CRITEO - rgw: use insecure TLS

Backport rook#8712 And also apply the patch on user creation
ashangit · Sep 22, 2021 · 5cfa58d · 5cfa58d
1 parent fc44c97
commit 5cfa58d
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/pkg/operator/ceph/object/health.go b/pkg/operator/ceph/object/health.go
@@ -18,7 +18,9 @@ package object
 
 import (
 	"context"
+	"crypto/tls"
 	"fmt"
+	"net/http"
 	"time"
 
 	"github.com/ceph/go-ceph/rgw/admin"
@@ -170,6 +172,11 @@ func (c *bucketChecker) checkObjectStoreHealth() error {
 	if err != nil {
 		return errors.Wrap(err, "failed to initialize s3 connection")
 	}
+	// Force the s3 client to use insecure TLS connection
+	s3client.Client.Config.HTTPClient.Transport = &http.Transport{
+		// #nosec G402 is enabled only for testing
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+	}
 
 	// Force purge the s3 object before starting anything
 	cleanupObjectHealthCheck(s3client, c.objContext.UID)

diff --git a/pkg/operator/ceph/object/s3-handlers.go b/pkg/operator/ceph/object/s3-handlers.go
@@ -207,6 +207,6 @@ func BuildTransportTLS(tlsCert []byte) *http.Transport {
 	caCertPool.AppendCertsFromPEM(tlsCert)
 
 	return &http.Transport{
-		TLSClientConfig: &tls.Config{RootCAs: caCertPool, MinVersion: tls.VersionTLS12},
+		TLSClientConfig: &tls.Config{RootCAs: caCertPool, MinVersion: tls.VersionTLS12, InsecureSkipVerify: true},
 	}
 }