Merge pull request #89 from depot/fix/ceph-auth-namespace

fix: use namespace for ceph authorization
depot · May 20, 2024 · 7e178fc · 7e178fc
2 parents cdad3d5 + d09284a
commit 7e178fc
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 3 deletions.
diff --git a/src/handlers/volumes.ts b/src/handlers/volumes.ts
@@ -278,7 +278,12 @@ async function authorizeClient({
   clientName: plainClientName,
   imageSpec,
 }: AuthorizeClientAction): Promise<PlainMessage<ReportVolumeUpdatesRequest>> {
-  const osdProfile = newOsdProfile(volumeName)
+  let namespace = volumeName
+  if (imageSpec && imageSpec.includes('/')) {
+    namespace = imageSpec.split('/')[1]
+  }
+
+  const osdProfile = newOsdProfile(namespace)
   const clientName = newClientName(plainClientName)
   await authCaps(osdProfile, clientName)
 

diff --git a/src/utils/ceph.ts b/src/utils/ceph.ts
@@ -31,9 +31,9 @@ export function newClientName(name: string): ClientName {
   return name as ClientName
 }
 
-export function newOsdProfile(volumeName: string): OsdProfile {
+export function newOsdProfile(namespace: string): OsdProfile {
   // Gives a user read-write access to the Ceph Block Devices in namespace.
-  return `profile rbd pool=${POOL} namespace=${volumeName}` as OsdProfile
+  return `profile rbd pool=${POOL} namespace=${namespace}` as OsdProfile
 }
 
 export function newSnapshotSpec(snapshotName: string): SnapshotSpec {