From: Sage Weil <sage@redhat.com>
Date: Mon, 13 Mar 2017 12:22:42 +0000 (-0400)
Subject: mon/MonCap: add bootstrap-mgr profile
X-Git-Tag: v12.0.2~252^2~28
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=bfc38f786ca85665be95ef1c9d7916059f7555a9;p=ceph.git

mon/MonCap: add bootstrap-mgr profile

Signed-off-by: Sage Weil <sage@redhat.com>
---

diff --git a/src/mon/MonCap.cc b/src/mon/MonCap.cc
index 7f3582976b5c..7f6fdab4fd2b 100644
--- a/src/mon/MonCap.cc
+++ b/src/mon/MonCap.cc
@@ -218,6 +218,14 @@ void MonCapGrant::expand_profile_mon(const EntityName& name) const
     profile_grants.back().command_args["caps_osd"] = StringConstraint("allow rwx", "");
     profile_grants.back().command_args["caps_mds"] = StringConstraint("allow", "");
   }
+  if (profile == "bootstrap-mgr") {
+    profile_grants.push_back(MonCapGrant("mon", MON_CAP_R));  // read monmap
+    profile_grants.push_back(MonCapGrant("osd", MON_CAP_R));  // read osdmap
+    profile_grants.push_back(MonCapGrant("mon getmap"));
+    profile_grants.push_back(MonCapGrant("auth get-or-create"));  // FIXME: this can expose other mgr keys
+    profile_grants.back().command_args["entity"] = StringConstraint("", "mgr.");
+    profile_grants.back().command_args["caps_mon"] = StringConstraint("allow profile mgr", "");
+  }
   if (profile == "bootstrap-rgw") {
     profile_grants.push_back(MonCapGrant("mon", MON_CAP_R));  // read monmap
     profile_grants.push_back(MonCapGrant("osd", MON_CAP_R));  // read osdmap