From 521e2a9039cab26f3b264052c8109636569ad61b Mon Sep 17 00:00:00 2001 From: Redouane Kachach Date: Thu, 18 Sep 2025 10:31:14 +0200 Subject: [PATCH] mgr/cephadm: Fix RGW spec validation for deprecated rgw cert field Starting from Tentacle, the rgw_frontend_ssl_certificate field has been deprecated in favor of the new ssl_cert and ssl_key fields. Update the validation logic to run after this field is automatically transformed into the new fields, ensuring proper validation of RGW specs. Signed-off-by: Redouane Kachach --- src/python-common/ceph/deployment/service_spec.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/python-common/ceph/deployment/service_spec.py b/src/python-common/ceph/deployment/service_spec.py index 10b1d391f8f11..e9ed6339fcb1a 100644 --- a/src/python-common/ceph/deployment/service_spec.py +++ b/src/python-common/ceph/deployment/service_spec.py @@ -1510,17 +1510,22 @@ class RGWSpec(ServiceSpec): return ports def validate(self) -> None: - super(RGWSpec, self).validate() if self.ssl: if not self.ssl_cert and self.rgw_frontend_ssl_certificate: combined_cert = self.rgw_frontend_ssl_certificate if isinstance(combined_cert, list): combined_cert = '\n'.join(combined_cert) + self.certificate_source = CertificateSource.INLINE.value self.ssl_cert, self.ssl_key = parse_combined_pem_file(combined_cert) + self.rgw_frontend_ssl_certificate = None if not (self.ssl_cert and self.ssl_key): raise SpecValidationError("Failed to parse rgw_frontend_ssl_certificate field.") + # This validation is done after adjusting the SSL field so when + # RGW Spec is updated with the right fields before validation + super(RGWSpec, self).validate() + if self.rgw_realm and not self.rgw_zone: raise SpecValidationError( 'Cannot add RGW: Realm specified but no zone specified') -- 2.39.5