From f1727f028d5684b57616650a9cd6c9d2ecb89294 Mon Sep 17 00:00:00 2001 From: Aashish Sharma Date: Wed, 11 Jan 2023 16:29:35 +0530 Subject: [PATCH] mgr/dashboard: rgw server side encryption daemon name fix The config values for the server side encryption currently are wrongly set to the mon daemon by default. This PR intends to fix this issue Fixes: https://tracker.ceph.com/issues/58419 Signed-off-by: Aashish Sharma --- .../mgr/dashboard/services/ceph_service.py | 31 ++++++++++--------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/src/pybind/mgr/dashboard/services/ceph_service.py b/src/pybind/mgr/dashboard/services/ceph_service.py index 0e2d0cb0bdc84..6a429eee3a75f 100644 --- a/src/pybind/mgr/dashboard/services/ceph_service.py +++ b/src/pybind/mgr/dashboard/services/ceph_service.py @@ -189,27 +189,28 @@ class CephService(object): kms_backend: str = '' sse_s3_backend: str = '' vault_stats = [] + full_daemon_name = 'rgw.' + daemon_name kms_backend = CephService.send_command('mon', 'config get', - who=name_to_config_section(daemon_name), + who=name_to_config_section(full_daemon_name), key='rgw_crypt_s3_kms_backend') sse_s3_backend = CephService.send_command('mon', 'config get', - who=name_to_config_section(daemon_name), + who=name_to_config_section(full_daemon_name), key='rgw_crypt_sse_s3_backend') if kms_backend.strip() == 'vault': kms_vault_auth: str = CephService.send_command('mon', 'config get', - who=name_to_config_section(daemon_name), + who=name_to_config_section(full_daemon_name), # noqa E501 #pylint: disable=line-too-long key='rgw_crypt_vault_auth') kms_vault_engine: str = CephService.send_command('mon', 'config get', - who=name_to_config_section(daemon_name), # noqa E501 #pylint: disable=line-too-long + who=name_to_config_section(full_daemon_name), # noqa E501 #pylint: disable=line-too-long key='rgw_crypt_vault_secret_engine') kms_vault_address: str = CephService.send_command('mon', 'config get', - who=name_to_config_section(daemon_name), # noqa E501 #pylint: disable=line-too-long + who=name_to_config_section(full_daemon_name), # noqa E501 #pylint: disable=line-too-long key='rgw_crypt_vault_addr') kms_vault_token: str = CephService.send_command('mon', 'config get', - who=name_to_config_section(daemon_name), - key='rgw_crypt_vault_token_file') + who=name_to_config_section(full_daemon_name), # noqa E501 #pylint: disable=line-too-long + key='rgw_crypt_vault_token_file') # noqa E501 #pylint: disable=line-too-long if ( kms_vault_auth.strip() != "" and kms_vault_engine.strip() != "" @@ -220,18 +221,18 @@ class CephService(object): if sse_s3_backend.strip() == 'vault': s3_vault_auth: str = CephService.send_command('mon', 'config get', - who=name_to_config_section(daemon_name), + who=name_to_config_section(full_daemon_name), # noqa E501 #pylint: disable=line-too-long key='rgw_crypt_sse_s3_vault_auth') s3_vault_engine: str = CephService.send_command('mon', 'config get', - who=name_to_config_section(daemon_name), + who=name_to_config_section(full_daemon_name), # noqa E501 #pylint: disable=line-too-long key='rgw_crypt_sse_s3_vault_secret_engine') # noqa E501 #pylint: disable=line-too-long s3_vault_address: str = CephService.send_command('mon', 'config get', - who=name_to_config_section(daemon_name), # noqa E501 #pylint: disable=line-too-long + who=name_to_config_section(full_daemon_name), # noqa E501 #pylint: disable=line-too-long key='rgw_crypt_sse_s3_vault_addr') s3_vault_token: str = CephService.send_command('mon', 'config get', - who=name_to_config_section(daemon_name), - key='rgw_crypt_sse_s3_vault_token_file') + who=name_to_config_section(full_daemon_name), # noqa E501 #pylint: disable=line-too-long + key='rgw_crypt_sse_s3_vault_token_file') # noqa E501 #pylint: disable=line-too-long if ( s3_vault_auth.strip() != "" and s3_vault_engine.strip() != "" @@ -248,7 +249,7 @@ class CephService(object): def set_encryption_config(cls, encryption_type, kms_provider, auth_method, secret_engine, secret_path, namespace, address, token, daemon_name, ssl_cert, client_cert, client_key): - + full_daemon_name = 'rgw.' + daemon_name if encryption_type == 'aws:kms': KMS_CONFIG = [ @@ -268,7 +269,7 @@ class CephService(object): if value == 'null': continue CephService.send_command('mon', 'config set', - who=name_to_config_section(daemon_name), + who=name_to_config_section(full_daemon_name), name=key, value=value) if encryption_type == 'AES256': @@ -290,7 +291,7 @@ class CephService(object): if value == 'null': continue CephService.send_command('mon', 'config set', - who=name_to_config_section(daemon_name), + who=name_to_config_section(full_daemon_name), name=key, value=value) return {} -- 2.39.5