Commit c10e1d52 authored by Jenkins's avatar Jenkins Committed by Gerrit Code Review

Merge "Allows mgr caps to be added to keys."

parents 710364b4 5db96f87
......@@ -47,6 +47,10 @@
# Optional. e.g. 'allow *'
# Defaults to 'undef'.
#
# [*cap_mgr*] cephx capabilities for MGR access.
# Optional. e.g. 'allow *'
# Defaults to 'undef'.
#
# [*user*] Owner of the *keyring_path* file.
# Optional. Defaults to 'root'.
#
......@@ -77,6 +81,7 @@ define ceph::key (
$cap_mon = undef,
$cap_osd = undef,
$cap_mds = undef,
$cap_mgr = undef,
$user = 'root',
$group = 'root',
$mode = '0600',
......@@ -107,8 +112,13 @@ define ceph::key (
} else {
$mds_caps = ''
}
if $cap_mgr {
$mgr_caps = "--cap mgr '${cap_mgr}' "
} else {
$mgr_caps = ''
}
$caps = "${mon_caps}${osd_caps}${mds_caps}"
$caps = "${mon_caps}${osd_caps}${mds_caps}${mgr_caps}"
# this allows multiple defines for the same 'keyring file',
# which is supported by ceph-authtool
......
---
fixes:
- Bug 1720864 Allow setting optional manager capabilities on keys.
......@@ -38,13 +38,14 @@ describe 'ceph::key' do
:group => 'nogroup',
:cap_mon => 'allow *',
:cap_osd => 'allow rw',
:cap_mgr => 'allow *',
:inject => true,
}
end
it {
is_expected.to contain_exec('ceph-key-client.admin').with(
'command' => "/bin/true # comment to satisfy puppet syntax requirements\nset -ex\nceph-authtool /etc/ceph/ceph.client.admin.keyring --name 'client.admin' --add-key 'supersecret' --cap mon 'allow *' --cap osd 'allow rw' "
'command' => "/bin/true # comment to satisfy puppet syntax requirements\nset -ex\nceph-authtool /etc/ceph/ceph.client.admin.keyring --name 'client.admin' --add-key 'supersecret' --cap mon 'allow *' --cap osd 'allow rw' --cap mgr 'allow *' "
)
is_expected.to contain_file('/etc/ceph/ceph.client.admin.keyring').with(
'owner' => 'nobody',
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment