mgr/cephadm: Fix RGW spec validation for deprecated rgw cert field

Starting from Tentacle, the rgw_frontend_ssl_certificate field has been
deprecated in favor of the new ssl_cert and ssl_key fields. Update the
validation logic to run after this field is automatically transformed into
the new fields, ensuring proper validation of RGW specs.

Resolves: rhbz#2400686

Signed-off-by: Redouane Kachach <rkachach@ibm.com>
(cherry picked from commit 521e2a9039cab26f3b264052c8109636569ad61b)

diff --git a/src/python-common/ceph/deployment/service_spec.py b/src/python-common/ceph/deployment/service_spec.py
index e352242f0cc04fcc3f9a3cfbe41422ebaac3ae45..86a876b85bae5b08475087f38817d0585bf0babd 100644 (file)
--- a/src/python-common/ceph/deployment/service_spec.py
+++ b/src/python-common/ceph/deployment/service_spec.py
@@ -1694,17 +1694,22 @@ class RGWSpec(ServiceSpec):
                     setattr(self, attr, value)
 
     def validate(self) -> None:
-        super(RGWSpec, self).validate()
 
         if self.ssl:
             if not self.ssl_cert and self.rgw_frontend_ssl_certificate:
                 combined_cert = self.rgw_frontend_ssl_certificate
                 if isinstance(combined_cert, list):
                     combined_cert = '\n'.join(combined_cert)
+                self.certificate_source = CertificateSource.INLINE.value
                 self.ssl_cert, self.ssl_key = parse_combined_pem_file(combined_cert)
+                self.rgw_frontend_ssl_certificate = None
                 if not (self.ssl_cert and self.ssl_key):
                     raise SpecValidationError("Failed to parse rgw_frontend_ssl_certificate field.")
 
+        # This validation is done after adjusting the SSL field so when
+        # RGW Spec is updated with the right fields before validation
+        super(RGWSpec, self).validate()
+
         if self.rgw_realm and not self.rgw_zone:
             raise SpecValidationError(
                     'Cannot add RGW: Realm specified but no zone specified')