From fc57ec7a102580ff4ed2588d22c871aab5750cb1 Mon Sep 17 00:00:00 2001 From: Pritha Srivastava Date: Fri, 9 May 2025 21:16:01 +0530 Subject: [PATCH] rgw/sts: removing default value of rgw sts key and adding checks to return error when it is not set in config options. Signed-off-by: Pritha Srivastava --- src/common/options/rgw.yaml.in | 1 - src/rgw/rgw_rest_s3.cc | 4 ++++ src/rgw/rgw_sts.cc | 5 +++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/src/common/options/rgw.yaml.in b/src/common/options/rgw.yaml.in index 2334b4c6355..bb4892eb849 100644 --- a/src/common/options/rgw.yaml.in +++ b/src/common/options/rgw.yaml.in @@ -3470,7 +3470,6 @@ options: generated by the command 'openssl rand -hex 16'. All radosgw instances in a zone should use the same key. In multisite configurations, all zones in a realm should use the same key. - default: sts services: - rgw with_legacy: true diff --git a/src/rgw/rgw_rest_s3.cc b/src/rgw/rgw_rest_s3.cc index c27f8fe9198..0b0cb3e9fbd 100644 --- a/src/rgw/rgw_rest_s3.cc +++ b/src/rgw/rgw_rest_s3.cc @@ -6986,6 +6986,10 @@ rgw::auth::s3::STSEngine::get_session_token(const DoutPrefixProvider* dpp, const return -EINVAL; } string secret_s = cct->_conf->rgw_sts_key; + if (secret_s.empty()) { + ldpp_dout(dpp, 1) << "ERROR: rgw sts key not set" << dendl; + return -EINVAL; + } buffer::ptr secret(secret_s.c_str(), secret_s.length()); int ret = 0; if (ret = cryptohandler->validate_secret(secret); ret < 0) { diff --git a/src/rgw/rgw_sts.cc b/src/rgw/rgw_sts.cc index 951af012b48..03e7c6c6401 100644 --- a/src/rgw/rgw_sts.cc +++ b/src/rgw/rgw_sts.cc @@ -77,6 +77,11 @@ int Credentials::generateCredentials(const DoutPrefixProvider *dpp, return -EINVAL; } string secret_s = cct->_conf->rgw_sts_key; + if (secret_s.empty()) { + ldpp_dout(dpp, 1) << "ERROR: rgw sts key not set" << dendl; + return -EINVAL; + } + buffer::ptr secret(secret_s.c_str(), secret_s.length()); int ret = 0; if (ret = cryptohandler->validate_secret(secret); ret < 0) { -- 2.39.5