2271110 – [ceph-dashboard] Add CephFS authorization

Bug 2271110 - [ceph-dashboard] Add CephFS authorization

Summary: [ceph-dashboard] Add CephFS authorization

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	Ceph-Dashboard
Sub Component:
Version:	7.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	7.1
Assignee:	Pedro González Gómez
QA Contact:	Amarnath
Docs Contact:	Akash Raj
URL:
Whiteboard:
Depends On:	2272921 2310846
Blocks:	2267614 2298578 2298579
TreeView+	depends on / blocked

Reported:	2024-03-22 19:16 UTC by Pedro González Gómez
Modified:	2024-10-09 16:09 UTC (History)
CC List:	8 users (show)
Fixed In Version:	ceph-18.2.1-81.el9cp
Doc Type:	Enhancement
Doc Text:	.Ability to manage Ceph users for CephFS is added With this enhancement, the ability to manage the Ceph users for CephFS is added. This provides the ability to manage the users’ permissions for volumes, subvolume groups, and subvolumes from the File System view.
Clone Of:
Environment:
Last Closed:	2024-06-13 14:30:18 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Github	ceph ceph pull 55870	None	Merged	mgr/dashboard: ceph authenticate user from fs	2024-03-22 19:17:40 UTC
Red Hat Issue Tracker	RHCEPH-8615	None	None	None	2024-03-22 19:17:46 UTC
Red Hat Issue Tracker	RHCSDASH-1325	None	None	None	2024-03-22 19:17:50 UTC
Red Hat Product Errata	RHSA-2024:3925	None	None	None	2024-06-13 14:30:24 UTC

Description Pedro González Gómez 2024-03-22 19:16:27 UTC

Add the ability to set authorization through dashboard's cephfs

Comment 5 Amarnath 2024-04-18 17:34:30 UTC

Hi All,

Verified client creation using the authorize button in UI.

Clients are getting created and respective permissions are working as expected.
1. Created a client with only permissions to sub_vol1
2. Verified it by mounting on in cli


CLI Verification : 

[root@ceph-amk-snap-gljzm1-node7 ~]# ceph-fuse /mnt/subvol/ --id client1 -r /volumes/_nogroup/sub_vol1/42d30b63-9e3b-4256-865d-023147516358
2024-04-18T12:51:54.932-0400 7f7e22757480 -1 init, newargv = 0x55efe116f0d0 newargc=15
ceph-fuse[11176]: starting ceph client
ceph-fuse[11176]: starting fuse
[root@ceph-amk-snap-gljzm1-node7 ~]# umount /mnt/subvol/
[root@ceph-amk-snap-gljzm1-node7 ~]# ceph-fuse /mnt/subvol/ --id client1
2024-04-18T12:52:21.026-0400 7f0611c3b480 -1 init, newargv = 0x5576facb6310 newargc=15
ceph-fuse[11218]: starting ceph client
2024-04-18T12:52:21.037-0400 7f05f67fc640 -1 client.24724 mds.1 rejected us (non-allowable root '/')
2024-04-18T12:52:21.040-0400 7f05f67fc640 -1 client.24724 mds.0 rejected us (non-allowable root '/')
ceph-fuse[11218]: ceph mount failed with (1) Operation not permitted

Update is not working when tried with the same name. Screenshots are attached to document
https://docs.google.com/document/d/1YkgvjSdteHldVghOS_WzwnhB602bviv613k4u2EI73A/edit#heading=h.ew9f04qo13gt

Tried changing the FS name this also worked after changing the fs name in client auths

Comment 7 Pedro González Gómez 2024-05-09 09:12:55 UTC

Added doc text for it

Comment 9 errata-xmlrpc 2024-06-13 14:30:18 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Critical: Red Hat Ceph Storage 7.1 security, enhancements, and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2024:3925

Note You need to log in before you can comment on or make changes to this bug.