From: John Mulligan <jmulligan@redhat.com>
Date: Wed, 16 Jul 2025 21:08:49 +0000 (-0400)
Subject: python-common/deployment: add keybridge feature to smb service spec
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=9e091d939107d87f8d2212b4ffb78a4a2a48438f;p=ceph.git

python-common/deployment: add keybridge feature to smb service spec

The keybridge sidecar is enabled by the keybridge feature flag.
This sidecar will be used to help fetch keys over various protocols
for the ceph module to use to set up fs encryption.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
---

diff --git a/src/python-common/ceph/deployment/service_spec.py b/src/python-common/ceph/deployment/service_spec.py
index 2f6d6f944d2f..c10259729ba0 100644
--- a/src/python-common/ceph/deployment/service_spec.py
+++ b/src/python-common/ceph/deployment/service_spec.py
@@ -3842,6 +3842,10 @@ class SMBSpec(ServiceSpec):
         remote_control_ssl_cert: Optional[str] = None,
         remote_control_ssl_key: Optional[str] = None,
         remote_control_ca_cert: Optional[str] = None,
+        # == keybridge ==
+        keybridge_kmip_ssl_cert: Optional[str] = None,
+        keybridge_kmip_ssl_key: Optional[str] = None,
+        keybridge_kmip_ca_cert: Optional[str] = None,
         # === cluster configs ===
         # ceph_cluster_configs - An optional list of extra ceph clusters
         # typically external to the current cluster that the smb services
@@ -3887,6 +3891,9 @@ class SMBSpec(ServiceSpec):
         self.remote_control_ssl_cert = remote_control_ssl_cert
         self.remote_control_ssl_key = remote_control_ssl_key
         self.remote_control_ca_cert = remote_control_ca_cert
+        self.keybridge_kmip_ssl_cert = keybridge_kmip_ssl_cert
+        self.keybridge_kmip_ssl_key = keybridge_kmip_ssl_key
+        self.keybridge_kmip_ca_cert = keybridge_kmip_ca_cert
         self.ceph_cluster_configs = SMBExternalCephCluster.convert_list(
             ceph_cluster_configs
         )
diff --git a/src/python-common/ceph/smb/constants.py b/src/python-common/ceph/smb/constants.py
index 90fb24aad484..53745b3a4212 100644
--- a/src/python-common/ceph/smb/constants.py
+++ b/src/python-common/ceph/smb/constants.py
@@ -8,9 +8,11 @@ CTDB = 'ctdb'
 
 
 # Feature names
+# (please keep sorted)
 CEPHFS_PROXY = 'cephfs-proxy'
 CLUSTERED = 'clustered'
 DOMAIN = 'domain'
+KEYBRIDGE = 'keybridge'
 REMOTE_CONTROL = 'remote-control'
 REMOTE_CONTROL_LOCAL = 'remote-control-local'
 SMBMETRICS = 'smbmetrics'
@@ -23,6 +25,7 @@ FEATURES = {
     CEPHFS_PROXY,
     CLUSTERED,
     DOMAIN,
+    KEYBRIDGE,
     REMOTE_CONTROL,
     REMOTE_CONTROL_LOCAL,
 }