From: Rishabh Dave Date: Sat, 24 Jun 2023 04:17:12 +0000 (+0530) Subject: AuthMonitor: no need to check permission in MDS caps X-Git-Tag: testing/wip-pdonnell-testing-20240430.123648-reef-debug~45^2~1 X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=24c435d9b4f35e78cbcecdb074124174133e4db0;p=ceph-ci.git AuthMonitor: no need to check permission in MDS caps For "fs authorize" command, AuthMonitor.cc checks if permissions is "r" or begins with "rw". This check is redundant now. AuthMonitor::valid_caps() runs MDSAuthCaps.parse() which now runs same check for the MDS caps, regardless of the command. Signed-off-by: Rishabh Dave (cherry picked from commit 8e1e322054ea14eb5e59969439c0ea27885503ab) --- diff --git a/qa/tasks/cephfs/test_admin.py b/qa/tasks/cephfs/test_admin.py index 128b17c498f..731148c4a5e 100644 --- a/qa/tasks/cephfs/test_admin.py +++ b/qa/tasks/cephfs/test_admin.py @@ -1634,3 +1634,10 @@ class TestPermErrMsg(CephFSTestCase): def test_auth_get_or_create_key(self): for mdscap in self.MDSCAPS: self._negtestcmd('auth get-or-create-key', mdscap) + + def test_fs_authorize(self): + for wrong_perm in ('w', 'wr'): + self.negtest_ceph_cmd( + args=(f'fs authorize {self.fs.name} {self.CLIENT_NAME} / ' + f'{wrong_perm}'), retval=self.EXPECTED_ERRNO, + errmsgs=self.EXPECTED_ERRMSG) diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc index 395ff492618..59adc404eb4 100644 --- a/src/mon/AuthMonitor.cc +++ b/src/mon/AuthMonitor.cc @@ -1769,11 +1769,6 @@ bool AuthMonitor::prepare_command(MonOpRequestRef op) ++it; } - if (cap != "r" && cap.compare(0, 2, "rw")) { - ss << "Permission flags must start with 'r' or 'rw'."; - err = -EINVAL; - goto done; - } if (cap.compare(0, 2, "rw") == 0) osd_cap_wanted = "rw";