Ceph » RADOS

For the specific ceph user data should be restricted on the mon store.

Let's say if client.user1 store data `client.user1 advanced rgw_zone 15 * ` it should b only available to `client.user1`.
If the admin keyring is accessing any data it can access all the users data.

The use case regarding this is to make external cluster installation upgradation more convenient and less error prone, this will help rook to automate the upgradtion, for more discussion why we need this https://github.com/rook/rook/issues/14077

So an initial design we can think of is,
```
The ceph config should have user authentication based on the user keys,
Currently, it looks like,

```
sh-4.4$ ceph config dump
WHO MASK LEVEL OPTION VALUE RO
global advanced bdev_flock_retry 20
global advanced bluefs_buffered_io false
global basic log_to_file false
global advanced mon_allow_pool_delete true
global advanced mon_allow_pool_size_one true
global advanced mon_cluster_log_file
global advanced mon_data_avail_warn 10
global advanced mon_warn_on_pool_no_redundancy false
global advanced osd_pool_default_size 1
mon advanced auth_allow_insecure_global_id_reclaim false
mon advanced rgw_zone 11 *

```

I believe `RO` field can be used as permissions.

So,
1) The set command currently is
```
config set <who> <name> <value> [--force] Set a configuration option for one or more entities
```
I should be updated like
```
config set <who> <whoKey> <name> <value> [--force]
```

2) And secondly the get command looks like
```
config get <who> [<key>] Show configuration option(s) for an entity

```
I think the current key is optional which can be marked a non-optional field.

3) and `ceph config dump` should also updated to `ceph osd dump key` and it should expects a admin key for authentication.
```