For the "profile {name}" syntax, pool and namespace restrictions are
independent of each other (i.e. specifying namespace doesn't also
require specifying pool like is currently suggested). A cap can look
like "profile rbd namespace=myns", signifying that the RBD profile is
to be allowed in myns namespace of any pool.
For the "allow {access-spec}" syntax, pool restriction is optional.
A cap can look like "allow r namespace=myns", "allow w object_prefix
myprefix" or "allow rw namespace=myns object_prefix myprefix", for
example.
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit
67f5769ce6e110b89362763cfb41a0e00e595cdf)
osd 'allow {access-spec} [{match-spec}] [network {network/prefix}]'
- osd 'profile {name} [pool={pool-name} [namespace={namespace-name}]] [network {network/prefix}]'
+ osd 'profile {name} [pool={pool-name}] [namespace={namespace-name}] [network {network/prefix}]'
There are two alternative forms of the ``{access-spec}`` syntax: ::
class {class name} [{method name}]
- There are two alternative forms of the optional ``{match-spec}`` syntax::
+ There are four alternative forms of the optional ``{match-spec}`` syntax::
pool={pool-name} [namespace={namespace-name}] [object_prefix {prefix}]
+ [pool={pool-name}] namespace={namespace-name} [object_prefix {prefix}]
+
+ [pool={pool-name}] [namespace={namespace-name}] object_prefix {prefix}
+
[namespace={namespace-name}] tag {application} {key}={value}
The optional ``{network/prefix}`` is a standard network name and prefix
projects / ceph.git / commitdiff