rgw: add seperate option for verify ssl for vault KMS engine

Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com>
2025-02-22 18:47:18 +00:00 · 2020-10-19 23:42:58 +05:30 · 2020-10-19 23:42:58 +05:30 · 4a93faa2ee
commit 4a93faa2ee
parent 8a5b329e06
2 changed files with 11 additions and 0 deletions
--- a/src/common/options/rgw.yaml.in
+++ b/src/common/options/rgw.yaml.in
@ -2376,6 +2376,15 @@ options:
  - rgw_crypt_vault_auth
  - rgw_crypt_vault_addr
  with_legacy: true
+# Enable TLS authentication rgw and vault
+- name: rgw_crypt_vault_verify_ssl
+  type: bool
+  level: advanced
+  desc: Should RGW verify the vault server SSL certificate.
+  default: true
+  services:
+  - rgw
+  with_legacy: true
 - name: rgw_crypt_kmip_addr
  type: str
  level: advanced
--- a/src/rgw/rgw_kms.cc
+++ b/src/rgw/rgw_kms.cc
@ -252,6 +252,8 @@ protected:
      secret_req.append_header("X-Vault-Namespace", vault_namespace);
    }

+    secret_req.set_verify_ssl(cct->_conf->rgw_crypt_vault_verify_ssl);
+
    res = secret_req.process(null_yield);
    if (res < 0) {
      ldout(cct, 0) << "ERROR: Request to Vault failed with error " << res << dendl;