If "fs authorize" subcommand is executed for a client that already has
a keyring but with no caps present in it, the command should update the
keyring with the caps supplied instead of quitting with an error message.
Example -
$ ./bin/ceph auth add client.x
added key for client.x
$ ./bin/ceph auth get client.x
[client.x]
key = AQCqOrJgtsJDHBAARGzbd1sj+ycRtWHOAcWz1w==
exported keyring for client.x
Before this commit -
$ ./bin/ceph fs authorize a client.x / rw
Error EINVAL: client.x already has fs capabilities that differ from those supplied. To generate a new auth key for client.x, first remove client.x from configuration files, execute 'ceph auth rm client.x', then execute this command again.
After this commit -
$ ./bin/ceph fs authorize a client.x1 / rw
updated caps for client.x1
Signed-off-by: Rishabh Dave <ridave@redhat.com>
EntityAuth entity_auth;
if (mon.key_server.get_auth(entity, entity_auth)) {
- for (const auto& [cap_entity, cap] : encoded_caps) {
- if (entity_auth.caps.count(cap_entity) == 0 ||
- !entity_auth.caps[cap_entity].contents_equal(cap)) {
- ss << entity << " already has fs capabilities that differ from "
- << "those supplied. To generate a new auth key for " << entity
- << ", first remove " << entity << " from configuration files, "
- << "execute 'ceph auth rm " << entity << "', then execute this "
- << "command again.";
- err = -EINVAL;
- goto done;
- }
- }
-
int rv = _gen_wanted_caps(entity_auth, newcaps, ss);
ceph_assert(rv == CAPS_UPDATE_REQD or rv == CAPS_UPDATE_NOT_REQD or
rv == CAPS_PARSING_ERR);
projects / ceph.git / commitdiff