Bug 2218189

Summary: print better error message for wrong permissions in MDS caps
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Rishabh Dave <ridave>
Component: CephFSAssignee: Rishabh Dave <ridave>
Status: CLOSED ERRATA QA Contact: julpark
Severity: low Docs Contact: Disha Walvekar <dwalveka>
Priority: unspecified    
Version: 5.3CC: ceph-eng-bugs, cephqe-warriors, dwalveka, gfarnum, hyelloji, pdonnell, tserlin, vshankar
Target Milestone: ---   
Target Release: 6.1z4   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: ceph-17.2.6-189.el9cp Doc Type: Enhancement
Doc Text:
Unlike MON caps, permissions in MDS capability either should start with "r" or "rw" or should be "*" or "all". Unlike before, with this fix, "ceph auth" will print a clear message when the permissions in the MDS caps are incorrect. "ceph auth" subcommands being referred here are "ceph auth add", "ceph auth caps", "ceph auth get-or-create" and "ceph auth get-or-create-key".
 Story Points: ---
Clone Of: Environment:
Last Closed: 2024-02-08 18:13:33 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2261930    

Description Rishabh Dave 2023-06-28 11:50:56 UTC 
Description of problem:

Any permissions in MDS caps besides "allow *" and "allow w" must start with "allow r" or "allow rw". Otherwise the MDS cap is rejected. The error printed by MDS in this case is the generic error the MDS prints in every case of incorrect MDS caps.

Unlike some other Ceph daemons, MDS doesn't permission like "allow w". Therefore, print a special error message so that users are specifically told that the permissions in the MDS caps, besides "all" and "*", must start with "r" or "rw".

Such a message is printed in case of "ceph fs authorize" but the commands "ceph auth add", "ceph auth caps", "ceph auth get-or-create" and "ceph auth get-or-create-key" don't. Let's make these commands too print a special message.

Version-Release number of selected component (if applicable):


How reproducible:
Everytime
Comment 7 julpark 2024-01-17 14:39:12 UTC 
[root@ceph-julpark-kd407z-node7 cephuser]# eph auth get-or-create client.name1 mon "allow *" mds "allow w" mgr "allow rw" osd "allow rw tag cephfs data=cephfs" -o /etc/ceph/ceph.client.name1.keyring
bash: eph: command not found
[root@ceph-julpark-kd407z-node7 cephuser]# ceph auth get-or-create client.name1 mon "allow *" mds "allow w" mgr "allow rw" osd "allow rw tag cephfs data=cephfs" -o /etc/ceph/ceph.client.name1.keyring
Error EINVAL: Permission flags in MDS caps must start with 'r' or 'rw' or be '*' or 'all'
[root@ceph-julpark-kd407z-node7 cephuser]#

verified on 17.2.6-193.el9cp
Comment 11 errata-xmlrpc 2024-02-08 18:13:33 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Red Hat Ceph Storage 6.1 Bug Fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2024:0747