From: Aashish Sharma Date: Thu, 1 Dec 2022 10:32:14 +0000 (+0530) Subject: mgr/dashboard: fix server side encryption config error X-Git-Tag: v17.2.6~272^2 X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=61d8527d454f72d6e5d00a9cda0d6f0b50a1ba92;p=ceph.git mgr/dashboard: fix server side encryption config error Fixes: https://tracker.ceph.com/issues/58296 Signed-off-by: Aashish Sharma (cherry picked from commit 7d2b83c57f6a73247ee1c3a33b3f6a491736afd3) --- diff --git a/src/pybind/mgr/dashboard/controllers/rgw.py b/src/pybind/mgr/dashboard/controllers/rgw.py index d4fbd9476bc7d..f120b4a5ee3e1 100644 --- a/src/pybind/mgr/dashboard/controllers/rgw.py +++ b/src/pybind/mgr/dashboard/controllers/rgw.py @@ -209,7 +209,7 @@ class RgwBucket(RgwRESTController): CephService.set_encryption_config(encryption_type, kms_provider, auth_method, secret_engine, secret_path, namespace, address, - token, ssl_cert, client_cert, client_key) + token, daemon_name, ssl_cert, client_cert, client_key) def _get_encryption(self, bucket_name, daemon_name, owner): rgw_client = RgwClient.instance(owner, daemon_name) @@ -390,8 +390,8 @@ class RgwBucket(RgwRESTController): @RESTController.Collection(method='GET', path='/getEncryptionConfig') @allow_empty_body - def get_encryption_config(self): - return CephService.get_encryption_config() + def get_encryption_config(self, daemon_name=None, owner=None): + return CephService.get_encryption_config(daemon_name) @APIRouter('/rgw/user', Scope.RGW) diff --git a/src/pybind/mgr/dashboard/frontend/src/app/shared/api/rgw-bucket.service.ts b/src/pybind/mgr/dashboard/frontend/src/app/shared/api/rgw-bucket.service.ts index 3be9576fa657a..315c8b7560f17 100644 --- a/src/pybind/mgr/dashboard/frontend/src/app/shared/api/rgw-bucket.service.ts +++ b/src/pybind/mgr/dashboard/frontend/src/app/shared/api/rgw-bucket.service.ts @@ -186,8 +186,8 @@ export class RgwBucketService extends ApiClient { } getEncryptionConfig() { - return this.rgwDaemonService.request(() => { - return this.http.get(`${this.url}/getEncryptionConfig`); + return this.rgwDaemonService.request((params: HttpParams) => { + return this.http.get(`${this.url}/getEncryptionConfig`, { params: params }); }); } } diff --git a/src/pybind/mgr/dashboard/openapi.yaml b/src/pybind/mgr/dashboard/openapi.yaml index 9801c16f998bb..e54c6ecdc62a6 100644 --- a/src/pybind/mgr/dashboard/openapi.yaml +++ b/src/pybind/mgr/dashboard/openapi.yaml @@ -7738,7 +7738,17 @@ paths: - RgwBucket /api/rgw/bucket/getEncryptionConfig: get: - parameters: [] + parameters: + - allowEmptyValue: true + in: query + name: daemon_name + schema: + type: string + - allowEmptyValue: true + in: query + name: owner + schema: + type: string responses: '200': content: diff --git a/src/pybind/mgr/dashboard/services/ceph_service.py b/src/pybind/mgr/dashboard/services/ceph_service.py index f69070a206b5d..e3869e3bd98e5 100644 --- a/src/pybind/mgr/dashboard/services/ceph_service.py +++ b/src/pybind/mgr/dashboard/services/ceph_service.py @@ -183,7 +183,7 @@ class CephService(object): return None @classmethod - def get_encryption_config(cls): + def get_encryption_config(cls, daemon_name): kms_vault_configured = False s3_vault_configured = False kms_backend: str = '' @@ -191,24 +191,24 @@ class CephService(object): vault_stats = [] kms_backend = CephService.send_command('mon', 'config get', - who=name_to_config_section('rgw'), + who=name_to_config_section(daemon_name), key='rgw_crypt_s3_kms_backend') sse_s3_backend = CephService.send_command('mon', 'config get', - who=name_to_config_section('rgw'), + who=name_to_config_section(daemon_name), key='rgw_crypt_sse_s3_backend') if kms_backend.strip() == 'vault': kms_vault_auth: str = CephService.send_command('mon', 'config get', - who=name_to_config_section('rgw'), + who=name_to_config_section(daemon_name), key='rgw_crypt_vault_auth') kms_vault_engine: str = CephService.send_command('mon', 'config get', - who=name_to_config_section('rgw'), + who=name_to_config_section(daemon_name), # noqa E501 #pylint: disable=line-too-long key='rgw_crypt_vault_secret_engine') kms_vault_address: str = CephService.send_command('mon', 'config get', - who=name_to_config_section('rgw'), + who=name_to_config_section(daemon_name), # noqa E501 #pylint: disable=line-too-long key='rgw_crypt_vault_addr') kms_vault_token: str = CephService.send_command('mon', 'config get', - who=name_to_config_section('rgw'), + who=name_to_config_section(daemon_name), key='rgw_crypt_vault_token_file') if ( kms_vault_auth.strip() != "" @@ -220,17 +220,17 @@ class CephService(object): if sse_s3_backend.strip() == 'vault': s3_vault_auth: str = CephService.send_command('mon', 'config get', - who=name_to_config_section('rgw'), + who=name_to_config_section(daemon_name), key='rgw_crypt_sse_s3_vault_auth') s3_vault_engine: str = CephService.send_command('mon', 'config get', - who=name_to_config_section('rgw'), + who=name_to_config_section(daemon_name), key='rgw_crypt_sse_s3_vault_secret_engine') # noqa E501 #pylint: disable=line-too-long s3_vault_address: str = CephService.send_command('mon', 'config get', - who=name_to_config_section('rgw'), + who=name_to_config_section(daemon_name), # noqa E501 #pylint: disable=line-too-long key='rgw_crypt_sse_s3_vault_addr') s3_vault_token: str = CephService.send_command('mon', 'config get', - who=name_to_config_section('rgw'), + who=name_to_config_section(daemon_name), key='rgw_crypt_sse_s3_vault_token_file') if ( s3_vault_auth.strip() != "" @@ -247,7 +247,7 @@ class CephService(object): @classmethod def set_encryption_config(cls, encryption_type, kms_provider, auth_method, secret_engine, secret_path, namespace, address, - token, ssl_cert, client_cert, client_key): + token, daemon_name, ssl_cert, client_cert, client_key): if encryption_type == 'aws:kms': @@ -265,7 +265,10 @@ class CephService(object): ] for (key, value) in KMS_CONFIG: - CephService.send_command('mon', 'config set', who=name_to_config_section('rgw'), + if value == 'null': + continue + CephService.send_command('mon', 'config set', + who=name_to_config_section(daemon_name), name=key, value=value) if encryption_type == 'AES256': @@ -284,7 +287,10 @@ class CephService(object): ] for (key, value) in SSE_S3_CONFIG: - CephService.send_command('mon', 'config set', who=name_to_config_section('rgw'), + if value == 'null': + continue + CephService.send_command('mon', 'config set', + who=name_to_config_section(daemon_name), name=key, value=value) return {}