openstack
/
tripleo-heat-templates
Code Issues Proposed changes

Do not grant caps if pool name is empty 

The openstack_keys map can have permissions for an empty pool
which results in an invalid kerying.

Co-Authored-By: Giulio Fidente <gfidente@redhat.com>
Change-Id: Ic5ae53d9ab52ea5e7c3f75a240a7a7f4bb5632ba
Closes-Bug: 1776987
This commit is contained in:
Giulio Fidente 2018-06-18 12:13:05 +02:00
parent e65889dff2
commit 9746e2f9bb
1 changed files with 17 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
docker/services/ceph-ansible/ceph-base.yaml
View File

@ -256,23 +256,23 @@ resources:
mgr: "allow *"
mon: "profile rbd"
osd:
str_replace:
template: 'profile rbd pool=CEPH_CLIENT_POOLS'
params:
CEPH_CLIENT_POOLS:
list_join:
- ', profile rbd pool='
- list_concat_unique:
- - {get_param: CinderRbdPoolName}
- {get_param: CinderBackupRbdPoolName}
- {get_param: NovaRbdPoolName}
- {get_param: GlanceRbdPoolName}
- {get_param: GnocchiRbdPoolName}
# CinderRbdExtraPools is a list (do not indent further)
- {get_param: CinderRbdExtraPools}
- yaql:
data: {get_param: CephPools}
expression: $.data.select($.name)
list_join:
- ', '
- repeat:
template: 'profile rbd pool=<%pool%>'
for_each:
<%pool%>:
list_concat_unique:
- - {get_param: CinderRbdPoolName}
- {get_param: CinderBackupRbdPoolName}
- {get_param: NovaRbdPoolName}
- {get_param: GlanceRbdPoolName}
- {get_param: GnocchiRbdPoolName}
# CinderRbdExtraPools is a list (do not indent further)
- {get_param: CinderRbdExtraPools}
- yaql:
data: {get_param: CephPools}
expression: $.data.select($.name)
mode: "0600"
- name:
list_join: