Actions
Bug #22784
openKey exported from auth keyring is not imported properly
Status:
Fix Under Review
Priority:
Normal
Assignee:
-
Category:
cephx
Target version:
-
% Done:
0%
Source:
Tags:
mon,cephx,auth
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Description
Exporting a key with " in there is exported to a file, but importing this key again seems to succeed, but the mon caps are missing:
The resulting file contains:
[client.rbd]
key = AQA5R8dWPYvJCxAAvdhxx7UIKzFofSyRb4VrwQ==
caps mon = "allow r, allow command "osd blacklist""
caps osd = "allow class-read object_prefix rbd_children, allow rwx pool=rbd"
If you use this command:
ceph auth import -i client.rbd
The resulting key becomes:
client.rbd
key: AQA5R8dWPYvJCxAAvdhxx7UIKzFofSyRb4VrwQ==
caps: [osd] allow class-read object_prefix rbd_children, allow rwx pool=rbd
The 'mon' caps are lost in this case and that is a problem.
The double quotes are causing problems here.
Updated by Jing Li about 6 years ago
A backslash before double quotation mark would be the solution to this problem.
[client.demo]
key=AQCudM5Z6osGIxAA2+kQKLBohgM3sjpvIfDUHw==
caps mon = "allow r, allow command \"osd blacklist\""
Beside, I think this patch would help to hint if unvalid caps have been passed.
https://github.com/ceph/ceph/pull/19794
Updated by Nathan Cutler about 6 years ago
- Related to Bug #22525: auth: ceph auth add does not sanity-check caps added
Updated by John Spray about 6 years ago
- Status changed from New to Fix Under Review
Actions