- rgw
- osd
with_legacy: true
+- name: rgw_allow_notification_secrets_in_cleartext
+ type: bool
+ level: advanced
+ desc: Allows sending secrets (e.g. passwords) over non encrypted HTTP messages.
+ long_desc: When bucket notification endpoint require secrets (e.g. passwords),
+ we allow the topic creation only over HTTPS messages.
+ This parameter can be set to "true" to bypass this check.
+ Use this only if radosgw is on a trusted private network, and the message
+ broker cannot be configured without password authentication. Otherwise, this will
+ leak the credentials of your message broker and compromise its security.
+ default: false
+ services:
+ - rgw
+ see_also:
+ - rgw_trust_forwarded_https
#define dout_context g_ceph_context
#define dout_subsys ceph_subsys_rgw
+bool verify_transport_security(CephContext *cct, const RGWEnv& env) {
+ const auto is_secure = rgw_transport_is_secure(cct, env);
+ if (!is_secure && g_conf().get_val<bool>("rgw_allow_notification_secrets_in_cleartext")) {
+ ldout(cct, 0) << "WARNING: bypassing endpoint validation, allow sending password over insecure transport" << dendl;
+ return true;
+ }
+ return is_secure;
+}
+
bool validate_and_update_endpoint_secret(rgw_pubsub_sub_dest& dest, CephContext *cct, const RGWEnv& env) {
if (dest.push_endpoint.empty()) {
return true;
ceph_assert(user.empty() == password.empty());
if (!user.empty()) {
dest.stored_secret = true;
- if (!rgw_transport_is_secure(cct, env)) {
+ if (!verify_transport_security(cct, env)) {
ldout(cct, 1) << "endpoint validation error: sending password over insecure transport" << dendl;
return false;
}
ldpp_dout(this, 1) << "failed to get topics, ret=" << op_ret << dendl;
return;
}
- if (topics_has_endpoint_secret(result) && !rgw_transport_is_secure(s->cct, *(s->info.env))) {
+ if (topics_has_endpoint_secret(result) && !verify_transport_security(s->cct, *(s->info.env))) {
ldpp_dout(this, 1) << "topics contain secret and cannot be sent over insecure transport" << dendl;
op_ret = -EPERM;
return;
}
ps.emplace(static_cast<rgw::sal::RadosStore*>(store), s->owner.get_id().tenant);
op_ret = ps->get_topic(topic_name, &result);
- if (topic_has_endpoint_secret(result) && !rgw_transport_is_secure(s->cct, *(s->info.env))) {
+ if (topic_has_endpoint_secret(result) && !verify_transport_security(s->cct, *(s->info.env))) {
ldpp_dout(this, 1) << "topic '" << topic_name << "' contain secret and cannot be sent over insecure transport" << dendl;
op_ret = -EPERM;
return;
ps.emplace(static_cast<rgw::sal::RadosStore*>(store), s->owner.get_id().tenant);
auto sub = ps->get_sub(sub_name);
op_ret = sub->get_conf(&result);
- if (subscription_has_endpoint_secret(result) && !rgw_transport_is_secure(s->cct, *(s->info.env))) {
+ if (subscription_has_endpoint_secret(result) && !verify_transport_security(s->cct, *(s->info.env))) {
ldpp_dout(this, 1) << "subscription '" << sub_name << "' contain secret and cannot be sent over insecure transport" << dendl;
op_ret = -EPERM;
return;
projects / ceph.git / commitdiff