Merge "Only upgrade keys for internal clients"

2023-07-26 19:25:50 +00:00 · 2023-07-26 19:25:50 +00:00 · 571659f4a3
parent 3afdbc586c 44520d2330
commit 571659f4a3
2 changed files with 8 additions and 1 deletions
--- a/charms_ceph/utils.py
+++ b/charms_ceph/utils.py
@ -1223,6 +1223,11 @@ def get_upgrade_key():
    return get_named_key('upgrade-osd', _upgrade_caps)


+def is_internal_client(name):
+    keys = ('osd-upgrade', 'osd-removal', 'admin', 'rbd-mirror', 'mds')
+    return any(name.startswith(key) for key in keys)
+
+
 def get_named_key(name, caps=None, pool_list=None):
    """Retrieve a specific named cephx key.

@ -1236,7 +1241,8 @@ def get_named_key(name, caps=None, pool_list=None):

    key = ceph_auth_get(key_name)
    if key:
-        upgrade_key_caps(key_name, caps)
+        if is_internal_client(name):
+            upgrade_key_caps(key_name, caps)
        return key

    log("Creating new key for {}".format(name), level=DEBUG)
--- a/unit_tests/test_utils.py
+++ b/unit_tests/test_utils.py
@ -538,6 +538,7 @@ class CephTestCase(unittest.TestCase):
    @patch.object(utils.socket, "gethostname", lambda: "osd001")
    def test_get_named_key_with_pool(self, mock_check_output):
        mock_check_output.side_effect = [CalledProcessError(0, 0, 0), b""]
+        utils.ceph_auth_get.cache_clear()
        utils.get_named_key(name="rgw001", pool_list=["rbd", "block"])
        mock_check_output.assert_has_calls([
            call(['sudo', '-u', 'ceph', 'ceph', '--name',