From: John Spray <john.spray@redhat.com>
Date: Wed, 11 Apr 2018 16:08:39 +0000 (-0400)
Subject: mon: grant mgr profile "config" commands
X-Git-Tag: v13.1.0~143^2~13
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=f2b340a84290874b2b82a237c4d11d5de4c7523c;p=ceph.git

mon: grant mgr profile "config" commands

...and remove redundant config-key lines (these are applied
to mgr anyway in the next block, and mgr even has a broader
config-key permission in the line above).

Signed-off-by: John Spray <john.spray@redhat.com>
---

diff --git a/src/mon/MonCap.cc b/src/mon/MonCap.cc
index ef2872aea1d49..73f4a07ad03dd 100644
--- a/src/mon/MonCap.cc
+++ b/src/mon/MonCap.cc
@@ -198,13 +198,7 @@ void MonCapGrant::expand_profile_mon(const EntityName& name) const
     profile_grants.push_back(MonCapGrant("osd", MON_CAP_R | MON_CAP_W));
     profile_grants.push_back(MonCapGrant("auth", MON_CAP_R | MON_CAP_X));
     profile_grants.push_back(MonCapGrant("config-key", MON_CAP_R | MON_CAP_W));
-    StringConstraint constraint(StringConstraint::MATCH_TYPE_PREFIX,
-                                "daemon-private/mgr/");
-    profile_grants.push_back(MonCapGrant("config-key get", "key", constraint));
-    profile_grants.push_back(MonCapGrant("config-key set", "key", constraint));
-    profile_grants.push_back(MonCapGrant("config-key put", "key", constraint));
-    profile_grants.push_back(MonCapGrant("config-key exists", "key", constraint));
-    profile_grants.push_back(MonCapGrant("config-key delete", "key", constraint));
+    profile_grants.push_back(MonCapGrant("config", MON_CAP_R | MON_CAP_W));
   }
   if (profile == "osd" || profile == "mds" || profile == "mon" ||
       profile == "mgr") {