Mirror
/
seaweedfs
mirror of https://github.com/seaweedfs/seaweedfs.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Feature/mongodb security (#5602)

pull/5604/head
sb 7 months ago
committed by GitHub
parent
3fae87632f
commit
a3a00d9499
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
2 changed files with 7 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      weed/command/scaffold/filer.toml
  2. 11
      weed/filer/mongodb/mongodb_store.go

1
weed/command/scaffold/filer.toml
View File

@ -286,6 +286,7 @@ ssl = false
ssl_ca_file = ""
ssl_cert_file = ""
ssl_key_file = "
insecure_skip_verify = false
option_pool_size = 0
database = "seaweedfs"

11
weed/filer/mongodb/mongodb_store.go
View File

@ -48,11 +48,12 @@ func (store *MongodbStore) Initialize(configuration util.Configuration, prefix s
sslKeyFile := configuration.GetString(prefix + "ssl_key_file")
username := configuration.GetString(prefix + "username")
password := configuration.GetString(prefix + "password")
insecure_skip_verify := configuration.GetBool(prefix + "insecure_skip_verify")
return store.connection(uri, uint64(poolSize), ssl, sslCAFile, sslCertFile, sslKeyFile, username, password)
return store.connection(uri, uint64(poolSize), ssl, sslCAFile, sslCertFile, sslKeyFile, username, password, insecure_skip_verify)
}
func (store *MongodbStore) connection(uri string, poolSize uint64, ssl bool, sslCAFile, sslCertFile, sslKeyFile string, username, password string) (err error) {
func (store *MongodbStore) connection(uri string, poolSize uint64, ssl bool, sslCAFile, sslCertFile, sslKeyFile string, username, password string, insecure bool) (err error) {
ctx, cancel := context.WithTimeout(context.Background(), 10*time.Second)
defer cancel()
@ -63,7 +64,7 @@ func (store *MongodbStore) connection(uri string, poolSize uint64, ssl bool, ssl
}
if ssl {
tlsConfig, err := configureTLS(sslCAFile, sslCertFile, sslKeyFile)
tlsConfig, err := configureTLS(sslCAFile, sslCertFile, sslKeyFile, insecure)
if err != nil {
return err
}
@ -90,7 +91,7 @@ func (store *MongodbStore) connection(uri string, poolSize uint64, ssl bool, ssl
return err
}
func configureTLS(caFile, certFile, keyFile string) (*tls.Config, error) {
func configureTLS(caFile, certFile, keyFile string, insecure bool) (*tls.Config, error) {
cert, err := tls.LoadX509KeyPair(certFile, keyFile)
if err != nil {
return nil, fmt.Errorf("could not load client key pair: %s", err)
@ -109,7 +110,7 @@ func configureTLS(caFile, certFile, keyFile string) (*tls.Config, error) {
tlsConfig := &tls.Config{
Certificates: []tls.Certificate{cert},
RootCAs: caCertPool,
InsecureSkipVerify: true,
InsecureSkipVerify: insecure,
}
return tlsConfig, nil

Write Preview
Loading…
Cancel
Save