Bug #2904
closedceph-authtool: Adds keys on typos, expected error message
0%
Description
$ cat >temp.keyring <<EOF
[osd.0]
key = AQD0TGVNSG0jHRAASDDwan8hOOZBxxZ3aMMVdg==
auid = 18446744073709551615
EOF
$ ./ceph-authtool temp.keyring --cap mon "allow *" --cap osd "allow *"
$ cat temp.keyring
[osd.0]
key = AQD0TGVNSG0jHRAASDDwan8hOOZBxxZ3aMMVdg==
auid = 18446744073709551615
[client.admin]
key = AAAAAAAAAAAAAAAA
auid = 18446744073709551615
caps mon = "allow *"
caps osd = "allow *"
This can hurt you either through forgetting --name=, or typoing it, e.g. --name=ods.0
Since I did not specify --gen-key, I expected an error message, something like:
$ ./ceph-authtool temp.keyring --cap mon "allow *" --cap osd "allow *" ceph-authtool: Key does not exist: client.admin $ ./ceph-authtool temp.keyring --name=ods.0 --cap mon "allow *" --cap osd "allow *" ceph-authtool: Key does not exist: ods.0
Updated by Brad Hubbard almost 8 years ago
This case has been resolved by a previous commit.
$ ./ceph-authtool /tmp/keyring --name=ods.0 --cap mon "allow *" --cap osd "allow *"
error parsing 'ods.0': expected string of the form TYPE.ID, valid types are: auth, mon, osd, mds, client
I have a candidate patch which produces the following for commands which previously misbehaved.
$ ./ceph-authtool /tmp/keyring --create-keyring --name=mon. --add-key= --cap mon 'allow *'
Option --add-key= requires an argument.
$ ./ceph-authtool /tmp/keyring --cap mon "allow *" --cap osd "allow *"
Can't find existing key for client.admin and neither gen-key nor add-key specified
I think I have covered all options which can create an invalid key like "key = AAAAAAAAAAAAAAAA"
My patch needs a good deal of testing and then I'll submit a PR.
Updated by Kefu Chai almost 8 years ago
- Status changed from 12 to Resolved