From 6410f3dd63890f251414377de93cd51bfc372230 Mon Sep 17 00:00:00 2001 From: Kotresh HR Date: Sun, 6 Dec 2020 12:40:20 +0530 Subject: [PATCH] pybind/ceph_volume_client: Optionally authorize existing auth-ids Optionally allow authorizing auth-ids not created by ceph_volume_client via the option 'allow_existing_id'. This can help existing deployers of manila to disallow/allow authorization of pre-created auth IDs via a manila driver config that sets 'allow_existing_id' to False/True. Fixes: https://tracker.ceph.com/issues/48555 Signed-off-by: Kotresh HR (cherry picked from commit 77b42496e25cbd4af2e80a064ddf26221b53733f) --- src/pybind/ceph_volume_client.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/pybind/ceph_volume_client.py b/src/pybind/ceph_volume_client.py index ca1f361d03c21..feeb495de0077 100644 --- a/src/pybind/ceph_volume_client.py +++ b/src/pybind/ceph_volume_client.py @@ -993,7 +993,7 @@ class CephFSVolumeClient(object): return caps_list - def authorize(self, volume_path, auth_id, readonly=False, tenant_id=None): + def authorize(self, volume_path, auth_id, readonly=False, tenant_id=None, allow_existing_id=False): """ Get-or-create a Ceph auth identity for `auth_id` and grant them access to @@ -1003,6 +1003,8 @@ class CephFSVolumeClient(object): :param tenant_id: Optionally provide a stringizable object to restrict any created cephx IDs to other callers passing the same tenant ID. + :allow_existing_id: Optionally authorize existing auth-ids not + created by ceph_volume_client :return: """ @@ -1034,7 +1036,7 @@ class CephFSVolumeClient(object): } if auth_meta is None: - if existing_caps is not None: + if not allow_existing_id and existing_caps is not None: msg = "auth ID: {0} exists and not created by ceph_volume_client. Not allowed to modify".format(auth_id) log.error(msg) raise CephFSVolumeClientError(msg) -- 2.39.5