Documentation #11897
closedDocumentation on ceph auth caps is not specific enough.
0%
Description
Please excuse me if this needs to be under Tracker: Documentation rather than Tracker: Bug. I don't know the semantics for reporting Documentation issues in the Ceph project.
The page: http://ceph.com/docs/master/rados/operations/user-management/#authorization-capabilities
Is not clear enough on how ceph auth caps adds user authorizations. It currently says "The ceph auth caps command allows you to specify a user and change the user’s capabilties. To add capabilities, use the form:"
What it doesn't say is that ceph auth caps does a set/replace versus being additive to the users current capabilities. When trying to test out rbd snapshot of OpenStack VM ephemeral disk code while using separate images and vms pools I ran this command for my glance user, which removed the glance user's authorizations to the images pool:
ceph auth caps client.glance mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=vms'
The documentation should be updated to make it clear that using ceph auth caps to add capabilities is complete replace versus and add.
Now, obviously, if the intent of ceph auth caps is to be additive then this is a bug against that function rather than a documentation update.
I am using ceph 0.80.7