3 ceph-authtool --create-keyring k --gen-key -p --name client.xx
4 ceph auth add -i k client.xx mon "allow command foo; allow command bar *; allow command baz ...; allow command foo add * mon allow\\ rwx osd allow\\ *"
6 ( ceph -k k -n client.xx foo || true ) | grep 'unrecog'
7 ( ceph -k k -n client.xx foo ooo || true ) | grep 'Access denied'
8 ( ceph -k k -n client.xx fo || true ) | grep 'Access denied'
9 ( ceph -k k -n client.xx fooo || true ) | grep 'Access denied'
11 ( ceph -k k -n client.xx bar || true ) | grep 'Access denied'
12 ( ceph -k k -n client.xx bar a || true ) | grep 'unrecog'
13 ( ceph -k k -n client.xx bar a b c || true ) | grep 'Access denied'
14 ( ceph -k k -n client.xx ba || true ) | grep 'Access denied'
15 ( ceph -k k -n client.xx barr || true ) | grep 'Access denied'
17 ( ceph -k k -n client.xx baz || true ) | grep -v 'Access denied'
18 ( ceph -k k -n client.xx baz a || true ) | grep -v 'Access denied'
19 ( ceph -k k -n client.xx baz a b || true ) | grep -v 'Access denied'
21 ( ceph -k k -n client.xx foo add osd.1 -i k mon 'allow rwx' osd 'allow *' || true ) | grep 'unrecog'
22 ( ceph -k k -n client.xx foo add osd a b c -i k mon 'allow rwx' osd 'allow *' || true ) | grep 'Access denied'
23 ( ceph -k k -n client.xx foo add osd a b c -i k mon 'allow *' || true ) | grep 'Access denied'