From: Kotresh HR Date: Sun, 6 Dec 2020 07:10:20 +0000 (+0530) Subject: pybind/ceph_volume_client: Optionally authorize existing auth-ids X-Git-Tag: v16.1.0~243^2~1 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=77b42496e25cbd4af2e80a064ddf26221b53733f;p=ceph.git pybind/ceph_volume_client: Optionally authorize existing auth-ids Optionally allow authorizing auth-ids not created by ceph_volume_client via the option 'allow_existing_id'. This can help existing deployers of manila to disallow/allow authorization of pre-created auth IDs via a manila driver config that sets 'allow_existing_id' to False/True. Fixes: https://tracker.ceph.com/issues/48555 Signed-off-by: Kotresh HR --- diff --git a/src/pybind/ceph_volume_client.py b/src/pybind/ceph_volume_client.py index 42dc476ac938..b748f5d85f78 100644 --- a/src/pybind/ceph_volume_client.py +++ b/src/pybind/ceph_volume_client.py @@ -972,7 +972,7 @@ class CephFSVolumeClient(object): return caps_list - def authorize(self, volume_path, auth_id, readonly=False, tenant_id=None): + def authorize(self, volume_path, auth_id, readonly=False, tenant_id=None, allow_existing_id=False): """ Get-or-create a Ceph auth identity for `auth_id` and grant them access to @@ -982,6 +982,8 @@ class CephFSVolumeClient(object): :param tenant_id: Optionally provide a stringizable object to restrict any created cephx IDs to other callers passing the same tenant ID. + :allow_existing_id: Optionally authorize existing auth-ids not + created by ceph_volume_client :return: """ @@ -1013,7 +1015,7 @@ class CephFSVolumeClient(object): } if auth_meta is None: - if existing_caps is not None: + if not allow_existing_id and existing_caps is not None: msg = "auth ID: {0} exists and not created by ceph_volume_client. Not allowed to modify".format(auth_id) log.error(msg) raise CephFSVolumeClientError(msg)