Key capabilities should be kept up to date
When capabilities are only ever set on key-creation, they can get out of date with what the services need or want over time as new Ceph versions are released, or as clients update their requirements. Closes-Bug: #1968369 Change-Id: I475bd55117e3dc630514c92f6a76260e4f37ae0e
This commit is contained in:
Chris MacNaughton
Felipe Reyes
parent
07671ae83d
commit
7cffb0b7a7
@ -1231,13 +1231,15 @@ def get_named_key(name, caps=None, pool_list=None):
|
||||
:param caps: dict of cephx capabilities
|
||||
:returns: Returns a cephx key
|
||||
"""
|
||||
caps = caps or _default_caps
|
||||
key_name = 'client.{}'.format(name)
|
||||
|
||||
key = ceph_auth_get(key_name)
|
||||
if key:
|
||||
upgrade_key_caps(key_name, caps)
|
||||
return key
|
||||
|
||||
log("Creating new key for {}".format(name), level=DEBUG)
|
||||
caps = caps or _default_caps
|
||||
cmd = [
|
||||
"sudo",
|
||||
"-u",
|
||||
|
||||
Loading…
Reference in New Issue
Block a user