From: Rishabh Dave Date: Wed, 9 Jun 2021 08:09:12 +0000 (+0530) Subject: AuthMonitor: update caps when no caps are present in keyring X-Git-Tag: v19.0.0~542^2~3 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=49fd7e6ff610b6d3a8a5a6a1e23f7a046f40a511;p=ceph.git AuthMonitor: update caps when no caps are present in keyring If "fs authorize" subcommand is executed for a client that already has a keyring but with no caps present in it, the command should update the keyring with the caps supplied instead of quitting with an error message. Example - $ ./bin/ceph auth add client.x added key for client.x $ ./bin/ceph auth get client.x [client.x] key = AQCqOrJgtsJDHBAARGzbd1sj+ycRtWHOAcWz1w== exported keyring for client.x Before this commit - $ ./bin/ceph fs authorize a client.x / rw Error EINVAL: client.x already has fs capabilities that differ from those supplied. To generate a new auth key for client.x, first remove client.x from configuration files, execute 'ceph auth rm client.x', then execute this command again. After this commit - $ ./bin/ceph fs authorize a client.x1 / rw updated caps for client.x1 Signed-off-by: Rishabh Dave --- diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc index 6bc88619792e..a79114de6c44 100644 --- a/src/mon/AuthMonitor.cc +++ b/src/mon/AuthMonitor.cc @@ -1789,19 +1789,6 @@ bool AuthMonitor::prepare_command(MonOpRequestRef op) EntityAuth entity_auth; if (mon.key_server.get_auth(entity, entity_auth)) { - for (const auto& [cap_entity, cap] : encoded_caps) { - if (entity_auth.caps.count(cap_entity) == 0 || - !entity_auth.caps[cap_entity].contents_equal(cap)) { - ss << entity << " already has fs capabilities that differ from " - << "those supplied. To generate a new auth key for " << entity - << ", first remove " << entity << " from configuration files, " - << "execute 'ceph auth rm " << entity << "', then execute this " - << "command again."; - err = -EINVAL; - goto done; - } - } - int rv = _gen_wanted_caps(entity_auth, newcaps, ss); ceph_assert(rv == CAPS_UPDATE_REQD or rv == CAPS_UPDATE_NOT_REQD or rv == CAPS_PARSING_ERR);