Project

General

Profile

Feature #15070

mon: client: multifs: auth caps on client->mon connections to limit their access to MDSMaps by FSCID

Added by John Spray almost 3 years ago. Updated 29 days ago.

Status:
New
Priority:
High
Category:
-
Target version:
Start date:
Due date:
% Done:

0%

Source:
Development
Tags:
Backport:
Reviewed:
Affected Versions:
Component(FS):
Common/Protocol, MDSMonitor, qa-suite
Labels (FS):
multifs, task(medium)
Pull request ID:

Description

Currently clients with 'mds allow r' capabilities can see any MDSMap.

We would like to be able to craft client auth caps that restrict them to only being able to see a specific set of MDSMaps. This would also restrict their ability to look up FSCIDs from filesystem names (http://tracker.ceph.com/issues/15067)

I think something like "mds r fscid=<fscid>" would make sense.


Related issues

Related to fs - Feature #15071: mds: client: multifs: auth caps on client->MDS connections to limit by FSCID New 03/11/2016
Blocks fs - Feature #22477: multifs: remove experimental warnings New 12/19/2017

History

#1 Updated by Greg Farnum over 2 years ago

  • Subject changed from multifs: auth caps on client->mon connections to limit their access to MDSMaps by FSCID to mon: client: multifs: auth caps on client->mon connections to limit their access to MDSMaps by FSCID
  • Category changed from 46 to 93

#2 Updated by Patrick Donnelly about 1 year ago

#3 Updated by Patrick Donnelly about 1 year ago

  • Related to Feature #15071: mds: client: multifs: auth caps on client->MDS connections to limit by FSCID added

#4 Updated by Patrick Donnelly about 1 year ago

  • Blocks deleted (Feature #22477: multifs: remove experimental warnings)

#5 Updated by Patrick Donnelly 11 months ago

  • Category deleted (93)
  • Tags set to multifs

#6 Updated by Patrick Donnelly 9 months ago

#7 Updated by Patrick Donnelly 9 months ago

  • Priority changed from Normal to High
  • Target version set to v14.0.0
  • Source changed from other to Development
  • Tags deleted (multifs)
  • Component(FS) Common/Protocol, MDSMonitor, qa-suite added
  • Labels (FS) multifs, task(medium) added

#8 Updated by Patrick Donnelly 29 days ago

  • Assignee set to Zheng Yan
  • Start date deleted (03/11/2016)

#9 Updated by Patrick Donnelly 29 days ago

  • Assignee deleted (Zheng Yan)

#10 Updated by Patrick Donnelly 29 days ago

  • Assignee set to Douglas Fuller

#11 Updated by Patrick Donnelly 29 days ago

  • Description updated (diff)

Also available in: Atom PDF