git://git.whamcloud.com - fs/lustre-release.git/commit

author	Sebastien Buisson <sbuisson@ddn.com>
	Thu, 19 Dec 2024 14:08:11 +0000 (15:08 +0100)
committer	Oleg Drokin <green@whamcloud.com>
	Sun, 2 Feb 2025 06:28:22 +0000 (06:28 +0000)
commit	745486da697fc577cb6b927bcfbca9cf587666e4
tree	b51162b4bc584eea37bfc658e32b3fe0165f2be1	tree \| snapshot
parent	478dd88f38b77d3cd63c0f931d11b57a03c50928	commit \| diff

LU-18581 sec: add hsm_ops rbac role

The purpose of the new hsm_ops rbac role is to control whether
clients can carry out HSM actions. When set, clients can call any
HSM primitive. When not set, clients get -EACCES when they try one of
the following:
- archive
- restore
- remove
- release
- set
- clear
- ct_register
- ct_unregister

sanity-hsm test_411 is added to exercise the new hsm_ops rbac role.

Signed-off-by: Sebastien Buisson <sbuisson@ddn.com>
Change-Id: I234f4e8e37ec359ac9f790e29bf0b91725f2ef16
Reviewed-on: https://review.whamcloud.com/c/fs/lustre-release/+/57526
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Marc Vef <mvef@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>

lustre/doc/lctl-nodemap-modify.8		diff \| blob \| history
lustre/include/lustre_nodemap.h		diff \| blob \| history
lustre/include/md_object.h		diff \| blob \| history
lustre/include/uapi/linux/lustre/lustre_idl.h		diff \| blob \| history
lustre/mdt/mdt_coordinator.c		diff \| blob \| history
lustre/mdt/mdt_handler.c		diff \| blob \| history
lustre/mdt/mdt_hsm.c		diff \| blob \| history
lustre/mdt/mdt_lib.c		diff \| blob \| history
lustre/mdt/mdt_open.c		diff \| blob \| history
lustre/mdt/mdt_restripe.c		diff \| blob \| history
lustre/obdecho/echo_client.c		diff \| blob \| history
lustre/ptlrpc/wiretest.c		diff \| blob \| history
lustre/tests/sanity-hsm.sh		diff \| blob \| history
lustre/utils/wirecheck.c		diff \| blob \| history
lustre/utils/wiretest.c		diff \| blob \| history