5 tmp
=/tmp
/cephtest-mon-caps-madness
9 [[ ! -z $TEST_EXIT_ON_ERROR ]] && exit_on_error
=$TEST_EXIT_ON_ERROR
11 if [ `uname` = FreeBSD
]; then
26 if [[ $ret -ne $expected_ret ]]; then
27 echo "Error: Expected return $expected_ret, got $ret"
28 [[ $exit_on_error -eq 1 ]] && exit 1
35 expect
"ceph auth get-or-create client.bazar > $tmp.bazar.keyring" 0
36 expect
"ceph -k $tmp.bazar.keyring --user bazar mon_status" 13
37 ceph auth del client.bazar
39 c
="'allow command \"auth ls\", allow command mon_status'"
40 expect
"ceph auth get-or-create client.foo mon $c > $tmp.foo.keyring" 0
41 expect
"ceph -k $tmp.foo.keyring --user foo mon_status" 0
42 expect
"ceph -k $tmp.foo.keyring --user foo auth ls" 0
43 expect
"ceph -k $tmp.foo.keyring --user foo auth export" 13
44 expect
"ceph -k $tmp.foo.keyring --user foo auth del client.bazar" 13
45 expect
"ceph -k $tmp.foo.keyring --user foo osd dump" 13
47 # monitor drops the subscribe message from client if it does not have enough caps
48 # for read from mon. in that case, the client will be waiting for mgrmap in vain,
49 # if it is instructed to send a command to mgr. "pg dump" is served by mgr. so,
50 # we need to set a timeout for testing this scenario.
52 # leave plenty of time here because the mons might be thrashing.
53 export CEPH_ARGS
='--rados-mon-op-timeout=300'
54 expect
"ceph -k $tmp.foo.keyring --user foo pg dump" $ETIMEDOUT
57 expect
"ceph -k $tmp.foo.keyring --user foo quorum_status" 13
58 ceph auth del client.foo
60 c
="'allow command service with prefix=list, allow command mon_status'"
61 expect
"ceph auth get-or-create client.bar mon $c > $tmp.bar.keyring" 0
62 expect
"ceph -k $tmp.bar.keyring --user bar mon_status" 0
63 expect
"ceph -k $tmp.bar.keyring --user bar auth ls" 13
64 expect
"ceph -k $tmp.bar.keyring --user bar auth export" 13
65 expect
"ceph -k $tmp.bar.keyring --user bar auth del client.foo" 13
66 expect
"ceph -k $tmp.bar.keyring --user bar osd dump" 13
68 # again, we'll need to timeout.
69 export CEPH_ARGS
='--rados-mon-op-timeout=300'
70 expect
"ceph -k $tmp.bar.keyring --user bar pg dump" $ETIMEDOUT
73 expect
"ceph -k $tmp.bar.keyring --user bar quorum_status" 13
74 ceph auth del client.bar
76 rm $tmp.bazar.keyring
$tmp.foo.keyring
$tmp.bar.keyring
78 # invalid caps health warning
79 cat <<EOF | ceph auth import -i -
81 caps mon = this is wrong
82 caps osd = does not parse
83 caps mds = also does not parse
85 ceph health |
grep AUTH_BAD_CAP
86 ceph health detail |
grep client.bad
87 ceph auth
rm client.bad
88 expect
"ceph auth health | grep AUTH_BAD_CAP" 1