Skip to content

Commit

Permalink
CRITEO - rgw: use insecure TLS
Browse files Browse the repository at this point in the history
Backport rook#8712
And also apply the patch on user creation
  • Loading branch information
n.fraison authored and ashangit committed Sep 22, 2021
1 parent fc44c97 commit 6b34f7b
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 1 deletion.
7 changes: 7 additions & 0 deletions pkg/operator/ceph/object/health.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,9 @@ package object

import (
"context"
"crypto/tls"
"fmt"
"net/http"
"time"

"github.com/ceph/go-ceph/rgw/admin"
Expand Down Expand Up @@ -170,6 +172,11 @@ func (c *bucketChecker) checkObjectStoreHealth() error {
if err != nil {
return errors.Wrap(err, "failed to initialize s3 connection")
}
// Force the s3 client to use insecure TLS connection
s3client.Client.Config.HTTPClient.Transport = &http.Transport{
// #nosec G402 is enabled only for testing
TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
}

// Force purge the s3 object before starting anything
cleanupObjectHealthCheck(s3client, c.objContext.UID)
Expand Down
2 changes: 1 addition & 1 deletion pkg/operator/ceph/object/s3-handlers.go
Original file line number Diff line number Diff line change
Expand Up @@ -207,6 +207,6 @@ func BuildTransportTLS(tlsCert []byte) *http.Transport {
caCertPool.AppendCertsFromPEM(tlsCert)

return &http.Transport{
TLSClientConfig: &tls.Config{RootCAs: caCertPool, MinVersion: tls.VersionTLS12},
TLSClientConfig: &tls.Config{RootCAs: caCertPool, MinVersion: tls.VersionTLS12, InsecureSkipVerify: true},
}
}

0 comments on commit 6b34f7b

Please sign in to comment.