mgr/dashboard: fix server side encryption config error

Fixes: https://tracker.ceph.com/issues/58296
Signed-off-by: Aashish Sharma <aasharma@redhat.com>

diff --git a/src/pybind/mgr/dashboard/controllers/rgw.py b/src/pybind/mgr/dashboard/controllers/rgw.py
index d4fbd9476bc7dbfa2c541e3616b905cfcd638daf..f120b4a5ee3e1744403584ab2ac73976d6c70081 100644 (file)
--- a/src/pybind/mgr/dashboard/controllers/rgw.py
+++ b/src/pybind/mgr/dashboard/controllers/rgw.py
@@ -209,7 +209,7 @@ class RgwBucket(RgwRESTController):
 
         CephService.set_encryption_config(encryption_type, kms_provider, auth_method,
                                           secret_engine, secret_path, namespace, address,
-                                          token, ssl_cert, client_cert, client_key)
+                                          token, daemon_name, ssl_cert, client_cert, client_key)
 
     def _get_encryption(self, bucket_name, daemon_name, owner):
         rgw_client = RgwClient.instance(owner, daemon_name)
@@ -390,8 +390,8 @@ class RgwBucket(RgwRESTController):
 
     @RESTController.Collection(method='GET', path='/getEncryptionConfig')
     @allow_empty_body
-    def get_encryption_config(self):
-        return CephService.get_encryption_config()
+    def get_encryption_config(self, daemon_name=None, owner=None):
+        return CephService.get_encryption_config(daemon_name)
 
 
 @APIRouter('/rgw/user', Scope.RGW)

diff --git a/src/pybind/mgr/dashboard/frontend/src/app/shared/api/rgw-bucket.service.ts b/src/pybind/mgr/dashboard/frontend/src/app/shared/api/rgw-bucket.service.ts
index 3be9576fa657a0c67655c7882617bd1784eb5e06..315c8b7560f1718f24091cc08e15b7bd86ec7bb7 100644 (file)
--- a/src/pybind/mgr/dashboard/frontend/src/app/shared/api/rgw-bucket.service.ts
+++ b/src/pybind/mgr/dashboard/frontend/src/app/shared/api/rgw-bucket.service.ts
@@ -186,8 +186,8 @@ export class RgwBucketService extends ApiClient {
   }
 
   getEncryptionConfig() {
-    return this.rgwDaemonService.request(() => {
-      return this.http.get(`${this.url}/getEncryptionConfig`);
+    return this.rgwDaemonService.request((params: HttpParams) => {
+      return this.http.get(`${this.url}/getEncryptionConfig`, { params: params });
     });
   }
 }

diff --git a/src/pybind/mgr/dashboard/openapi.yaml b/src/pybind/mgr/dashboard/openapi.yaml
index 0c9a868fe4951fb62721c9e41efe360686ed4b01..1194aa8ef14d701b0da0c7c0cad75bf5e61d09f6 100644 (file)
--- a/src/pybind/mgr/dashboard/openapi.yaml
+++ b/src/pybind/mgr/dashboard/openapi.yaml
@@ -7761,7 +7761,17 @@ paths:
       - RgwBucket
   /api/rgw/bucket/getEncryptionConfig:
     get:
-      parameters: []
+      parameters:
+      - allowEmptyValue: true
+        in: query
+        name: daemon_name
+        schema:
+          type: string
+      - allowEmptyValue: true
+        in: query
+        name: owner
+        schema:
+          type: string
       responses:
         '200':
           content:

diff --git a/src/pybind/mgr/dashboard/services/ceph_service.py b/src/pybind/mgr/dashboard/services/ceph_service.py
index ebba26c8353842422b3189c9185a4929eb05285a..0e2d0cb0bdc84fe74d3b81d00ef050900923db93 100644 (file)
--- a/src/pybind/mgr/dashboard/services/ceph_service.py
+++ b/src/pybind/mgr/dashboard/services/ceph_service.py
@@ -183,7 +183,7 @@ class CephService(object):
         return None
 
     @classmethod
-    def get_encryption_config(cls):
+    def get_encryption_config(cls, daemon_name):
         kms_vault_configured = False
         s3_vault_configured = False
         kms_backend: str = ''
@@ -191,24 +191,24 @@ class CephService(object):
         vault_stats = []
 
         kms_backend = CephService.send_command('mon', 'config get',
-                                               who=name_to_config_section('rgw'),
+                                               who=name_to_config_section(daemon_name),
                                                key='rgw_crypt_s3_kms_backend')
         sse_s3_backend = CephService.send_command('mon', 'config get',
-                                                  who=name_to_config_section('rgw'),
+                                                  who=name_to_config_section(daemon_name),
                                                   key='rgw_crypt_sse_s3_backend')
 
         if kms_backend.strip() == 'vault':
             kms_vault_auth: str = CephService.send_command('mon', 'config get',
-                                                           who=name_to_config_section('rgw'),
+                                                           who=name_to_config_section(daemon_name),
                                                            key='rgw_crypt_vault_auth')
             kms_vault_engine: str = CephService.send_command('mon', 'config get',
-                                                             who=name_to_config_section('rgw'),
+                                                             who=name_to_config_section(daemon_name),  # noqa E501 #pylint: disable=line-too-long
                                                              key='rgw_crypt_vault_secret_engine')
             kms_vault_address: str = CephService.send_command('mon', 'config get',
-                                                              who=name_to_config_section('rgw'),
+                                                              who=name_to_config_section(daemon_name),  # noqa E501 #pylint: disable=line-too-long
                                                               key='rgw_crypt_vault_addr')
             kms_vault_token: str = CephService.send_command('mon', 'config get',
-                                                            who=name_to_config_section('rgw'),
+                                                            who=name_to_config_section(daemon_name),
                                                             key='rgw_crypt_vault_token_file')
             if (
                 kms_vault_auth.strip() != ""
@@ -220,17 +220,17 @@ class CephService(object):
 
         if sse_s3_backend.strip() == 'vault':
             s3_vault_auth: str = CephService.send_command('mon', 'config get',
-                                                          who=name_to_config_section('rgw'),
+                                                          who=name_to_config_section(daemon_name),
                                                           key='rgw_crypt_sse_s3_vault_auth')
             s3_vault_engine: str = CephService.send_command('mon',
                                                             'config get',
-                                                            who=name_to_config_section('rgw'),
+                                                            who=name_to_config_section(daemon_name),
                                                             key='rgw_crypt_sse_s3_vault_secret_engine')  # noqa E501 #pylint: disable=line-too-long
             s3_vault_address: str = CephService.send_command('mon', 'config get',
-                                                             who=name_to_config_section('rgw'),
+                                                             who=name_to_config_section(daemon_name),  # noqa E501 #pylint: disable=line-too-long
                                                              key='rgw_crypt_sse_s3_vault_addr')
             s3_vault_token: str = CephService.send_command('mon', 'config get',
-                                                           who=name_to_config_section('rgw'),
+                                                           who=name_to_config_section(daemon_name),
                                                            key='rgw_crypt_sse_s3_vault_token_file')
             if (
                 s3_vault_auth.strip() != ""
@@ -247,7 +247,7 @@ class CephService(object):
     @classmethod
     def set_encryption_config(cls, encryption_type, kms_provider, auth_method,
                               secret_engine, secret_path, namespace, address,
-                              token, ssl_cert, client_cert, client_key):
+                              token, daemon_name, ssl_cert, client_cert, client_key):
 
         if encryption_type == 'aws:kms':
 
@@ -265,7 +265,10 @@ class CephService(object):
             ]
 
             for (key, value) in KMS_CONFIG:
-                CephService.send_command('mon', 'config set', who=name_to_config_section('rgw'),
+                if value == 'null':
+                    continue
+                CephService.send_command('mon', 'config set',
+                                         who=name_to_config_section(daemon_name),
                                          name=key, value=value)
 
         if encryption_type == 'AES256':
@@ -284,7 +287,10 @@ class CephService(object):
             ]
 
             for (key, value) in SSE_S3_CONFIG:
-                CephService.send_command('mon', 'config set', who=name_to_config_section('rgw'),
+                if value == 'null':
+                    continue
+                CephService.send_command('mon', 'config set',
+                                         who=name_to_config_section(daemon_name),
                                          name=key, value=value)
 
         return {}