From 6b34f7b3d3a734ad4ceff82b74c555160d87f62a Mon Sep 17 00:00:00 2001 From: "n.fraison" Date: Wed, 22 Sep 2021 11:21:52 +0200 Subject: [PATCH] CRITEO - rgw: use insecure TLS Backport https://github.com/rook/rook/pull/8712 And also apply the patch on user creation --- pkg/operator/ceph/object/health.go | 7 +++++++ pkg/operator/ceph/object/s3-handlers.go | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/pkg/operator/ceph/object/health.go b/pkg/operator/ceph/object/health.go index 00f36dea8be4..957d873ebd6a 100644 --- a/pkg/operator/ceph/object/health.go +++ b/pkg/operator/ceph/object/health.go @@ -18,7 +18,9 @@ package object import ( "context" + "crypto/tls" "fmt" + "net/http" "time" "github.com/ceph/go-ceph/rgw/admin" @@ -170,6 +172,11 @@ func (c *bucketChecker) checkObjectStoreHealth() error { if err != nil { return errors.Wrap(err, "failed to initialize s3 connection") } + // Force the s3 client to use insecure TLS connection + s3client.Client.Config.HTTPClient.Transport = &http.Transport{ + // #nosec G402 is enabled only for testing + TLSClientConfig: &tls.Config{InsecureSkipVerify: true}, + } // Force purge the s3 object before starting anything cleanupObjectHealthCheck(s3client, c.objContext.UID) diff --git a/pkg/operator/ceph/object/s3-handlers.go b/pkg/operator/ceph/object/s3-handlers.go index 98701f7340fa..cc8a07b8ec92 100644 --- a/pkg/operator/ceph/object/s3-handlers.go +++ b/pkg/operator/ceph/object/s3-handlers.go @@ -207,6 +207,6 @@ func BuildTransportTLS(tlsCert []byte) *http.Transport { caCertPool.AppendCertsFromPEM(tlsCert) return &http.Transport{ - TLSClientConfig: &tls.Config{RootCAs: caCertPool, MinVersion: tls.VersionTLS12}, + TLSClientConfig: &tls.Config{RootCAs: caCertPool, MinVersion: tls.VersionTLS12, InsecureSkipVerify: true}, } }