AuthMonitor: no need to check permission in MDS caps

For "fs authorize" command, AuthMonitor.cc checks if permissions is "r"
or begins with "rw". This check is redundant now.
AuthMonitor::valid_caps() runs MDSAuthCaps.parse() which now runs same
check for the MDS caps, regardless of the command.

Signed-off-by: Rishabh Dave <ridave@redhat.com>
(cherry picked from commit 8e1e322054ea14eb5e59969439c0ea27885503ab)

diff --git a/qa/tasks/cephfs/test_admin.py b/qa/tasks/cephfs/test_admin.py
index 128b17c498ff2a016ea3c7024c5de1376957327a..731148c4a5ea426df9358bbccf533b016b7e7d24 100644 (file)
--- a/qa/tasks/cephfs/test_admin.py
+++ b/qa/tasks/cephfs/test_admin.py
@@ -1634,3 +1634,10 @@ class TestPermErrMsg(CephFSTestCase):
     def test_auth_get_or_create_key(self):
         for mdscap in self.MDSCAPS:
             self._negtestcmd('auth get-or-create-key', mdscap)
+
+    def test_fs_authorize(self):
+        for wrong_perm in ('w', 'wr'):
+            self.negtest_ceph_cmd(
+                args=(f'fs authorize {self.fs.name} {self.CLIENT_NAME} / '
+                      f'{wrong_perm}'), retval=self.EXPECTED_ERRNO,
+                errmsgs=self.EXPECTED_ERRMSG)

diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc
index 395ff4926189971ad7b4d9487bd6ed582dcc102d..59adc404eb4f86f71ad12cd1a3d6fc12f7a245b0 100644 (file)
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -1769,11 +1769,6 @@ bool AuthMonitor::prepare_command(MonOpRequestRef op)
        ++it;
       }
 
-      if (cap != "r" && cap.compare(0, 2, "rw")) {
-       ss << "Permission flags must start with 'r' or 'rw'.";
-       err = -EINVAL;
-       goto done;
-      }
       if (cap.compare(0, 2, "rw") == 0)
        osd_cap_wanted = "rw";