diff --git a/deploy/charts/rook-ceph/templates/resources.yaml b/deploy/charts/rook-ceph/templates/resources.yaml index f6f70db6af70..42187ed2806b 100644 --- a/deploy/charts/rook-ceph/templates/resources.yaml +++ b/deploy/charts/rook-ceph/templates/resources.yaml @@ -12881,7 +12881,7 @@ spec: description: Additional admin-level capabilities for the Ceph object store user nullable: true properties: - bucket: + buckets: description: Admin capabilities to read/write Ceph object store buckets. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' @@ -12913,6 +12913,14 @@ spec: - write - read, write type: string + users: + description: Admin capabilities to read/write Ceph object store users. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities + enum: + - '*' + - read + - write + - read, write + type: string zone: description: Admin capabilities to read/write Ceph object store zones. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: diff --git a/deploy/examples/crds.yaml b/deploy/examples/crds.yaml index b571b462f610..293508f161d2 100644 --- a/deploy/examples/crds.yaml +++ b/deploy/examples/crds.yaml @@ -12872,7 +12872,7 @@ spec: description: Additional admin-level capabilities for the Ceph object store user nullable: true properties: - bucket: + buckets: description: Admin capabilities to read/write Ceph object store buckets. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: - '*' @@ -12904,6 +12904,14 @@ spec: - write - read, write type: string + users: + description: Admin capabilities to read/write Ceph object store users. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities + enum: + - '*' + - read + - write + - read, write + type: string zone: description: Admin capabilities to read/write Ceph object store zones. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities enum: diff --git a/pkg/apis/ceph.rook.io/v1/types.go b/pkg/apis/ceph.rook.io/v1/types.go index 5cdd20cb871a..0467dcaefc1e 100755 --- a/pkg/apis/ceph.rook.io/v1/types.go +++ b/pkg/apis/ceph.rook.io/v1/types.go @@ -1563,8 +1563,12 @@ type ObjectUserCapSpec struct { User string `json:"user,omitempty"` // +optional // +kubebuilder:validation:Enum={"*","read","write","read, write"} + // Admin capabilities to read/write Ceph object store users. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities + Users string `json:"users,omitempty"` + // +optional + // +kubebuilder:validation:Enum={"*","read","write","read, write"} // Admin capabilities to read/write Ceph object store buckets. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities - Bucket string `json:"bucket,omitempty"` + Buckets string `json:"buckets,omitempty"` // +optional // +kubebuilder:validation:Enum={"*","read","write","read, write"} // Admin capabilities to read/write Ceph object store metadata. Documented in https://docs.ceph.com/en/latest/radosgw/admin/?#add-remove-admin-capabilities diff --git a/pkg/operator/ceph/object/user/controller.go b/pkg/operator/ceph/object/user/controller.go index 352162f4ce0a..ef69c292cfa7 100644 --- a/pkg/operator/ceph/object/user/controller.go +++ b/pkg/operator/ceph/object/user/controller.go @@ -422,8 +422,11 @@ func generateUserConfig(user *cephv1.CephObjectStoreUser) admin.User { if user.Spec.Capabilities.User != "" { userConfig.UserCaps += fmt.Sprintf("users=%s;", user.Spec.Capabilities.User) } - if user.Spec.Capabilities.Bucket != "" { - userConfig.UserCaps += fmt.Sprintf("buckets=%s;", user.Spec.Capabilities.Bucket) + if user.Spec.Capabilities.Users != "" { + userConfig.UserCaps += fmt.Sprintf("users=%s;", user.Spec.Capabilities.User) + } + if user.Spec.Capabilities.Buckets != "" { + userConfig.UserCaps += fmt.Sprintf("buckets=%s;", user.Spec.Capabilities.Buckets) } if user.Spec.Capabilities.MetaData != "" { userConfig.UserCaps += fmt.Sprintf("metadata=%s;", user.Spec.Capabilities.MetaData) diff --git a/pkg/operator/ceph/object/user/controller_test.go b/pkg/operator/ceph/object/user/controller_test.go index dd7205161d1f..df365251272c 100644 --- a/pkg/operator/ceph/object/user/controller_test.go +++ b/pkg/operator/ceph/object/user/controller_test.go @@ -461,8 +461,8 @@ func TestCreateOrUpdateCephUser(t *testing.T) { t.Run("setting Capabilities for the user", func(t *testing.T) { objectUser.Spec.Quotas = nil objectUser.Spec.Capabilities = &cephv1.ObjectUserCapSpec{ - User: "read", - Bucket: "read", + User: "read", + Buckets: "read", } userConfig = generateUserConfig(objectUser) r.userConfig = &userConfig @@ -510,8 +510,8 @@ func TestCreateOrUpdateCephUser(t *testing.T) { t.Run("setting both Quotas and Capabilities for the user", func(t *testing.T) { objectUser.Spec.Capabilities = &cephv1.ObjectUserCapSpec{ - User: "read", - Bucket: "read", + User: "read", + Buckets: "read", } objectUser.Spec.Quotas = &cephv1.ObjectUserQuotaSpec{MaxBuckets: &maxbucket, MaxObjects: &maxobject, MaxSize: &maxsize} userConfig = generateUserConfig(objectUser)