From: Rishabh Dave <ridave@redhat.com>
Date: Fri, 24 Jul 2020 06:08:33 +0000 (+0530)
Subject: mon/AuthMonitor: make fs authorize assign FS specific MON cap
X-Git-Tag: v16.1.0~1118^2~10
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=7de4de1b716c9a9ba12ae99bf3e7a24ef7749da2;p=ceph.git

mon/AuthMonitor: make fs authorize assign FS specific MON cap

So far running "fs authorize" subcommand sets "allow r" as MON cap;
change that to "allow <perms> fsname=<fsname>".

Signed-off-by: Rishabh Dave <ridave@redhat.com>
---

diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc
index f299724fe223..550a4b74367a 100644
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -1600,9 +1600,22 @@ bool AuthMonitor::prepare_command(MonOpRequestRef op)
   } else if (prefix == "fs authorize") {
     string filesystem;
     cmd_getval(cmdmap, "filesystem", filesystem);
+    string mon_cap_string = "allow r";
     string mds_cap_string, osd_cap_string;
     string osd_cap_wanted = "r";
 
+    std::shared_ptr<const Filesystem> fs;
+    if (filesystem != "*" && filesystem != "all") {
+      fs = mon->mdsmon()->get_fsmap().get_filesystem(filesystem);
+      if (fs == nullptr) {
+	ss << "filesystem " << filesystem << " does not exist.";
+	err = -EINVAL;
+	goto done;
+      } else {
+	mon_cap_string += " fsname=" + std::string(fs->mds_map.get_fs_name());
+      }
+    }
+
     for (auto it = caps_vec.begin();
 	 it != caps_vec.end() && (it + 1) != caps_vec.end();
 	 it += 2) {
@@ -1640,15 +1653,8 @@ bool AuthMonitor::prepare_command(MonOpRequestRef op)
       mds_cap_string += mds_cap_string.empty() ? "" : ", ";
       mds_cap_string += "allow " + cap;
 
-      if (filesystem != "*" && filesystem != "all") {
-	auto fs = mon->mdsmon()->get_fsmap().get_filesystem(filesystem);
-	if (!fs) {
-	  ss << "filesystem " << filesystem << " does not exist.";
-	  err = -EINVAL;
-	  goto done;
-	} else {
-	  mds_cap_string += " fsname=" + std::string(fs->mds_map.get_fs_name());
-	}
+      if (filesystem != "*" && filesystem != "all" && fs != nullptr) {
+	mds_cap_string += " fsname=" + std::string(fs->mds_map.get_fs_name());
       }
 
       if (path != "/") {
@@ -1662,12 +1668,13 @@ bool AuthMonitor::prepare_command(MonOpRequestRef op)
       + " data=" + filesystem;
 
     std::map<string, bufferlist> wanted_caps = {
-      { "mon", _encode_cap("allow r") },
+      { "mon", _encode_cap(mon_cap_string) },
       { "osd", _encode_cap(osd_cap_string) },
       { "mds", _encode_cap(mds_cap_string) }
     };
 
-    if (!valid_caps("osd", osd_cap_string, &ss) ||
+    if (!valid_caps("mon", mon_cap_string, &ss) ||
+        !valid_caps("osd", osd_cap_string, &ss) ||
 	!valid_caps("mds", mds_cap_string, &ss)) {
       err = -EINVAL;
       goto done;