From b008856bcf75c5c67490d8748415f13746232abd Mon Sep 17 00:00:00 2001
From: Redouane Kachach <rkachach@ibm.com>
Date: Wed, 8 Jan 2025 12:34:49 +0100
Subject: [PATCH] mgr/cepahdm: fixing cert user_made and pre_remove actions of
 mgmt-gw

Signed-off-by: Redouane Kachach <rkachach@ibm.com>
---
 src/pybind/mgr/cephadm/services/mgmt_gateway.py | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/src/pybind/mgr/cephadm/services/mgmt_gateway.py b/src/pybind/mgr/cephadm/services/mgmt_gateway.py
index e506fa534d2..d21478333de 100644
--- a/src/pybind/mgr/cephadm/services/mgmt_gateway.py
+++ b/src/pybind/mgr/cephadm/services/mgmt_gateway.py
@@ -54,9 +54,11 @@ class MgmtGatewayService(CephadmService):
     def get_external_certificates(self, svc_spec: MgmtGatewaySpec, daemon_spec: CephadmDaemonDeploySpec) -> Tuple[str, str]:
         cert = self.mgr.cert_mgr.get_cert('mgmt_gw_cert')
         key = self.mgr.cert_mgr.get_key('mgmt_gw_key')
+        user_made = False
         if not (cert and key):
             # not available on store, check if provided on the spec
             if svc_spec.ssl_certificate and svc_spec.ssl_certificate_key:
+                user_made = True
                 cert = svc_spec.ssl_certificate
                 key = svc_spec.ssl_certificate_key
             else:
@@ -66,8 +68,8 @@ class MgmtGatewayService(CephadmService):
                 cert, key = self.mgr.cert_mgr.generate_cert(host_fqdn, ips)
             # save certificates
             if cert and key:
-                self.mgr.cert_mgr.save_cert('mgmt_gw_cert', cert)
-                self.mgr.cert_mgr.save_key('mgmt_gw_key', key)
+                self.mgr.cert_mgr.save_cert('mgmt_gw_cert', cert, user_made=user_made)
+                self.mgr.cert_mgr.save_key('mgmt_gw_key', key, user_made=user_made)
             else:
                 logger.error("Failed to obtain certificate and key from mgmt-gateway.")
         return cert, key
@@ -167,7 +169,6 @@ class MgmtGatewayService(CephadmService):
         # reset the standby dashboard redirection behaviour
         self.mgr.set_module_option_ex('dashboard', 'standby_error_status_code', '500')
         self.mgr.set_module_option_ex('dashboard', 'standby_behaviour', 'redirect')
-        if daemon.hostname is not None:
-            # delete cert/key entires for this mgmt-gateway daemon
-            self.mgr.cert_mgr.rm_cert('mgmt_gw_cert')
-            self.mgr.cert_mgr.rm_key('mgmt_gw_key')
+        # delete cert/key entires for this mgmt-gateway daemon
+        self.mgr.cert_mgr.rm_cert('mgmt_gw_cert')
+        self.mgr.cert_mgr.rm_key('mgmt_gw_key')
-- 
2.39.5