From: Ilya Dryomov <idryomov@gmail.com>
Date: Sat, 25 Jan 2025 10:11:14 +0000 (+0100)
Subject: doc/rados: pool and namespace are independent osdcap restrictions
X-Git-Tag: v18.2.5~167^2
X-Git-Url: http://git.apps.os.sepia.ceph.com/?a=commitdiff_plain;h=bb14d7914ff6882b9a81a6e8f2ffb6535a552ebf;p=ceph.git

doc/rados: pool and namespace are independent osdcap restrictions

For the "profile {name}" syntax, pool and namespace restrictions are
independent of each other (i.e. specifying namespace doesn't also
require specifying pool like is currently suggested).  A cap can look
like "profile rbd namespace=myns", signifying that the RBD profile is
to be allowed in myns namespace of any pool.

For the "allow {access-spec}" syntax, pool restriction is optional.
A cap can look like "allow r namespace=myns", "allow w object_prefix
myprefix" or "allow rw namespace=myns object_prefix myprefix", for
example.

Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
(cherry picked from commit 67f5769ce6e110b89362763cfb41a0e00e595cdf)
---

diff --git a/doc/rados/operations/user-management.rst b/doc/rados/operations/user-management.rst
index 130c02002daf0..62ad41feb55ea 100644
--- a/doc/rados/operations/user-management.rst
+++ b/doc/rados/operations/user-management.rst
@@ -134,7 +134,7 @@ Capability syntax follows this form::
 
     osd 'allow {access-spec} [{match-spec}] [network {network/prefix}]'
 
-    osd 'profile {name} [pool={pool-name} [namespace={namespace-name}]] [network {network/prefix}]'
+    osd 'profile {name} [pool={pool-name}] [namespace={namespace-name}] [network {network/prefix}]'
 
   There are two alternative forms of the ``{access-spec}`` syntax: ::
 
@@ -142,10 +142,14 @@ Capability syntax follows this form::
 
         class {class name} [{method name}]
 
-  There are two alternative forms of the optional ``{match-spec}`` syntax::
+  There are four alternative forms of the optional ``{match-spec}`` syntax::
 
         pool={pool-name} [namespace={namespace-name}] [object_prefix {prefix}]
 
+        [pool={pool-name}] namespace={namespace-name} [object_prefix {prefix}]
+
+        [pool={pool-name}] [namespace={namespace-name}] object_prefix {prefix}
+
         [namespace={namespace-name}] tag {application} {key}={value}
 
   The optional ``{network/prefix}`` is a standard network name and prefix