Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-19901

allow 'lctl nodemap modify rbac=[+-]role'

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Fixed
    • Medium
    • Lustre 2.18.0
    • Lustre 2.17.0
    • 3
    • 9223372036854775807

    Description

      It doesn't appear possible to incrementally modify the rbac roles of an existing nodemap by using "lctl nodemap_modify --name NODEMAP --parameter rbac --value=-ROLE" to remove an existing role, or "... --value=+ROLE" to add a new role. Currently the entire list of rbac roles must be "edited" (e.g. via sed) or fully re-specified and set on the command-line. This is inconvenient for administrators that only want to add or remove individual roles, and possibly introducing errors if the re-specified roles are statically determined and containing some new role that is part of the default.

      There is already an existing mechanism for manipulating parameter masks for debug flags using cfs_str2mask() that should be re-used for this functionality to add or remove individual roles.

      Attachments

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. LU-16524 Limit capabilities of local admin

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Activity

            People

              ckansal Chakshu Kansal
              adilger Andreas Dilger
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: