Merge pull request #8667 from thotz/enhanceusernits

ceph: addressing nits from #8211
rook · Sep 9, 2021 · eed91ef · eed91ef
2 parents d193a23 + 50ecff8
commit eed91ef
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 5 deletions.
diff --git a/Documentation/ceph-object-store-user-crd.md b/Documentation/ceph-object-store-user-crd.md
@@ -40,13 +40,12 @@ spec:
 
 * `store`: The object store in which the user will be created. This matches the name of the objectstore CRD.
 * `displayName`: The display name which will be passed to the `radosgw-admin user create` command.
-* `quotas`: This represents quota limitation can be set on the user(support added from onwards v1.7.3).
+* `quotas`: This represents quota limitation can be set on the user (support added in Rook v1.7.3 and up).
    Please refer [here](https://docs.ceph.com/en/latest/radosgw/admin/#quota-management) for details.
     * `maxBuckets`: The maximum bucket limit for the user.
     * `maxSize`: Maximum size limit of all objects across all the user's buckets.
     * `maxObjects`: Maximum number of objects across all the user's buckets.
-* `capabilities`: Ceph allows users to be given additional permissions(support added from onwards v1.7.3).
-  P.S this setting can used only during the creation of the object store user, not afterwards.
+* `capabilities`: Ceph allows users to be given additional permissions (support added in Rook v1.7.3 and up). Due to missing APIs in go-ceph for updating the user capabilities, this setting can currently only be used during the creation of the object store user. If a user's capabilities need modified, the user must be deleted and re-created.
   See the [Ceph docs](https://docs.ceph.com/en/latest/radosgw/admin/#add-remove-admin-capabilities) for more info.
   Rook supports adding `read`, `write`, `read, write`, or `*` permissions for the following resources:
     * `users`

diff --git a/pkg/operator/ceph/object/user/controller.go b/pkg/operator/ceph/object/user/controller.go
@@ -282,7 +282,7 @@ func (r *ReconcileObjectStoreUser) createorUpdateCephUser(u *cephv1.CephObjectSt
 			return errors.Wrapf(err, "failed to get details from ceph object user %q", u.Name)
 		}
 	} else if *user.MaxBuckets != *r.userConfig.MaxBuckets {
-		// TODO handle update for user capabilities
+		// TODO: handle update for user capabilities, depends on https://github.com/ceph/go-ceph/pull/571
 		user, err = r.objContext.AdminOpsClient.ModifyUser(context.TODO(), *r.userConfig)
 		if err != nil {
 			return errors.Wrapf(err, "failed to create ceph object user %v", &r.userConfig.ID)

diff --git a/tests/integration/ceph_base_object_test.go b/tests/integration/ceph_base_object_test.go
@@ -154,7 +154,7 @@ func checkCephObjectUser(
 		assert.Equal(s.T(), k8sutil.ReadyStatus, phase)
 	}
 	if checkQuotaAndCaps {
-		// following fields in CephObjectStoreUser CRD doesn't exist before Rook v1.7
+		// following fields in CephObjectStoreUser CRD doesn't exist before Rook v1.7.3
 		maxObjectInt, err := strconv.Atoi(maxObject)
 		assert.Nil(s.T(), err)
 		maxSizeInt, err := strconv.Atoi(maxSize)