From 36e9d80bd453bdd61040f8749876e99d83e67dcf Mon Sep 17 00:00:00 2001 From: Joao Eduardo Luis Date: Thu, 3 Apr 2014 18:21:08 +0100 Subject: [PATCH] mon: MonCommands.h: have 'auth' read-only operations require 'x' cap This reintroduces the same semantics that were in place in dumpling prior to the refactoring of the cap/command matching code. We haven't added this requirement to auth read-write operations as that would have the potential to break a lot of well-configured keyrings once the users upgraded, without any significant gain -- we assume that if they have set 'rw' caps on a given entity, they are indeed expecting said entity to be sort-of-privileged entities with regard to monitor access. Fixes: #7919 Signed-off-by: Joao Eduardo Luis Reviewed-by: Sage Weil (cherry picked from commit db266a3fb2985605738201f59f07fa504c91c770) Conflicts: doc/release-notes.rst --- src/mon/MonCommands.h | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/mon/MonCommands.h b/src/mon/MonCommands.h index 881c5a252465e..3145fc01dd004 100644 --- a/src/mon/MonCommands.h +++ b/src/mon/MonCommands.h @@ -149,16 +149,16 @@ COMMAND("pg set_nearfull_ratio name=ratio,type=CephFloat,range=0.0|1.0", \ COMMAND("auth export name=entity,type=CephString,req=false", \ "write keyring for requested entity, or master keyring if none given", \ - "auth", "r", "cli,rest") + "auth", "rx", "cli,rest") COMMAND("auth get name=entity,type=CephString", \ - "write keyring file with requested key", "auth", "r", "cli,rest") + "write keyring file with requested key", "auth", "rx", "cli,rest") COMMAND("auth get-key name=entity,type=CephString", "display requested key", \ - "auth", "r", "cli,rest") + "auth", "rx", "cli,rest") COMMAND("auth print-key name=entity,type=CephString", "display requested key", \ - "auth", "r", "cli,rest") + "auth", "rx", "cli,rest") COMMAND("auth print_key name=entity,type=CephString", "display requested key", \ - "auth", "r", "cli,rest") -COMMAND("auth list", "list authentication state", "auth", "r", "cli,rest") + "auth", "rx", "cli,rest") +COMMAND("auth list", "list authentication state", "auth", "rx", "cli,rest") COMMAND("auth import", "auth import: read keyring file from -i ", \ "auth", "rw", "cli,rest") COMMAND("auth add " \ -- 2.39.5