From d400677765b05777ad4f482919f62e4ec4e13cbf Mon Sep 17 00:00:00 2001
From: Michael Fritch <mfritch@suse.com>
Date: Wed, 28 Oct 2020 13:26:29 -0600
Subject: [PATCH] mgr/cephadm: add NFS RGW keyring application tag

restrict the OSD keyring caps to the `rgw` application

Signed-off-by: Michael Fritch <mfritch@suse.com>
---
 src/pybind/mgr/cephadm/services/nfs.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/pybind/mgr/cephadm/services/nfs.py b/src/pybind/mgr/cephadm/services/nfs.py
index 21011e1e443a..3eaf50cac689 100644
--- a/src/pybind/mgr/cephadm/services/nfs.py
+++ b/src/pybind/mgr/cephadm/services/nfs.py
@@ -149,7 +149,7 @@ class NFSService(CephService):
             'prefix': 'auth get-or-create',
             'entity': entity,
             'caps': ['mon', 'allow r',
-                     'osd', 'allow rwx'],
+                     'osd', 'allow rwx tag rgw *=*'],
         })
 
         return keyring
-- 
2.47.3