From 01cb6886bef8a9c8a2c2946fcb7265575e9375d2 Mon Sep 17 00:00:00 2001
From: Abhishek Desai <abhishek.desai1@ibm.com>
Date: Wed, 8 Oct 2025 12:40:22 +0530
Subject: [PATCH] mgr/dashboard : Fix secure-monitoring-stack creds issue Fixes
 : https://tracker.ceph.com/issues/73379

Signed-off-by: Abhishek Desai <abhishek.desai1@ibm.com>
---
 .../mgr/dashboard/controllers/prometheus.py   | 20 ++++++++++++++-----
 .../mgr/dashboard/services/orchestrator.py    |  5 +++++
 2 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/src/pybind/mgr/dashboard/controllers/prometheus.py b/src/pybind/mgr/dashboard/controllers/prometheus.py
index 244106d470d..1c38e083fa3 100644
--- a/src/pybind/mgr/dashboard/controllers/prometheus.py
+++ b/src/pybind/mgr/dashboard/controllers/prometheus.py
@@ -107,7 +107,17 @@ class PrometheusRESTController(RESTController):
         return response
 
     def get_access_info(self, module_name):
-        # type (str, str, str, str, str)
+        """
+        Fetches credentials and certificate files for Prometheus/Alertmanager API access.
+        Cases handled:
+        - If secure_monitoring_stack and/or mgmt_gateway enabled:
+                fetch credentials (user, password, certs).
+        - If oauth2-proxy enabled: fetch credentials,
+                but only certs are used (user/password ignored).
+        - If not cephadm backend: returns credentials with all fields as None.
+        Returns:
+            Credentials namedtuple with user, password, ca_cert_file, cert_file, pkey_file.
+        """
 
         def write_to_tmp_file(content):
             # type (str)
@@ -138,11 +148,11 @@ class PrometheusRESTController(RESTController):
         cached_creds = self._get_cached_credentials(module_name)
         if cached_creds:
             return cached_creds
-
-        secure_monitoring_stack = mgr.get_module_option_ex('cephadm', 'secure_monitoring_stack')
-        if not secure_monitoring_stack:
-            return Credentials(user, password, ca_cert_file, cert_file, pkey_file)
         orch_client = OrchClient.instance()
+        security_config = orch_client.monitoring.get_security_config()
+        if not security_config.get('security_enabled', False):
+            return Credentials(user, password, ca_cert_file, cert_file, pkey_file)
+
         if orch_client.available():
             if module_name == 'prometheus':
                 access_info = orch_client.monitoring.get_prometheus_access_info()
diff --git a/src/pybind/mgr/dashboard/services/orchestrator.py b/src/pybind/mgr/dashboard/services/orchestrator.py
index 22190f45fad..769172b9bfa 100644
--- a/src/pybind/mgr/dashboard/services/orchestrator.py
+++ b/src/pybind/mgr/dashboard/services/orchestrator.py
@@ -234,6 +234,11 @@ class MonitoringManager(ResourceManager):
         """Get Alertmanager access information"""
         return self.api.get_alertmanager_access_info()
 
+    @wait_api_result
+    def get_security_config(self) -> Dict[str, str]:
+        """Get security config information"""
+        return self.api.get_security_config()
+
 
 class OrchClient(object):
 
-- 
2.39.5