From 886219d5e47f1ca4d29bc9f0fcbe5b336d50838a Mon Sep 17 00:00:00 2001
From: Adam King <adking@redhat.com>
Date: Tue, 23 Jan 2024 09:57:30 -0500
Subject: [PATCH] mgr/cephadm: move service discovery cert/key to cert store

Trying to move all of the certs/keys cephadm manages
into one place.

Signed-off-by: Adam King <adking@redhat.com>
(cherry picked from commit 078b694b99ad5e2362790ba21aeb784cb5e8ccdb)
---
 src/pybind/mgr/cephadm/module.py            |  4 +---
 src/pybind/mgr/cephadm/service_discovery.py | 10 ++++++----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/src/pybind/mgr/cephadm/module.py b/src/pybind/mgr/cephadm/module.py
index 374c58ab2a0..20700067161 100644
--- a/src/pybind/mgr/cephadm/module.py
+++ b/src/pybind/mgr/cephadm/module.py
@@ -14,8 +14,6 @@ from tempfile import TemporaryDirectory, NamedTemporaryFile
 from urllib.error import HTTPError
 from threading import Event
 
-from cephadm.service_discovery import ServiceDiscovery
-
 from ceph.deployment.service_spec import PrometheusSpec
 
 import string
@@ -3249,7 +3247,7 @@ Then run the following:
 
     @handle_orch_error
     def service_discovery_dump_cert(self) -> str:
-        root_cert = self.get_store(ServiceDiscovery.KV_STORE_SD_ROOT_CERT)
+        root_cert = self.cert_key_store.get_cert('service_discovery_root_cert')
         if not root_cert:
             raise OrchestratorError('No certificate found for service discovery')
         return root_cert
diff --git a/src/pybind/mgr/cephadm/service_discovery.py b/src/pybind/mgr/cephadm/service_discovery.py
index 2b82f87493f..29498675a15 100644
--- a/src/pybind/mgr/cephadm/service_discovery.py
+++ b/src/pybind/mgr/cephadm/service_discovery.py
@@ -45,6 +45,8 @@ class Route(NamedTuple):
 
 class ServiceDiscovery:
 
+    # TODO: these constants should only be needed for migration purposes
+    # after completion of the cert store. Make sure to move them.
     KV_STORE_SD_ROOT_CERT = 'service_discovery/root/cert'
     KV_STORE_SD_ROOT_KEY = 'service_discovery/root/key'
 
@@ -89,14 +91,14 @@ class ServiceDiscovery:
             self.mgr.set_store('service_discovery/root/username', self.username)
 
     def configure_tls(self, server: Server) -> None:
-        old_cert = self.mgr.get_store(self.KV_STORE_SD_ROOT_CERT)
-        old_key = self.mgr.get_store(self.KV_STORE_SD_ROOT_KEY)
+        old_cert = self.mgr.cert_key_store.get_cert('service_discovery_root_cert')
+        old_key = self.mgr.cert_key_store.get_key('service_discovery_key')
         if old_key and old_cert:
             self.ssl_certs.load_root_credentials(old_cert, old_key)
         else:
             self.ssl_certs.generate_root_cert(self.mgr.get_mgr_ip())
-            self.mgr.set_store(self.KV_STORE_SD_ROOT_CERT, self.ssl_certs.get_root_cert())
-            self.mgr.set_store(self.KV_STORE_SD_ROOT_KEY, self.ssl_certs.get_root_key())
+            self.mgr.cert_key_store.save_cert('service_discovery_root_cert', self.ssl_certs.get_root_cert())
+            self.mgr.cert_key_store.save_key('service_discovery_key', self.ssl_certs.get_root_key())
         addr = self.mgr.get_mgr_ip()
         host_fqdn = socket.getfqdn(addr)
         server.ssl_certificate, server.ssl_private_key = self.ssl_certs.generate_cert_files(
-- 
2.39.5