be able to mount the filesystem when specifying a readable path in the
mount command (see below).
+Supplying ``all`` or ``*`` as the filesystem name will grant access to every
+file system. Note that it is usually necessary to quote ``*`` to protect it from
+the shell.
See `User Management - Add a User to a Keyring`_. for additional details on user management
x = can call any class method (same as class-read class-write)
class-read = can call class methods that are reads
class-write = can call class methods that are writes
- * = equivalent to rwx, plus the ability to run osd admin commands,
+ * or "all" = equivalent to rwx, plus the ability to run osd admin commands,
i.e. ceph osd tell ...
The match criteria restrict a grant based on the pool being accessed.
Access may be restricted to specific pools as defined by their application
metadata. The ``*`` wildcard may be used for the ``key`` argument, the
-``value`` argument, or both.
+``value`` argument, or both. ``all`` is a synony for ``*``.
Namespace
---------
capspec = spaces >> (
lit("*")[_val = MDSCapSpec(true, true, true, true)]
|
+ lit("all")[_val = MDSCapSpec(true, true, true, true)]
+ |
(lit("rwp"))[_val = MDSCapSpec(true, true, false, true)]
|
(lit("rw"))[_val = MDSCapSpec(true, true, false, false)]
}
}
- if (filesystem != "*") {
+ if (filesystem != "*" && filesystem != "all") {
auto fs = mon->mdsmon()->get_fsmap().get_filesystem(filesystem);
if (!fs) {
ss << "filesystem " << filesystem << " does not exist.";
// rwxa := * | [r][w][x]
rwxa =
(lit("*")[_val = MON_CAP_ANY]) |
+ (lit("all")[_val = MON_CAP_ANY]) |
( eps[_val = 0] >>
( lit('r')[_val |= MON_CAP_R] ||
lit('w')[_val |= MON_CAP_W] ||
spaces = +ascii::space;
+ wildcard = (lit('*') | lit("all")) [_val = "*"];
+
pool_name %= -(spaces >> lit("pool") >> (lit('=') | spaces) >> str);
nspace %= (spaces >> lit("namespace")
>> (lit('=') | spaces)
object_prefix %= -(spaces >> lit("object_prefix") >> spaces >> str);
pooltag %= (spaces >> lit("tag")
>> spaces >> str // application
- >> spaces >> (str | char_('*')) // key
- >> -spaces >> lit('=') >> -spaces >> (str | char_('*'))); // value
+ >> spaces >> (wildcard | str) // key
+ >> -spaces >> lit('=') >> -spaces >> (wildcard | str)); // value
match = (
pooltag [_val = phoenix::construct<OSDCapMatch>(_1)] |
// rwxa := * | [r][w][x] [class-read] [class-write]
rwxa =
- (spaces >> lit("*")[_val = OSD_CAP_ANY]) |
+ (spaces >> wildcard[_val = OSD_CAP_ANY]) |
( eps[_val = 0] >>
(
spaces >>
qi::rule<Iterator, string()> quoted_string, equoted_string;
qi::rule<Iterator, string()> unquoted_word;
qi::rule<Iterator, string()> str, estr;
+ qi::rule<Iterator, string()> wildcard;
qi::rule<Iterator, int()> auid;
qi::rule<Iterator, string()> class_name;
qi::rule<Iterator, string()> class_cap;
"allow rwx tag application key =value",
"allow rwx tag application key= value",
"allow rwx tag application key = value",
+ "allow all tag application all=all",
0
};
{"allow rwx tag application key=value",
"osdcap[grant(app application key key val value rwx)]"},
{"allow rwx namespace ns* tag application key=value",
- "osdcap[grant(namespace ns* app application key key val value rwx)]"}
+ "osdcap[grant(namespace ns* app application key key val value rwx)]"},
+ {"allow all",
+ "osdcap[grant(*)]"},
+ {"allow rwx tag application all=all",
+ "osdcap[grant(app application key * val * rwx)]"}
};
size_t num_tests = sizeof(test_values) / sizeof(*test_values);
projects / ceph-ci.git / commitdiff