rgw/sts: removing default value of rgw sts key and

author Pritha Srivastava <prsrivas@redhat.com>

Fri, 9 May 2025 15:46:01 +0000 (21:16 +0530)

committer Pritha Srivastava <prsrivas@redhat.com>

Fri, 23 May 2025 06:35:31 +0000 (12:05 +0530)
author Pritha Srivastava <prsrivas@redhat.com>
Fri, 9 May 2025 15:46:01 +0000 (21:16 +0530)
committer Pritha Srivastava <prsrivas@redhat.com>
Fri, 23 May 2025 06:35:31 +0000 (12:05 +0530)
diff --git a/src/common/options/rgw.yaml.in b/src/common/options/rgw.yaml.in

index 2334b4c635536f12426baeb77031c124f65f1b1f..bb4892eb849e01364b618a9c7772019018532c07 100644 (file)
--- a/src/common/options/rgw.yaml.in
+++ b/src/common/options/rgw.yaml.in
@@ -3470,7 +3470,6 @@ options:
      generated by the command 'openssl rand -hex 16'. All radosgw instances
      in a zone should use the same key. In multisite configurations, all
      zones in a realm should use the same key.
-  default: sts
    services:
    - rgw
    with_legacy: true
diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc

index c27f8fe91989df93522d8558d9d72d548fffe1ae..0b0cb3e9fbd3024e14ecb219d7156472c41b7384 100644 (file)
--- a/src/rgw/rgw_rest_s3.cc
+++ b/src/rgw/rgw_rest_s3.cc
@@ -6986,6 +6986,10 @@ rgw::auth::s3::STSEngine::get_session_token(const DoutPrefixProvider* dpp, const
      return -EINVAL;
    }
    string secret_s = cct->_conf->rgw_sts_key;
+  if (secret_s.empty()) {
+    ldpp_dout(dpp, 1) << "ERROR: rgw sts key not set" << dendl;
+    return -EINVAL;
+  }
    buffer::ptr secret(secret_s.c_str(), secret_s.length());
    int ret = 0;
    if (ret = cryptohandler->validate_secret(secret); ret < 0) {
diff --git a/src/rgw/rgw_sts.cc b/src/rgw/rgw_sts.cc

index 951af012b482f7184b648f6592320264f7fb489d..03e7c6c64018353948caf60613331a4770613e34 100644 (file)
--- a/src/rgw/rgw_sts.cc
+++ b/src/rgw/rgw_sts.cc
@@ -77,6 +77,11 @@ int Credentials::generateCredentials(const DoutPrefixProvider *dpp,
      return -EINVAL;
    }
    string secret_s = cct->_conf->rgw_sts_key;
+  if (secret_s.empty()) {
+    ldpp_dout(dpp, 1) << "ERROR: rgw sts key not set" << dendl;
+    return -EINVAL;
+  }
+
    buffer::ptr secret(secret_s.c_str(), secret_s.length());
    int ret = 0;
    if (ret = cryptohandler->validate_secret(secret); ret < 0) {
author	Pritha Srivastava <prsrivas@redhat.com>
	Fri, 9 May 2025 15:46:01 +0000 (21:16 +0530)
committer	Pritha Srivastava <prsrivas@redhat.com>
	Fri, 23 May 2025 06:35:31 +0000 (12:05 +0530)
src/common/options/rgw.yaml.in		patch \| blob \| history
src/rgw/rgw_rest_s3.cc		patch \| blob \| history
src/rgw/rgw_sts.cc		patch \| blob \| history