Project

General

Profile

Actions
Copy link

Bug #10974

closed

missing pool= in osd caps is validated but breaks access

Added by Dan van der Ster about 9 years ago. Updated almost 7 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
cephx
Target version:
-
% Done:

0%

Source:
Community (user)
Tags:
Backport:
firefly
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:
Crash signature (v1):
Crash signature (v2):

Description

Hi,
Using firefly 0.80.8....

When trying to add rwx cap for a new pool (pool3), I managed to break the accept for this keyring. The new cap was:

caps osd "allow class-read object_prefix rbd_children, allow rwx pool=pool1, allow rx pool=pool2, allow rwx pool3"

(Note that I missed the "pool="). The cap was accepted and stored in the mons, but then access to pool1, pool2 (and pool3...) were denied. I guess the whole osd cap string became corrupted somehow. After correcting the caps string to 

caps osd "allow class-read object_prefix rbd_children, allow rwx pool=pool1, allow rx pool=pool2, allow rwx pool=pool3"

then it worked again.

Are caps validated (from the CLI) in firefly 0.80.8? Did omitting pool= somehow slip through this validation?

Cheers, Dan

Related issues 1 (0 open1 closed)

Is duplicate of Ceph - Bug #10923: Syntax validation of ceph auth capsDuplicate02/20/2015

Actions
Actions
Copy link
 #1

Updated by Greg Farnum almost 7 years ago

  • Is duplicate of Bug #10923: Syntax validation of ceph auth caps added
Actions
Copy link
 #2

Updated by Greg Farnum almost 7 years ago

  • Status changed from New to Duplicate
Actions
Copy link

Also available in: Atom PDF