[ceph.git] / ceph / qa / workunits / mon / auth_caps.sh

#!/bin/bash

set -e
set -x
declare -A keymap

combinations="r w x rw rx wx rwx"

for i in ${combinations}; do
  k="foo_$i"
  k=`ceph auth get-or-create-key client.$i mon "allow $i"` || exit 1
  keymap["$i"]=$k
done

# add special caps
keymap["all"]=`ceph auth get-or-create-key client.all mon 'allow *'` || exit 1

tmp=`mktemp`
ceph auth export > $tmp

trap "rm $tmp" INT ERR EXIT QUIT 0

expect() {

  set +e

  local expected_ret=$1
  local ret

  shift
  cmd=$@

  eval $cmd
  ret=$?

  set -e

  if [[ $ret -ne $expected_ret ]]; then
    echo "ERROR: running \'$cmd\': expected $expected_ret got $ret"
    return 1
  fi

  return 0
}

read_ops() {
  local caps=$1
  local has_read=1 has_exec=1
  local ret
  local args

  ( echo $caps | grep 'r' ) || has_read=0
  ( echo $caps | grep 'x' ) || has_exec=0
  
  if [[ "$caps" == "all" ]]; then
    has_read=1
    has_exec=1
  fi

  ret=13
  if [[ $has_read -gt 0 && $has_exec -gt 0 ]]; then
    ret=0
  fi

  args="--id $caps --key ${keymap[$caps]}"
 
  expect $ret ceph auth get client.admin $args
  expect $ret ceph auth get-key client.admin $args
  expect $ret ceph auth export $args
  expect $ret ceph auth export client.admin $args
  expect $ret ceph auth list $args
  expect $ret ceph auth print-key client.admin $args
  expect $ret ceph auth print_key client.admin $args
}

write_ops() {

  local caps=$1
  local has_read=1 has_write=1 has_exec=1
  local ret
  local args

  ( echo $caps | grep 'r' ) || has_read=0
  ( echo $caps | grep 'w' ) || has_write=0
  ( echo $caps | grep 'x' ) || has_exec=0

  if [[ "$caps" == "all" ]]; then
    has_read=1
    has_write=1
    has_exec=1
  fi

  ret=13
  if [[ $has_read -gt 0 && $has_write -gt 0 && $has_exec -gt 0 ]]; then
    ret=0
  fi

  args="--id $caps --key ${keymap[$caps]}"

  expect $ret ceph auth add client.foo $args
  expect $ret "ceph auth caps client.foo mon 'allow *' $args"
  expect $ret ceph auth get-or-create client.admin $args
  expect $ret ceph auth get-or-create-key client.admin $args
  expect $ret ceph auth get-or-create-key client.baz $args
  expect $ret ceph auth del client.foo $args
  expect $ret ceph auth del client.baz $args
  expect $ret ceph auth import -i $tmp $args
}

echo "running combinations: ${!keymap[@]}"

subcmd=$1

for i in ${!keymap[@]}; do
  echo "caps: $i"
  if [[ -z "$subcmd" || "$subcmd" == "read" || "$subcmd" == "all" ]]; then
    read_ops $i
  fi

  if [[ -z "$subcmd" || "$subcmd" == "write" || "$subcmd" == "all" ]]; then
    write_ops $i
  fi
done

# cleanup
for i in ${combinations} all; do
  ceph auth del client.$i || exit 1
done

echo "OK"
Commit	Line	Data
7c673cae FG	1	#!/bin/bash
	2
	3	set -e
	4	set -x
	5	declare -A keymap
	6
	7	combinations="r w x rw rx wx rwx"
	8
	9	for i in ${combinations}; do
	10	k="foo_$i"
	11	k=`ceph auth get-or-create-key client.$i mon "allow $i"` \|\| exit 1
	12	keymap["$i"]=$k
	13	done
	14
	15	# add special caps
7c673cae FG	16	keymap["all"]=`ceph auth get-or-create-key client.all mon 'allow *'` \|\| exit 1
	17
	18	tmp=`mktemp`
	19	ceph auth export > $tmp
	20
	21	trap "rm $tmp" INT ERR EXIT QUIT 0
	22
	23	expect() {
	24
	25	set +e
	26
	27	local expected_ret=$1
	28	local ret
	29
	30	shift
	31	cmd=$@
	32
	33	eval $cmd
	34	ret=$?
	35
	36	set -e
	37
	38	if [[ $ret -ne $expected_ret ]]; then
	39	echo "ERROR: running \'$cmd\': expected $expected_ret got $ret"
	40	return 1
	41	fi
	42
	43	return 0
	44	}
	45
	46	read_ops() {
	47	local caps=$1
	48	local has_read=1 has_exec=1
	49	local ret
	50	local args
	51
	52	( echo $caps \| grep 'r' ) \|\| has_read=0
	53	( echo $caps \| grep 'x' ) \|\| has_exec=0
	54
	55	if [[ "$caps" == "all" ]]; then
	56	has_read=1
	57	has_exec=1
	58	fi
	59
	60	ret=13
	61	if [[ $has_read -gt 0 && $has_exec -gt 0 ]]; then
	62	ret=0
	63	fi
	64
	65	args="--id $caps --key ${keymap[$caps]}"
	66
	67	expect $ret ceph auth get client.admin $args
	68	expect $ret ceph auth get-key client.admin $args
	69	expect $ret ceph auth export $args
	70	expect $ret ceph auth export client.admin $args
	71	expect $ret ceph auth list $args
	72	expect $ret ceph auth print-key client.admin $args
	73	expect $ret ceph auth print_key client.admin $args
	74	}
	75
	76	write_ops() {
	77
	78	local caps=$1
	79	local has_read=1 has_write=1 has_exec=1
80	local ret
7c673cae FG	81	local args
	82
	83	( echo $caps \| grep 'r' ) \|\| has_read=0
	84	( echo $caps \| grep 'w' ) \|\| has_write=0
	85	( echo $caps \| grep 'x' ) \|\| has_exec=0
	86
	87	if [[ "$caps" == "all" ]]; then
	88	has_read=1
	89	has_write=1
	90	has_exec=1
	91	fi
	92
	93	ret=13
	94	if [[ $has_read -gt 0 && $has_write -gt 0 && $has_exec -gt 0 ]]; then
	95	ret=0
	96	fi
	97
	98	args="--id $caps --key ${keymap[$caps]}"
	99
	100	expect $ret ceph auth add client.foo $args
	101	expect $ret "ceph auth caps client.foo mon 'allow *' $args"
	102	expect $ret ceph auth get-or-create client.admin $args
7c673cae FG	103	expect $ret ceph auth get-or-create-key client.admin $args
7c673cae FG	104	expect $ret ceph auth get-or-create-key client.baz $args
7c673cae	105	expect $ret ceph auth del client.foo $args
224ce89b	106	expect $ret ceph auth del client.baz $args
7c673cae FG	107	expect $ret ceph auth import -i $tmp $args
	108	}
	109
	110	echo "running combinations: ${!keymap[@]}"
	111
	112	subcmd=$1
	113
	114	for i in ${!keymap[@]}; do
	115	echo "caps: $i"
	116	if [[ -z "$subcmd" \|\| "$subcmd" == "read" \|\| "$subcmd" == "all" ]]; then
	117	read_ops $i
	118	fi
	119
	120	if [[ -z "$subcmd" \|\| "$subcmd" == "write" \|\| "$subcmd" == "all" ]]; then
	121	write_ops $i
	122	fi
	123	done
	124
	125	# cleanup
224ce89b	126	for i in ${combinations} all; do
7c673cae FG	127	ceph auth del client.$i \|\| exit 1
	128	done
	129
	130	echo "OK"