From e05532e24cd09faf63c53f4b6678f1d4dff27eec Mon Sep 17 00:00:00 2001 From: Nizamudeen A Date: Thu, 30 May 2024 13:36:52 +0530 Subject: [PATCH] mgr/dashboard: read cert from in-memory file Fixes: https://tracker.ceph.com/issues/66303 Signed-off-by: Nizamudeen A --- .../dashboard/controllers/multi_cluster.py | 34 ++++++++++++++----- .../multi-cluster-form.component.ts | 2 +- .../app/shared/api/multi-cluster.service.ts | 12 +++++-- src/pybind/mgr/dashboard/openapi.yaml | 5 +++ 4 files changed, 42 insertions(+), 11 deletions(-) diff --git a/src/pybind/mgr/dashboard/controllers/multi_cluster.py b/src/pybind/mgr/dashboard/controllers/multi_cluster.py index cc6a7e203d3..8fdecf99d44 100644 --- a/src/pybind/mgr/dashboard/controllers/multi_cluster.py +++ b/src/pybind/mgr/dashboard/controllers/multi_cluster.py @@ -3,6 +3,7 @@ import base64 import json import re +import tempfile import time from urllib.parse import urlparse @@ -37,8 +38,14 @@ class MultiCluster(RESTController): 'Accept': 'application/vnd.ceph.api.v1.0+json', 'Content-Type': 'application/json', } + cert_file_path = verify + if verify: + with tempfile.NamedTemporaryFile(delete=False) as cert_file: + cert_file.write(cert.encode('utf-8')) + cert_file_path = cert_file.name response = requests.request(method, base_url + path, params=params, - json=payload, verify=verify, cert=cert, headers=headers) + json=payload, verify=cert_file_path, + headers=headers) except Exception as e: raise DashboardException( "Could not reach {}, {}".format(base_url+path, e), @@ -78,11 +85,13 @@ class MultiCluster(RESTController): payload={'url': cors_endpoints_string}, token=cluster_token, verify=ssl_verify, cert=ssl_certificate) - fsid = self._proxy('GET', url, 'api/health/get_cluster_fsid', token=cluster_token) + fsid = self._proxy('GET', url, 'api/health/get_cluster_fsid', token=cluster_token, + verify=ssl_verify, cert=ssl_certificate) managed_by_clusters_content = self._proxy('GET', url, 'api/settings/MANAGED_BY_CLUSTERS', - token=cluster_token) + token=cluster_token, + verify=ssl_verify, cert=ssl_certificate) managed_by_clusters_config = managed_by_clusters_content['value'] @@ -95,7 +104,8 @@ class MultiCluster(RESTController): # add prometheus targets prometheus_url = self._proxy('GET', url, 'api/multi-cluster/get_prometheus_api_url', - token=cluster_token) + token=cluster_token, verify=ssl_verify, + cert=ssl_certificate) _set_prometheus_targets(prometheus_url) @@ -145,7 +155,8 @@ class MultiCluster(RESTController): component='multi-cluster') user_content = self._proxy('GET', url, f'api/user/{username}', - token=content['token']) + token=content['token'], verify=ssl_verify, + cert=ssl_certificate) if 'status' in user_content and user_content['status'] == '403 Forbidden': raise DashboardException(msg='User is not an administrator', @@ -164,7 +175,8 @@ class MultiCluster(RESTController): cluster_token = content['token'] managed_by_clusters_content = self._proxy('GET', url, 'api/settings/MANAGED_BY_CLUSTERS', - token=cluster_token) + token=cluster_token, verify=ssl_verify, + cert=ssl_certificate) managed_by_clusters_config = managed_by_clusters_content['value'] @@ -247,19 +259,23 @@ class MultiCluster(RESTController): for cluster in cluster_details: if cluster["url"] == url and cluster["user"] == username: cluster['token'] = cluster_token + cluster['ssl_verify'] = ssl_verify + cluster['ssl_certificate'] = ssl_certificate Settings.MULTICLUSTER_CONFIG = multicluster_config return True @Endpoint('PUT') @UpdatePermission # pylint: disable=unused-variable - def edit_cluster(self, url, cluster_alias, username): + def edit_cluster(self, url, cluster_alias, username, verify=False, ssl_certificate=None): multicluster_config = self.load_multi_cluster_config() if "config" in multicluster_config: for key, cluster_details in multicluster_config["config"].items(): for cluster in cluster_details: if cluster["url"] == url and cluster["user"] == username: cluster['cluster_alias'] = cluster_alias + cluster['ssl_verify'] = verify + cluster['ssl_certificate'] = ssl_certificate if verify else '' Settings.MULTICLUSTER_CONFIG = multicluster_config return Settings.MULTICLUSTER_CONFIG @@ -291,7 +307,9 @@ class MultiCluster(RESTController): managed_by_clusters_content = self._proxy('GET', cluster_url, 'api/settings/MANAGED_BY_CLUSTERS', - token=cluster_token) + token=cluster_token, + verify=cluster_ssl_verify, + cert=cluster_ssl_certificate) managed_by_clusters_config = managed_by_clusters_content['value'] for cluster in managed_by_clusters_config: diff --git a/src/pybind/mgr/dashboard/frontend/src/app/ceph/cluster/multi-cluster/multi-cluster-form/multi-cluster-form.component.ts b/src/pybind/mgr/dashboard/frontend/src/app/ceph/cluster/multi-cluster/multi-cluster-form/multi-cluster-form.component.ts index 18da2ad48d3..32548f63c8a 100644 --- a/src/pybind/mgr/dashboard/frontend/src/app/ceph/cluster/multi-cluster/multi-cluster-form/multi-cluster-form.component.ts +++ b/src/pybind/mgr/dashboard/frontend/src/app/ceph/cluster/multi-cluster/multi-cluster-form/multi-cluster-form.component.ts @@ -197,7 +197,7 @@ export class MultiClusterFormComponent implements OnInit, OnDestroy { case 'edit': this.subs.add( this.multiClusterService - .editCluster(this.cluster.url, clusterAlias, this.cluster.user) + .editCluster(this.cluster.url, clusterAlias, this.cluster.user, ssl, ssl_certificate) .subscribe({ ...commonSubscribtion, complete: () => this.handleSuccess($localize`Cluster updated successfully`) diff --git a/src/pybind/mgr/dashboard/frontend/src/app/shared/api/multi-cluster.service.ts b/src/pybind/mgr/dashboard/frontend/src/app/shared/api/multi-cluster.service.ts index 3c4be090f07..5a03abd22ff 100644 --- a/src/pybind/mgr/dashboard/frontend/src/app/shared/api/multi-cluster.service.ts +++ b/src/pybind/mgr/dashboard/frontend/src/app/shared/api/multi-cluster.service.ts @@ -115,11 +115,19 @@ export class MultiClusterService { return this.http.delete(`api/multi-cluster/delete_cluster/${clusterName}/${clusterUser}`); } - editCluster(url: any, clusterAlias: string, username: string) { + editCluster( + url: any, + clusterAlias: string, + username: string, + verify = false, + ssl_certificate = '' + ) { return this.http.put('api/multi-cluster/edit_cluster', { url, cluster_alias: clusterAlias, - username + username: username, + verify: verify, + ssl_certificate: ssl_certificate }); } diff --git a/src/pybind/mgr/dashboard/openapi.yaml b/src/pybind/mgr/dashboard/openapi.yaml index 1c004bd8b3c..83560b312fe 100644 --- a/src/pybind/mgr/dashboard/openapi.yaml +++ b/src/pybind/mgr/dashboard/openapi.yaml @@ -7222,10 +7222,15 @@ paths: properties: cluster_alias: type: string + ssl_certificate: + type: string url: type: string username: type: string + verify: + default: false + type: boolean required: - url - cluster_alias -- 2.39.5