From: Jason Dillaman <dillaman@redhat.com>
Date: Mon, 26 Jun 2017 20:56:23 +0000 (-0400)
Subject: mon: added 'rbd' profile
X-Git-Tag: v12.1.2~162^2~9
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=bdbae2e58990210a20a8adda569a3aeacb247a65;p=ceph.git

mon: added 'rbd' profile

Signed-off-by: Jason Dillaman <dillaman@redhat.com>
---

diff --git a/src/mon/MonCap.cc b/src/mon/MonCap.cc
index 7a26b6825ad4..b368091a545c 100644
--- a/src/mon/MonCap.cc
+++ b/src/mon/MonCap.cc
@@ -269,6 +269,18 @@ void MonCapGrant::expand_profile_mon(const EntityName& name) const
     profile_grants.push_back(MonCapGrant("osd", MON_CAP_R));
     profile_grants.push_back(MonCapGrant("pg", MON_CAP_R));
   }
+  if (profile == "rbd") {
+    profile_grants.push_back(MonCapGrant("mon", MON_CAP_R));
+    profile_grants.push_back(MonCapGrant("osd", MON_CAP_R));
+    profile_grants.push_back(MonCapGrant("pg", MON_CAP_R));
+
+    // exclusive lock dead-client blacklisting (IP+nonce required)
+    profile_grants.push_back(MonCapGrant("osd blacklist"));
+    profile_grants.back().command_args["blacklistop"] = StringConstraint(
+      StringConstraint::MATCH_TYPE_EQUAL, "add");
+    profile_grants.back().command_args["addr"] = StringConstraint(
+      StringConstraint::MATCH_TYPE_REGEX, "^[^/]/[0-9]*$");
+  }
 
   if (profile == "role-definer") {
     // grants ALL caps to the auth subsystem, read-only on the