Request class-read object_prefix rbd_children perm
When using ceph as a backend request the additional privilege class-read on rbd_children. This fixes bug 1696073. Change-Id: I468cfb5026751b96feba013b4e6ae74ff8da38ca Closes-Bug: #1696073
This commit is contained in:
parent
f751b88746
commit
d8de6b6642
|
@ -353,11 +353,17 @@ def get_ceph_request():
|
|||
rq.add_op_create_pool(name=name, replica_count=replicas, weight=weight,
|
||||
group='vms')
|
||||
if config('restrict-ceph-pools'):
|
||||
rq.add_op_request_access_to_group(name="volumes",
|
||||
rq.add_op_request_access_to_group(
|
||||
name="volumes",
|
||||
object_prefix_permissions={'class-read': ['rbd_children']},
|
||||
permission='rwx')
|
||||
rq.add_op_request_access_to_group(name="images",
|
||||
rq.add_op_request_access_to_group(
|
||||
name="images",
|
||||
object_prefix_permissions={'class-read': ['rbd_children']},
|
||||
permission='rwx')
|
||||
rq.add_op_request_access_to_group(name="vms",
|
||||
rq.add_op_request_access_to_group(
|
||||
name="vms",
|
||||
object_prefix_permissions={'class-read': ['rbd_children']},
|
||||
permission='rwx')
|
||||
return rq
|
||||
|
||||
|
|
|
@ -509,9 +509,15 @@ class NovaComputeRelationsTests(CharmTestCase):
|
|||
weight=28,
|
||||
group='vms')
|
||||
mock_request_access.assert_has_calls([
|
||||
call(name='volumes', permission='rwx'),
|
||||
call(name='images', permission='rwx'),
|
||||
call(name='vms', permission='rwx'),
|
||||
call(name='volumes',
|
||||
object_prefix_permissions={'class-read': ['rbd_children']},
|
||||
permission='rwx'),
|
||||
call(name='images',
|
||||
object_prefix_permissions={'class-read': ['rbd_children']},
|
||||
permission='rwx'),
|
||||
call(name='vms',
|
||||
object_prefix_permissions={'class-read': ['rbd_children']},
|
||||
permission='rwx'),
|
||||
])
|
||||
|
||||
@patch.object(hooks, 'service_restart_handler')
|
||||
|
|
Loading…
Reference in New Issue