From 24c435d9b4f35e78cbcecdb074124174133e4db0 Mon Sep 17 00:00:00 2001 From: Rishabh Dave Date: Sat, 24 Jun 2023 09:47:12 +0530 Subject: [PATCH] AuthMonitor: no need to check permission in MDS caps For "fs authorize" command, AuthMonitor.cc checks if permissions is "r" or begins with "rw". This check is redundant now. AuthMonitor::valid_caps() runs MDSAuthCaps.parse() which now runs same check for the MDS caps, regardless of the command. Signed-off-by: Rishabh Dave (cherry picked from commit 8e1e322054ea14eb5e59969439c0ea27885503ab) --- qa/tasks/cephfs/test_admin.py | 7 +++++++ src/mon/AuthMonitor.cc | 5 ----- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/qa/tasks/cephfs/test_admin.py b/qa/tasks/cephfs/test_admin.py index 128b17c498ff2..731148c4a5ea4 100644 --- a/qa/tasks/cephfs/test_admin.py +++ b/qa/tasks/cephfs/test_admin.py @@ -1634,3 +1634,10 @@ class TestPermErrMsg(CephFSTestCase): def test_auth_get_or_create_key(self): for mdscap in self.MDSCAPS: self._negtestcmd('auth get-or-create-key', mdscap) + + def test_fs_authorize(self): + for wrong_perm in ('w', 'wr'): + self.negtest_ceph_cmd( + args=(f'fs authorize {self.fs.name} {self.CLIENT_NAME} / ' + f'{wrong_perm}'), retval=self.EXPECTED_ERRNO, + errmsgs=self.EXPECTED_ERRMSG) diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc index 395ff49261899..59adc404eb4f8 100644 --- a/src/mon/AuthMonitor.cc +++ b/src/mon/AuthMonitor.cc @@ -1769,11 +1769,6 @@ bool AuthMonitor::prepare_command(MonOpRequestRef op) ++it; } - if (cap != "r" && cap.compare(0, 2, "rw")) { - ss << "Permission flags must start with 'r' or 'rw'."; - err = -EINVAL; - goto done; - } if (cap.compare(0, 2, "rw") == 0) osd_cap_wanted = "rw"; -- 2.39.5