From: Shilpa Jagannath <smanjara@redhat.com>
Date: Wed, 3 Jul 2019 11:06:52 +0000 (+0530)
Subject: rgw: Fail radosgw-admin commands on non-master zone that modify metadata
X-Git-Tag: v12.2.13~37^2~1
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=639e6fdbf3da57dde7e348536622f1daa37806eb;p=ceph.git

rgw: Fail radosgw-admin commands on non-master zone that modify metadata
but with an option to override, allowing changes only on the local zone.

Fixes: http://tracker.ceph.com/issues/39548

Signed-off-by: Shilpa Jagannath <smanjara@redhat.com>
(cherry picked from commit 79d884eb018cd2fea9ee9e763d0339b3e8626e6d)
---

diff --git a/src/rgw/rgw_admin.cc b/src/rgw/rgw_admin.cc
index 9a8dfae601f87..2e52af56fa6c9 100644
--- a/src/rgw/rgw_admin.cc
+++ b/src/rgw/rgw_admin.cc
@@ -4764,6 +4764,12 @@ int main(int argc, const char **argv)
   case OPT_USER_INFO:
     break;
   case OPT_USER_CREATE:
+    if (!store->svc.zone->is_meta_master() && !yes_i_really_mean_it) {
+      cerr << "user created here will not be synced to master zone" << std::endl;
+      cerr << "do you really mean it? (requires --yes-i-really-mean-it)" << std::endl;
+      return EINVAL;
+    }
+
     if (!user_op.has_existing_user()) {
       user_op.set_generate_key(); // generate a new key by default
     }
@@ -4784,6 +4790,11 @@ int main(int argc, const char **argv)
     }
     break;
   case OPT_USER_RM:
+    if (!store->svc.zone->is_meta_master() && !yes_i_really_mean_it) {
+      cerr << "user delete operation will not be synced to master zone" << std::endl;
+      cerr << "do you really mean it? (requires --yes-i-really-mean-it)" << std::endl;
+      return EINVAL;
+    }
     ret = user.remove(user_op, &err_msg);
     if (ret < 0) {
       cerr << "could not remove user: " << err_msg << std::endl;
@@ -4795,6 +4806,11 @@ int main(int argc, const char **argv)
   case OPT_USER_ENABLE:
   case OPT_USER_SUSPEND:
   case OPT_USER_MODIFY:
+    if (!store->svc.zone->is_meta_master() && !yes_i_really_mean_it) {
+      cerr << "user modify operation will not be synced to master zone" << std::endl;
+      cerr << "do you really mean it? (requires --yes-i-really-mean-it)" << std::endl;
+      return EINVAL;
+    }
     ret = user.modify(user_op, &err_msg);
     if (ret < 0) {
       cerr << "could not modify user: " << err_msg << std::endl;
@@ -5295,6 +5311,11 @@ int main(int argc, const char **argv)
   }
 
   if (opt_cmd == OPT_BUCKET_LINK) {
+    if (!store->svc.zone->is_meta_master() && !yes_i_really_mean_it) {
+      cerr << "link operation will not be synced to master zone" << std::endl;
+      cerr << "do you really mean it? (requires --yes-i-really-mean-it)" << std::endl;
+      return EINVAL;
+    }
     bucket_op.set_bucket_id(bucket_id);
     string err;
     int r = RGWBucketAdminOp::link(store, bucket_op, &err);
@@ -5305,6 +5326,11 @@ int main(int argc, const char **argv)
   }
 
   if (opt_cmd == OPT_BUCKET_UNLINK) {
+    if (!store->svc.zone->is_meta_master() && !yes_i_really_mean_it) {
+      cerr << "unlink operation will not be synced to master zone" << std::endl;
+      cerr << "do you really mean it? (requires --yes-i-really-mean-it)" << std::endl;
+      return EINVAL;
+    }
     int r = RGWBucketAdminOp::unlink(store, bucket_op);
     if (r < 0) {
       cerr << "failure: " << cpp_strerror(-r) << std::endl;
@@ -5927,6 +5953,11 @@ next:
   }
 
   if (opt_cmd == OPT_BUCKET_RESHARD) {
+    if (!store->svc.zone->is_meta_master() && !yes_i_really_mean_it) {
+      cerr << "resharding only applies to the local zone and will not be synced to master" << std::endl;
+      cerr << "do you really mean it? (requires --yes-i-really-mean-it)" << std::endl;
+      return EINVAL;
+    }
     rgw_bucket bucket;
     RGWBucketInfo bucket_info;
     map<string, bufferlist> attrs;
@@ -6110,6 +6141,11 @@ next:
   }
 
   if (opt_cmd == OPT_OBJECT_UNLINK) {
+    if (!store->svc.zone->is_meta_master() && !yes_i_really_mean_it) {
+      cerr << "unlink operation will not be synced to master zone" << std::endl;
+      cerr << "do you really mean it? (requires --yes-i-really-mean-it)" << std::endl;
+      return EINVAL;
+    }
     RGWBucketInfo bucket_info;
     int ret = init_bucket(tenant, bucket_name, bucket_id, bucket_info, bucket);
     if (ret < 0) {
@@ -6199,6 +6235,11 @@ next:
   }
 
   if (opt_cmd == OPT_BUCKET_RM) {
+    if (!store->svc.zone->is_meta_master() && !yes_i_really_mean_it) {
+      cerr << "bucket remove operation will not be synced to master zone" << std::endl;
+      cerr << "do you really mean it? (requires --yes-i-really-mean-it)" << std::endl;
+      return EINVAL;
+    }
     if (!inconsistent_index) {
       RGWBucketAdminOp::remove_bucket(store, bucket_op, bypass_gc, true);
     } else {