Merge pull request #1005 from fultonj/cephx

openshift-merge-bot[bot] · web-flow · commit 65f42367cac8 · 2025-01-30T20:48:00.000Z
Use cephx profile rbd in gen-ceph-kustomize.sh
diff --git a/scripts/gen-ceph-kustomize.sh b/scripts/gen-ceph-kustomize.sh
@@ -184,7 +184,7 @@ function create_pool {
 function build_caps {
     local CAPS=""
     for pool in "${CEPH_POOLS[@]}"; do
-        caps="allow rwx pool="$pool
+        caps="profile rbd pool="$pool
         CAPS+=$caps,
     done
     echo "${CAPS::-1}"
@@ -198,11 +198,10 @@ function create_key {
     if [ "${#CEPH_POOLS[@]}" -eq 0 ]; then
         osd_caps="allow *"
     else
-        caps=$(build_caps)
-        osd_caps="allow class-read object_prefix rbd_children, $caps"
+        osd_caps=$(build_caps)
     fi
     # do not log the key if exists
-    oc rsh -n $NAMESPACE ceph ceph auth get-or-create "$client" mgr "allow rw" mon "allow r" osd "$osd_caps" >/dev/null
+    oc rsh -n $NAMESPACE ceph ceph auth get-or-create "$client" mgr "allow *" mon "profile rbd" osd "$osd_caps" >/dev/null
 }
 
 function create_secret {
