Actions
Bug #10974
closedmissing pool= in osd caps is validated but breaks access
Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
cephx
Target version:
-
% Done:
0%
Source:
Community (user)
Tags:
Backport:
firefly
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
Hi,
Using firefly 0.80.8....
When trying to add rwx cap for a new pool (pool3), I managed to break the accept for this keyring. The new cap was:
caps osd "allow class-read object_prefix rbd_children, allow rwx pool=pool1, allow rx pool=pool2, allow rwx pool3"
(Note that I missed the "pool="). The cap was accepted and stored in the mons, but then access to pool1, pool2 (and pool3...) were denied. I guess the whole osd cap string became corrupted somehow. After correcting the caps string to
caps osd "allow class-read object_prefix rbd_children, allow rwx pool=pool1, allow rx pool=pool2, allow rwx pool=pool3"
then it worked again.
Are caps validated (from the CLI) in firefly 0.80.8? Did omitting pool= somehow slip through this validation?
Cheers, Dan
Updated by Greg Farnum almost 7 years ago
- Is duplicate of Bug #10923: Syntax validation of ceph auth caps added
Actions