[ceph.git] / ceph / src / test / test_auth.cc

// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
// vim: ts=8 sw=2 smarttab

#include "include/types.h"
#include "include/stringify.h"
#include "auth/Auth.h"
#include "gtest/gtest.h"
#include "common/ceph_context.h"
#include "global/global_context.h"
#include "auth/AuthRegistry.h"

#include <sstream>

TEST(AuthRegistry, con_modes)
{
  auto cct = g_ceph_context;
  AuthRegistry reg(cct);
  std::vector<uint32_t> modes;

  const std::vector<uint32_t> crc_secure = { CEPH_CON_MODE_CRC,
					     CEPH_CON_MODE_SECURE };
  const std::vector<uint32_t> secure_crc = { CEPH_CON_MODE_SECURE,
					     CEPH_CON_MODE_CRC };
  const std::vector<uint32_t> secure = { CEPH_CON_MODE_SECURE };

  cct->_conf.set_val(
    "enable_experimental_unrecoverable_data_corrupting_features", "*");

  // baseline: everybody agrees
  cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT);
  cct->_conf.set_val("ms_cluster_mode", "crc secure");
  cct->_conf.set_val("ms_service_mode", "crc secure");
  cct->_conf.set_val("ms_client_mode", "crc secure");
  cct->_conf.set_val("ms_mon_cluster_mode", "crc secure");
  cct->_conf.set_val("ms_mon_service_mode", "crc secure");
  cct->_conf.set_val("ms_mon_client_mode", "crc secure");
  cct->_conf.apply_changes(NULL);

  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, crc_secure);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, crc_secure);
  ASSERT_EQ((uint32_t)CEPH_CON_MODE_CRC, reg.pick_mode(CEPH_ENTITY_TYPE_OSD,
						       CEPH_AUTH_CEPHX,
						       crc_secure));

  // what mons prefer secure, internal to mon cluster only
  cct->_conf.set_val("ms_mon_cluster_mode", "secure");
  cct->_conf.apply_changes(NULL);

  cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, crc_secure);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, crc_secure);

  cct->_set_module_type(CEPH_ENTITY_TYPE_OSD);

  /* mon/mgr are treated the same, and relevant config is ms_mon_cluster_mode */
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);

  cct->_set_module_type(CEPH_ENTITY_TYPE_MON);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);

  // how all cluster -> mon connections secure?
  cct->_conf.set_val("ms_mon_service_mode", "secure");
  cct->_conf.apply_changes(NULL);

  cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, crc_secure);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, crc_secure);

  cct->_set_module_type(CEPH_ENTITY_TYPE_OSD);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);

  cct->_set_module_type(CEPH_ENTITY_TYPE_MON);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MDS, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);


  // how about client -> mon connections?
  cct->_conf.set_val("ms_mon_client_mode", "secure");
  cct->_conf.apply_changes(NULL);

  cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);

  //  ms_mon)client_mode doesn't does't affect daemons, though...
  cct->_conf.set_val("ms_mon_service_mode", "crc secure");
  cct->_conf.apply_changes(NULL);

  cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);

  cct->_set_module_type(CEPH_ENTITY_TYPE_MON);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, crc_secure);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MDS, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, crc_secure);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);

  // how about all internal cluster connection secure?
  cct->_conf.set_val("ms_cluster_mode", "secure");
  cct->_conf.set_val("ms_mon_service_mode", "secure");
  cct->_conf.apply_changes(NULL);

  cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);

  cct->_set_module_type(CEPH_ENTITY_TYPE_OSD);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, crc_secure);

  cct->_set_module_type(CEPH_ENTITY_TYPE_MGR);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MDS, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);

  cct->_set_module_type(CEPH_ENTITY_TYPE_MDS);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, crc_secure);

  cct->_set_module_type(CEPH_ENTITY_TYPE_MON);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);

  // how about all connections to the cluster?
  cct->_conf.set_val("ms_service_mode", "secure");
  cct->_conf.apply_changes(NULL);

  cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, crc_secure);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MDS, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, crc_secure);

  cct->_set_module_type(CEPH_ENTITY_TYPE_OSD);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);

  cct->_set_module_type(CEPH_ENTITY_TYPE_MGR);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MDS, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);

  cct->_set_module_type(CEPH_ENTITY_TYPE_MDS);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);

  // client forcing things?
  cct->_conf.set_val("ms_cluster_mode", "crc secure");
  cct->_conf.set_val("ms_service_mode", "crc secure");
  cct->_conf.set_val("ms_client_mode", "secure");
  cct->_conf.set_val("ms_mon_cluster_mode", "crc secure");
  cct->_conf.set_val("ms_mon_service_mode", "crc secure");
  cct->_conf.set_val("ms_mon_client_mode", "secure");
  cct->_conf.apply_changes(NULL);

  cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MDS, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure);

  // client *preferring* secure?
  cct->_conf.set_val("ms_cluster_mode", "crc secure");
  cct->_conf.set_val("ms_service_mode", "crc secure");
  cct->_conf.set_val("ms_client_mode", "secure crc");
  cct->_conf.set_val("ms_mon_cluster_mode", "crc secure");
  cct->_conf.set_val("ms_mon_service_mode", "crc secure");
  cct->_conf.set_val("ms_mon_client_mode", "secure crc");
  cct->_conf.apply_changes(NULL);

  cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure_crc);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure_crc);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure_crc);
  reg.get_supported_modes(CEPH_ENTITY_TYPE_MDS, CEPH_AUTH_CEPHX, &modes);
  ASSERT_EQ(modes, secure_crc);

  // back to normalish, for the benefit of the next test(s)
  cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT);  
}
Commit	Line	Data
1e59de90	1	// -- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t --
11fdf7f2 TL	2	// vim: ts=8 sw=2 smarttab
	3
	4	#include "include/types.h"
	5	#include "include/stringify.h"
	6	#include "auth/Auth.h"
	7	#include "gtest/gtest.h"
	8	#include "common/ceph_context.h"
	9	#include "global/global_context.h"
	10	#include "auth/AuthRegistry.h"
	11
	12	#include <sstream>
	13
	14	TEST(AuthRegistry, con_modes)
	15	{
	16	auto cct = g_ceph_context;
	17	AuthRegistry reg(cct);
	18	std::vector<uint32_t> modes;
	19
	20	const std::vector<uint32_t> crc_secure = { CEPH_CON_MODE_CRC,
	21	CEPH_CON_MODE_SECURE };
	22	const std::vector<uint32_t> secure_crc = { CEPH_CON_MODE_SECURE,
	23	CEPH_CON_MODE_CRC };
	24	const std::vector<uint32_t> secure = { CEPH_CON_MODE_SECURE };
	25
	26	cct->_conf.set_val(
	27	"enable_experimental_unrecoverable_data_corrupting_features", "*");
	28
	29	// baseline: everybody agrees
	30	cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT);
	31	cct->_conf.set_val("ms_cluster_mode", "crc secure");
	32	cct->_conf.set_val("ms_service_mode", "crc secure");
	33	cct->_conf.set_val("ms_client_mode", "crc secure");
	34	cct->_conf.set_val("ms_mon_cluster_mode", "crc secure");
	35	cct->_conf.set_val("ms_mon_service_mode", "crc secure");
	36	cct->_conf.set_val("ms_mon_client_mode", "crc secure");
	37	cct->_conf.apply_changes(NULL);
	38
	39	reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
	40	ASSERT_EQ(modes, crc_secure);
	41	reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes);
	42	ASSERT_EQ(modes, crc_secure);
	43	ASSERT_EQ((uint32_t)CEPH_CON_MODE_CRC, reg.pick_mode(CEPH_ENTITY_TYPE_OSD,
	44	CEPH_AUTH_CEPHX,
	45	crc_secure));
	46
	47	// what mons prefer secure, internal to mon cluster only
	48	cct->_conf.set_val("ms_mon_cluster_mode", "secure");
	49	cct->_conf.apply_changes(NULL);
	50
	51	cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT);
	52	reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
	53	ASSERT_EQ(modes, crc_secure);
	54	reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes);
	55	ASSERT_EQ(modes, crc_secure);
	56
	57	cct->_set_module_type(CEPH_ENTITY_TYPE_OSD);
9f95a23c TL	58
9f95a23c TL	59	/* mon/mgr are treated the same, and relevant config is ms_mon_cluster_mode */
11fdf7f2	60	reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
9f95a23c	61	ASSERT_EQ(modes, secure);
11fdf7f2	62	reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
9f95a23c	63	ASSERT_EQ(modes, secure);
11fdf7f2 TL	64
	65	cct->_set_module_type(CEPH_ENTITY_TYPE_MON);
	66	reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
	67	ASSERT_EQ(modes, secure);
	68	reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
9f95a23c	69	ASSERT_EQ(modes, secure);
11fdf7f2 TL	70
	71	// how all cluster -> mon connections secure?
	72	cct->_conf.set_val("ms_mon_service_mode", "secure");
	73	cct->_conf.apply_changes(NULL);
	74
	75	cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT);
	76	reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
	77	ASSERT_EQ(modes, crc_secure);
	78	reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes);
	79	ASSERT_EQ(modes, crc_secure);
	80
	81	cct->_set_module_type(CEPH_ENTITY_TYPE_OSD);
	82	reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
9f95a23c	83	ASSERT_EQ(modes, secure);
11fdf7f2	84	reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
9f95a23c	85	ASSERT_EQ(modes, secure);
11fdf7f2 TL	86
	87	cct->_set_module_type(CEPH_ENTITY_TYPE_MON);
	88	reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes);
	89	ASSERT_EQ(modes, secure);
	90	reg.get_supported_modes(CEPH_ENTITY_TYPE_MDS, CEPH_AUTH_CEPHX, &modes);
	91	ASSERT_EQ(modes, secure);
	92	reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
	93	ASSERT_EQ(modes, secure);
	94
	95
	96	// how about client -> mon connections?
	97	cct->_conf.set_val("ms_mon_client_mode", "secure");
	98	cct->_conf.apply_changes(NULL);
	99
	100	cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT);
	101	reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
	102	ASSERT_EQ(modes, secure);
	103	reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
9f95a23c	104	ASSERT_EQ(modes, secure);
11fdf7f2 TL	105
	106	// ms_mon)client_mode doesn't does't affect daemons, though...
	107	cct->_conf.set_val("ms_mon_service_mode", "crc secure");
	108	cct->_conf.apply_changes(NULL);
	109
	110	cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT);
	111	reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
	112	ASSERT_EQ(modes, secure);
	113	reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
9f95a23c	114	ASSERT_EQ(modes, secure);
11fdf7f2 TL	115
	116	cct->_set_module_type(CEPH_ENTITY_TYPE_MON);
	117	reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes);
	118	ASSERT_EQ(modes, crc_secure);
	119	reg.get_supported_modes(CEPH_ENTITY_TYPE_MDS, CEPH_AUTH_CEPHX, &modes);
	120	ASSERT_EQ(modes, crc_secure);
	121	reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
9f95a23c	122	ASSERT_EQ(modes, secure);
11fdf7f2 TL	123
	124	// how about all internal cluster connection secure?
	125	cct->_conf.set_val("ms_cluster_mode", "secure");
	126	cct->_conf.set_val("ms_mon_service_mode", "secure");
	127	cct->_conf.apply_changes(NULL);
	128
	129	cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT);
	130	reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
	131	ASSERT_EQ(modes, secure);
	132	reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
9f95a23c	133	ASSERT_EQ(modes, secure);
11fdf7f2 TL	134
	135	cct->_set_module_type(CEPH_ENTITY_TYPE_OSD);
	136	reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
	137	ASSERT_EQ(modes, secure);
	138	reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
	139	ASSERT_EQ(modes, secure);
	140	reg.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT, CEPH_AUTH_CEPHX, &modes);
	141	ASSERT_EQ(modes, crc_secure);
	142
	143	cct->_set_module_type(CEPH_ENTITY_TYPE_MGR);
	144	reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
	145	ASSERT_EQ(modes, secure);
	146	reg.get_supported_modes(CEPH_ENTITY_TYPE_MDS, CEPH_AUTH_CEPHX, &modes);
	147	ASSERT_EQ(modes, secure);
	148	reg.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT, CEPH_AUTH_CEPHX, &modes);
9f95a23c	149	ASSERT_EQ(modes, secure);
11fdf7f2 TL	150
	151	cct->_set_module_type(CEPH_ENTITY_TYPE_MDS);
	152	reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
	153	ASSERT_EQ(modes, secure);
	154	reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
	155	ASSERT_EQ(modes, secure);
	156	reg.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT, CEPH_AUTH_CEPHX, &modes);
	157	ASSERT_EQ(modes, crc_secure);
	158
	159	cct->_set_module_type(CEPH_ENTITY_TYPE_MON);
	160	reg.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT, CEPH_AUTH_CEPHX, &modes);
	161	ASSERT_EQ(modes, secure);
	162	reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes);
	163	ASSERT_EQ(modes, secure);
	164	reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
	165	ASSERT_EQ(modes, secure);
	166	reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
	167	ASSERT_EQ(modes, secure);
	168
	169	// how about all connections to the cluster?
	170	cct->_conf.set_val("ms_service_mode", "secure");
	171	cct->_conf.apply_changes(NULL);
	172
	173	cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT);
	174	reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
	175	ASSERT_EQ(modes, secure);
	176	reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
9f95a23c	177	ASSERT_EQ(modes, secure);
11fdf7f2 TL	178	reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes);
	179	ASSERT_EQ(modes, crc_secure);
	180	reg.get_supported_modes(CEPH_ENTITY_TYPE_MDS, CEPH_AUTH_CEPHX, &modes);
	181	ASSERT_EQ(modes, crc_secure);
	182
	183	cct->_set_module_type(CEPH_ENTITY_TYPE_OSD);
	184	reg.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT, CEPH_AUTH_CEPHX, &modes);
	185	ASSERT_EQ(modes, secure);
	186	reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
	187	ASSERT_EQ(modes, secure);
	188	reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
	189	ASSERT_EQ(modes, secure);
	190
	191	cct->_set_module_type(CEPH_ENTITY_TYPE_MGR);
	192	reg.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT, CEPH_AUTH_CEPHX, &modes);
	193	ASSERT_EQ(modes, secure);
	194	reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
	195	ASSERT_EQ(modes, secure);
	196	reg.get_supported_modes(CEPH_ENTITY_TYPE_MDS, CEPH_AUTH_CEPHX, &modes);
	197	ASSERT_EQ(modes, secure);
	198
	199	cct->_set_module_type(CEPH_ENTITY_TYPE_MDS);
	200	reg.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT, CEPH_AUTH_CEPHX, &modes);
	201	ASSERT_EQ(modes, secure);
	202	reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
	203	ASSERT_EQ(modes, secure);
	204	reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
	205	ASSERT_EQ(modes, secure);
	206
	207	// client forcing things?
	208	cct->_conf.set_val("ms_cluster_mode", "crc secure");
	209	cct->_conf.set_val("ms_service_mode", "crc secure");
	210	cct->_conf.set_val("ms_client_mode", "secure");
	211	cct->_conf.set_val("ms_mon_cluster_mode", "crc secure");
	212	cct->_conf.set_val("ms_mon_service_mode", "crc secure");
	213	cct->_conf.set_val("ms_mon_client_mode", "secure");
	214	cct->_conf.apply_changes(NULL);
	215
	216	cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT);
	217	reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
	218	ASSERT_EQ(modes, secure);
	219	reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
	220	ASSERT_EQ(modes, secure);
	221	reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes);
	222	ASSERT_EQ(modes, secure);
	223	reg.get_supported_modes(CEPH_ENTITY_TYPE_MDS, CEPH_AUTH_CEPHX, &modes);
	224	ASSERT_EQ(modes, secure);
	225
	226	// client preferring secure?
	227	cct->_conf.set_val("ms_cluster_mode", "crc secure");
	228	cct->_conf.set_val("ms_service_mode", "crc secure");
	229	cct->_conf.set_val("ms_client_mode", "secure crc");
	230	cct->_conf.set_val("ms_mon_cluster_mode", "crc secure");
	231	cct->_conf.set_val("ms_mon_service_mode", "crc secure");
	232	cct->_conf.set_val("ms_mon_client_mode", "secure crc");
	233	cct->_conf.apply_changes(NULL);
	234
	235	cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT);
	236	reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
	237	ASSERT_EQ(modes, secure_crc);
	238	reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
	239	ASSERT_EQ(modes, secure_crc);
	240	reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes);
	241	ASSERT_EQ(modes, secure_crc);
242	reg.get_supported_modes(CEPH_ENTITY_TYPE_MDS, CEPH_AUTH_CEPHX, &modes);
243	ASSERT_EQ(modes, secure_crc);
244
245	// back to normalish, for the benefit of the next test(s)
246	cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT);
247	}