From b72936d72792dc28c3fcf6cf27da9a2b423d0207 Mon Sep 17 00:00:00 2001
From: Chris MacNaughton <chris.macnaughton@canonical.com>
Date: Wed, 16 Oct 2019 14:01:03 +0200
Subject: [PATCH] Sync charms.ceph to add new permission request to broker

Change-Id: Id5023785fc748e44978b669db5b79c6c40e88de5
Depends-On: Ifd341bd80833d4a7fd62e89e3c0e2b7fd64fafba
---
 lib/ceph/broker.py | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/lib/ceph/broker.py b/lib/ceph/broker.py
index 3226f4cc..bae74a12 100644
--- a/lib/ceph/broker.py
+++ b/lib/ceph/broker.py
@@ -212,6 +212,18 @@ def handle_add_permissions_to_key(request, service):
     return resp
 
 
+def handle_set_key_permissions(request, service):
+    """Ensure the key has the requested permissions."""
+    permissions = request.get('permissions')
+    client = request.get('client')
+    call = ['ceph', '--id', service, 'auth', 'caps',
+            'client.{}'.format(client)] + permissions
+    try:
+        check_call(call)
+    except CalledProcessError as e:
+        log("Error updating key capabilities: {}".format(e), level=ERROR)
+
+
 def update_service_permissions(service, service_obj=None, namespace=None):
     """Update the key permissions for the named client in Ceph"""
     if not service_obj:
@@ -866,6 +878,8 @@ def process_requests_v1(reqs):
             ret = handle_put_osd_in_bucket(request=req, service=svc)
         elif op == "add-permissions-to-key":
             ret = handle_add_permissions_to_key(request=req, service=svc)
+        elif op == 'set-key-permissions':
+            ret = handle_set_key_permissions(request=req, service=svc)
         else:
             msg = "Unknown operation '{}'".format(op)
             log(msg, level=ERROR)