From ede50f505bd172d6fa9a9df51b390ffb27de59e5 Mon Sep 17 00:00:00 2001
From: Sage Weil <sage@redhat.com>
Date: Tue, 1 Oct 2019 10:51:40 -0500
Subject: [PATCH] mon/MonCap: allow mgr to create new auth keys

Signed-off-by: Sage Weil <sage@redhat.com>
---
 src/mon/MonCap.cc | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/mon/MonCap.cc b/src/mon/MonCap.cc
index 006fe839185..c51591ad2af 100644
--- a/src/mon/MonCap.cc
+++ b/src/mon/MonCap.cc
@@ -218,6 +218,9 @@ void MonCapGrant::expand_profile_mon(const EntityName& name) const
     profile_grants.push_back(MonCapGrant("auth", MON_CAP_R | MON_CAP_X));
     profile_grants.push_back(MonCapGrant("config-key", MON_CAP_R | MON_CAP_W));
     profile_grants.push_back(MonCapGrant("config", MON_CAP_R | MON_CAP_W));
+    // ssh orchestrator provisions new daemon keys
+    profile_grants.push_back(MonCapGrant("auth get-or-create"));
+    profile_grants.push_back(MonCapGrant("auth rm"));
   }
   if (profile == "osd" || profile == "mds" || profile == "mon" ||
       profile == "mgr") {
-- 
2.39.5