Do not grant caps if pool name is empty
The openstack_keys map can have permissions for an empty pool which results in an invalid kerying. Co-Authored-By: Giulio Fidente <gfidente@redhat.com> Change-Id: Ic5ae53d9ab52ea5e7c3f75a240a7a7f4bb5632ba Closes-Bug: 1776987
This commit is contained in:
parent
e65889dff2
commit
9746e2f9bb
@ -256,23 +256,23 @@ resources:
|
|||||||
mgr: "allow *"
|
mgr: "allow *"
|
||||||
mon: "profile rbd"
|
mon: "profile rbd"
|
||||||
osd:
|
osd:
|
||||||
str_replace:
|
list_join:
|
||||||
template: 'profile rbd pool=CEPH_CLIENT_POOLS'
|
- ', '
|
||||||
params:
|
- repeat:
|
||||||
CEPH_CLIENT_POOLS:
|
template: 'profile rbd pool=<%pool%>'
|
||||||
list_join:
|
for_each:
|
||||||
- ', profile rbd pool='
|
<%pool%>:
|
||||||
- list_concat_unique:
|
list_concat_unique:
|
||||||
- - {get_param: CinderRbdPoolName}
|
- - {get_param: CinderRbdPoolName}
|
||||||
- {get_param: CinderBackupRbdPoolName}
|
- {get_param: CinderBackupRbdPoolName}
|
||||||
- {get_param: NovaRbdPoolName}
|
- {get_param: NovaRbdPoolName}
|
||||||
- {get_param: GlanceRbdPoolName}
|
- {get_param: GlanceRbdPoolName}
|
||||||
- {get_param: GnocchiRbdPoolName}
|
- {get_param: GnocchiRbdPoolName}
|
||||||
# CinderRbdExtraPools is a list (do not indent further)
|
# CinderRbdExtraPools is a list (do not indent further)
|
||||||
- {get_param: CinderRbdExtraPools}
|
- {get_param: CinderRbdExtraPools}
|
||||||
- yaql:
|
- yaql:
|
||||||
data: {get_param: CephPools}
|
data: {get_param: CephPools}
|
||||||
expression: $.data.select($.name)
|
expression: $.data.select($.name)
|
||||||
mode: "0600"
|
mode: "0600"
|
||||||
- name:
|
- name:
|
||||||
list_join:
|
list_join:
|
||||||
|
Loading…
Reference in New Issue
Block a user