From 9f8c83f663b39cfbba72809f92f7eb894d96c1d0 Mon Sep 17 00:00:00 2001
From: Victoria Martinez de la Cruz <victoria@redhat.com>
Date: Thu, 22 Apr 2021 15:50:40 +0000
Subject: [PATCH] Fix manila ceph caps

Now that we issue mgr/volume commands and rados
get/put on pool with "ganesha_rados_store_pool_name"
name via a rados client, the auth ID used by the
driver/rados client would need different capabilities.

The auth ID will now require:

mon 'allow r'
mgr 'allow rw'
osd 'allow rw pool=<ganesha_rados_store_pool_name>"

The driver's auth ID does not need any MDS capability,
requires reduced MON and OSD capability, and extra write
capability for MGR.

Closes-Bug: #1925525
Change-Id: Ib3015442eb4633fb208eb10af1f4150f189c3e14
---
 inventory/group_vars/all/ceph.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inventory/group_vars/all/ceph.yml b/inventory/group_vars/all/ceph.yml
index 44a4f6c486..5f21a769c3 100644
--- a/inventory/group_vars/all/ceph.yml
+++ b/inventory/group_vars/all/ceph.yml
@@ -54,5 +54,5 @@ openstack_keys:
   - { name: client.cinder, caps: { mon: "profile rbd", osd: "allow class-read object_prefix rbd_children, profile rbd pool={{ openstack_cinder_pool.name }}, profile rbd pool={{ openstack_nova_pool.name }}, profile rbd pool={{ openstack_glance_pool.name }}"}, mode: "0600" }
   - { name: client.cinder-backup, caps: { mon: "profile rbd", osd: "profile rbd pool={{ openstack_cinder_backup_pool.name }}"}, mode: "0600" }
   - { name: client.gnocchi, caps: { mon: "profile rbd", osd: "profile rbd pool={{ openstack_gnocchi_pool.name }}"}, mode: "0600", }
-  - { name: client.manila, caps: { mon: "allow r, allow command 'auth del', allow command 'auth caps', allow command 'auth get', allow command 'auth get-or-create'", mgr: "allow r", mds: "allow *", osd: "allow rw"}, mode: "0600", }
+  - { name: client.manila, caps: { mon: "allow r", mgr: "allow rw", osd: "allow rw pool={{ openstack_cephfs_data_pool.name }}"}, mode: "0600", }
   - { name: client.openstack, caps: { mon: "profile rbd", osd: "profile rbd pool={{ openstack_glance_pool.name }}, profile rbd pool={{ openstack_nova_pool.name }}, profile rbd pool={{ openstack_cinder_pool.name }}, profile rbd pool={{ openstack_cinder_backup_pool.name }}"}, mode: "0600" }