mgr/cephadm: Fix RGW spec validation for deprecated rgw cert field

Starting from Tentacle, the rgw_frontend_ssl_certificate field has been
deprecated in favor of the new ssl_cert and ssl_key fields. Update the
validation logic to run after this field is automatically transformed into
the new fields, ensuring proper validation of RGW specs.

Signed-off-by: Redouane Kachach <rkachach@ibm.com>

diff --git a/src/python-common/ceph/deployment/service_spec.py b/src/python-common/ceph/deployment/service_spec.py
index 10b1d391f8f115a14a23b4a8c2ba7fa6fde4c134..e9ed6339fcb1a0b13ceb8ff04ab77f12d2f27c46 100644 (file)
--- a/src/python-common/ceph/deployment/service_spec.py
+++ b/src/python-common/ceph/deployment/service_spec.py
@@ -1510,17 +1510,22 @@ class RGWSpec(ServiceSpec):
         return ports
 
     def validate(self) -> None:
-        super(RGWSpec, self).validate()
 
         if self.ssl:
             if not self.ssl_cert and self.rgw_frontend_ssl_certificate:
                 combined_cert = self.rgw_frontend_ssl_certificate
                 if isinstance(combined_cert, list):
                     combined_cert = '\n'.join(combined_cert)
+                self.certificate_source = CertificateSource.INLINE.value
                 self.ssl_cert, self.ssl_key = parse_combined_pem_file(combined_cert)
+                self.rgw_frontend_ssl_certificate = None
                 if not (self.ssl_cert and self.ssl_key):
                     raise SpecValidationError("Failed to parse rgw_frontend_ssl_certificate field.")
 
+        # This validation is done after adjusting the SSL field so when
+        # RGW Spec is updated with the right fields before validation
+        super(RGWSpec, self).validate()
+
         if self.rgw_realm and not self.rgw_zone:
             raise SpecValidationError(
                     'Cannot add RGW: Realm specified but no zone specified')