Bug 2247586

Summary: [cephfs][mds] mds "allow w" needs appropriate guide for customers
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: julpark
Component: CephFSAssignee: Rishabh Dave <ridave>
Status: CLOSED ERRATA QA Contact: julpark
Severity: medium Docs Contact: Akash Raj <akraj>
Priority: unspecified    
Version: 6.0CC: akraj, ceph-eng-bugs, cephqe-warriors, gfarnum, mchangir, ngangadh, ridave, tserlin, vshankar
Target Milestone: ---   
Target Release: 7.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ceph-18.2.1-2.el9cp Doc Type: Enhancement
Doc Text:
.Ceph commands that add or modify MDS caps give an explanation about why the MDS caps passed by user was rejected Previously, Ceph commands that add or modify MDS caps printed "Error EINVAL: mds capability parse failed, stopped at 'allow w' of 'allow w'". With this enhancement, the commands give an explanation about why the MDS caps passed by user were rejected and print Error EINVAL: Permission flags in MDS caps must start with 'r' or 'rw' or be '*' or 'all'.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2024-06-13 14:22:48 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2267614, 2298578, 2298579    

Description julpark 2023-11-02 06:45:43 UTC 
Description of problem:

mds "allow w" shows:

[root@ceph1-julpark-odcb5p-node7 dir1]# ceph auth get-or-create client.test mds "allow w"
Error EINVAL: mds capability parse failed, stopped at 'allow w' of 'allow w'

Version-Release number of selected component (if applicable):


How reproducible:

ceph auth get-or-create client.test mds "allow w"

Steps to Reproduce:
1.
2.
3.

Actual results:

Error EINVAL: mds capability parse failed, stopped at 'allow w' of 'allow w'

Expected results:

Having a not allowed caps change should show detailed explanation.

Even though it is expected, it should tell customer why it is invalid OR
It should be listed in the documentation.

A user’s key allows the user to authenticate with the Ceph Storage Cluster. The user’s capabilities authorize the user to read, write, or execute on Ceph monitors (mon), Ceph OSDs (osd) or Ceph Metadata Servers (mds).

-> it looks like I can assign mds "w" cap.

Additional info:
Comment 1 RHEL Program Management 2023-11-02 06:45:51 UTC 
Please specify the severity of this bug. Severity is defined here:
https://bugzilla.redhat.com/page.cgi?id=fields.html#bug_severity.
Comment 10 errata-xmlrpc 2024-06-13 14:22:48 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Critical: Red Hat Ceph Storage 7.1 security, enhancements, and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2024:3925
Comment 12 Red Hat Bugzilla 2024-11-16 04:25:12 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days