git-server-git.apps.pok.os.sepia.ceph.com Git

author	Ilya Dryomov <idryomov@gmail.com>
	Fri, 24 Jan 2025 19:47:11 +0000 (20:47 +0100)
committer	Ilya Dryomov <idryomov@gmail.com>
	Tue, 28 Jan 2025 09:17:06 +0000 (10:17 +0100)
commit	5f3815e80028066fb3d6ae9b68d6b69045ab2bdf
tree	d847653b58e149b4016414c066aacb6d5c99a7af	tree \| snapshot
parent	3d944579d521defc949879ab2dd6f41c2196416f	commit \| diff

mon/OSDMonitor: relax cap enforcement for unmanaged snapshots

Since commit 4972e054b32c ("mon/OSDMonitor: enforce caps when
creating/deleting unmanaged snapshots"), a) write access to the MON
service, b) write access to the OSD service for a pool or c) permission
for "osd pool op unmanaged-snap" command for a pool is required. For
"profile rbd" we configure read-only access to the MON service and rely
on write access to the OSD service, however the corresponding check in
is_osd_writable() is too strict.

A OSD cap like "profile rbd namespace=myns" or "allow w namespace=myns"
allows write access to myns namespace of any pool, but is_osd_writable()
disallows operations with unmanaged snapshots with such a cap because
its match.pool_namespace.pool_name.empty() is true. This condition
appears to serve as the "doesn't include support for the application
tag" guard, but it should actually be match.pool_tag.is_match_all()
(or match.pool_tag.application.empty() if open-coded) -- no restriction
on the pool name doesn't automatically mean that there is a restriction
on the application tag.

Fixes: https://tracker.ceph.com/issues/69679
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>

qa/workunits/rbd/permissions.sh		diff \| blob \| history
src/mon/OSDMonitor.cc		diff \| blob \| history