Allows mgr caps to be added to keys.
Allows setting optional mgr caps on the cephx keys. The mgr caps are required to query the ceph-mgr daemon. Change-Id: I1c4d010b55611377573e4b928ee9527441050d51 Closes-Bug: #1720864
This commit is contained in:
parent
cb20c32c0b
commit
5db96f877d
@ -47,6 +47,10 @@
|
||||
# Optional. e.g. 'allow *'
|
||||
# Defaults to 'undef'.
|
||||
#
|
||||
# [*cap_mgr*] cephx capabilities for MGR access.
|
||||
# Optional. e.g. 'allow *'
|
||||
# Defaults to 'undef'.
|
||||
#
|
||||
# [*user*] Owner of the *keyring_path* file.
|
||||
# Optional. Defaults to 'root'.
|
||||
#
|
||||
@ -77,6 +81,7 @@ define ceph::key (
|
||||
$cap_mon = undef,
|
||||
$cap_osd = undef,
|
||||
$cap_mds = undef,
|
||||
$cap_mgr = undef,
|
||||
$user = 'root',
|
||||
$group = 'root',
|
||||
$mode = '0600',
|
||||
@ -107,8 +112,13 @@ define ceph::key (
|
||||
} else {
|
||||
$mds_caps = ''
|
||||
}
|
||||
if $cap_mgr {
|
||||
$mgr_caps = "--cap mgr '${cap_mgr}' "
|
||||
} else {
|
||||
$mgr_caps = ''
|
||||
}
|
||||
|
||||
$caps = "${mon_caps}${osd_caps}${mds_caps}"
|
||||
$caps = "${mon_caps}${osd_caps}${mds_caps}${mgr_caps}"
|
||||
|
||||
# this allows multiple defines for the same 'keyring file',
|
||||
# which is supported by ceph-authtool
|
||||
|
3
releasenotes/notes/add_mgr_caps-56dadf9202ce30b3.yaml
Normal file
3
releasenotes/notes/add_mgr_caps-56dadf9202ce30b3.yaml
Normal file
@ -0,0 +1,3 @@
|
||||
---
|
||||
fixes:
|
||||
- Bug 1720864 Allow setting optional manager capabilities on keys.
|
@ -38,13 +38,14 @@ describe 'ceph::key' do
|
||||
:group => 'nogroup',
|
||||
:cap_mon => 'allow *',
|
||||
:cap_osd => 'allow rw',
|
||||
:cap_mgr => 'allow *',
|
||||
:inject => true,
|
||||
}
|
||||
end
|
||||
|
||||
it {
|
||||
is_expected.to contain_exec('ceph-key-client.admin').with(
|
||||
'command' => "/bin/true # comment to satisfy puppet syntax requirements\nset -ex\nceph-authtool /etc/ceph/ceph.client.admin.keyring --name 'client.admin' --add-key 'supersecret' --cap mon 'allow *' --cap osd 'allow rw' "
|
||||
'command' => "/bin/true # comment to satisfy puppet syntax requirements\nset -ex\nceph-authtool /etc/ceph/ceph.client.admin.keyring --name 'client.admin' --add-key 'supersecret' --cap mon 'allow *' --cap osd 'allow rw' --cap mgr 'allow *' "
|
||||
)
|
||||
is_expected.to contain_file('/etc/ceph/ceph.client.admin.keyring').with(
|
||||
'owner' => 'nobody',
|
||||
|
Loading…
Reference in New Issue
Block a user