From e9c20c81236c10892138cc098fe636eb533cd211 Mon Sep 17 00:00:00 2001 From: "Adam C. Emerson" Date: Fri, 2 Dec 2022 01:14:02 -0500 Subject: [PATCH] rgw: Remove `RGWSI_RADOS` from `RGWSI_ConfigKey_RADOS` Simply use the RADOS handle directly. Signed-off-by: Adam C. Emerson --- src/rgw/driver/rados/rgw_service.cc | 2 +- src/rgw/driver/rados/rgw_tools.cc | 44 ++++++++++++++++++++++++ src/rgw/driver/rados/rgw_tools.h | 3 ++ src/rgw/services/svc_config_key_rados.cc | 21 ++++++----- src/rgw/services/svc_config_key_rados.h | 14 ++------ 5 files changed, 64 insertions(+), 20 deletions(-) diff --git a/src/rgw/driver/rados/rgw_service.cc b/src/rgw/driver/rados/rgw_service.cc index cec7cf22d98..9dfa5465dfa 100644 --- a/src/rgw/driver/rados/rgw_service.cc +++ b/src/rgw/driver/rados/rgw_service.cc @@ -96,7 +96,7 @@ int RGWServices_Def::init(CephContext *cct, sysobj_cache.get(), bucket_sobj.get()); cls->init(zone.get(), radoshandle); - config_key_rados->init(rados.get()); + config_key_rados->init(radoshandle); mdlog->init(rados.get(), zone.get(), sysobj.get(), cls.get()); meta->init(sysobj.get(), mdlog.get(), meta_bes); meta_be_sobj->init(sysobj.get(), mdlog.get()); diff --git a/src/rgw/driver/rados/rgw_tools.cc b/src/rgw/driver/rados/rgw_tools.cc index ec373ca6095..090c80aa1f7 100644 --- a/src/rgw/driver/rados/rgw_tools.cc +++ b/src/rgw/driver/rados/rgw_tools.cc @@ -1,6 +1,8 @@ // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- // vim: ts=8 sw=2 smarttab ft=cpp +#include "auth/AuthRegistry.h" + #include "common/errno.h" #include "librados/librados_asio.h" @@ -453,3 +455,45 @@ void rgw_complete_aio_completion(librados::AioCompletion* c, int r) { librados::CB_AioCompleteAndSafe cb(pc); cb(r); } + +bool rgw_check_secure_mon_conn(const DoutPrefixProvider *dpp) +{ + AuthRegistry reg(dpp->get_cct()); + + reg.refresh_config(); + + std::vector methods; + std::vector modes; + + reg.get_supported_methods(CEPH_ENTITY_TYPE_MON, &methods, &modes); + ldpp_dout(dpp, 20) << __func__ << "(): auth registy supported: methods=" << methods << " modes=" << modes << dendl; + + for (auto method : methods) { + if (!reg.is_secure_method(method)) { + ldpp_dout(dpp, 20) << __func__ << "(): method " << method << " is insecure" << dendl; + return false; + } + } + + for (auto mode : modes) { + if (!reg.is_secure_mode(mode)) { + ldpp_dout(dpp, 20) << __func__ << "(): mode " << mode << " is insecure" << dendl; + return false; + } + } + + return true; +} + +int rgw_clog_warn(librados::Rados* h, const string& msg) +{ + string cmd = + "{" + "\"prefix\": \"log\", " + "\"level\": \"warn\", " + "\"logtext\": [\"" + msg + "\"]" + "}"; + + bufferlist inbl; + return h->mon_command(cmd, inbl, nullptr, nullptr); +} diff --git a/src/rgw/driver/rados/rgw_tools.h b/src/rgw/driver/rados/rgw_tools.h index afc836a473a..7fdb3ea3eff 100644 --- a/src/rgw/driver/rados/rgw_tools.h +++ b/src/rgw/driver/rados/rgw_tools.h @@ -311,3 +311,6 @@ void rgw_complete_aio_completion(librados::AioCompletion* c, int r); // (Currently providing nullptr will wipe all attributes.) std::map* no_change_attrs(); + +bool rgw_check_secure_mon_conn(const DoutPrefixProvider *dpp); +int rgw_clog_warn(librados::Rados* h, const std::string& msg); diff --git a/src/rgw/services/svc_config_key_rados.cc b/src/rgw/services/svc_config_key_rados.cc index 5edb02ea7f3..c17139af292 100644 --- a/src/rgw/services/svc_config_key_rados.cc +++ b/src/rgw/services/svc_config_key_rados.cc @@ -1,14 +1,17 @@ +// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- +// vim: ts=8 sw=2 smarttab ft=cpp -#include "svc_rados.h" #include "svc_config_key_rados.h" -using namespace std; +#include "rgw_tools.h" + +using std::string; RGWSI_ConfigKey_RADOS::~RGWSI_ConfigKey_RADOS(){} int RGWSI_ConfigKey_RADOS::do_start(optional_yield, const DoutPrefixProvider *dpp) { - maybe_insecure_mon_conn = !svc.rados->check_secure_mon_conn(dpp); + maybe_insecure_mon_conn = !rgw_check_secure_mon_conn(dpp); return 0; } @@ -20,14 +23,17 @@ void RGWSI_ConfigKey_RADOS::warn_if_insecure() return; } - string s = "rgw is configured to optionally allow insecure connections to the monitors (auth_supported, ms_mon_client_mode), ssl certificates stored at the monitor configuration could leak"; + string s = ("rgw is configured to optionally allow insecure connections to " + "the monitors (auth_supported, ms_mon_client_mode), ssl " + "certificates stored at the monitor configuration could leak"); - svc.rados->clog_warn(s); + rgw_clog_warn(rados, s); lderr(ctx()) << __func__ << "(): WARNING: " << s << dendl; } -int RGWSI_ConfigKey_RADOS::get(const string& key, bool secure, bufferlist *result) +int RGWSI_ConfigKey_RADOS::get(const string& key, bool secure, + bufferlist *result) { string cmd = "{" @@ -36,8 +42,7 @@ int RGWSI_ConfigKey_RADOS::get(const string& key, bool secure, bufferlist *resul "}"; bufferlist inbl; - auto handle = svc.rados->handle(); - int ret = handle.mon_command(cmd, inbl, result, nullptr); + int ret = rados->mon_command(cmd, inbl, result, nullptr); if (ret < 0) { return ret; } diff --git a/src/rgw/services/svc_config_key_rados.h b/src/rgw/services/svc_config_key_rados.h index b3b995ac76d..344350278af 100644 --- a/src/rgw/services/svc_config_key_rados.h +++ b/src/rgw/services/svc_config_key_rados.h @@ -1,5 +1,3 @@ - - // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- // vim: ts=8 sw=2 smarttab ft=cpp @@ -24,8 +22,6 @@ #include "svc_config_key.h" -class RGWSI_RADOS; - class RGWSI_ConfigKey_RADOS : public RGWSI_ConfigKey { bool maybe_insecure_mon_conn{false}; @@ -36,12 +32,10 @@ class RGWSI_ConfigKey_RADOS : public RGWSI_ConfigKey void warn_if_insecure(); public: - struct Svc { - RGWSI_RADOS *rados{nullptr}; - } svc; + librados::Rados* rados{nullptr}; - void init(RGWSI_RADOS *rados_svc) { - svc.rados = rados_svc; + void init(librados::Rados* rados_) { + rados = rados_; } RGWSI_ConfigKey_RADOS(CephContext *cct) : RGWSI_ConfigKey(cct) {} @@ -50,5 +44,3 @@ public: int get(const std::string& key, bool secure, bufferlist *result) override; }; - - -- 2.39.5