Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com>
(cherry picked from commit
4a93faa2eec8077edb4c35a20b6b66bc610a6e4a)
Conflicts:
src/common/options/rgw.yaml.in
- added required changes in options.cc and legacy_config_opts.h
Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com>
OPTION(rgw_crypt_vault_prefix, OPT_STR) // Optional URL prefix to Vault secret path
OPTION(rgw_crypt_vault_secret_engine, OPT_STR) // kv, transit or other supported secret engines
OPTION(rgw_crypt_vault_namespace, OPT_STR) // Vault Namespace (only availabe in Vault Enterprise Version)
+OPTION(rgw_crypt_vault_verify_ssl, OPT_BOOL) // should we try to verify vault's ssl
OPTION(rgw_crypt_kmip_addr, OPT_STR) // kmip server address
OPTION(rgw_crypt_kmip_ca_path, OPT_STR) // ca for kmip servers
"rgw_crypt_vault_auth",
"rgw_crypt_vault_addr"}),
+ Option("rgw_crypt_vault_verify_ssl", Option::TYPE_BOOL, Option::LEVEL_ADVANCED)
+ .set_default(true)
+ .set_description("Should RGW verify the vault server SSL certificate."),
+
Option("rgw_crypt_kmip_addr", Option::TYPE_STR, Option::LEVEL_ADVANCED)
.set_default("")
.set_description("kmip server address"),
secret_req.append_header("X-Vault-Namespace", vault_namespace);
}
+ secret_req.set_verify_ssl(cct->_conf->rgw_crypt_vault_verify_ssl);
+
res = secret_req.process(null_yield);
if (res < 0) {
ldout(cct, 0) << "ERROR: Request to Vault failed with error " << res << dendl;
projects / ceph.git / commitdiff