Allows mgr caps to be added to keys.
Allows setting optional mgr caps on the cephx keys. The mgr caps are required to query the ceph-mgr daemon. Change-Id: I1c4d010b55611377573e4b928ee9527441050d51 Closes-Bug: #1720864
This commit is contained in:
		| @@ -47,6 +47,10 @@ | ||||
| #   Optional. e.g. 'allow *' | ||||
| #   Defaults to 'undef'. | ||||
| # | ||||
| # [*cap_mgr*] cephx capabilities for MGR access. | ||||
| #   Optional. e.g. 'allow *' | ||||
| #   Defaults to 'undef'. | ||||
| # | ||||
| # [*user*] Owner of the *keyring_path* file. | ||||
| #   Optional. Defaults to 'root'. | ||||
| # | ||||
| @@ -77,6 +81,7 @@ define ceph::key ( | ||||
|   $cap_mon = undef, | ||||
|   $cap_osd = undef, | ||||
|   $cap_mds = undef, | ||||
|   $cap_mgr = undef, | ||||
|   $user = 'root', | ||||
|   $group = 'root', | ||||
|   $mode = '0600', | ||||
| @@ -107,8 +112,13 @@ define ceph::key ( | ||||
|   } else { | ||||
|     $mds_caps = '' | ||||
|   } | ||||
|   if $cap_mgr { | ||||
|     $mgr_caps = "--cap mgr '${cap_mgr}' " | ||||
|   } else { | ||||
|     $mgr_caps = '' | ||||
|   } | ||||
|  | ||||
|   $caps = "${mon_caps}${osd_caps}${mds_caps}" | ||||
|   $caps = "${mon_caps}${osd_caps}${mds_caps}${mgr_caps}" | ||||
|  | ||||
|   # this allows multiple defines for the same 'keyring file', | ||||
|   # which is supported by ceph-authtool | ||||
|   | ||||
							
								
								
									
										3
									
								
								releasenotes/notes/add_mgr_caps-56dadf9202ce30b3.yaml
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										3
									
								
								releasenotes/notes/add_mgr_caps-56dadf9202ce30b3.yaml
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,3 @@ | ||||
| --- | ||||
| fixes: | ||||
|   - Bug 1720864 Allow setting optional manager capabilities on keys. | ||||
| @@ -38,13 +38,14 @@ describe 'ceph::key' do | ||||
|           :group   => 'nogroup', | ||||
|           :cap_mon => 'allow *', | ||||
|           :cap_osd => 'allow rw', | ||||
|           :cap_mgr => 'allow *', | ||||
|           :inject  => true, | ||||
|         } | ||||
|       end | ||||
|  | ||||
|       it { | ||||
|         is_expected.to contain_exec('ceph-key-client.admin').with( | ||||
|           'command' => "/bin/true # comment to satisfy puppet syntax requirements\nset -ex\nceph-authtool /etc/ceph/ceph.client.admin.keyring --name 'client.admin' --add-key 'supersecret' --cap mon 'allow *' --cap osd 'allow rw' " | ||||
|           'command' => "/bin/true # comment to satisfy puppet syntax requirements\nset -ex\nceph-authtool /etc/ceph/ceph.client.admin.keyring --name 'client.admin' --add-key 'supersecret' --cap mon 'allow *' --cap osd 'allow rw' --cap mgr 'allow *' " | ||||
|         ) | ||||
|         is_expected.to contain_file('/etc/ceph/ceph.client.admin.keyring').with( | ||||
|           'owner'                   => 'nobody', | ||||
|   | ||||
		Reference in New Issue
	
	Block a user
	 Dan Williams
					Dan Williams