From: John Mulligan Date: Fri, 25 Apr 2025 15:22:26 +0000 (-0400) Subject: mgr/dashboard: add an option to control the dashboard crypto caller X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=20ad35bd1b928ee3d02c767fa4b77a7db6388b80;p=ceph-ci.git mgr/dashboard: add an option to control the dashboard crypto caller Add a mgr config option `crypto_caller` that lets a ceph user override the default behavior of using the remote crypto caller. Supported values are `internal` and `remote`. Signed-off-by: John Mulligan (cherry picked from commit 27c2050e37ed2556e1b2d0e5f6631d51b506ec6f) Conflicts: src/pybind/mgr/dashboard/module.py - removed the sso oauth2 option --- diff --git a/src/pybind/mgr/dashboard/module.py b/src/pybind/mgr/dashboard/module.py index 677d88fb678..f7676c702aa 100644 --- a/src/pybind/mgr/dashboard/module.py +++ b/src/pybind/mgr/dashboard/module.py @@ -21,6 +21,7 @@ if TYPE_CHECKING: else: from typing_extensions import Literal +from ceph.cryptotools.select import choose_crypto_caller from mgr_module import CLIReadCommand, CLIWriteCommand, HandleCommandResult, \ MgrModule, MgrStandbyModule, NotifyType, Option, _get_localized_key from mgr_util import ServerConfigException, build_url, \ @@ -335,6 +336,7 @@ class Module(MgrModule, CherryPyConfig): min=400, max=599), Option(name='redirect_resolve_ip_addr', type='bool', default=False), Option(name='cross_origin_url', type='str', default=''), + Option(name='crypto_caller', type='str', default=''), ] MODULE_OPTIONS.extend(options_schema_list()) for options in PLUGIN_MANAGER.hook.get_options() or []: @@ -348,6 +350,9 @@ class Module(MgrModule, CherryPyConfig): def __init__(self, *args, **kwargs): super(Module, self).__init__(*args, **kwargs) CherryPyConfig.__init__(self) + # configure the dashboard's crypto caller. by default it will + # use the remote caller to avoid pyo3 conflicts + choose_crypto_caller(str(self.get_module_option('crypto_caller', ''))) mgr.init(self) @@ -565,6 +570,9 @@ class StandbyModule(MgrStandbyModule, CherryPyConfig): super(StandbyModule, self).__init__(*args, **kwargs) CherryPyConfig.__init__(self) self.shutdown_event = threading.Event() + # configure the dashboard's crypto caller. by default it will + # use the remote caller to avoid pyo3 conflicts + choose_crypto_caller(str(self.get_module_option('crypto_caller', ''))) # We can set the global mgr instance to ourselves even though # we're just a standby, because it's enough for logging. diff --git a/src/pybind/mgr/dashboard/services/access_control.py b/src/pybind/mgr/dashboard/services/access_control.py index 490c6e3fcc9..89a7de5fbe4 100644 --- a/src/pybind/mgr/dashboard/services/access_control.py +++ b/src/pybind/mgr/dashboard/services/access_control.py @@ -12,6 +12,7 @@ from datetime import datetime, timedelta from string import ascii_lowercase, ascii_uppercase, digits, punctuation from typing import List, Optional, Sequence +from ceph.cryptotools.select import get_crypto_caller from mgr_module import CLICheckNonemptyFileInput, CLIReadCommand, CLIWriteCommand from mgr_util import password_hash @@ -23,8 +24,6 @@ from ..exceptions import PasswordPolicyException, PermissionNotValid, \ from ..security import Permission, Scope from ..settings import Settings -from ceph.cryptotools.select import get_crypto_caller - logger = logging.getLogger('access_control') DEFAULT_FILE_DESC = 'password/secret'