New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mds: add 'p' flag in auth caps to control setting pool in layout #6567
Conversation
For controlling whether a client is allowed to modify the pool field in file/dir layouts. Signed-off-by: John Spray <john.spray@redhat.com>
Signed-off-by: John Spray <john.spray@redhat.com>
...including updating for 'rwp'. Signed-off-by: John Spray <john.spray@redhat.com>
f7f3c09
to
2829e9d
Compare
maybe we can apply this restriction check completely in ceph-fuse. check if client can write to a pool, if not, forbid operation that change layout.pool to the pool. |
@ukernel I want to avoid trusting the client |
the usage of the 'p' flag seems unnatural, what's the use case of it? |
The idea is that sometimes we have clients that are supposed to be consumers of some pre-configured directory that's pointing to a particular pool. For example, in Manila we create a directory, set the pool on it, and then tell the client to mount that directory. In cases like that, we don't want the client to be able to switch their directory to using a different pool. They are already restricted from writing to those pools by their OSD caps, but I want to also restrict them from modifying their layouts. I would expect most users to use "allow rw" most of the time and restrict "allow rwp" or "allow *" to some dedicated admin account. |
@gregsfortytwo @liewegas any opinions about the style of this? the 'rwp' thing is just off the top of my head (and was straightforward to add the to parser) |
Maybe 'l' for layout is more natural? I guess there are cases where we want to allow some layout changes (stripe size) and not pool? Others might be q = quota
? |
@liewegas those suggestions make sense to me, that would leave the current patch okay as-is, right? Pool modification is what we're controlling here and we would only add 'l' et al later |
Yep! |
The new test is: ceph/ceph-qa-suite#703 -- merge it at the same time as this. See it passing here: http://pulpito.ceph.com/jspray-2015-11-30_02:06:10-fs-wip-testing-jcsp---basic-multi/1163861 |
mds: add 'p' flag in auth caps to control setting pool in layout Reviewed-by: Sage Weil <sage@redhat.com>
Related test: ceph/ceph-qa-suite#703