From: Adam King <adking@redhat.com>
Date: Wed, 7 Feb 2024 20:51:56 +0000 (-0500)
Subject: mgr/cephadm: store iscsi cert and key in cert store
X-Git-Tag: testing/wip-pdonnell-testing-20240703.143006-debug~16^2~2
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=a7e05c2f5acd4ec683056cc163320a28481f8269;p=ceph-ci.git

mgr/cephadm: store iscsi cert and key in cert store

In an effort to organize our handling of certs and
offer cert management functionality in the future

Signed-off-by: Adam King <adking@redhat.com>
---

diff --git a/src/pybind/mgr/cephadm/inventory.py b/src/pybind/mgr/cephadm/inventory.py
index 2cf9507d48e..3a3e848c9c0 100644
--- a/src/pybind/mgr/cephadm/inventory.py
+++ b/src/pybind/mgr/cephadm/inventory.py
@@ -18,6 +18,7 @@ from ceph.deployment.service_spec import (
     TunedProfileSpec,
     IngressSpec,
     RGWSpec,
+    IscsiServiceSpec,
 )
 from ceph.utils import str_to_datetime, datetime_to_str, datetime_now
 from orchestrator import OrchestratorError, HostSpec, OrchestratorEvent, service_to_daemon_types
@@ -361,6 +362,20 @@ class SpecStore():
                     cert_str,
                     service_name=rgw_spec.service_name(),
                     user_made=True)
+        elif spec.service_type == 'iscsi':
+            iscsi_spec = cast(IscsiServiceSpec, spec)
+            if iscsi_spec.ssl_cert:
+                self.mgr.cert_key_store.save_cert(
+                    'iscsi_ssl_cert',
+                    iscsi_spec.ssl_cert,
+                    service_name=iscsi_spec.service_name(),
+                    user_made=True)
+            if iscsi_spec.ssl_key:
+                self.mgr.cert_key_store.save_key(
+                    'iscsi_ssl_key',
+                    iscsi_spec.ssl_key,
+                    service_name=iscsi_spec.service_name(),
+                    user_made=True)
 
     def rm(self, service_name: str) -> bool:
         if service_name not in self._specs:
@@ -393,6 +408,9 @@ class SpecStore():
     def _rm_certs_and_keys(self, spec: ServiceSpec) -> None:
         if spec.service_type == 'rgw':
             self.mgr.cert_key_store.rm_cert('rgw_frontend_ssl_cert', service_name=spec.service_name())
+        if spec.service_type == 'iscsi':
+            self.mgr.cert_key_store.rm_cert('iscsi_ssl_cert', service_name=spec.service_name())
+            self.mgr.cert_key_store.rm_key('iscsi_ssl_key', service_name=spec.service_name())
 
     def get_created(self, spec: ServiceSpec) -> Optional[datetime.datetime]:
         return self.spec_created.get(spec.service_name())