Feature #17448: Enforce auth caps in DaemonServer::handle_command - mgr - Ceph

Actions

Copy link

Feature #17448

closed

Enforce auth caps in DaemonServer::handle_command

Added by John Spray over 7 years ago. Updated almost 7 years ago.

Status:

Resolved

Priority:

High

Assignee:

Category:

ceph-mgr

Target version:

% Done:

Source:

other

Tags:

Backport:

Reviewed:

Affected Versions:

Pull request ID:

Description

Initially I suggest we rely on an "allow *" capability to permit people to run commands.

History
Notes
Property changes

Actions

Copy link

Updated by Sage Weil almost 7 years ago

Status changed from New to Resolved

We basically re-used the MonCap structure unchanged in the mon. allow * lets you do everything, or you can whitelist specific commands, or define profiles (which have different meaning if you are mon or mgr).

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Ceph » mgr

Custom queries

Feature #17448

Enforce auth caps in DaemonServer::handle_command

Updated by Sage Weil almost 7 years ago