From: Abhishek Lekshmanan Date: Wed, 12 Dec 2018 15:55:55 +0000 (+0100) Subject: rgw: es: support username and password for ES X-Git-Tag: v14.1.0~210^2~11 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=c6b697673543bfef9a0dcaf1a23d27492c1947d6;p=ceph.git rgw: es: support username and password for ES For ES endpoints terminated with a username and password, either via xpack or fronted by another webserver with http basic auth, we now support "username" and "password" configurable which should be capable of doing HTTP basic authentication Fixes: https://tracker.ceph.com/issues/23655 Signed-off-by: Abhishek Lekshmanan --- diff --git a/src/rgw/rgw_sync_module_es.cc b/src/rgw/rgw_sync_module_es.cc index 5b6b11c864e8..599e0c1cca18 100644 --- a/src/rgw/rgw_sync_module_es.cc +++ b/src/rgw/rgw_sync_module_es.cc @@ -1,6 +1,7 @@ // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- // vim: ts=8 sw=2 smarttab +#include "rgw_b64.h" #include "rgw_common.h" #include "rgw_coroutine.h" #include "rgw_sync_module.h" @@ -170,6 +171,7 @@ struct ElasticConfig { ItemList allow_owners; uint32_t num_shards{0}; uint32_t num_replicas{0}; + std::map default_headers = {{ "Content-Type", "application/json" }}; void init(CephContext *cct, const JSONFormattable& config) { string elastic_endpoint = config["endpoint"]; @@ -184,6 +186,12 @@ struct ElasticConfig { num_shards = ES_NUM_SHARDS_MIN; } num_replicas = config["num_replicas"](ES_NUM_REPLICAS_DEFAULT); + if (string user = config["username"], pw = config["password"]; + !user.empty() && !pw.empty()) { + auto auth_string = user + ":" + pw; + default_headers.emplace("AUTHORIZATION", "Basic " + rgw::to_base64(auth_string)); + } + } void init_instance(const RGWRealm& realm, uint64_t instance_id) { @@ -565,15 +573,12 @@ public: int operate() override { reenter(this) { ldout(sync_env->cct, 0) << ": init elasticsearch config zone=" << sync_env->source_zone << dendl; - yield { - auto hdrs = make_param_list(&conf->default_headers); - call(new RGWReadRESTResourceCR (sync_env->cct, - conf->conn.get(), - sync_env->http_manager, - "/", nullptr /*params*/, - &hdrs, - &es_info)); - } + yield call(new RGWReadRESTResourceCR (sync_env->cct, + conf->conn.get(), + sync_env->http_manager, + "/", nullptr /*params*/, + &(conf->default_headers), + &es_info)); if (retcode < 0) { return set_cr_error(retcode); } @@ -590,12 +595,11 @@ public: } es_index_config index_conf(settings, mappings); - std::map hdrs = {{ "Content-Type", "application/json" }}; call(new RGWPutRESTResourceCR (sync_env->cct, conf->conn.get(), sync_env->http_manager, path, nullptr /*params*/, - &hdrs, + &(conf->default_headers), index_conf, nullptr)); } if (retcode < 0) { @@ -626,11 +630,10 @@ public: string path = conf->get_obj_path(bucket_info, key); es_obj_metadata doc(sync_env->cct, conf, bucket_info, key, mtime, size, attrs, versioned_epoch); - std::map hdrs = {{ "Content-Type", "application/json" }}; call(new RGWPutRESTResourceCR(sync_env->cct, conf->conn.get(), sync_env->http_manager, path, nullptr /* params */, - &hdrs, + &(conf->default_headers), doc, nullptr /* result */)); }