]>
Commit | Line | Data |
---|---|---|
1e59de90 | 1 | // -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- |
11fdf7f2 TL |
2 | // vim: ts=8 sw=2 smarttab |
3 | ||
4 | #include "include/types.h" | |
5 | #include "include/stringify.h" | |
6 | #include "auth/Auth.h" | |
7 | #include "gtest/gtest.h" | |
8 | #include "common/ceph_context.h" | |
9 | #include "global/global_context.h" | |
10 | #include "auth/AuthRegistry.h" | |
11 | ||
12 | #include <sstream> | |
13 | ||
14 | TEST(AuthRegistry, con_modes) | |
15 | { | |
16 | auto cct = g_ceph_context; | |
17 | AuthRegistry reg(cct); | |
18 | std::vector<uint32_t> modes; | |
19 | ||
20 | const std::vector<uint32_t> crc_secure = { CEPH_CON_MODE_CRC, | |
21 | CEPH_CON_MODE_SECURE }; | |
22 | const std::vector<uint32_t> secure_crc = { CEPH_CON_MODE_SECURE, | |
23 | CEPH_CON_MODE_CRC }; | |
24 | const std::vector<uint32_t> secure = { CEPH_CON_MODE_SECURE }; | |
25 | ||
26 | cct->_conf.set_val( | |
27 | "enable_experimental_unrecoverable_data_corrupting_features", "*"); | |
28 | ||
29 | // baseline: everybody agrees | |
30 | cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT); | |
31 | cct->_conf.set_val("ms_cluster_mode", "crc secure"); | |
32 | cct->_conf.set_val("ms_service_mode", "crc secure"); | |
33 | cct->_conf.set_val("ms_client_mode", "crc secure"); | |
34 | cct->_conf.set_val("ms_mon_cluster_mode", "crc secure"); | |
35 | cct->_conf.set_val("ms_mon_service_mode", "crc secure"); | |
36 | cct->_conf.set_val("ms_mon_client_mode", "crc secure"); | |
37 | cct->_conf.apply_changes(NULL); | |
38 | ||
39 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); | |
40 | ASSERT_EQ(modes, crc_secure); | |
41 | reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes); | |
42 | ASSERT_EQ(modes, crc_secure); | |
43 | ASSERT_EQ((uint32_t)CEPH_CON_MODE_CRC, reg.pick_mode(CEPH_ENTITY_TYPE_OSD, | |
44 | CEPH_AUTH_CEPHX, | |
45 | crc_secure)); | |
46 | ||
47 | // what mons prefer secure, internal to mon cluster only | |
48 | cct->_conf.set_val("ms_mon_cluster_mode", "secure"); | |
49 | cct->_conf.apply_changes(NULL); | |
50 | ||
51 | cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT); | |
52 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); | |
53 | ASSERT_EQ(modes, crc_secure); | |
54 | reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes); | |
55 | ASSERT_EQ(modes, crc_secure); | |
56 | ||
57 | cct->_set_module_type(CEPH_ENTITY_TYPE_OSD); | |
9f95a23c TL |
58 | |
59 | /* mon/mgr are treated the same, and relevant config is ms_mon_cluster_mode */ | |
11fdf7f2 | 60 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); |
9f95a23c | 61 | ASSERT_EQ(modes, secure); |
11fdf7f2 | 62 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes); |
9f95a23c | 63 | ASSERT_EQ(modes, secure); |
11fdf7f2 TL |
64 | |
65 | cct->_set_module_type(CEPH_ENTITY_TYPE_MON); | |
66 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); | |
67 | ASSERT_EQ(modes, secure); | |
68 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes); | |
9f95a23c | 69 | ASSERT_EQ(modes, secure); |
11fdf7f2 TL |
70 | |
71 | // how all cluster -> mon connections secure? | |
72 | cct->_conf.set_val("ms_mon_service_mode", "secure"); | |
73 | cct->_conf.apply_changes(NULL); | |
74 | ||
75 | cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT); | |
76 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); | |
77 | ASSERT_EQ(modes, crc_secure); | |
78 | reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes); | |
79 | ASSERT_EQ(modes, crc_secure); | |
80 | ||
81 | cct->_set_module_type(CEPH_ENTITY_TYPE_OSD); | |
82 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); | |
9f95a23c | 83 | ASSERT_EQ(modes, secure); |
11fdf7f2 | 84 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes); |
9f95a23c | 85 | ASSERT_EQ(modes, secure); |
11fdf7f2 TL |
86 | |
87 | cct->_set_module_type(CEPH_ENTITY_TYPE_MON); | |
88 | reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes); | |
89 | ASSERT_EQ(modes, secure); | |
90 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MDS, CEPH_AUTH_CEPHX, &modes); | |
91 | ASSERT_EQ(modes, secure); | |
92 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes); | |
93 | ASSERT_EQ(modes, secure); | |
94 | ||
95 | ||
96 | // how about client -> mon connections? | |
97 | cct->_conf.set_val("ms_mon_client_mode", "secure"); | |
98 | cct->_conf.apply_changes(NULL); | |
99 | ||
100 | cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT); | |
101 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); | |
102 | ASSERT_EQ(modes, secure); | |
103 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes); | |
9f95a23c | 104 | ASSERT_EQ(modes, secure); |
11fdf7f2 TL |
105 | |
106 | // ms_mon)client_mode doesn't does't affect daemons, though... | |
107 | cct->_conf.set_val("ms_mon_service_mode", "crc secure"); | |
108 | cct->_conf.apply_changes(NULL); | |
109 | ||
110 | cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT); | |
111 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); | |
112 | ASSERT_EQ(modes, secure); | |
113 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes); | |
9f95a23c | 114 | ASSERT_EQ(modes, secure); |
11fdf7f2 TL |
115 | |
116 | cct->_set_module_type(CEPH_ENTITY_TYPE_MON); | |
117 | reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes); | |
118 | ASSERT_EQ(modes, crc_secure); | |
119 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MDS, CEPH_AUTH_CEPHX, &modes); | |
120 | ASSERT_EQ(modes, crc_secure); | |
121 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes); | |
9f95a23c | 122 | ASSERT_EQ(modes, secure); |
11fdf7f2 TL |
123 | |
124 | // how about all internal cluster connection secure? | |
125 | cct->_conf.set_val("ms_cluster_mode", "secure"); | |
126 | cct->_conf.set_val("ms_mon_service_mode", "secure"); | |
127 | cct->_conf.apply_changes(NULL); | |
128 | ||
129 | cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT); | |
130 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); | |
131 | ASSERT_EQ(modes, secure); | |
132 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes); | |
9f95a23c | 133 | ASSERT_EQ(modes, secure); |
11fdf7f2 TL |
134 | |
135 | cct->_set_module_type(CEPH_ENTITY_TYPE_OSD); | |
136 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); | |
137 | ASSERT_EQ(modes, secure); | |
138 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes); | |
139 | ASSERT_EQ(modes, secure); | |
140 | reg.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT, CEPH_AUTH_CEPHX, &modes); | |
141 | ASSERT_EQ(modes, crc_secure); | |
142 | ||
143 | cct->_set_module_type(CEPH_ENTITY_TYPE_MGR); | |
144 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); | |
145 | ASSERT_EQ(modes, secure); | |
146 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MDS, CEPH_AUTH_CEPHX, &modes); | |
147 | ASSERT_EQ(modes, secure); | |
148 | reg.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT, CEPH_AUTH_CEPHX, &modes); | |
9f95a23c | 149 | ASSERT_EQ(modes, secure); |
11fdf7f2 TL |
150 | |
151 | cct->_set_module_type(CEPH_ENTITY_TYPE_MDS); | |
152 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); | |
153 | ASSERT_EQ(modes, secure); | |
154 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes); | |
155 | ASSERT_EQ(modes, secure); | |
156 | reg.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT, CEPH_AUTH_CEPHX, &modes); | |
157 | ASSERT_EQ(modes, crc_secure); | |
158 | ||
159 | cct->_set_module_type(CEPH_ENTITY_TYPE_MON); | |
160 | reg.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT, CEPH_AUTH_CEPHX, &modes); | |
161 | ASSERT_EQ(modes, secure); | |
162 | reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes); | |
163 | ASSERT_EQ(modes, secure); | |
164 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes); | |
165 | ASSERT_EQ(modes, secure); | |
166 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); | |
167 | ASSERT_EQ(modes, secure); | |
168 | ||
169 | // how about all connections to the cluster? | |
170 | cct->_conf.set_val("ms_service_mode", "secure"); | |
171 | cct->_conf.apply_changes(NULL); | |
172 | ||
173 | cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT); | |
174 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); | |
175 | ASSERT_EQ(modes, secure); | |
176 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes); | |
9f95a23c | 177 | ASSERT_EQ(modes, secure); |
11fdf7f2 TL |
178 | reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes); |
179 | ASSERT_EQ(modes, crc_secure); | |
180 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MDS, CEPH_AUTH_CEPHX, &modes); | |
181 | ASSERT_EQ(modes, crc_secure); | |
182 | ||
183 | cct->_set_module_type(CEPH_ENTITY_TYPE_OSD); | |
184 | reg.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT, CEPH_AUTH_CEPHX, &modes); | |
185 | ASSERT_EQ(modes, secure); | |
186 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); | |
187 | ASSERT_EQ(modes, secure); | |
188 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes); | |
189 | ASSERT_EQ(modes, secure); | |
190 | ||
191 | cct->_set_module_type(CEPH_ENTITY_TYPE_MGR); | |
192 | reg.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT, CEPH_AUTH_CEPHX, &modes); | |
193 | ASSERT_EQ(modes, secure); | |
194 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); | |
195 | ASSERT_EQ(modes, secure); | |
196 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MDS, CEPH_AUTH_CEPHX, &modes); | |
197 | ASSERT_EQ(modes, secure); | |
198 | ||
199 | cct->_set_module_type(CEPH_ENTITY_TYPE_MDS); | |
200 | reg.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT, CEPH_AUTH_CEPHX, &modes); | |
201 | ASSERT_EQ(modes, secure); | |
202 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); | |
203 | ASSERT_EQ(modes, secure); | |
204 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes); | |
205 | ASSERT_EQ(modes, secure); | |
206 | ||
207 | // client forcing things? | |
208 | cct->_conf.set_val("ms_cluster_mode", "crc secure"); | |
209 | cct->_conf.set_val("ms_service_mode", "crc secure"); | |
210 | cct->_conf.set_val("ms_client_mode", "secure"); | |
211 | cct->_conf.set_val("ms_mon_cluster_mode", "crc secure"); | |
212 | cct->_conf.set_val("ms_mon_service_mode", "crc secure"); | |
213 | cct->_conf.set_val("ms_mon_client_mode", "secure"); | |
214 | cct->_conf.apply_changes(NULL); | |
215 | ||
216 | cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT); | |
217 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); | |
218 | ASSERT_EQ(modes, secure); | |
219 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes); | |
220 | ASSERT_EQ(modes, secure); | |
221 | reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes); | |
222 | ASSERT_EQ(modes, secure); | |
223 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MDS, CEPH_AUTH_CEPHX, &modes); | |
224 | ASSERT_EQ(modes, secure); | |
225 | ||
226 | // client *preferring* secure? | |
227 | cct->_conf.set_val("ms_cluster_mode", "crc secure"); | |
228 | cct->_conf.set_val("ms_service_mode", "crc secure"); | |
229 | cct->_conf.set_val("ms_client_mode", "secure crc"); | |
230 | cct->_conf.set_val("ms_mon_cluster_mode", "crc secure"); | |
231 | cct->_conf.set_val("ms_mon_service_mode", "crc secure"); | |
232 | cct->_conf.set_val("ms_mon_client_mode", "secure crc"); | |
233 | cct->_conf.apply_changes(NULL); | |
234 | ||
235 | cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT); | |
236 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); | |
237 | ASSERT_EQ(modes, secure_crc); | |
238 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes); | |
239 | ASSERT_EQ(modes, secure_crc); | |
240 | reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes); | |
241 | ASSERT_EQ(modes, secure_crc); | |
242 | reg.get_supported_modes(CEPH_ENTITY_TYPE_MDS, CEPH_AUTH_CEPHX, &modes); | |
243 | ASSERT_EQ(modes, secure_crc); | |
244 | ||
245 | // back to normalish, for the benefit of the next test(s) | |
246 | cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT); | |
247 | } |