Key capabilities should be kept up to date

When capabilities are only ever set on key-creation, they can get out of date with what the services need or want over time as new Ceph versions are released, or as clients update their requirements. Closes-Bug: #1968369 Change-Id: I475bd55117e3dc630514c92f6a76260e4f37ae0e
2022-06-30 17:58:48 +02:00 · 2022-06-30 17:58:48 +02:00 · 7cffb0b7a7
commit 7cffb0b7a7
parent 07671ae83d
1 changed files with 3 additions and 1 deletions
--- a/charms_ceph/utils.py
+++ b/charms_ceph/utils.py
@ -1231,13 +1231,15 @@ def get_named_key(name, caps=None, pool_list=None):
    :param caps: dict of cephx capabilities
    :returns: Returns a cephx key
    """
+    caps = caps or _default_caps
    key_name = 'client.{}'.format(name)
+
    key = ceph_auth_get(key_name)
    if key:
+        upgrade_key_caps(key_name, caps)
        return key

    log("Creating new key for {}".format(name), level=DEBUG)
-    caps = caps or _default_caps
    cmd = [
        "sudo",
        "-u",