If an entity already existed, 'auth add' would smash its key and caps
with whatever was on the supplied keyring file; if a keyring weren't
specified, we would simply generate a new key and destroy all existing
caps (unless caps were specified and happened to be different from the
already in-place caps). This behaviour is obviously sketchy.
With this patch we now enforce the following behaviour:
- if entity does not exist in current state, check if we are about to
create it (by checking the pending state); if so, wait for the new state
to be committed and re-handle the command then, so we don't get bad
results from pending request
- if the command reproduces the current state (same key, same caps), we
return 0; else,
- if entity exists and supplied key OR caps are different, return -EINVAL
- else create a new entity.
Signed-off-by: Joao Eduardo Luis <joao.luis@inktank.com> Reviewed-by: Sage Weil <sage@inktank.com>
projects / ceph.git / commit