Project

General

Profile

Feature #15070

mon: client: multifs: auth caps on client->mon connections to limit their access to MDSMaps by FSCID

Added by John Spray over 3 years ago. Updated 7 months ago.

Status:
Need Review
Priority:
High
Category:
-
Target version:
Start date:
Due date:
% Done:

0%

Source:
Development
Tags:
Backport:
Reviewed:
Affected Versions:
Component(FS):
Common/Protocol, MDSMonitor, qa-suite
Labels (FS):
multifs, task(medium)
Pull request ID:

Description

Currently clients with 'mds allow r' capabilities can see any MDSMap.

We would like to be able to craft client auth caps that restrict them to only being able to see a specific set of MDSMaps. This would also restrict their ability to look up FSCIDs from filesystem names (http://tracker.ceph.com/issues/15067)

I think something like "mds r fscid=<fscid>" would make sense.


Related issues

Related to fs - Feature #15071: mds: client: multifs: auth caps on client->MDS connections to limit by FSCID New 03/11/2016
Blocks fs - Feature #22477: multifs: remove multifs experimental warnings New 12/19/2017

History

#1 Updated by Greg Farnum over 3 years ago

  • Subject changed from multifs: auth caps on client->mon connections to limit their access to MDSMaps by FSCID to mon: client: multifs: auth caps on client->mon connections to limit their access to MDSMaps by FSCID
  • Category changed from 46 to 93

#2 Updated by Patrick Donnelly almost 2 years ago

  • Blocks Feature #22477: multifs: remove multifs experimental warnings added

#3 Updated by Patrick Donnelly over 1 year ago

  • Related to Feature #15071: mds: client: multifs: auth caps on client->MDS connections to limit by FSCID added

#4 Updated by Patrick Donnelly over 1 year ago

  • Blocks deleted (Feature #22477: multifs: remove multifs experimental warnings)

#5 Updated by Patrick Donnelly over 1 year ago

  • Category deleted (93)
  • Tags set to multifs

#6 Updated by Patrick Donnelly over 1 year ago

  • Blocks Feature #22477: multifs: remove multifs experimental warnings added

#7 Updated by Patrick Donnelly over 1 year ago

  • Priority changed from Normal to High
  • Target version set to v14.0.0
  • Source changed from other to Development
  • Tags deleted (multifs)
  • Component(FS) Common/Protocol, MDSMonitor, qa-suite added
  • Labels (FS) multifs, task(medium) added

#8 Updated by Patrick Donnelly 8 months ago

  • Assignee set to Zheng Yan
  • Start date deleted (03/11/2016)

#9 Updated by Patrick Donnelly 8 months ago

  • Assignee deleted (Zheng Yan)

#10 Updated by Patrick Donnelly 8 months ago

  • Assignee set to Douglas Fuller

#11 Updated by Patrick Donnelly 8 months ago

  • Description updated (diff)

#12 Updated by Patrick Donnelly 7 months ago

  • Target version changed from v14.0.0 to v15.0.0

#13 Updated by Douglas Fuller 7 months ago

  • Status changed from New to Need Review

#14 Updated by Patrick Donnelly 7 months ago

  • Pull request ID set to 26855

Also available in: Atom PDF