]>
git.proxmox.com Git - ceph.git/blob - ceph/src/pybind/mgr/volumes/fs/operations/access.py
3 from typing
import List
6 def prepare_updated_caps_list(existing_caps
, mds_cap_str
, osd_cap_str
, authorize
=True):
7 caps_list
= [] # type: List[str]
8 for k
, v
in existing_caps
['caps'].items():
9 if k
== 'mds' or k
== 'osd':
12 if not authorize
and v
== 'allow r':
14 caps_list
.extend((k
, v
))
17 caps_list
.extend(('mds', mds_cap_str
))
19 caps_list
.extend(('osd', osd_cap_str
))
21 if authorize
and 'mon' not in caps_list
:
22 caps_list
.extend(('mon', 'allow r'))
27 def allow_access(mgr
, client_entity
, want_mds_cap
, want_osd_cap
,
28 unwanted_mds_cap
, unwanted_osd_cap
, existing_caps
):
29 if existing_caps
is None:
30 ret
, out
, err
= mgr
.mon_command({
31 "prefix": "auth get-or-create",
32 "entity": client_entity
,
33 "caps": ['mds', want_mds_cap
, 'osd', want_osd_cap
, 'mon', 'allow r'],
36 cap
= existing_caps
[0]
39 orig_mds_caps
, orig_osd_caps
, want_mds_cap
,
40 want_osd_cap
, unwanted_mds_cap
, unwanted_osd_cap
):
43 return want_mds_cap
, want_osd_cap
45 mds_cap_tokens
= [x
.strip() for x
in orig_mds_caps
.split(",")]
46 osd_cap_tokens
= [x
.strip() for x
in orig_osd_caps
.split(",")]
48 if want_mds_cap
in mds_cap_tokens
:
49 return orig_mds_caps
, orig_osd_caps
51 if unwanted_mds_cap
in mds_cap_tokens
:
52 mds_cap_tokens
.remove(unwanted_mds_cap
)
53 osd_cap_tokens
.remove(unwanted_osd_cap
)
55 mds_cap_tokens
.append(want_mds_cap
)
56 osd_cap_tokens
.append(want_osd_cap
)
58 return ",".join(mds_cap_tokens
), ",".join(osd_cap_tokens
)
60 orig_mds_caps
= cap
['caps'].get('mds', "")
61 orig_osd_caps
= cap
['caps'].get('osd', "")
63 mds_cap_str
, osd_cap_str
= cap_update(
64 orig_mds_caps
, orig_osd_caps
, want_mds_cap
, want_osd_cap
,
65 unwanted_mds_cap
, unwanted_osd_cap
)
67 caps_list
= prepare_updated_caps_list(cap
, mds_cap_str
, osd_cap_str
)
70 "prefix": "auth caps",
71 'entity': client_entity
,
74 ret
, out
, err
= mgr
.mon_command(
77 'entity': client_entity
,
81 # Result expected like this:
84 # "entity": "client.foobar",
85 # "key": "AQBY0\/pViX\/wBBAAUpPs9swy7rey1qPhzmDVGQ==",
93 caps
= json
.loads(out
)
95 assert caps
[0]['entity'] == client_entity
99 def deny_access(mgr
, client_entity
, want_mds_caps
, want_osd_caps
):
100 ret
, out
, err
= mgr
.mon_command({
101 "prefix": "auth get",
102 "entity": client_entity
,
106 if ret
== -errno
.ENOENT
:
107 # Already gone, great.
110 def cap_remove(orig_mds_caps
, orig_osd_caps
, want_mds_caps
, want_osd_caps
):
111 mds_cap_tokens
= [x
.strip() for x
in orig_mds_caps
.split(",")]
112 osd_cap_tokens
= [x
.strip() for x
in orig_osd_caps
.split(",")]
114 for want_mds_cap
, want_osd_cap
in zip(want_mds_caps
, want_osd_caps
):
115 if want_mds_cap
in mds_cap_tokens
:
116 mds_cap_tokens
.remove(want_mds_cap
)
117 osd_cap_tokens
.remove(want_osd_cap
)
120 return ",".join(mds_cap_tokens
), ",".join(osd_cap_tokens
)
122 cap
= json
.loads(out
)[0]
123 orig_mds_caps
= cap
['caps'].get('mds', "")
124 orig_osd_caps
= cap
['caps'].get('osd', "")
125 mds_cap_str
, osd_cap_str
= cap_remove(orig_mds_caps
, orig_osd_caps
,
126 want_mds_caps
, want_osd_caps
)
128 caps_list
= prepare_updated_caps_list(cap
, mds_cap_str
, osd_cap_str
, authorize
=False)
133 'entity': client_entity
138 "prefix": "auth caps",
139 'entity': client_entity
,