mon: added 'rbd' profile

author Jason Dillaman <dillaman@redhat.com>

Mon, 26 Jun 2017 20:56:23 +0000 (16:56 -0400)

committer Jason Dillaman <dillaman@redhat.com>

Fri, 21 Jul 2017 18:29:37 +0000 (14:29 -0400)
author Jason Dillaman <dillaman@redhat.com>
Mon, 26 Jun 2017 20:56:23 +0000 (16:56 -0400)
committer Jason Dillaman <dillaman@redhat.com>
Fri, 21 Jul 2017 18:29:37 +0000 (14:29 -0400)
diff --git a/src/mon/MonCap.cc b/src/mon/MonCap.cc

index 7a26b6825ad43c0d1959337f5f9fa24b953a1c0a..b368091a545cb4e32066955a26ae3c841c0aaf5c 100644 (file)
--- a/src/mon/MonCap.cc
+++ b/src/mon/MonCap.cc
@@ -269,6 +269,18 @@ void MonCapGrant::expand_profile_mon(const EntityName& name) const
      profile_grants.push_back(MonCapGrant("osd", MON_CAP_R));
      profile_grants.push_back(MonCapGrant("pg", MON_CAP_R));
    }
+  if (profile == "rbd") {
+    profile_grants.push_back(MonCapGrant("mon", MON_CAP_R));
+    profile_grants.push_back(MonCapGrant("osd", MON_CAP_R));
+    profile_grants.push_back(MonCapGrant("pg", MON_CAP_R));
+
+    // exclusive lock dead-client blacklisting (IP+nonce required)
+    profile_grants.push_back(MonCapGrant("osd blacklist"));
+    profile_grants.back().command_args["blacklistop"] = StringConstraint(
+      StringConstraint::MATCH_TYPE_EQUAL, "add");
+    profile_grants.back().command_args["addr"] = StringConstraint(
+      StringConstraint::MATCH_TYPE_REGEX, "^[^/]/[0-9]*$");
+  }
  
    if (profile == "role-definer") {
      // grants ALL caps to the auth subsystem, read-only on the
author	Jason Dillaman <dillaman@redhat.com>
	Mon, 26 Jun 2017 20:56:23 +0000 (16:56 -0400)
committer	Jason Dillaman <dillaman@redhat.com>
	Fri, 21 Jul 2017 18:29:37 +0000 (14:29 -0400)