure) {
    warn_if_insecure();
  }

  return 0;
}