mgr/cephadm: add NFS RGW keyring application tag

restrict the OSD keyring caps to the `rgw` application

Signed-off-by: Michael Fritch <mfritch@suse.com>

diff --git a/src/pybind/mgr/cephadm/services/nfs.py b/src/pybind/mgr/cephadm/services/nfs.py
index 21011e1e443af1d196fff3d5c88d869659a68bf3..3eaf50cac6892804c94b3cdc279a5edeff206d8d 100644 (file)
--- a/src/pybind/mgr/cephadm/services/nfs.py
+++ b/src/pybind/mgr/cephadm/services/nfs.py
@@ -149,7 +149,7 @@ class NFSService(CephService):
             'prefix': 'auth get-or-create',
             'entity': entity,
             'caps': ['mon', 'allow r',
-                     'osd', 'allow rwx'],
+                     'osd', 'allow rwx tag rgw *=*'],
         })
 
         return keyring