From: John Mulligan <jmulligan@redhat.com>
Date: Tue, 1 Jul 2025 15:37:33 +0000 (-0400)
Subject: mgr/smb: add support for tls credential resoruces to sqlite store
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=b5e0ab8547b8faf058df24c4e5077886dec02d24;p=ceph.git

mgr/smb: add support for tls credential resoruces to sqlite store

The sqlite store needs to be updated for each top-level resource type.
Update it for the newly added tls credential type. Configure it so that
it works similarly to the join auth resource such that the cert data is
not stored in the sqlite db - only in the layered mon store.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
---

diff --git a/src/pybind/mgr/smb/sqlite_store.py b/src/pybind/mgr/smb/sqlite_store.py
index 6b394e50ea380..d68fd2da28a47 100644
--- a/src/pybind/mgr/smb/sqlite_store.py
+++ b/src/pybind/mgr/smb/sqlite_store.py
@@ -506,6 +506,20 @@ class MirrorUsersAndGroups(Mirror):
         return filtered
 
 
+class MirrorTLSCredentials(Mirror):
+    """Mirroring configuration for objects in the tls_credentials namespace."""
+
+    def __init__(self, store: ConfigStore) -> None:
+        super().__init__('tls_credentials', store)
+
+    def filter_object(self, obj: Simplified) -> Simplified:
+        """Filter tls_credential for sqlite3 store."""
+        filtered = copy.deepcopy(obj)
+        if filtered.get('credential_type') and filtered.get('value'):
+            filtered.pop('value', None)
+        return filtered
+
+
 def _tables(
     *,
     specialize: bool = True,
@@ -526,6 +540,7 @@ def _tables(
         srt,
         SimpleTable('join_auths', 'join_auths'),
         SimpleTable('users_and_groups', 'users_and_groups'),
+        SimpleTable('tls_creds', 'tls_creds'),
     ]
 
 
@@ -541,6 +556,10 @@ def _mirror_users_and_groups(opts: Optional[Dict[str, str]] = None) -> bool:
     return (opts or {}).get('mirror_users_and_groups') != 'no'
 
 
+def _mirror_tls_credentials(opts: Optional[Dict[str, str]] = None) -> bool:
+    return (opts or {}).get('mirror_tls_credentials') != 'no'
+
+
 def mgr_sqlite3_db(
     mgr: Any, opts: Optional[Dict[str, str]] = None
 ) -> SqliteStore:
@@ -566,6 +585,8 @@ def mgr_sqlite3_db_with_mirroring(
         mirrors.append(MirrorJoinAuths(mirror_store))
     if _mirror_users_and_groups(opts):
         mirrors.append(MirrorUsersAndGroups(mirror_store))
+    if _mirror_tls_credentials(opts):
+        mirrors.append(MirrorTLSCredentials(mirror_store))
     return SqliteMirroringStore(mgr, tables, mirrors)