From: John Mulligan Date: Fri, 25 Apr 2025 15:22:26 +0000 (-0400) Subject: mgr/dashboard: add an option to control the dashboard crypto caller X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=27c2050e37ed2556e1b2d0e5f6631d51b506ec6f;p=ceph.git mgr/dashboard: add an option to control the dashboard crypto caller Add a mgr config option `crypto_caller` that lets a ceph user override the default behavior of using the remote crypto caller. Supported values are `internal` and `remote`. Signed-off-by: John Mulligan --- diff --git a/src/pybind/mgr/dashboard/module.py b/src/pybind/mgr/dashboard/module.py index 295403f6fe3..721042602be 100644 --- a/src/pybind/mgr/dashboard/module.py +++ b/src/pybind/mgr/dashboard/module.py @@ -23,6 +23,7 @@ if TYPE_CHECKING: else: from typing_extensions import Literal +from ceph.cryptotools.select import choose_crypto_caller from mgr_module import CLIReadCommand, CLIWriteCommand, HandleCommandResult, \ MgrModule, MgrStandbyModule, NotifyType, Option, _get_localized_key from mgr_util import ServerConfigException, build_url, \ @@ -275,6 +276,7 @@ class Module(MgrModule, CherryPyConfig): Option(name='redirect_resolve_ip_addr', type='bool', default=False), Option(name='cross_origin_url', type='str', default=''), Option(name='sso_oauth2', type='bool', default=False), + Option(name='crypto_caller', type='str', default=''), ] MODULE_OPTIONS.extend(options_schema_list()) for options in PLUGIN_MANAGER.hook.get_options() or []: @@ -288,6 +290,9 @@ class Module(MgrModule, CherryPyConfig): def __init__(self, *args, **kwargs): super(Module, self).__init__(*args, **kwargs) CherryPyConfig.__init__(self) + # configure the dashboard's crypto caller. by default it will + # use the remote caller to avoid pyo3 conflicts + choose_crypto_caller(str(self.get_module_option('crypto_caller', ''))) mgr.init(self) @@ -563,6 +568,9 @@ class StandbyModule(MgrStandbyModule, CherryPyConfig): super(StandbyModule, self).__init__(*args, **kwargs) CherryPyConfig.__init__(self) self.shutdown_event = threading.Event() + # configure the dashboard's crypto caller. by default it will + # use the remote caller to avoid pyo3 conflicts + choose_crypto_caller(str(self.get_module_option('crypto_caller', ''))) # We can set the global mgr instance to ourselves even though # we're just a standby, because it's enough for logging. diff --git a/src/pybind/mgr/dashboard/services/access_control.py b/src/pybind/mgr/dashboard/services/access_control.py index 440c125b81b..4ce10da2692 100644 --- a/src/pybind/mgr/dashboard/services/access_control.py +++ b/src/pybind/mgr/dashboard/services/access_control.py @@ -12,6 +12,7 @@ from datetime import datetime, timedelta from string import ascii_lowercase, ascii_uppercase, digits, punctuation from typing import List, Optional, Sequence +from ceph.cryptotools.select import get_crypto_caller from mgr_module import CLICheckNonemptyFileInput, CLIReadCommand, CLIWriteCommand from mgr_util import password_hash @@ -23,8 +24,6 @@ from ..exceptions import PasswordPolicyException, PermissionNotValid, \ from ..security import Permission, Scope from ..settings import Settings -from ceph.cryptotools.select import get_crypto_caller - logger = logging.getLogger('access_control') DEFAULT_FILE_DESC = 'password/secret'