mgr/smb: add new cephfs parameter for getting fscrypt keys

Add a new field to the cephfs configuration section for shares. This
section selects the keybridge scope and key name to use when acquiring
the key to use for fscrypt.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
(cherry picked from commit 61e63787b5f9deb2c98890b6d205acd82287826c)

diff --git a/src/pybind/mgr/smb/resources.py b/src/pybind/mgr/smb/resources.py
index a8b3a462dccc5fcc95674b3729ed44795089c6c0..9e772c56d3271babc589520825b41a9279547e36 100644 (file)
--- a/src/pybind/mgr/smb/resources.py
+++ b/src/pybind/mgr/smb/resources.py
@@ -215,6 +215,23 @@ class _RBase:
         return self
 
 
+@resourcelib.component()
+class FSCryptKeySelector(_RBase):
+    """Parameters used to define where a fscrypt key will be acquired."""
+
+    # name of the keybridge scope to use
+    scope: str
+    # name of the entity (the key) to fetch
+    name: str
+
+    def scope_identity(self) -> KeyBridgeScopeIdentity:
+        return KeyBridgeScopeIdentity.from_name(self.scope)
+
+    def validate(self) -> None:
+        self.scope_identity()  # raises value error if scope invalid
+        validation.check_id(self.name)
+
+
 @resourcelib.component()
 class CephFSStorage(_RBase):
     """Description of where in a CephFS file system a share is located."""
@@ -224,6 +241,9 @@ class CephFSStorage(_RBase):
     subvolumegroup: str = ''
     subvolume: str = ''
     provider: CephFSStorageProvider = CephFSStorageProvider.SAMBA_VFS
+    # fscrypt_key is used to identify and obtain fscrypt key material
+    # from the keybridge.
+    fscrypt_key: Optional[FSCryptKeySelector] = None
 
     def __post_init__(self) -> None:
         # Allow a shortcut form of <subvolgroup>/<subvol> in the subvolume