From: Sage Weil <sage@redhat.com>
Date: Tue, 1 Oct 2019 15:51:40 +0000 (-0500)
Subject: mon/MonCap: allow mgr to create new auth keys
X-Git-Tag: v15.1.0~1313^2~41
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=ede50f505bd172d6fa9a9df51b390ffb27de59e5;p=ceph.git

mon/MonCap: allow mgr to create new auth keys

Signed-off-by: Sage Weil <sage@redhat.com>
---

diff --git a/src/mon/MonCap.cc b/src/mon/MonCap.cc
index 006fe839185..c51591ad2af 100644
--- a/src/mon/MonCap.cc
+++ b/src/mon/MonCap.cc
@@ -218,6 +218,9 @@ void MonCapGrant::expand_profile_mon(const EntityName& name) const
     profile_grants.push_back(MonCapGrant("auth", MON_CAP_R | MON_CAP_X));
     profile_grants.push_back(MonCapGrant("config-key", MON_CAP_R | MON_CAP_W));
     profile_grants.push_back(MonCapGrant("config", MON_CAP_R | MON_CAP_W));
+    // ssh orchestrator provisions new daemon keys
+    profile_grants.push_back(MonCapGrant("auth get-or-create"));
+    profile_grants.push_back(MonCapGrant("auth rm"));
   }
   if (profile == "osd" || profile == "mds" || profile == "mon" ||
       profile == "mgr") {