Actions
Feature #15070
closedmon: client: multifs: auth caps on client->mon connections to limit their access to MDSMaps by FSCID
% Done:
0%
Source:
Development
Tags:
Backport:
Reviewed:
Affected Versions:
Component(FS):
Common/Protocol, MDSMonitor, qa-suite
Labels (FS):
multifs, task(medium)
Pull request ID:
Description
Currently clients with 'mds allow r' capabilities can see any MDSMap.
We would like to be able to craft client auth caps that restrict them to only being able to see a specific set of MDSMaps. This would also restrict their ability to look up FSCIDs from filesystem names (http://tracker.ceph.com/issues/15067)
I think something like "mds r fscid=<fscid>" would make sense.
Updated by Greg Farnum almost 8 years ago
- Subject changed from multifs: auth caps on client->mon connections to limit their access to MDSMaps by FSCID to mon: client: multifs: auth caps on client->mon connections to limit their access to MDSMaps by FSCID
- Category changed from 46 to 93
Updated by Patrick Donnelly over 6 years ago
- Blocks Feature #22477: multifs: remove multifs experimental warnings added
Updated by Patrick Donnelly over 6 years ago
- Related to Feature #15071: mds: client: multifs: auth caps on client->MDS connections to limit by FSCID added
Updated by Patrick Donnelly over 6 years ago
- Blocks deleted (Feature #22477: multifs: remove multifs experimental warnings)
Updated by Patrick Donnelly about 6 years ago
- Category deleted (
93) - Tags set to multifs
Updated by Patrick Donnelly almost 6 years ago
- Blocks Feature #22477: multifs: remove multifs experimental warnings added
Updated by Patrick Donnelly almost 6 years ago
- Priority changed from Normal to High
- Target version set to v14.0.0
- Source changed from other to Development
- Tags deleted (
multifs) - Component(FS) Common/Protocol, MDSMonitor, qa-suite added
- Labels (FS) multifs, task(medium) added
Updated by Patrick Donnelly about 5 years ago
- Assignee set to Zheng Yan
- Start date deleted (
03/11/2016)
Updated by Patrick Donnelly about 5 years ago
- Target version changed from v14.0.0 to v15.0.0
Updated by Douglas Fuller about 5 years ago
- Status changed from New to Fix Under Review
Updated by Ramana Raja over 4 years ago
- Assignee changed from Douglas Fuller to Ramana Raja
Updated by Douglas Fuller over 4 years ago
also see branch wip-djf-15070-rebase on https://github.com/fullerdj/ceph/
Updated by Patrick Donnelly over 4 years ago
- Assignee changed from Ramana Raja to Rishabh Dave
Giving this to Rishabh as discussed.
Updated by Patrick Donnelly about 4 years ago
- Pull request ID changed from 26855 to 32581
Updated by Patrick Donnelly about 4 years ago
- Target version changed from v15.0.0 to v16.0.0
Updated by Rishabh Dave over 3 years ago
- Related to Feature #47264: "fs authorize" subcommand should work for multiple FSs too added
Updated by Patrick Donnelly over 3 years ago
- Status changed from Fix Under Review to Resolved
Actions