From c6b697673543bfef9a0dcaf1a23d27492c1947d6 Mon Sep 17 00:00:00 2001 From: Abhishek Lekshmanan Date: Wed, 12 Dec 2018 16:55:55 +0100 Subject: [PATCH] rgw: es: support username and password for ES For ES endpoints terminated with a username and password, either via xpack or fronted by another webserver with http basic auth, we now support "username" and "password" configurable which should be capable of doing HTTP basic authentication Fixes: https://tracker.ceph.com/issues/23655 Signed-off-by: Abhishek Lekshmanan --- src/rgw/rgw_sync_module_es.cc | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/src/rgw/rgw_sync_module_es.cc b/src/rgw/rgw_sync_module_es.cc index 5b6b11c864e..599e0c1cca1 100644 --- a/src/rgw/rgw_sync_module_es.cc +++ b/src/rgw/rgw_sync_module_es.cc @@ -1,6 +1,7 @@ // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- // vim: ts=8 sw=2 smarttab +#include "rgw_b64.h" #include "rgw_common.h" #include "rgw_coroutine.h" #include "rgw_sync_module.h" @@ -170,6 +171,7 @@ struct ElasticConfig { ItemList allow_owners; uint32_t num_shards{0}; uint32_t num_replicas{0}; + std::map default_headers = {{ "Content-Type", "application/json" }}; void init(CephContext *cct, const JSONFormattable& config) { string elastic_endpoint = config["endpoint"]; @@ -184,6 +186,12 @@ struct ElasticConfig { num_shards = ES_NUM_SHARDS_MIN; } num_replicas = config["num_replicas"](ES_NUM_REPLICAS_DEFAULT); + if (string user = config["username"], pw = config["password"]; + !user.empty() && !pw.empty()) { + auto auth_string = user + ":" + pw; + default_headers.emplace("AUTHORIZATION", "Basic " + rgw::to_base64(auth_string)); + } + } void init_instance(const RGWRealm& realm, uint64_t instance_id) { @@ -565,15 +573,12 @@ public: int operate() override { reenter(this) { ldout(sync_env->cct, 0) << ": init elasticsearch config zone=" << sync_env->source_zone << dendl; - yield { - auto hdrs = make_param_list(&conf->default_headers); - call(new RGWReadRESTResourceCR (sync_env->cct, - conf->conn.get(), - sync_env->http_manager, - "/", nullptr /*params*/, - &hdrs, - &es_info)); - } + yield call(new RGWReadRESTResourceCR (sync_env->cct, + conf->conn.get(), + sync_env->http_manager, + "/", nullptr /*params*/, + &(conf->default_headers), + &es_info)); if (retcode < 0) { return set_cr_error(retcode); } @@ -590,12 +595,11 @@ public: } es_index_config index_conf(settings, mappings); - std::map hdrs = {{ "Content-Type", "application/json" }}; call(new RGWPutRESTResourceCR (sync_env->cct, conf->conn.get(), sync_env->http_manager, path, nullptr /*params*/, - &hdrs, + &(conf->default_headers), index_conf, nullptr)); } if (retcode < 0) { @@ -626,11 +630,10 @@ public: string path = conf->get_obj_path(bucket_info, key); es_obj_metadata doc(sync_env->cct, conf, bucket_info, key, mtime, size, attrs, versioned_epoch); - std::map hdrs = {{ "Content-Type", "application/json" }}; call(new RGWPutRESTResourceCR(sync_env->cct, conf->conn.get(), sync_env->http_manager, path, nullptr /* params */, - &hdrs, + &(conf->default_headers), doc, nullptr /* result */)); } -- 2.39.5