Project

General

Profile

Feature #15070

mon: client: multifs: auth caps on client->mon connections to limit their access to MDSMaps by FSCID

Added by John Spray over 4 years ago. Updated 5 months ago.

Status:
Fix Under Review
Priority:
High
Assignee:
Category:
-
Target version:
% Done:

0%

Source:
Development
Tags:
Backport:
Reviewed:
Affected Versions:
Component(FS):
Common/Protocol, MDSMonitor, qa-suite
Labels (FS):
multifs, task(medium)
Pull request ID:

Description

Currently clients with 'mds allow r' capabilities can see any MDSMap.

We would like to be able to craft client auth caps that restrict them to only being able to see a specific set of MDSMaps. This would also restrict their ability to look up FSCIDs from filesystem names (http://tracker.ceph.com/issues/15067)

I think something like "mds r fscid=<fscid>" would make sense.


Related issues

Related to fs - Feature #15071: mds: client: multifs: auth caps on client->MDS connections to limit by FSCID New 03/11/2016
Blocks fs - Feature #22477: multifs: remove multifs experimental warnings New 12/19/2017

History

#1 Updated by Greg Farnum about 4 years ago

  • Subject changed from multifs: auth caps on client->mon connections to limit their access to MDSMaps by FSCID to mon: client: multifs: auth caps on client->mon connections to limit their access to MDSMaps by FSCID
  • Category changed from 46 to 93

#2 Updated by Patrick Donnelly over 2 years ago

  • Blocks Feature #22477: multifs: remove multifs experimental warnings added

#3 Updated by Patrick Donnelly over 2 years ago

  • Related to Feature #15071: mds: client: multifs: auth caps on client->MDS connections to limit by FSCID added

#4 Updated by Patrick Donnelly over 2 years ago

  • Blocks deleted (Feature #22477: multifs: remove multifs experimental warnings)

#5 Updated by Patrick Donnelly about 2 years ago

  • Category deleted (93)
  • Tags set to multifs

#6 Updated by Patrick Donnelly about 2 years ago

  • Blocks Feature #22477: multifs: remove multifs experimental warnings added

#7 Updated by Patrick Donnelly about 2 years ago

  • Priority changed from Normal to High
  • Target version set to v14.0.0
  • Source changed from other to Development
  • Tags deleted (multifs)
  • Component(FS) Common/Protocol, MDSMonitor, qa-suite added
  • Labels (FS) multifs, task(medium) added

#8 Updated by Patrick Donnelly over 1 year ago

  • Assignee set to Zheng Yan
  • Start date deleted (03/11/2016)

#9 Updated by Patrick Donnelly over 1 year ago

  • Assignee deleted (Zheng Yan)

#10 Updated by Patrick Donnelly over 1 year ago

  • Assignee set to Douglas Fuller

#11 Updated by Patrick Donnelly over 1 year ago

  • Description updated (diff)

#12 Updated by Patrick Donnelly over 1 year ago

  • Target version changed from v14.0.0 to v15.0.0

#13 Updated by Douglas Fuller over 1 year ago

  • Status changed from New to Fix Under Review

#14 Updated by Patrick Donnelly over 1 year ago

  • Pull request ID set to 26855

#15 Updated by Ramana Raja 7 months ago

  • Assignee changed from Douglas Fuller to Ramana Raja

#16 Updated by Douglas Fuller 7 months ago

also see branch wip-djf-15070-rebase on https://github.com/fullerdj/ceph/

#17 Updated by Patrick Donnelly 7 months ago

  • Assignee changed from Ramana Raja to Rishabh Dave

Giving this to Rishabh as discussed.

#18 Updated by Patrick Donnelly 5 months ago

  • Pull request ID changed from 26855 to 32581

#19 Updated by Patrick Donnelly 5 months ago

  • Target version changed from v15.0.0 to v16.0.0

Also available in: Atom PDF