mgr/dashboard: add an option to control the dashboard crypto caller

Add a mgr config option `crypto_caller` that lets a ceph user override
the default behavior of using the remote crypto caller. Supported
values are `internal` and `remote`.

Signed-off-by: John Mulligan <jmulligan@redhat.com>

diff --git a/src/pybind/mgr/dashboard/module.py b/src/pybind/mgr/dashboard/module.py
index 295403f6fe3389bc881f4211b017bc99ffc1193d..721042602be28183d1390799b6add9644ef5c985 100644 (file)
--- a/src/pybind/mgr/dashboard/module.py
+++ b/src/pybind/mgr/dashboard/module.py
@@ -23,6 +23,7 @@ if TYPE_CHECKING:
     else:
         from typing_extensions import Literal
 
+from ceph.cryptotools.select import choose_crypto_caller
 from mgr_module import CLIReadCommand, CLIWriteCommand, HandleCommandResult, \
     MgrModule, MgrStandbyModule, NotifyType, Option, _get_localized_key
 from mgr_util import ServerConfigException, build_url, \
@@ -275,6 +276,7 @@ class Module(MgrModule, CherryPyConfig):
         Option(name='redirect_resolve_ip_addr', type='bool', default=False),
         Option(name='cross_origin_url', type='str', default=''),
         Option(name='sso_oauth2', type='bool', default=False),
+        Option(name='crypto_caller', type='str', default=''),
     ]
     MODULE_OPTIONS.extend(options_schema_list())
     for options in PLUGIN_MANAGER.hook.get_options() or []:
@@ -288,6 +290,9 @@ class Module(MgrModule, CherryPyConfig):
     def __init__(self, *args, **kwargs):
         super(Module, self).__init__(*args, **kwargs)
         CherryPyConfig.__init__(self)
+        # configure the dashboard's crypto caller. by default it will
+        # use the remote caller to avoid pyo3 conflicts
+        choose_crypto_caller(str(self.get_module_option('crypto_caller', '')))
 
         mgr.init(self)
 
@@ -563,6 +568,9 @@ class StandbyModule(MgrStandbyModule, CherryPyConfig):
         super(StandbyModule, self).__init__(*args, **kwargs)
         CherryPyConfig.__init__(self)
         self.shutdown_event = threading.Event()
+        # configure the dashboard's crypto caller. by default it will
+        # use the remote caller to avoid pyo3 conflicts
+        choose_crypto_caller(str(self.get_module_option('crypto_caller', '')))
 
         # We can set the global mgr instance to ourselves even though
         # we're just a standby, because it's enough for logging.

diff --git a/src/pybind/mgr/dashboard/services/access_control.py b/src/pybind/mgr/dashboard/services/access_control.py
index 440c125b81b32f70c96820f044ac3bc12ceda0c4..4ce10da2692870d2b0026617ad34fdae6dabc9fc 100644 (file)
--- a/src/pybind/mgr/dashboard/services/access_control.py
+++ b/src/pybind/mgr/dashboard/services/access_control.py
@@ -12,6 +12,7 @@ from datetime import datetime, timedelta
 from string import ascii_lowercase, ascii_uppercase, digits, punctuation
 from typing import List, Optional, Sequence
 
+from ceph.cryptotools.select import get_crypto_caller
 from mgr_module import CLICheckNonemptyFileInput, CLIReadCommand, CLIWriteCommand
 from mgr_util import password_hash
 
@@ -23,8 +24,6 @@ from ..exceptions import PasswordPolicyException, PermissionNotValid, \
 from ..security import Permission, Scope
 from ..settings import Settings
 
-from ceph.cryptotools.select import get_crypto_caller
-
 logger = logging.getLogger('access_control')
 DEFAULT_FILE_DESC = 'password/secret'