Merge pull request ceph#63212 from pritha-srivastava/wip-rgw-sts-key-default-val

rgw/sts: removing default value of rgw sts key and adding checks to return error when it is not set in config options

Reviewed-by: Casey Bodley <[email protected]>
Reviewed-by: Matt Benjamin <[email protected]>

Author: ivancich

src/common/options/rgw.yaml.in

@@ -3470,7 +3470,6 @@ options:
     generated by the command 'openssl rand -hex 16'. All radosgw instances
     in a zone should use the same key. In multisite configurations, all
     zones in a realm should use the same key.
-  default: sts
   services:
   - rgw
   with_legacy: true

src/rgw/rgw_rest_s3.cc

@@ -6983,6 +6983,10 @@ rgw::auth::s3::STSEngine::get_session_token(const DoutPrefixProvider* dpp, const
     return -EINVAL;
   }
   string secret_s = cct->_conf->rgw_sts_key;
+  if (secret_s.empty()) {
+    ldpp_dout(dpp, 1) << "ERROR: rgw sts key not set" << dendl;
+    return -EINVAL;
+  }
   buffer::ptr secret(secret_s.c_str(), secret_s.length());
   int ret = 0;
   if (ret = cryptohandler->validate_secret(secret); ret < 0) {

src/rgw/rgw_sts.cc

@@ -77,6 +77,11 @@ int Credentials::generateCredentials(const DoutPrefixProvider *dpp,
     return -EINVAL;
   }
   string secret_s = cct->_conf->rgw_sts_key;
+  if (secret_s.empty()) {
+    ldpp_dout(dpp, 1) << "ERROR: rgw sts key not set" << dendl;
+    return -EINVAL;
+  }
+
   buffer::ptr secret(secret_s.c_str(), secret_s.length());
   int ret = 0;
   if (ret = cryptohandler->validate_secret(secret); ret < 0) {