From: Jiffin Tony Thottan Date: Tue, 20 Oct 2020 06:13:58 +0000 (+0530) Subject: rgw: add support to consume user given ca cert for vault X-Git-Tag: v16.2.6~158^2~3 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=8ffb21d88fdb8245168615626437255c49d91010;p=ceph.git rgw: add support to consume user given ca cert for vault Currently RGW can authenticate with vault via SSL using system certs. With this patch user can provide custom ca cert and location of the file can be specified in ceph.conf like this : rgw_crypt_require_ssl = Fixes: https://tracker.ceph.com/issues/47776 Signed-off-by: Jiffin Tony Thottan (cherry picked from commit 424dca0f3866c62e5c51cc8b2a080d680fddbe7f) Signed-off-by: Jiffin Tony Thottan Conflicts: src/common/options/rgw.yaml.in - added required changes in options.cc and legacy_config_opts.h --- diff --git a/src/common/legacy_config_opts.h b/src/common/legacy_config_opts.h index 75de330b6d1..5f81a7c4144 100644 --- a/src/common/legacy_config_opts.h +++ b/src/common/legacy_config_opts.h @@ -1510,6 +1510,7 @@ OPTION(rgw_crypt_vault_prefix, OPT_STR) // Optional URL prefix to Vault secret p OPTION(rgw_crypt_vault_secret_engine, OPT_STR) // kv, transit or other supported secret engines OPTION(rgw_crypt_vault_namespace, OPT_STR) // Vault Namespace (only availabe in Vault Enterprise Version) OPTION(rgw_crypt_vault_verify_ssl, OPT_BOOL) // should we try to verify vault's ssl +OPTION(rgw_crypt_vault_ssl_cacert, OPT_STR) // optional ca certificate for accessing vault OPTION(rgw_crypt_kmip_addr, OPT_STR) // kmip server address OPTION(rgw_crypt_kmip_ca_path, OPT_STR) // ca for kmip servers diff --git a/src/common/options.cc b/src/common/options.cc index bd6f3e6d745..21ff3344c1f 100644 --- a/src/common/options.cc +++ b/src/common/options.cc @@ -7179,6 +7179,10 @@ std::vector