From: John Mulligan Date: Tue, 22 Jul 2025 23:24:11 +0000 (-0400) Subject: mgr/smb: add new cephfs parameter for getting fscrypt keys X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=3407a6df82ef456bc3902392640369e48b0663b0;p=ceph.git mgr/smb: add new cephfs parameter for getting fscrypt keys Add a new field to the cephfs configuration section for shares. This section selects the keybridge scope and key name to use when acquiring the key to use for fscrypt. Signed-off-by: John Mulligan --- diff --git a/src/pybind/mgr/smb/resources.py b/src/pybind/mgr/smb/resources.py index e0aee7109b7c..41bf2b651644 100644 --- a/src/pybind/mgr/smb/resources.py +++ b/src/pybind/mgr/smb/resources.py @@ -238,6 +238,23 @@ class QoSConfig(_RBase): write_burst_mult: Optional[int] = 15 +@resourcelib.component() +class FSCryptKeySelector(_RBase): + """Parameters used to define where a fscrypt key will be acquired.""" + + # name of the keybridge scope to use + scope: str + # name of the entity (the key) to fetch + name: str + + def scope_identity(self) -> KeyBridgeScopeIdentity: + return KeyBridgeScopeIdentity.from_name(self.scope) + + def validate(self) -> None: + self.scope_identity() # raises value error if scope invalid + validation.check_id(self.name) + + @resourcelib.component() class CephFSStorage(_RBase): """Description of where in a CephFS file system a share is located.""" @@ -248,6 +265,9 @@ class CephFSStorage(_RBase): subvolume: str = '' provider: CephFSStorageProvider = CephFSStorageProvider.SAMBA_VFS qos: Optional[QoSConfig] = None + # fscrypt_key is used to identify and obtain fscrypt key material + # from the keybridge. + fscrypt_key: Optional[FSCryptKeySelector] = None def __post_init__(self) -> None: # Allow a shortcut form of / in the subvolume