git.apps.os.sepia.ceph.com Git - ceph-ci.git/commit

author	Ilya Dryomov <idryomov@gmail.com>
	Fri, 24 Jan 2025 19:47:11 +0000 (20:47 +0100)
committer	Ilya Dryomov <idryomov@gmail.com>
	Fri, 31 Jan 2025 09:15:04 +0000 (10:15 +0100)
commit	a8857ef87290aaada495b43e6e9dbe915f95f0bb
tree	45e687bb2861608468e14609858d5e86cbb3661c	tree \| snapshot
parent	431460e1579104404d6f5e8ec0bb8fd94eb72e85	commit \| diff

mon/OSDMonitor: relax cap enforcement for unmanaged snapshots

Since commit 4972e054b32c ("mon/OSDMonitor: enforce caps when
creating/deleting unmanaged snapshots"), a) write access to the MON
service, b) write access to the OSD service for a pool or c) permission
for "osd pool op unmanaged-snap" command for a pool is required. For
"profile rbd" we configure read-only access to the MON service and rely
on write access to the OSD service, however the corresponding check in
is_osd_writable() is too strict.

A OSD cap like "profile rbd namespace=myns" or "allow w namespace=myns"
allows write access to myns namespace of any pool, but is_osd_writable()
disallows operations with unmanaged snapshots with such a cap because
its match.pool_namespace.pool_name.empty() is true. This condition
appears to serve as the "doesn't include support for the application
tag" guard, but it should actually be match.pool_tag.is_match_all()
(or match.pool_tag.application.empty() if open-coded) -- no restriction
on the pool name doesn't automatically mean that there is a restriction
on the application tag.

Fixes: https://tracker.ceph.com/issues/69679
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit 5f3815e80028066fb3d6ae9b68d6b69045ab2bdf)

qa/workunits/rbd/permissions.sh		diff \| blob \| history
src/mon/OSDMonitor.cc		diff \| blob \| history