mon/MonCap: add 'crash' profile

author Sage Weil <sage@redhat.com>

Sat, 5 Oct 2019 15:50:01 +0000 (10:50 -0500)

committer Sage Weil <sage@redhat.com>

Thu, 10 Oct 2019 12:50:40 +0000 (07:50 -0500)
author Sage Weil <sage@redhat.com>
Sat, 5 Oct 2019 15:50:01 +0000 (10:50 -0500)
committer Sage Weil <sage@redhat.com>
Thu, 10 Oct 2019 12:50:40 +0000 (07:50 -0500)
diff --git a/src/mon/MonCap.cc b/src/mon/MonCap.cc

index 00b3016b3ba5dc4b3c55ba4e410bd000f9666398..8e83823374008bb2d78e720bbfd4a75555993f7f 100644 (file)
--- a/src/mon/MonCap.cc
+++ b/src/mon/MonCap.cc
@@ -177,6 +177,9 @@ void MonCapGrant::expand_profile(int daemon_type, const EntityName& name) const
  
  void MonCapGrant::expand_profile_mgr(const EntityName& name) const
  {
+  if (profile == "crash") {
+    profile_grants.push_back(MonCapGrant("crash post"));
+  }
  }
  
  void MonCapGrant::expand_profile_mon(const EntityName& name) const
@@ -308,7 +311,10 @@ void MonCapGrant::expand_profile_mon(const EntityName& name) const
                                  "rbd/mirror/");
      profile_grants.push_back(MonCapGrant("config-key get", "key", constraint));
    }
-
+  else if (profile == "crash") {
+    // TODO: we could limit this to getting the monmap and mgrmap...
+    profile_grants.push_back(MonCapGrant("mon", MON_CAP_R));
+  }
    if (profile == "role-definer") {
      // grants ALL caps to the auth subsystem, read-only on the
      // monitor subsystem and nothing else.
author	Sage Weil <sage@redhat.com>
	Sat, 5 Oct 2019 15:50:01 +0000 (10:50 -0500)
committer	Sage Weil <sage@redhat.com>
	Thu, 10 Oct 2019 12:50:40 +0000 (07:50 -0500)