mon: MonCommands: have all 'auth' commands require 'execute' caps

Earlier patch already have the entity requiring 'execute' caps for
read-only commands.  This patch introduces the same requirement for *all*
auth commands, read-only and read-write alike.

While the rationale behind the earlier patch for leaving read-write
operations out of this requirement still holds, we now enforce this to
match compatibility with what was happening back on Dumpling with regard
to the 'execute' cap being required for auth commands.  However, it should
be noted that back on Dumpling we were only requiring the 'execute' cap
for auth commands, regardless of read-only or read-write, and no other
caps were required.

Fixes: 7919
Signed-off-by: Joao Eduardo Luis <joao.luis@inktank.com>

diff --git a/src/mon/MonCommands.h b/src/mon/MonCommands.h
index a8e138afd23c34e081515b381298d430513a42be..84af3d6a6241b03090be9cfb27ceb6cd1597ea43 100644 (file)
--- a/src/mon/MonCommands.h
+++ b/src/mon/MonCommands.h
@@ -163,31 +163,31 @@ COMMAND("auth print_key name=entity,type=CephString", "display requested key", \
        "auth", "rx", "cli,rest")
 COMMAND("auth list", "list authentication state", "auth", "rx", "cli,rest")
 COMMAND("auth import", "auth import: read keyring file from -i <file>", \
-       "auth", "rw", "cli,rest")
+       "auth", "rwx", "cli,rest")
 COMMAND("auth add " \
        "name=entity,type=CephString " \
        "name=caps,type=CephString,n=N,req=false", \
        "add auth info for <entity> from input file, or random key if no input given, and/or any caps specified in the command",
-       "auth", "rw", "cli,rest")
+       "auth", "rwx", "cli,rest")
 COMMAND("auth get-or-create-key " \
        "name=entity,type=CephString " \
        "name=caps,type=CephString,n=N,req=false", \
        "get, or add, key for <name> from system/caps pairs specified in the command.  If key already exists, any given caps must match the existing caps for that key.", \
-       "auth", "rw", "cli,rest")
+       "auth", "rwx", "cli,rest")
 COMMAND("auth get-or-create " \
        "name=entity,type=CephString " \
        "name=caps,type=CephString,n=N,req=false", \
        "add auth info for <entity> from input file, or random key if no input given, and/or any caps specified in the command", \
-       "auth", "rw", "cli,rest")
+       "auth", "rwx", "cli,rest")
 COMMAND("auth caps " \
        "name=entity,type=CephString " \
        "name=caps,type=CephString,n=N", \
        "update caps for <name> from caps specified in the command", \
-       "auth", "rw", "cli,rest")
+       "auth", "rwx", "cli,rest")
 COMMAND("auth del " \
        "name=entity,type=CephString", \
        "delete all caps for <name>", \
-       "auth", "rw", "cli,rest")
+       "auth", "rwx", "cli,rest")
 
 /*
  * Monitor commands (Monitor.cc)