From: Joao Eduardo Luis Date: Mon, 7 Apr 2014 17:17:54 +0000 (+0100) Subject: mon: MonCommands: have all 'auth' commands require 'execute' caps X-Git-Tag: v0.80-rc1~88^2~1 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=85a1cf31e62d188eeffc7d866660529a092cf582;p=ceph.git mon: MonCommands: have all 'auth' commands require 'execute' caps Earlier patch already have the entity requiring 'execute' caps for read-only commands. This patch introduces the same requirement for *all* auth commands, read-only and read-write alike. While the rationale behind the earlier patch for leaving read-write operations out of this requirement still holds, we now enforce this to match compatibility with what was happening back on Dumpling with regard to the 'execute' cap being required for auth commands. However, it should be noted that back on Dumpling we were only requiring the 'execute' cap for auth commands, regardless of read-only or read-write, and no other caps were required. Fixes: 7919 Signed-off-by: Joao Eduardo Luis --- diff --git a/src/mon/MonCommands.h b/src/mon/MonCommands.h index a8e138afd23c..84af3d6a6241 100644 --- a/src/mon/MonCommands.h +++ b/src/mon/MonCommands.h @@ -163,31 +163,31 @@ COMMAND("auth print_key name=entity,type=CephString", "display requested key", \ "auth", "rx", "cli,rest") COMMAND("auth list", "list authentication state", "auth", "rx", "cli,rest") COMMAND("auth import", "auth import: read keyring file from -i ", \ - "auth", "rw", "cli,rest") + "auth", "rwx", "cli,rest") COMMAND("auth add " \ "name=entity,type=CephString " \ "name=caps,type=CephString,n=N,req=false", \ "add auth info for from input file, or random key if no input given, and/or any caps specified in the command", - "auth", "rw", "cli,rest") + "auth", "rwx", "cli,rest") COMMAND("auth get-or-create-key " \ "name=entity,type=CephString " \ "name=caps,type=CephString,n=N,req=false", \ "get, or add, key for from system/caps pairs specified in the command. If key already exists, any given caps must match the existing caps for that key.", \ - "auth", "rw", "cli,rest") + "auth", "rwx", "cli,rest") COMMAND("auth get-or-create " \ "name=entity,type=CephString " \ "name=caps,type=CephString,n=N,req=false", \ "add auth info for from input file, or random key if no input given, and/or any caps specified in the command", \ - "auth", "rw", "cli,rest") + "auth", "rwx", "cli,rest") COMMAND("auth caps " \ "name=entity,type=CephString " \ "name=caps,type=CephString,n=N", \ "update caps for from caps specified in the command", \ - "auth", "rw", "cli,rest") + "auth", "rwx", "cli,rest") COMMAND("auth del " \ "name=entity,type=CephString", \ "delete all caps for ", \ - "auth", "rw", "cli,rest") + "auth", "rwx", "cli,rest") /* * Monitor commands (Monitor.cc)