Bug 1995438

Summary: [RGW][SSE-KMS: Vault] Add Support customed CA certificate from vault KMS for SSE encryption
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Jiffin <jthottan>
Component: RGWAssignee: Jiffin <jthottan>
Status: CLOSED CURRENTRELEASE QA Contact: Tejas <tchandra>
Severity: high Docs Contact:
Priority: unspecified    
Version: 5.0CC: cbodley, ceph-eng-bugs, jthottan, kbader, mbenjamin, tserlin, vereddy
Target Milestone: ---   
Target Release: 5.0z4   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 2000085 (view as bug list) Environment:
Last Closed: 2022-02-01 04:29:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2000085    

Description Jiffin 2021-08-19 06:42:57 UTC 
This bug was initially created as a copy of Bug #1952011

I am copying this bug because: 

including the change from 4.x release to 5.x

Description of problem:


The KMS backend vault supports multiple TLS config such as

Vault Client Certificate
Vault Client Key
Vault CA Certificate
Vault TLS Server Name

Currently, RGW can communicate with vault using default SSL installed in the system, not with customed one


Version-Release number of selected component (if applicable):
master

Additional info:
Parent tracker link https://tracker.ceph.com/issues/47776
Backport tracker: https://tracker.ceph.com/issues/51310

Upstream PR link:  https://github.com/ceph/ceph/pull/42093
Comment 15 Red Hat Bugzilla 2023-09-15 01:13:52 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 500 days