Actions
Bug #10923
closedSyntax validation of ceph auth caps
Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
cephx
Target version:
-
% Done:
0%
Source:
other
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
Ceph auth caps validation of syntax is weak.
ceph auth caps client.ceph0-nfs0 mon 'allow r' osd 'allow * pool=Backups-Hybrid, allow * pool=General-Storage, allow * Backups-DVS
Can see it loaded and is available here:
[ceph@ceph0-mon0 ~]$ ceph auth get client.ceph0-nfs0 exported keyring for client.ceph0-nfs0 [client.ceph0-nfs0] key = AQB2qOJUSEfXBxAADkvppPquK9ttJrm7UX1IiA== caps mon = "allow r" caps osd = "allow * pool=Backups-Hybrid, allow * pool=General-Storage, allow * Backups-DVS"
But authentication fails for this keyring now.
Correct syntax should be:
ceph auth caps client.ceph0-nfs0 mon 'allow r' osd 'allow * pool=Backups-Hybrid, allow * pool=General-Storage, allow * pool=Backups-DVS
Loaded:
[ceph@ceph0-mon0 ~]$ ceph auth get client.ceph0-nfs0 exported keyring for client.ceph0-nfs0 [client.ceph0-nfs0] key = AQB2qOJUSEfXBxAADkvppPquK9ttJrm7UX1IiA== caps mon = "allow r" caps osd = "allow * pool=Backups-Hybrid, allow * pool=General-Storage, allow * pool=Backups-DVS"
Actions