]> git.proxmox.com Git - ceph.git/blob - ceph/qa/workunits/mon/auth_caps.sh
projects / ceph.git / blob
? search:


74b22778c00876ceee9a70a997fc470a76075b8f
[ceph.git] / ceph / qa / workunits / mon / auth_caps.sh
1 #!/bin/bash
2
3 set -e
4 set -x
5 declare -A keymap
6
7 combinations="r w x rw rx wx rwx"
8
9 for i in ${combinations}; do
10 k="foo_$i"
11 k=`ceph auth get-or-create-key client.$i mon "allow $i"` || exit 1
12 keymap["$i"]=$k
13 done
14
15 # add special caps
16 # force blank cap with '--force'
17 keymap["blank"]=`ceph auth get-or-create-key client.blank mon 'allow' --force` || exit 1
18 keymap["all"]=`ceph auth get-or-create-key client.all mon 'allow *'` || exit 1
19
20 tmp=`mktemp`
21 ceph auth export > $tmp
22
23 trap "rm $tmp" INT ERR EXIT QUIT 0
24
25 expect() {
26
27 set +e
28
29 local expected_ret=$1
30 local ret
31
32 shift
33 cmd=$@
34
35 eval $cmd
36 ret=$?
37
38 set -e
39
40 if [[ $ret -ne $expected_ret ]]; then
41 echo "ERROR: running \'$cmd\': expected $expected_ret got $ret"
42 return 1
43 fi
44
45 return 0
46 }
47
48 read_ops() {
49 local caps=$1
50 local has_read=1 has_exec=1
51 local ret
52 local args
53
54 ( echo $caps | grep 'r' ) || has_read=0
55 ( echo $caps | grep 'x' ) || has_exec=0
56
57 if [[ "$caps" == "all" ]]; then
58 has_read=1
59 has_exec=1
60 fi
61
62 ret=13
63 if [[ $has_read -gt 0 && $has_exec -gt 0 ]]; then
64 ret=0
65 fi
66
67 args="--id $caps --key ${keymap[$caps]}"
68
69 expect $ret ceph auth get client.admin $args
70 expect $ret ceph auth get-key client.admin $args
71 expect $ret ceph auth export $args
72 expect $ret ceph auth export client.admin $args
73 expect $ret ceph auth list $args
74 expect $ret ceph auth print-key client.admin $args
75 expect $ret ceph auth print_key client.admin $args
76 }
77
78 write_ops() {
79
80 local caps=$1
81 local has_read=1 has_write=1 has_exec=1
82 local ret
83 local err
84 local args
85
86 ( echo $caps | grep 'r' ) || has_read=0
87 ( echo $caps | grep 'w' ) || has_write=0
88 ( echo $caps | grep 'x' ) || has_exec=0
89
90 if [[ "$caps" == "all" ]]; then
91 has_read=1
92 has_write=1
93 has_exec=1
94 fi
95
96 ret=13
97 if [[ $has_read -gt 0 && $has_write -gt 0 && $has_exec -gt 0 ]]; then
98 ret=0
99 fi
100
101 args="--id $caps --key ${keymap[$caps]}"
102
103 expect $ret ceph auth add client.foo $args
104 expect $ret "ceph auth caps client.foo mon 'allow *' $args"
105 expect $ret ceph auth get-or-create client.admin $args
106 echo "wtf -- before: err=$err ret=$ret"
107 err=$ret
108 [[ $ret -eq 0 ]] && err=22 # EINVAL
109 expect $err "ceph auth get-or-create client.bar mon 'allow' $args"
110 echo "wtf -- after: err=$err ret=$ret"
111 expect $ret "ceph auth get-or-create client.bar mon 'allow' --force $args"
112 expect $ret ceph auth get-or-create-key client.admin $args
113 expect $ret ceph auth get-or-create-key client.baz $args
114 expect $ret ceph auth del client.bar $args
115 expect $ret ceph auth del client.baz $args
116 expect $ret ceph auth del client.foo $args
117 expect $ret ceph auth import -i $tmp $args
118 }
119
120 echo "running combinations: ${!keymap[@]}"
121
122 subcmd=$1
123
124 for i in ${!keymap[@]}; do
125 echo "caps: $i"
126 if [[ -z "$subcmd" || "$subcmd" == "read" || "$subcmd" == "all" ]]; then
127 read_ops $i
128 fi
129
130 if [[ -z "$subcmd" || "$subcmd" == "write" || "$subcmd" == "all" ]]; then
131 write_ops $i
132 fi
133 done
134
135 # cleanup
136 for i in ${combinations} blank all; do
137 ceph auth del client.$i || exit 1
138 done
139
140 echo "OK"
Ceph