From 27c2050e37ed2556e1b2d0e5f6631d51b506ec6f Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Fri, 25 Apr 2025 11:22:26 -0400 Subject: [PATCH] mgr/dashboard: add an option to control the dashboard crypto caller Add a mgr config option `crypto_caller` that lets a ceph user override the default behavior of using the remote crypto caller. Supported values are `internal` and `remote`. Signed-off-by: John Mulligan --- src/pybind/mgr/dashboard/module.py | 8 ++++++++ src/pybind/mgr/dashboard/services/access_control.py | 3 +-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/src/pybind/mgr/dashboard/module.py b/src/pybind/mgr/dashboard/module.py index 295403f6fe338..721042602be28 100644 --- a/src/pybind/mgr/dashboard/module.py +++ b/src/pybind/mgr/dashboard/module.py @@ -23,6 +23,7 @@ if TYPE_CHECKING: else: from typing_extensions import Literal +from ceph.cryptotools.select import choose_crypto_caller from mgr_module import CLIReadCommand, CLIWriteCommand, HandleCommandResult, \ MgrModule, MgrStandbyModule, NotifyType, Option, _get_localized_key from mgr_util import ServerConfigException, build_url, \ @@ -275,6 +276,7 @@ class Module(MgrModule, CherryPyConfig): Option(name='redirect_resolve_ip_addr', type='bool', default=False), Option(name='cross_origin_url', type='str', default=''), Option(name='sso_oauth2', type='bool', default=False), + Option(name='crypto_caller', type='str', default=''), ] MODULE_OPTIONS.extend(options_schema_list()) for options in PLUGIN_MANAGER.hook.get_options() or []: @@ -288,6 +290,9 @@ class Module(MgrModule, CherryPyConfig): def __init__(self, *args, **kwargs): super(Module, self).__init__(*args, **kwargs) CherryPyConfig.__init__(self) + # configure the dashboard's crypto caller. by default it will + # use the remote caller to avoid pyo3 conflicts + choose_crypto_caller(str(self.get_module_option('crypto_caller', ''))) mgr.init(self) @@ -563,6 +568,9 @@ class StandbyModule(MgrStandbyModule, CherryPyConfig): super(StandbyModule, self).__init__(*args, **kwargs) CherryPyConfig.__init__(self) self.shutdown_event = threading.Event() + # configure the dashboard's crypto caller. by default it will + # use the remote caller to avoid pyo3 conflicts + choose_crypto_caller(str(self.get_module_option('crypto_caller', ''))) # We can set the global mgr instance to ourselves even though # we're just a standby, because it's enough for logging. diff --git a/src/pybind/mgr/dashboard/services/access_control.py b/src/pybind/mgr/dashboard/services/access_control.py index 440c125b81b32..4ce10da269287 100644 --- a/src/pybind/mgr/dashboard/services/access_control.py +++ b/src/pybind/mgr/dashboard/services/access_control.py @@ -12,6 +12,7 @@ from datetime import datetime, timedelta from string import ascii_lowercase, ascii_uppercase, digits, punctuation from typing import List, Optional, Sequence +from ceph.cryptotools.select import get_crypto_caller from mgr_module import CLICheckNonemptyFileInput, CLIReadCommand, CLIWriteCommand from mgr_util import password_hash @@ -23,8 +24,6 @@ from ..exceptions import PasswordPolicyException, PermissionNotValid, \ from ..security import Permission, Scope from ..settings import Settings -from ceph.cryptotools.select import get_crypto_caller - logger = logging.getLogger('access_control') DEFAULT_FILE_DESC = 'password/secret' -- 2.39.5