mon/AuthMonitor: Allow * wildcard for filesystem name

Extend ceph fs authorize to accept the * wildcard for the filesystem
name. This will grant access to all data pools associated with CephFS.
Therefore:

ceph fs authorize * client.foo /bar rwp

Is equivalent to:

ceph auth get-or-create client.foo mon "allow r" \
                                   mds "allow rwp path=/foo" \
                                   osd "allow rw tag cephfs data=*"

Note that the wildcard must be escaped from the shell in most cases.

Signed-off-by: Douglas Fuller <dfuller@redhat.com>

diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc
index ef3ac3fcf897aa551c6e14ad917480a9ac0962db..9fbc4f089d255de434943728c4cbbe6dd54e6c00 100644 (file)
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -1300,11 +1300,13 @@ bool AuthMonitor::prepare_command(MonOpRequestRef op)
       }
     }
 
-    auto fs = mon->mdsmon()->get_fsmap().get_filesystem(filesystem);
-    if (!fs) {
-      ss << "filesystem " << filesystem << " does not exist.";
-      err = -EINVAL;
-      goto done;
+    if (filesystem != "*") {
+      auto fs = mon->mdsmon()->get_fsmap().get_filesystem(filesystem);
+      if (!fs) {
+       ss << "filesystem " << filesystem << " does not exist.";
+       err = -EINVAL;
+       goto done;
+      }
     }
 
     osd_cap_string += osd_cap_string.empty()? "" : ", ";