2000085 – [RGW][SSE-KMS: Vault] Add Support customed CA certificate from vault KMS for SSE encryption

Bug 2000085 - [RGW][SSE-KMS: Vault] Add Support customed CA certificate from vault KMS for SSE encryption

Summary: [RGW][SSE-KMS: Vault] Add Support customed CA certificate from vault KMS for ...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	RGW
Sub Component:
Version:	5.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	5.1
Assignee:	Jiffin Tony Thottan
QA Contact:	Tejas
Docs Contact:
URL:
Whiteboard:
Depends On:	1995438
Blocks:
TreeView+	depends on / blocked

Reported:	2021-09-01 11:08 UTC by Matt Benjamin (redhat)
Modified:	2022-04-04 10:21 UTC (History)
CC List:	9 users (show)
Fixed In Version:	ceph-16.2.6-23.el8cp
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	1995438
Environment:
Last Closed:	2022-04-04 10:21:20 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHCEPH-1394	0	None	None	None	2021-09-01 11:10:01 UTC
Red Hat Product Errata	RHSA-2022:1174	0	None	None	None	2022-04-04 10:21:40 UTC

Description Matt Benjamin (redhat) 2021-09-01 11:08:51 UTC

+++ This bug was initially created as a clone of Bug #1995438 +++

This bug was initially created as a copy of Bug #1952011

I am copying this bug because: 

including the change from 4.x release to 5.x

Description of problem:


The KMS backend vault supports multiple TLS config such as

Vault Client Certificate
Vault Client Key
Vault CA Certificate
Vault TLS Server Name

Currently, RGW can communicate with vault using default SSL installed in the system, not with customed one


Version-Release number of selected component (if applicable):
master

Additional info:
Parent tracker link https://tracker.ceph.com/issues/47776
Backport tracker: https://tracker.ceph.com/issues/51310

Upstream PR link:  https://github.com/ceph/ceph/pull/42093

Comment 9 errata-xmlrpc 2022-04-04 10:21:20 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: Red Hat Ceph Storage 5.1 Security, Enhancement, and Bug Fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:1174

Note You need to log in before you can comment on or make changes to this bug.