diff --git a/Documentation/ceph-object-store-user-crd.md b/Documentation/ceph-object-store-user-crd.md index 7c47bc1a8fd3..27bbdbffaf3f 100644 --- a/Documentation/ceph-object-store-user-crd.md +++ b/Documentation/ceph-object-store-user-crd.md @@ -40,13 +40,12 @@ spec: * `store`: The object store in which the user will be created. This matches the name of the objectstore CRD. * `displayName`: The display name which will be passed to the `radosgw-admin user create` command. -* `quotas`: This represents quota limitation can be set on the user(support added from onwards v1.7.3). +* `quotas`: This represents quota limitation can be set on the user (support added in Rook v1.7.3 and up). Please refer [here](https://docs.ceph.com/en/latest/radosgw/admin/#quota-management) for details. * `maxBuckets`: The maximum bucket limit for the user. * `maxSize`: Maximum size limit of all objects across all the user's buckets. * `maxObjects`: Maximum number of objects across all the user's buckets. -* `capabilities`: Ceph allows users to be given additional permissions(support added from onwards v1.7.3). - P.S this setting can used only during the creation of the object store user, not afterwards. +* `capabilities`: Ceph allows users to be given additional permissions (support added in Rook v1.7.3 and up). Due to missing APIs in go-ceph for updating the user capabilities, this setting can currently only be used during the creation of the object store user. If a user's capabilities need modified, the user must be deleted and re-created. See the [Ceph docs](https://docs.ceph.com/en/latest/radosgw/admin/#add-remove-admin-capabilities) for more info. Rook supports adding `read`, `write`, `read, write`, or `*` permissions for the following resources: * `users` diff --git a/pkg/operator/ceph/object/user/controller.go b/pkg/operator/ceph/object/user/controller.go index f1b9227a6389..0fb938f5d44b 100644 --- a/pkg/operator/ceph/object/user/controller.go +++ b/pkg/operator/ceph/object/user/controller.go @@ -282,7 +282,7 @@ func (r *ReconcileObjectStoreUser) createorUpdateCephUser(u *cephv1.CephObjectSt return errors.Wrapf(err, "failed to get details from ceph object user %q", u.Name) } } else if *user.MaxBuckets != *r.userConfig.MaxBuckets { - // TODO handle update for user capabilities + // TODO: handle update for user capabilities, depends on https://github.com/ceph/go-ceph/pull/571 user, err = r.objContext.AdminOpsClient.ModifyUser(context.TODO(), *r.userConfig) if err != nil { return errors.Wrapf(err, "failed to create ceph object user %v", &r.userConfig.ID) diff --git a/tests/integration/ceph_base_object_test.go b/tests/integration/ceph_base_object_test.go index f3ec0a5f77e1..d3fba44d9a22 100644 --- a/tests/integration/ceph_base_object_test.go +++ b/tests/integration/ceph_base_object_test.go @@ -154,7 +154,7 @@ func checkCephObjectUser( assert.Equal(s.T(), k8sutil.ReadyStatus, phase) } if checkQuotaAndCaps { - // following fields in CephObjectStoreUser CRD doesn't exist before Rook v1.7 + // following fields in CephObjectStoreUser CRD doesn't exist before Rook v1.7.3 maxObjectInt, err := strconv.Atoi(maxObject) assert.Nil(s.T(), err) maxSizeInt, err := strconv.Atoi(maxSize)