mirror of
https://github.com/chrislusf/seaweedfs
synced 2024-07-03 07:36:45 +02:00
Feature/mongodb security (#5602)
This commit is contained in:
parent
3fae87632f
commit
a3a00d9499
|
@ -286,6 +286,7 @@ ssl = false
|
||||||
ssl_ca_file = ""
|
ssl_ca_file = ""
|
||||||
ssl_cert_file = ""
|
ssl_cert_file = ""
|
||||||
ssl_key_file = "
|
ssl_key_file = "
|
||||||
|
insecure_skip_verify = false
|
||||||
option_pool_size = 0
|
option_pool_size = 0
|
||||||
database = "seaweedfs"
|
database = "seaweedfs"
|
||||||
|
|
||||||
|
|
|
@ -48,11 +48,12 @@ func (store *MongodbStore) Initialize(configuration util.Configuration, prefix s
|
||||||
sslKeyFile := configuration.GetString(prefix + "ssl_key_file")
|
sslKeyFile := configuration.GetString(prefix + "ssl_key_file")
|
||||||
username := configuration.GetString(prefix + "username")
|
username := configuration.GetString(prefix + "username")
|
||||||
password := configuration.GetString(prefix + "password")
|
password := configuration.GetString(prefix + "password")
|
||||||
|
insecure_skip_verify := configuration.GetBool(prefix + "insecure_skip_verify")
|
||||||
|
|
||||||
return store.connection(uri, uint64(poolSize), ssl, sslCAFile, sslCertFile, sslKeyFile, username, password)
|
return store.connection(uri, uint64(poolSize), ssl, sslCAFile, sslCertFile, sslKeyFile, username, password, insecure_skip_verify)
|
||||||
}
|
}
|
||||||
|
|
||||||
func (store *MongodbStore) connection(uri string, poolSize uint64, ssl bool, sslCAFile, sslCertFile, sslKeyFile string, username, password string) (err error) {
|
func (store *MongodbStore) connection(uri string, poolSize uint64, ssl bool, sslCAFile, sslCertFile, sslKeyFile string, username, password string, insecure bool) (err error) {
|
||||||
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
|
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
|
||||||
defer cancel()
|
defer cancel()
|
||||||
|
|
||||||
|
@ -63,7 +64,7 @@ func (store *MongodbStore) connection(uri string, poolSize uint64, ssl bool, ssl
|
||||||
}
|
}
|
||||||
|
|
||||||
if ssl {
|
if ssl {
|
||||||
tlsConfig, err := configureTLS(sslCAFile, sslCertFile, sslKeyFile)
|
tlsConfig, err := configureTLS(sslCAFile, sslCertFile, sslKeyFile, insecure)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
@ -90,7 +91,7 @@ func (store *MongodbStore) connection(uri string, poolSize uint64, ssl bool, ssl
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
func configureTLS(caFile, certFile, keyFile string) (*tls.Config, error) {
|
func configureTLS(caFile, certFile, keyFile string, insecure bool) (*tls.Config, error) {
|
||||||
cert, err := tls.LoadX509KeyPair(certFile, keyFile)
|
cert, err := tls.LoadX509KeyPair(certFile, keyFile)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("could not load client key pair: %s", err)
|
return nil, fmt.Errorf("could not load client key pair: %s", err)
|
||||||
|
@ -109,7 +110,7 @@ func configureTLS(caFile, certFile, keyFile string) (*tls.Config, error) {
|
||||||
tlsConfig := &tls.Config{
|
tlsConfig := &tls.Config{
|
||||||
Certificates: []tls.Certificate{cert},
|
Certificates: []tls.Certificate{cert},
|
||||||
RootCAs: caCertPool,
|
RootCAs: caCertPool,
|
||||||
InsecureSkipVerify: true,
|
InsecureSkipVerify: insecure,
|
||||||
}
|
}
|
||||||
|
|
||||||
return tlsConfig, nil
|
return tlsConfig, nil
|
||||||
|
|
Loading…
Reference in a new issue