From: Douglas Fuller <dfuller@redhat.com>
Date: Wed, 8 Nov 2017 20:44:23 +0000 (-0500)
Subject: mon/AuthMonitor: Allow * wildcard for filesystem name
X-Git-Tag: v13.0.1~133^2~4
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=474982aace88f2d2ef50dc408c41b973895248ea;p=ceph.git

mon/AuthMonitor: Allow * wildcard for filesystem name

Extend ceph fs authorize to accept the * wildcard for the filesystem
name. This will grant access to all data pools associated with CephFS.
Therefore:

ceph fs authorize * client.foo /bar rwp

Is equivalent to:

ceph auth get-or-create client.foo mon "allow r" \
                                   mds "allow rwp path=/foo" \
                                   osd "allow rw tag cephfs data=*"

Note that the wildcard must be escaped from the shell in most cases.

Signed-off-by: Douglas Fuller <dfuller@redhat.com>
---

diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc
index ef3ac3fcf897..9fbc4f089d25 100644
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -1300,11 +1300,13 @@ bool AuthMonitor::prepare_command(MonOpRequestRef op)
       }
     }
 
-    auto fs = mon->mdsmon()->get_fsmap().get_filesystem(filesystem);
-    if (!fs) {
-      ss << "filesystem " << filesystem << " does not exist.";
-      err = -EINVAL;
-      goto done;
+    if (filesystem != "*") {
+      auto fs = mon->mdsmon()->get_fsmap().get_filesystem(filesystem);
+      if (!fs) {
+	ss << "filesystem " << filesystem << " does not exist.";
+	err = -EINVAL;
+	goto done;
+      }
     }
 
     osd_cap_string += osd_cap_string.empty()? "" : ", ";