From fb4ded8271c2da9463fa92e87be43be901279735 Mon Sep 17 00:00:00 2001
From: John Mulligan <jmulligan@redhat.com>
Date: Fri, 18 Jul 2025 12:20:29 -0400
Subject: [PATCH] mgr/cephadm: enable setting up SSL/TLS files for keybridge
 sidecar

Signed-off-by: John Mulligan <jmulligan@redhat.com>
---
 src/pybind/mgr/cephadm/services/smb.py | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/src/pybind/mgr/cephadm/services/smb.py b/src/pybind/mgr/cephadm/services/smb.py
index ef945d9b1f43..975c30a1e31d 100644
--- a/src/pybind/mgr/cephadm/services/smb.py
+++ b/src/pybind/mgr/cephadm/services/smb.py
@@ -183,6 +183,23 @@ class SMBService(CephService):
                 'remote_control.ca.crt',
                 self._cert_or_uri(smb_spec.remote_control_ca_cert),
             )
+        if 'keybridge' in smb_spec.features:
+            files = config_blobs.setdefault('files', {})
+            _add_cfg(
+                files,
+                'keybridge.ssl.crt',
+                self._cert_or_uri(smb_spec.keybridge_kmip_ssl_cert),
+            )
+            _add_cfg(
+                files,
+                'keybridge.ssl.key',
+                self._cert_or_uri(smb_spec.keybridge_kmip_ssl_key),
+            )
+            _add_cfg(
+                files,
+                'keybridge.ca.crt',
+                self._cert_or_uri(smb_spec.keybridge_kmip_ca_cert),
+            )
         for ext_cluster in smb_spec.ceph_cluster_configs or []:
             files = config_blobs.setdefault('files', {})
             c_name = f'{ext_cluster.alias}.ceph.conf'
-- 
2.47.3