mgr/smb: add enums that will be used for configuring keybridge

Add a pair of enum types that will be used for configuring the
keybridge. The scope type identifies what kind of scope is being
used. The peer policy can be used to allow a dev or other user
more access to the keybridge api for development purposes.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
(cherry picked from commit 0c22d302af96790196425509c143473d302b9646)

diff --git a/src/pybind/mgr/smb/enums.py b/src/pybind/mgr/smb/enums.py
index 645858dbfd57634201bad8836fbed11ef21b1274..bb61f2a5f8221613c361631c1063b55483f565bb 100644 (file)
--- a/src/pybind/mgr/smb/enums.py
+++ b/src/pybind/mgr/smb/enums.py
@@ -144,3 +144,28 @@ class TLSCredentialType(_StrEnum):
     CERT = 'cert'
     KEY = 'key'
     CA_CERT = 'ca-cert'
+
+
+class KeyBridgeScopeType(_StrEnum):
+    """Specify the type of a keybridge scope."""
+
+    MEM = 'mem'
+    KMIP = 'kmip'
+
+    def unique(self) -> bool:
+        """Return true if the scope is unique for a keybridge.
+        A unique scope can only appear once and has no additional qualifying
+        name(s).
+        """
+        return self in {self.MEM}
+
+
+class KeyBridgePeerPolicy(_StrEnum):
+    """Specify keybridge peer policy for validating access.
+    The policy bundles keybridge peer validation approaches into a single named
+    policy. Typically users *should not* be changing this. It's mainly for
+    debugging and hacking.
+    """
+
+    RESTRICTED = 'restricted'
+    UNRESTRICTED = 'unrestricted'