From 113d68f679183b9d43086f6dde4ed4e62ecdfcc6 Mon Sep 17 00:00:00 2001
From: John Mulligan <jmulligan@redhat.com>
Date: Tue, 1 Jul 2025 11:37:33 -0400
Subject: [PATCH] mgr/smb: add support for tls credential resoruces to sqlite
 store

The sqlite store needs to be updated for each top-level resource type.
Update it for the newly added tls credential type. Configure it so that
it works similarly to the join auth resource such that the cert data is
not stored in the sqlite db - only in the layered mon store.

Signed-off-by: John Mulligan <jmulligan@redhat.com>
(cherry picked from commit b5e0ab8547b8faf058df24c4e5077886dec02d24)
---
 src/pybind/mgr/smb/sqlite_store.py | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/src/pybind/mgr/smb/sqlite_store.py b/src/pybind/mgr/smb/sqlite_store.py
index 6b394e50ea380..d68fd2da28a47 100644
--- a/src/pybind/mgr/smb/sqlite_store.py
+++ b/src/pybind/mgr/smb/sqlite_store.py
@@ -506,6 +506,20 @@ class MirrorUsersAndGroups(Mirror):
         return filtered
 
 
+class MirrorTLSCredentials(Mirror):
+    """Mirroring configuration for objects in the tls_credentials namespace."""
+
+    def __init__(self, store: ConfigStore) -> None:
+        super().__init__('tls_credentials', store)
+
+    def filter_object(self, obj: Simplified) -> Simplified:
+        """Filter tls_credential for sqlite3 store."""
+        filtered = copy.deepcopy(obj)
+        if filtered.get('credential_type') and filtered.get('value'):
+            filtered.pop('value', None)
+        return filtered
+
+
 def _tables(
     *,
     specialize: bool = True,
@@ -526,6 +540,7 @@ def _tables(
         srt,
         SimpleTable('join_auths', 'join_auths'),
         SimpleTable('users_and_groups', 'users_and_groups'),
+        SimpleTable('tls_creds', 'tls_creds'),
     ]
 
 
@@ -541,6 +556,10 @@ def _mirror_users_and_groups(opts: Optional[Dict[str, str]] = None) -> bool:
     return (opts or {}).get('mirror_users_and_groups') != 'no'
 
 
+def _mirror_tls_credentials(opts: Optional[Dict[str, str]] = None) -> bool:
+    return (opts or {}).get('mirror_tls_credentials') != 'no'
+
+
 def mgr_sqlite3_db(
     mgr: Any, opts: Optional[Dict[str, str]] = None
 ) -> SqliteStore:
@@ -566,6 +585,8 @@ def mgr_sqlite3_db_with_mirroring(
         mirrors.append(MirrorJoinAuths(mirror_store))
     if _mirror_users_and_groups(opts):
         mirrors.append(MirrorUsersAndGroups(mirror_store))
+    if _mirror_tls_credentials(opts):
+        mirrors.append(MirrorTLSCredentials(mirror_store))
     return SqliteMirroringStore(mgr, tables, mirrors)
 
 
-- 
2.39.5