]>
git.proxmox.com Git - ceph.git/blob - ceph/src/test/test_auth.cc
1 // -*- mode:C; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
2 // vim: ts=8 sw=2 smarttab
4 #include "include/types.h"
5 #include "include/stringify.h"
7 #include "gtest/gtest.h"
8 #include "common/ceph_context.h"
9 #include "global/global_context.h"
10 #include "auth/AuthRegistry.h"
14 TEST(AuthRegistry
, con_modes
)
16 auto cct
= g_ceph_context
;
17 AuthRegistry
reg(cct
);
18 std::vector
<uint32_t> modes
;
20 const std::vector
<uint32_t> crc_secure
= { CEPH_CON_MODE_CRC
,
21 CEPH_CON_MODE_SECURE
};
22 const std::vector
<uint32_t> secure_crc
= { CEPH_CON_MODE_SECURE
,
24 const std::vector
<uint32_t> secure
= { CEPH_CON_MODE_SECURE
};
27 "enable_experimental_unrecoverable_data_corrupting_features", "*");
29 // baseline: everybody agrees
30 cct
->_set_module_type(CEPH_ENTITY_TYPE_CLIENT
);
31 cct
->_conf
.set_val("ms_cluster_mode", "crc secure");
32 cct
->_conf
.set_val("ms_service_mode", "crc secure");
33 cct
->_conf
.set_val("ms_client_mode", "crc secure");
34 cct
->_conf
.set_val("ms_mon_cluster_mode", "crc secure");
35 cct
->_conf
.set_val("ms_mon_service_mode", "crc secure");
36 cct
->_conf
.set_val("ms_mon_client_mode", "crc secure");
37 cct
->_conf
.apply_changes(NULL
);
39 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MON
, CEPH_AUTH_CEPHX
, &modes
);
40 ASSERT_EQ(modes
, crc_secure
);
41 reg
.get_supported_modes(CEPH_ENTITY_TYPE_OSD
, CEPH_AUTH_CEPHX
, &modes
);
42 ASSERT_EQ(modes
, crc_secure
);
43 ASSERT_EQ((uint32_t)CEPH_CON_MODE_CRC
, reg
.pick_mode(CEPH_ENTITY_TYPE_OSD
,
47 // what mons prefer secure, internal to mon cluster only
48 cct
->_conf
.set_val("ms_mon_cluster_mode", "secure");
49 cct
->_conf
.apply_changes(NULL
);
51 cct
->_set_module_type(CEPH_ENTITY_TYPE_CLIENT
);
52 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MON
, CEPH_AUTH_CEPHX
, &modes
);
53 ASSERT_EQ(modes
, crc_secure
);
54 reg
.get_supported_modes(CEPH_ENTITY_TYPE_OSD
, CEPH_AUTH_CEPHX
, &modes
);
55 ASSERT_EQ(modes
, crc_secure
);
57 cct
->_set_module_type(CEPH_ENTITY_TYPE_OSD
);
59 /* mon/mgr are treated the same, and relevant config is ms_mon_cluster_mode */
60 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MON
, CEPH_AUTH_CEPHX
, &modes
);
61 ASSERT_EQ(modes
, secure
);
62 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MGR
, CEPH_AUTH_CEPHX
, &modes
);
63 ASSERT_EQ(modes
, secure
);
65 cct
->_set_module_type(CEPH_ENTITY_TYPE_MON
);
66 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MON
, CEPH_AUTH_CEPHX
, &modes
);
67 ASSERT_EQ(modes
, secure
);
68 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MGR
, CEPH_AUTH_CEPHX
, &modes
);
69 ASSERT_EQ(modes
, secure
);
71 // how all cluster -> mon connections secure?
72 cct
->_conf
.set_val("ms_mon_service_mode", "secure");
73 cct
->_conf
.apply_changes(NULL
);
75 cct
->_set_module_type(CEPH_ENTITY_TYPE_CLIENT
);
76 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MON
, CEPH_AUTH_CEPHX
, &modes
);
77 ASSERT_EQ(modes
, crc_secure
);
78 reg
.get_supported_modes(CEPH_ENTITY_TYPE_OSD
, CEPH_AUTH_CEPHX
, &modes
);
79 ASSERT_EQ(modes
, crc_secure
);
81 cct
->_set_module_type(CEPH_ENTITY_TYPE_OSD
);
82 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MON
, CEPH_AUTH_CEPHX
, &modes
);
83 ASSERT_EQ(modes
, secure
);
84 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MGR
, CEPH_AUTH_CEPHX
, &modes
);
85 ASSERT_EQ(modes
, secure
);
87 cct
->_set_module_type(CEPH_ENTITY_TYPE_MON
);
88 reg
.get_supported_modes(CEPH_ENTITY_TYPE_OSD
, CEPH_AUTH_CEPHX
, &modes
);
89 ASSERT_EQ(modes
, secure
);
90 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MDS
, CEPH_AUTH_CEPHX
, &modes
);
91 ASSERT_EQ(modes
, secure
);
92 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MGR
, CEPH_AUTH_CEPHX
, &modes
);
93 ASSERT_EQ(modes
, secure
);
96 // how about client -> mon connections?
97 cct
->_conf
.set_val("ms_mon_client_mode", "secure");
98 cct
->_conf
.apply_changes(NULL
);
100 cct
->_set_module_type(CEPH_ENTITY_TYPE_CLIENT
);
101 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MON
, CEPH_AUTH_CEPHX
, &modes
);
102 ASSERT_EQ(modes
, secure
);
103 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MGR
, CEPH_AUTH_CEPHX
, &modes
);
104 ASSERT_EQ(modes
, secure
);
106 // ms_mon)client_mode doesn't does't affect daemons, though...
107 cct
->_conf
.set_val("ms_mon_service_mode", "crc secure");
108 cct
->_conf
.apply_changes(NULL
);
110 cct
->_set_module_type(CEPH_ENTITY_TYPE_CLIENT
);
111 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MON
, CEPH_AUTH_CEPHX
, &modes
);
112 ASSERT_EQ(modes
, secure
);
113 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MGR
, CEPH_AUTH_CEPHX
, &modes
);
114 ASSERT_EQ(modes
, secure
);
116 cct
->_set_module_type(CEPH_ENTITY_TYPE_MON
);
117 reg
.get_supported_modes(CEPH_ENTITY_TYPE_OSD
, CEPH_AUTH_CEPHX
, &modes
);
118 ASSERT_EQ(modes
, crc_secure
);
119 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MDS
, CEPH_AUTH_CEPHX
, &modes
);
120 ASSERT_EQ(modes
, crc_secure
);
121 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MGR
, CEPH_AUTH_CEPHX
, &modes
);
122 ASSERT_EQ(modes
, secure
);
124 // how about all internal cluster connection secure?
125 cct
->_conf
.set_val("ms_cluster_mode", "secure");
126 cct
->_conf
.set_val("ms_mon_service_mode", "secure");
127 cct
->_conf
.apply_changes(NULL
);
129 cct
->_set_module_type(CEPH_ENTITY_TYPE_CLIENT
);
130 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MON
, CEPH_AUTH_CEPHX
, &modes
);
131 ASSERT_EQ(modes
, secure
);
132 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MGR
, CEPH_AUTH_CEPHX
, &modes
);
133 ASSERT_EQ(modes
, secure
);
135 cct
->_set_module_type(CEPH_ENTITY_TYPE_OSD
);
136 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MON
, CEPH_AUTH_CEPHX
, &modes
);
137 ASSERT_EQ(modes
, secure
);
138 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MGR
, CEPH_AUTH_CEPHX
, &modes
);
139 ASSERT_EQ(modes
, secure
);
140 reg
.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT
, CEPH_AUTH_CEPHX
, &modes
);
141 ASSERT_EQ(modes
, crc_secure
);
143 cct
->_set_module_type(CEPH_ENTITY_TYPE_MGR
);
144 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MON
, CEPH_AUTH_CEPHX
, &modes
);
145 ASSERT_EQ(modes
, secure
);
146 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MDS
, CEPH_AUTH_CEPHX
, &modes
);
147 ASSERT_EQ(modes
, secure
);
148 reg
.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT
, CEPH_AUTH_CEPHX
, &modes
);
149 ASSERT_EQ(modes
, secure
);
151 cct
->_set_module_type(CEPH_ENTITY_TYPE_MDS
);
152 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MON
, CEPH_AUTH_CEPHX
, &modes
);
153 ASSERT_EQ(modes
, secure
);
154 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MGR
, CEPH_AUTH_CEPHX
, &modes
);
155 ASSERT_EQ(modes
, secure
);
156 reg
.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT
, CEPH_AUTH_CEPHX
, &modes
);
157 ASSERT_EQ(modes
, crc_secure
);
159 cct
->_set_module_type(CEPH_ENTITY_TYPE_MON
);
160 reg
.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT
, CEPH_AUTH_CEPHX
, &modes
);
161 ASSERT_EQ(modes
, secure
);
162 reg
.get_supported_modes(CEPH_ENTITY_TYPE_OSD
, CEPH_AUTH_CEPHX
, &modes
);
163 ASSERT_EQ(modes
, secure
);
164 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MGR
, CEPH_AUTH_CEPHX
, &modes
);
165 ASSERT_EQ(modes
, secure
);
166 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MON
, CEPH_AUTH_CEPHX
, &modes
);
167 ASSERT_EQ(modes
, secure
);
169 // how about all connections to the cluster?
170 cct
->_conf
.set_val("ms_service_mode", "secure");
171 cct
->_conf
.apply_changes(NULL
);
173 cct
->_set_module_type(CEPH_ENTITY_TYPE_CLIENT
);
174 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MON
, CEPH_AUTH_CEPHX
, &modes
);
175 ASSERT_EQ(modes
, secure
);
176 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MGR
, CEPH_AUTH_CEPHX
, &modes
);
177 ASSERT_EQ(modes
, secure
);
178 reg
.get_supported_modes(CEPH_ENTITY_TYPE_OSD
, CEPH_AUTH_CEPHX
, &modes
);
179 ASSERT_EQ(modes
, crc_secure
);
180 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MDS
, CEPH_AUTH_CEPHX
, &modes
);
181 ASSERT_EQ(modes
, crc_secure
);
183 cct
->_set_module_type(CEPH_ENTITY_TYPE_OSD
);
184 reg
.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT
, CEPH_AUTH_CEPHX
, &modes
);
185 ASSERT_EQ(modes
, secure
);
186 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MON
, CEPH_AUTH_CEPHX
, &modes
);
187 ASSERT_EQ(modes
, secure
);
188 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MGR
, CEPH_AUTH_CEPHX
, &modes
);
189 ASSERT_EQ(modes
, secure
);
191 cct
->_set_module_type(CEPH_ENTITY_TYPE_MGR
);
192 reg
.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT
, CEPH_AUTH_CEPHX
, &modes
);
193 ASSERT_EQ(modes
, secure
);
194 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MON
, CEPH_AUTH_CEPHX
, &modes
);
195 ASSERT_EQ(modes
, secure
);
196 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MDS
, CEPH_AUTH_CEPHX
, &modes
);
197 ASSERT_EQ(modes
, secure
);
199 cct
->_set_module_type(CEPH_ENTITY_TYPE_MDS
);
200 reg
.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT
, CEPH_AUTH_CEPHX
, &modes
);
201 ASSERT_EQ(modes
, secure
);
202 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MON
, CEPH_AUTH_CEPHX
, &modes
);
203 ASSERT_EQ(modes
, secure
);
204 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MGR
, CEPH_AUTH_CEPHX
, &modes
);
205 ASSERT_EQ(modes
, secure
);
207 // client forcing things?
208 cct
->_conf
.set_val("ms_cluster_mode", "crc secure");
209 cct
->_conf
.set_val("ms_service_mode", "crc secure");
210 cct
->_conf
.set_val("ms_client_mode", "secure");
211 cct
->_conf
.set_val("ms_mon_cluster_mode", "crc secure");
212 cct
->_conf
.set_val("ms_mon_service_mode", "crc secure");
213 cct
->_conf
.set_val("ms_mon_client_mode", "secure");
214 cct
->_conf
.apply_changes(NULL
);
216 cct
->_set_module_type(CEPH_ENTITY_TYPE_CLIENT
);
217 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MON
, CEPH_AUTH_CEPHX
, &modes
);
218 ASSERT_EQ(modes
, secure
);
219 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MGR
, CEPH_AUTH_CEPHX
, &modes
);
220 ASSERT_EQ(modes
, secure
);
221 reg
.get_supported_modes(CEPH_ENTITY_TYPE_OSD
, CEPH_AUTH_CEPHX
, &modes
);
222 ASSERT_EQ(modes
, secure
);
223 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MDS
, CEPH_AUTH_CEPHX
, &modes
);
224 ASSERT_EQ(modes
, secure
);
226 // client *preferring* secure?
227 cct
->_conf
.set_val("ms_cluster_mode", "crc secure");
228 cct
->_conf
.set_val("ms_service_mode", "crc secure");
229 cct
->_conf
.set_val("ms_client_mode", "secure crc");
230 cct
->_conf
.set_val("ms_mon_cluster_mode", "crc secure");
231 cct
->_conf
.set_val("ms_mon_service_mode", "crc secure");
232 cct
->_conf
.set_val("ms_mon_client_mode", "secure crc");
233 cct
->_conf
.apply_changes(NULL
);
235 cct
->_set_module_type(CEPH_ENTITY_TYPE_CLIENT
);
236 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MON
, CEPH_AUTH_CEPHX
, &modes
);
237 ASSERT_EQ(modes
, secure_crc
);
238 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MGR
, CEPH_AUTH_CEPHX
, &modes
);
239 ASSERT_EQ(modes
, secure_crc
);
240 reg
.get_supported_modes(CEPH_ENTITY_TYPE_OSD
, CEPH_AUTH_CEPHX
, &modes
);
241 ASSERT_EQ(modes
, secure_crc
);
242 reg
.get_supported_modes(CEPH_ENTITY_TYPE_MDS
, CEPH_AUTH_CEPHX
, &modes
);
243 ASSERT_EQ(modes
, secure_crc
);
245 // back to normalish, for the benefit of the next test(s)
246 cct
->_set_module_type(CEPH_ENTITY_TYPE_CLIENT
);