From: Sage Weil <sage@redhat.com>
Date: Tue, 14 Mar 2017 02:41:37 +0000 (-0400)
Subject: mon/AuthMonitor: fix mgr mon caps to 'allow profile mgr'
X-Git-Tag: v12.0.2~252^2~24
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=880dc2d8d31a2e0432aa69444bb3d6def1f59b87;p=ceph.git

mon/AuthMonitor: fix mgr mon caps to 'allow profile mgr'

Signed-off-by: Sage Weil <sage@redhat.com>
---

diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc
index dcee3c11f7e7..48f334a00644 100644
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -1134,6 +1134,26 @@ void AuthMonitor::upgrade_format()
 	auth_inc.op = KeyServerData::AUTH_INC_ADD;
 	push_cephx_inc(auth_inc);
       }
+
+      if (n.find("mgr.") == 0 &&
+	  p->second.caps.count("mon")) {
+	// the kraken ceph-mgr@.service set the mon cap to 'allow *'.
+	auto blp = p->second.caps["mon"].begin();
+	string oldcaps;
+	::decode(oldcaps, blp);
+	if (oldcaps == "allow *") {
+	  dout(5) << " fixing " << n << " mon cap to 'allow profile mgr'"
+		  << dendl;
+	  bufferlist bl;
+	  ::encode("allow profile mgr", bl);
+	  KeyServerData::Incremental auth_inc;
+	  auth_inc.name = p->first;
+	  auth_inc.auth = p->second;
+	  auth_inc.auth.caps["mon"] = bl;
+	  auth_inc.op = KeyServerData::AUTH_INC_ADD;
+	  push_cephx_inc(auth_inc);
+	}
+      }
     }
 
     // add bootstrap key