From: John Mulligan Date: Tue, 22 Jul 2025 23:24:11 +0000 (-0400) Subject: mgr/smb: add new cephfs parameter for getting fscrypt keys X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=8b29687ccc39d0cbca99feee892d1abf0b3f1e3f;p=ceph-ci.git mgr/smb: add new cephfs parameter for getting fscrypt keys Add a new field to the cephfs configuration section for shares. This section selects the keybridge scope and key name to use when acquiring the key to use for fscrypt. Signed-off-by: John Mulligan (cherry picked from commit 61e63787b5f9deb2c98890b6d205acd82287826c) --- diff --git a/src/pybind/mgr/smb/resources.py b/src/pybind/mgr/smb/resources.py index a8b3a462dcc..9e772c56d32 100644 --- a/src/pybind/mgr/smb/resources.py +++ b/src/pybind/mgr/smb/resources.py @@ -215,6 +215,23 @@ class _RBase: return self +@resourcelib.component() +class FSCryptKeySelector(_RBase): + """Parameters used to define where a fscrypt key will be acquired.""" + + # name of the keybridge scope to use + scope: str + # name of the entity (the key) to fetch + name: str + + def scope_identity(self) -> KeyBridgeScopeIdentity: + return KeyBridgeScopeIdentity.from_name(self.scope) + + def validate(self) -> None: + self.scope_identity() # raises value error if scope invalid + validation.check_id(self.name) + + @resourcelib.component() class CephFSStorage(_RBase): """Description of where in a CephFS file system a share is located.""" @@ -224,6 +241,9 @@ class CephFSStorage(_RBase): subvolumegroup: str = '' subvolume: str = '' provider: CephFSStorageProvider = CephFSStorageProvider.SAMBA_VFS + # fscrypt_key is used to identify and obtain fscrypt key material + # from the keybridge. + fscrypt_key: Optional[FSCryptKeySelector] = None def __post_init__(self) -> None: # Allow a shortcut form of / in the subvolume