From a2eb9f246a8e81ea36ef3ad7e09d4f1d9f7bc1ea Mon Sep 17 00:00:00 2001 From: John Mulligan Date: Wed, 16 Jul 2025 17:55:44 -0400 Subject: [PATCH] mgr/smb: add enums that will be used for configuring keybridge Add a pair of enum types that will be used for configuring the keybridge. The scope type identifies what kind of scope is being used. The peer policy can be used to allow a dev or other user more access to the keybridge api for development purposes. Signed-off-by: John Mulligan (cherry picked from commit 0c22d302af96790196425509c143473d302b9646) --- src/pybind/mgr/smb/enums.py | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/src/pybind/mgr/smb/enums.py b/src/pybind/mgr/smb/enums.py index 645858dbfd5..bb61f2a5f82 100644 --- a/src/pybind/mgr/smb/enums.py +++ b/src/pybind/mgr/smb/enums.py @@ -144,3 +144,28 @@ class TLSCredentialType(_StrEnum): CERT = 'cert' KEY = 'key' CA_CERT = 'ca-cert' + + +class KeyBridgeScopeType(_StrEnum): + """Specify the type of a keybridge scope.""" + + MEM = 'mem' + KMIP = 'kmip' + + def unique(self) -> bool: + """Return true if the scope is unique for a keybridge. + A unique scope can only appear once and has no additional qualifying + name(s). + """ + return self in {self.MEM} + + +class KeyBridgePeerPolicy(_StrEnum): + """Specify keybridge peer policy for validating access. + The policy bundles keybridge peer validation approaches into a single named + policy. Typically users *should not* be changing this. It's mainly for + debugging and hacking. + """ + + RESTRICTED = 'restricted' + UNRESTRICTED = 'unrestricted' -- 2.47.3