From: Gil Bregman Date: Fri, 27 Feb 2026 10:09:14 +0000 (+0200) Subject: mgr/dashboard: Add DHCHAP controller key to NVME host commands X-Git-Tag: v21.0.0~182^2 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=aca4d32a48bf407cdb6108569101d21513f710fb;p=ceph.git mgr/dashboard: Add DHCHAP controller key to NVME host commands Fixes: https://tracker.ceph.com/issues/74939 Signed-off-by: Gil Bregman --- diff --git a/src/pybind/mgr/dashboard/controllers/nvmeof.py b/src/pybind/mgr/dashboard/controllers/nvmeof.py index 7655e989477b..ad83bc889bf1 100644 --- a/src/pybind/mgr/dashboard/controllers/nvmeof.py +++ b/src/pybind/mgr/dashboard/controllers/nvmeof.py @@ -1318,9 +1318,19 @@ else: ) ) + def _normalize_enum_key(val): + return val.replace("_", " ").title() + def _update_hosts(hosts_info_resp): if hosts_info_resp.get('allow_any_host'): hosts_info_resp['hosts'].insert(0, {"nqn": "*"}) + hosts = hosts_info_resp.get('hosts') + if not hosts: + hosts = [] + for h in hosts: + orig = h.get("dhchap_controller_origin") + if orig: + h["dhchap_controller_origin"] = _normalize_enum_key(orig) return hosts_info_resp @APIRouter("/nvmeof/subsystem/{nqn}/host", Scope.NVME_OF) @@ -1375,6 +1385,7 @@ else: @handle_nvmeof_error def create( self, nqn: str, host_nqn: str, dhchap_key: Optional[str] = None, + dhchap_controller_key: Optional[str] = None, psk: Optional[str] = None, gw_group: Optional[str] = None, server_address: Optional[str] = None ): @@ -1384,7 +1395,9 @@ else: ).stub.add_host( NVMeoFClient.pb2.add_host_req( subsystem_nqn=nqn, host_nqn=host_nqn, - dhchap_key=dhchap_key, psk=psk) + dhchap_key=dhchap_key, + dhchap_ctrlr_key=dhchap_controller_key, + psk=psk) ) @empty_response @@ -1417,9 +1430,9 @@ else: NVMeoFClient.pb2.remove_host_req(subsystem_nqn=nqn, host_nqn=host_nqn) ) + @empty_response @Endpoint('PUT', '{host_nqn}/change_key') @UpdatePermission - @empty_response @NvmeofCLICommand( "nvmeof host change_key", model.RequestStatus, @@ -1449,10 +1462,48 @@ else: NVMeoFClient.pb2.change_host_key_req( subsystem_nqn=nqn, host_nqn=host_nqn, - dhchap_key=dhchap_key) + dhchap_key=dhchap_key, + dhchap_ctrlr_key="-") + ) + + @empty_response + @Endpoint('PUT', '{host_nqn}/change_controller_key') + @UpdatePermission + @NvmeofCLICommand( + "nvmeof host change_controller_key", + model.RequestStatus, + success_message_template=("Changing controller key for host {host_nqn} " + "on subsystem {nqn}: Successful") + ) + @EndpointDoc( + "Change host DH-HMAC-CHAP controller key", + parameters={ + "nqn": Param(str, "NVMeoF subsystem NQN"), + "host_nqn": Param(str, 'NVMeoF host NQN'), + "dhchap_controller_key": Param(str, 'Host DH-HMAC-CHAP controller key'), + "gw_group": Param(str, "NVMeoF gateway group", True, None), + "server_address": Param(str, "NVMeoF gateway address", True, None), + }, + ) + @convert_to_model(model.RequestStatus) + @handle_nvmeof_error + def change_controller_key( + self, nqn: str, host_nqn: str, dhchap_controller_key: str, + gw_group: Optional[str] = None, server_address: Optional[str] = None + ): + return NVMeoFClient( + gw_group=gw_group, + server_address=server_address + ).stub.change_host_key( + NVMeoFClient.pb2.change_host_key_req(subsystem_nqn=nqn, + host_nqn=host_nqn, + dhchap_key="-", + dhchap_ctrlr_key=dhchap_controller_key) ) @empty_response + @Endpoint('PUT', '{host_nqn}/del_key') + @UpdatePermission @NvmeofCLICommand( "nvmeof host del_key", model.RequestStatus, @@ -1480,9 +1531,55 @@ else: ).stub.change_host_key( NVMeoFClient.pb2.change_host_key_req(subsystem_nqn=nqn, host_nqn=host_nqn, - dhchap_key=None) + dhchap_key=None, + dhchap_ctrlr_key="-") ) + @empty_response + @Endpoint('PUT', '{host_nqn}/del_controller_key') + @UpdatePermission + @NvmeofCLICommand( + "nvmeof host del_controller_key", + model.RequestStatus, + success_message_template=("Deleting controller key for host {host_nqn} " + "on subsystem {nqn}: Successful") + ) + @EndpointDoc( + "Delete host DH-HMAC-CHAP controller key", + parameters={ + "nqn": Param(str, "NVMeoF subsystem NQN"), + "host_nqn": Param(str, 'NVMeoF host NQN.'), + "gw_group": Param(str, "NVMeoF gateway group", True, None), + "server_address": Param(str, "NVMeoF gateway address", True, None), + }, + ) + @convert_to_model(model.RequestStatus) + @handle_nvmeof_error + def del_controller_key( + self, nqn: str, host_nqn: str, gw_group: Optional[str] = None, + server_address: Optional[str] = None + ): + return NVMeoFClient( + gw_group=gw_group, + server_address=server_address + ).stub.change_host_key( + NVMeoFClient.pb2.change_host_key_req(subsystem_nqn=nqn, + host_nqn=host_nqn, + dhchap_key="-", + dhchap_ctrlr_key=None) + ) + + def _update_connections(connection_list_resp): + conns = connection_list_resp.get('connections') + if not conns: + conns = [] + for con in conns: + orig = con.get("dhchap_controller_origin") + if orig: + con["dhchap_controller_origin"] = _normalize_enum_key( + orig) + return connection_list_resp + @APIRouter("/nvmeof/subsystem/{nqn}/connection", Scope.NVME_OF) @APIDoc("NVMe-oF Subsystem Connection Management API", "NVMe-oF Subsystem Connection") class NVMeoFConnection(RESTController): @@ -1496,7 +1593,7 @@ else: "server_address": Param(str, "NVMeoF gateway address", True, None), }, ) - @convert_to_model(model.ConnectionList) + @convert_to_model(model.ConnectionList, finalize=_update_connections) @handle_nvmeof_error def list(self, nqn: Optional[str] = None, gw_group: Optional[str] = None, server_address: Optional[str] = None): diff --git a/src/pybind/mgr/dashboard/model/nvmeof.py b/src/pybind/mgr/dashboard/model/nvmeof.py index 04b0551d21b3..c4ea09d8ee42 100644 --- a/src/pybind/mgr/dashboard/model/nvmeof.py +++ b/src/pybind/mgr/dashboard/model/nvmeof.py @@ -97,6 +97,7 @@ class SubsystemStatus(NamedTuple): class Connection(NamedTuple): + nqn: str traddr: str trsvcid: int trtype: str @@ -106,6 +107,7 @@ class Connection(NamedTuple): controller_id: int use_psk: Optional[bool] use_dhchap: Optional[bool] + dhchap_controller_origin: Optional[str] subsystem: Optional[str] disconnected_due_to_keepalive_timeout: Optional[bool] @@ -201,6 +203,7 @@ class Host(NamedTuple): nqn: str use_psk: Optional[bool] use_dhchap: Optional[bool] + dhchap_controller_origin: Optional[str] disconnected_due_to_keepalive_timeout: Annotated[Optional[bool], CliFlags.DROP] diff --git a/src/pybind/mgr/dashboard/openapi.yaml b/src/pybind/mgr/dashboard/openapi.yaml index 5e1fc41fb3ae..8403cb99fea4 100755 --- a/src/pybind/mgr/dashboard/openapi.yaml +++ b/src/pybind/mgr/dashboard/openapi.yaml @@ -13176,6 +13176,8 @@ paths: application/json: schema: properties: + dhchap_controller_key: + type: string dhchap_key: type: string gw_group: @@ -13285,6 +13287,71 @@ paths: summary: Disallow hosts from accessing an NVMeoF subsystem tags: - NVMe-oF Subsystem Host Allowlist + /api/nvmeof/subsystem/{nqn}/host/{host_nqn}/change_controller_key: + put: + parameters: + - description: NVMeoF subsystem NQN + in: path + name: nqn + required: true + schema: + type: string + - description: NVMeoF host NQN + in: path + name: host_nqn + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + properties: + dhchap_controller_key: + description: Host DH-HMAC-CHAP controller key + type: string + gw_group: + description: NVMeoF gateway group + type: string + server_address: + description: NVMeoF gateway address + type: string + required: + - dhchap_controller_key + type: object + responses: + '200': + content: + application/json: + schema: + type: object + application/vnd.ceph.api.v1.0+json: + schema: + type: object + description: Resource updated. + '202': + content: + application/json: + schema: + type: object + application/vnd.ceph.api.v1.0+json: + schema: + type: object + description: Operation is still executing. Please check the task queue. + '400': + description: Operation exception. Please check the response body for details. + '401': + description: Unauthenticated access. Please login first. + '403': + description: Unauthorized access. Please check your permissions. + '500': + description: Unexpected error. Please check the response body for the stack + trace. + security: + - jwt: [] + summary: Change host DH-HMAC-CHAP controller key + tags: + - NVMe-oF Subsystem Host Allowlist /api/nvmeof/subsystem/{nqn}/host/{host_nqn}/change_key: put: parameters: @@ -13350,6 +13417,126 @@ paths: summary: Change host DH-HMAC-CHAP key tags: - NVMe-oF Subsystem Host Allowlist + /api/nvmeof/subsystem/{nqn}/host/{host_nqn}/del_controller_key: + put: + parameters: + - description: NVMeoF subsystem NQN + in: path + name: nqn + required: true + schema: + type: string + - description: NVMeoF host NQN. + in: path + name: host_nqn + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + properties: + gw_group: + description: NVMeoF gateway group + type: string + server_address: + description: NVMeoF gateway address + type: string + type: object + responses: + '200': + content: + application/json: + schema: + type: object + application/vnd.ceph.api.v1.0+json: + schema: + type: object + description: Resource updated. + '202': + content: + application/json: + schema: + type: object + application/vnd.ceph.api.v1.0+json: + schema: + type: object + description: Operation is still executing. Please check the task queue. + '400': + description: Operation exception. Please check the response body for details. + '401': + description: Unauthenticated access. Please login first. + '403': + description: Unauthorized access. Please check your permissions. + '500': + description: Unexpected error. Please check the response body for the stack + trace. + security: + - jwt: [] + summary: Delete host DH-HMAC-CHAP controller key + tags: + - NVMe-oF Subsystem Host Allowlist + /api/nvmeof/subsystem/{nqn}/host/{host_nqn}/del_key: + put: + parameters: + - description: NVMeoF subsystem NQN + in: path + name: nqn + required: true + schema: + type: string + - description: NVMeoF host NQN. + in: path + name: host_nqn + required: true + schema: + type: string + requestBody: + content: + application/json: + schema: + properties: + gw_group: + description: NVMeoF gateway group + type: string + server_address: + description: NVMeoF gateway address + type: string + type: object + responses: + '200': + content: + application/json: + schema: + type: object + application/vnd.ceph.api.v1.0+json: + schema: + type: object + description: Resource updated. + '202': + content: + application/json: + schema: + type: object + application/vnd.ceph.api.v1.0+json: + schema: + type: object + description: Operation is still executing. Please check the task queue. + '400': + description: Operation exception. Please check the response body for details. + '401': + description: Unauthenticated access. Please login first. + '403': + description: Unauthorized access. Please check your permissions. + '500': + description: Unexpected error. Please check the response body for the stack + trace. + security: + - jwt: [] + summary: Delete host DH-HMAC-CHAP key + tags: + - NVMe-oF Subsystem Host Allowlist /api/nvmeof/subsystem/{nqn}/listener: get: parameters: