]>
Commit | Line | Data |
---|---|---|
11fdf7f2 TL |
1 | #!/usr/bin/env bash |
2 | ||
3 | set -x | |
7c673cae FG |
4 | |
5 | tmp=/tmp/cephtest-mon-caps-madness | |
6 | ||
7 | exit_on_error=1 | |
8 | ||
9 | [[ ! -z $TEST_EXIT_ON_ERROR ]] && exit_on_error=$TEST_EXIT_ON_ERROR | |
10 | ||
11fdf7f2 TL |
11 | if [ `uname` = FreeBSD ]; then |
12 | ETIMEDOUT=60 | |
13 | else | |
14 | ETIMEDOUT=110 | |
15 | fi | |
16 | ||
7c673cae FG |
17 | expect() |
18 | { | |
19 | cmd=$1 | |
20 | expected_ret=$2 | |
21 | ||
22 | echo $cmd | |
23 | eval $cmd >&/dev/null | |
24 | ret=$? | |
25 | ||
26 | if [[ $ret -ne $expected_ret ]]; then | |
27 | echo "Error: Expected return $expected_ret, got $ret" | |
28 | [[ $exit_on_error -eq 1 ]] && exit 1 | |
29 | return 1 | |
30 | fi | |
31 | ||
32 | return 0 | |
33 | } | |
34 | ||
35 | expect "ceph auth get-or-create client.bazar > $tmp.bazar.keyring" 0 | |
9f95a23c | 36 | expect "ceph -k $tmp.bazar.keyring --user bazar quorum_status" 13 |
7c673cae FG |
37 | ceph auth del client.bazar |
38 | ||
9f95a23c | 39 | c="'allow command \"auth ls\", allow command quorum_status'" |
7c673cae | 40 | expect "ceph auth get-or-create client.foo mon $c > $tmp.foo.keyring" 0 |
9f95a23c | 41 | expect "ceph -k $tmp.foo.keyring --user foo quorum_status" 0 |
c07f9fc5 | 42 | expect "ceph -k $tmp.foo.keyring --user foo auth ls" 0 |
7c673cae FG |
43 | expect "ceph -k $tmp.foo.keyring --user foo auth export" 13 |
44 | expect "ceph -k $tmp.foo.keyring --user foo auth del client.bazar" 13 | |
45 | expect "ceph -k $tmp.foo.keyring --user foo osd dump" 13 | |
11fdf7f2 TL |
46 | |
47 | # monitor drops the subscribe message from client if it does not have enough caps | |
48 | # for read from mon. in that case, the client will be waiting for mgrmap in vain, | |
49 | # if it is instructed to send a command to mgr. "pg dump" is served by mgr. so, | |
50 | # we need to set a timeout for testing this scenario. | |
51 | # | |
52 | # leave plenty of time here because the mons might be thrashing. | |
53 | export CEPH_ARGS='--rados-mon-op-timeout=300' | |
54 | expect "ceph -k $tmp.foo.keyring --user foo pg dump" $ETIMEDOUT | |
55 | export CEPH_ARGS='' | |
56 | ||
7c673cae | 57 | ceph auth del client.foo |
9f95a23c | 58 | expect "ceph -k $tmp.foo.keyring --user foo quorum_status" 13 |
7c673cae | 59 | |
9f95a23c | 60 | c="'allow command service with prefix=list, allow command quorum_status'" |
7c673cae | 61 | expect "ceph auth get-or-create client.bar mon $c > $tmp.bar.keyring" 0 |
9f95a23c | 62 | expect "ceph -k $tmp.bar.keyring --user bar quorum_status" 0 |
c07f9fc5 | 63 | expect "ceph -k $tmp.bar.keyring --user bar auth ls" 13 |
7c673cae FG |
64 | expect "ceph -k $tmp.bar.keyring --user bar auth export" 13 |
65 | expect "ceph -k $tmp.bar.keyring --user bar auth del client.foo" 13 | |
66 | expect "ceph -k $tmp.bar.keyring --user bar osd dump" 13 | |
11fdf7f2 TL |
67 | |
68 | # again, we'll need to timeout. | |
69 | export CEPH_ARGS='--rados-mon-op-timeout=300' | |
70 | expect "ceph -k $tmp.bar.keyring --user bar pg dump" $ETIMEDOUT | |
71 | export CEPH_ARGS='' | |
72 | ||
7c673cae | 73 | ceph auth del client.bar |
9f95a23c | 74 | expect "ceph -k $tmp.bar.keyring --user bar quorum_status" 13 |
7c673cae FG |
75 | |
76 | rm $tmp.bazar.keyring $tmp.foo.keyring $tmp.bar.keyring | |
77 | ||
11fdf7f2 TL |
78 | # invalid caps health warning |
79 | cat <<EOF | ceph auth import -i - | |
80 | [client.bad] | |
81 | caps mon = this is wrong | |
82 | caps osd = does not parse | |
83 | caps mds = also does not parse | |
84 | EOF | |
85 | ceph health | grep AUTH_BAD_CAP | |
86 | ceph health detail | grep client.bad | |
87 | ceph auth rm client.bad | |
88 | expect "ceph auth health | grep AUTH_BAD_CAP" 1 | |
89 | ||
c07f9fc5 | 90 | echo OK |