Bug 2196858

Summary: [RFE] Add role capability in rados user in ODF via rook
Product: [Red Hat Storage] Red Hat OpenShift Data Foundation Reporter: Sonal <sarora>
Component: rookAssignee: Jiffin <jthottan>
Status: CLOSED ERRATA QA Contact: Uday kurundwade <ukurundw>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 4.12CC: ebenahar, etamir, jthottan, kbg, muagarwa, odf-bz-bot, tnielsen
Target Milestone: ---Keywords: FutureFeature
Target Release: ODF 4.15.0   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: 4.15.0-103 Doc Type: Enhancement
Doc Text:
.Role capability for CephObjectStoreUser The CephOjbectStoreUser can create roles by assigning role capability.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2024-03-19 15:21:05 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sonal 2023-05-10 14:41:00 UTC 
Description of problem (please be detailed as possible and provide log
snippests):

Currently  CephObjectStoreUser CRD  does not support adding role capability to a rados user. It only supports below caps:

users, buckets, usage, metadata and zone.

Doc : https://rook.io/docs/rook/v1.11/CRDs/Object-Storage/ceph-object-store-user-crd/#spec

Hence, on creating a user with role caps, got below error:

cat test-user-role-caps.yaml
~~~ 
apiVersion: ceph.rook.io/v1
kind: CephObjectStoreUser
metadata:
  name: test-3
  namespace: openshift-storage
spec:
  store: ocs-storagecluster-cephobjectstore
  displayName: test user
  capabilities:
    user: "*"
    bucket: "*"
    roles: "*"
~~~

~~~
oc create -f test-user-role-caps.yaml
W0509 21:01:22.957291  264117 warnings.go:70] unknown field "spec.capabilities.roles"
cephobjectstoreuser.ceph.rook.io/test-3 created
~~~

This RFE is to implement role caps feature in rook.


Version of all relevant components (if applicable):
ODF 4.12

Does this issue impact your ability to continue to work with the product
(please explain in detail what is the user impact)?
No, since there is a workaround.

Is there any workaround available to the best of your knowledge?
Add role caps using radosgw-admin command:
radosgw-admin caps add --uid=<username> --caps="roles=*"

Rate from 1 - 5 the complexity of the scenario you performed that caused this
bug (1 - very simple, 5 - very complex)?
1

Can this issue reproducible?
Yes

Can this issue reproduce from the UI?
Yes

If this is a regression, please provide more details to justify this:
No

Steps to Reproduce:
1. Use above shared yaml to create user with role caps using CephObjectStoreUser CRD
2. The user got created successfully, however without caps.


Actual results:
Got error `unknown field "spec.capabilities.roles"` on adding role caps to user

Expected results:
CephObjectStoreUser CRD  should support adding role capability to a rados user.

Additional info:
-
Comment 19 errata-xmlrpc 2024-03-19 15:21:05 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Important: Red Hat OpenShift Data Foundation 4.15.0 security, enhancement, & bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2024:1383