3 IMAGE_FEATURES
="layering,exclusive-lock,object-map,fast-diff"
6 ceph osd pool create images
100
8 ceph osd pool create volumes
100
13 (ceph osd pool delete images images
--yes-i-really-really-mean-it || true
) >/dev
/null
2>&1
14 (ceph osd pool delete volumes volumes
--yes-i-really-really-mean-it || true
) >/dev
/null
2>&1
24 (ceph auth del client.volumes || true
) >/dev
/null
2>&1
25 (ceph auth del client.images || true
) >/dev
/null
2>&1
27 (ceph auth del client.snap_none || true
) >/dev
/null
2>&1
28 (ceph auth del client.snap_all || true
) >/dev
/null
2>&1
29 (ceph auth del client.snap_pool || true
) >/dev
/null
2>&1
30 (ceph auth del client.snap_profile_all || true
) >/dev
/null
2>&1
31 (ceph auth del client.snap_profile_pool || true
) >/dev
/null
2>&1
33 (ceph auth del client.mon_write || true
) >/dev
/null
2>&1
37 ceph auth get-or-create client.volumes mon
'allow r' osd
'allow class-read object_prefix rbd_children, allow r class-read pool images, allow rwx pool volumes' >> $KEYRING
38 ceph auth get-or-create client.images mon
'allow r' osd
'allow class-read object_prefix rbd_children, allow rwx pool images' >> $KEYRING
40 ceph auth get-or-create client.snap_none mon
'allow r' >> $KEYRING
41 ceph auth get-or-create client.snap_all mon
'allow r' osd
'allow w' >> $KEYRING
42 ceph auth get-or-create client.snap_pool mon
'allow r' osd
'allow w pool=images' >> $KEYRING
43 ceph auth get-or-create client.snap_profile_all mon
'allow r' osd
'profile rbd' >> $KEYRING
44 ceph auth get-or-create client.snap_profile_pool mon
'allow r' osd
'profile rbd pool=images' >> $KEYRING
46 ceph auth get-or-create client.mon_write mon
'allow *' >> $KEYRING
64 if [[ $ret -ne $expected_ret ]]; then
65 echo "ERROR: running \'$cmd\': expected $expected_ret got $ret"
72 test_images_access
() {
73 rbd
-k $KEYRING --id images create
--image-format 2 --image-feature $IMAGE_FEATURES -s 1 images
/foo
74 rbd
-k $KEYRING --id images snap create images
/foo@snap
75 rbd
-k $KEYRING --id images snap protect images
/foo@snap
76 rbd
-k $KEYRING --id images snap unprotect images
/foo@snap
77 rbd
-k $KEYRING --id images snap protect images
/foo@snap
78 rbd
-k $KEYRING --id images
export images
/foo@snap
- >/dev
/null
79 expect
16 rbd
-k $KEYRING --id images snap
rm images
/foo@snap
81 rbd
-k $KEYRING --id volumes clone
--image-feature $IMAGE_FEATURES images
/foo@snap volumes
/child
82 expect
16 rbd
-k $KEYRING --id images snap unprotect images
/foo@snap
83 expect
1 rbd
-k $KEYRING --id volumes snap unprotect images
/foo@snap
84 expect
1 rbd
-k $KEYRING --id images flatten volumes
/child
85 rbd
-k $KEYRING --id volumes flatten volumes
/child
86 expect
1 rbd
-k $KEYRING --id volumes snap unprotect images
/foo@snap
87 rbd
-k $KEYRING --id images snap unprotect images
/foo@snap
89 expect
39 rbd
-k $KEYRING --id images
rm images
/foo
90 rbd
-k $KEYRING --id images snap
rm images
/foo@snap
91 rbd
-k $KEYRING --id images
rm images
/foo
92 rbd
-k $KEYRING --id volumes
rm volumes
/child
95 test_volumes_access
() {
96 rbd
-k $KEYRING --id images create
--image-format 2 --image-feature $IMAGE_FEATURES -s 1 images
/foo
97 rbd
-k $KEYRING --id images snap create images
/foo@snap
98 rbd
-k $KEYRING --id images snap protect images
/foo@snap
100 # commands that work with read-only access
101 rbd
-k $KEYRING --id volumes info images
/foo@snap
102 rbd
-k $KEYRING --id volumes snap
ls images
/foo
103 rbd
-k $KEYRING --id volumes
export images
/foo
- >/dev
/null
104 rbd
-k $KEYRING --id volumes
cp images
/foo volumes
/foo_copy
105 rbd
-k $KEYRING --id volumes
rm volumes
/foo_copy
106 rbd
-k $KEYRING --id volumes children images
/foo@snap
107 rbd
-k $KEYRING --id volumes lock list images
/foo
109 # commands that fail with read-only access
110 expect
1 rbd
-k $KEYRING --id volumes resize
-s 2 images
/foo
--allow-shrink
111 expect
1 rbd
-k $KEYRING --id volumes snap create images
/foo@
2
112 expect
1 rbd
-k $KEYRING --id volumes snap rollback images
/foo@snap
113 expect
1 rbd
-k $KEYRING --id volumes snap remove images
/foo@snap
114 expect
1 rbd
-k $KEYRING --id volumes snap purge images
/foo
115 expect
1 rbd
-k $KEYRING --id volumes snap unprotect images
/foo@snap
116 expect
1 rbd
-k $KEYRING --id volumes flatten images
/foo
117 expect
1 rbd
-k $KEYRING --id volumes lock add images
/foo
test
118 expect
1 rbd
-k $KEYRING --id volumes lock remove images
/foo
test locker
119 expect
1 rbd
-k $KEYRING --id volumes
ls rbd
121 # create clone and snapshot
122 rbd
-k $KEYRING --id volumes clone
--image-feature $IMAGE_FEATURES images
/foo@snap volumes
/child
123 rbd
-k $KEYRING --id volumes snap create volumes
/child@snap1
124 rbd
-k $KEYRING --id volumes snap protect volumes
/child@snap1
125 rbd
-k $KEYRING --id volumes snap create volumes
/child@snap2
127 # make sure original snapshot stays protected
128 expect
16 rbd
-k $KEYRING --id images snap unprotect images
/foo@snap
129 rbd
-k $KEYRING --id volumes flatten volumes
/child
130 expect
16 rbd
-k $KEYRING --id images snap unprotect images
/foo@snap
131 rbd
-k $KEYRING --id volumes snap
rm volumes
/child@snap2
132 expect
16 rbd
-k $KEYRING --id images snap unprotect images
/foo@snap
133 expect
2 rbd
-k $KEYRING --id volumes snap
rm volumes
/child@snap2
134 rbd
-k $KEYRING --id volumes snap unprotect volumes
/child@snap1
135 expect
16 rbd
-k $KEYRING --id images snap unprotect images
/foo@snap
138 rbd
-k $KEYRING --id volumes snap
rm volumes
/child@snap1
139 rbd
-k $KEYRING --id images snap unprotect images
/foo@snap
140 rbd
-k $KEYRING --id images snap
rm images
/foo@snap
141 rbd
-k $KEYRING --id images
rm images
/foo
142 rbd
-k $KEYRING --id volumes
rm volumes
/child
145 create_self_managed_snapshot
() {
149 cat << EOF | CEPH_KEYRING="$KEYRING" python
152 cluster = rados.Rados(conffile="", rados_id="${ID}")
154 ioctx = cluster.open_ioctx("${POOL}")
156 snap_id = ioctx.create_self_managed_snap()
157 print ("Created snap id {}".format(snap_id))
161 remove_self_managed_snapshot
() {
165 cat << EOF | CEPH_KEYRING="$KEYRING" python
168 cluster1 = rados.Rados(conffile="", rados_id="mon_write")
170 ioctx1 = cluster1.open_ioctx("${POOL}")
172 snap_id = ioctx1.create_self_managed_snap()
173 print ("Created snap id {}".format(snap_id))
175 cluster2 = rados.Rados(conffile="", rados_id="${ID}")
177 ioctx2 = cluster2.open_ioctx("${POOL}")
179 ioctx2.remove_self_managed_snap(snap_id)
180 print ("Removed snap id {}".format(snap_id))
184 test_remove_self_managed_snapshots
() {
185 # Ensure users cannot create self-managed snapshots w/o permissions
186 expect
1 create_self_managed_snapshot snap_none images
187 expect
1 create_self_managed_snapshot snap_none volumes
189 create_self_managed_snapshot snap_all images
190 create_self_managed_snapshot snap_all volumes
192 create_self_managed_snapshot snap_pool images
193 expect
1 create_self_managed_snapshot snap_pool volumes
195 create_self_managed_snapshot snap_profile_all images
196 create_self_managed_snapshot snap_profile_all volumes
198 create_self_managed_snapshot snap_profile_pool images
199 expect
1 create_self_managed_snapshot snap_profile_pool volumes
201 # Ensure users cannot delete self-managed snapshots w/o permissions
202 expect
1 remove_self_managed_snapshot snap_none images
203 expect
1 remove_self_managed_snapshot snap_none volumes
205 remove_self_managed_snapshot snap_all images
206 remove_self_managed_snapshot snap_all volumes
208 remove_self_managed_snapshot snap_pool images
209 expect
1 remove_self_managed_snapshot snap_pool volumes
211 remove_self_managed_snapshot snap_profile_all images
212 remove_self_managed_snapshot snap_profile_all volumes
214 remove_self_managed_snapshot snap_profile_pool images
215 expect
1 remove_self_managed_snapshot snap_profile_pool volumes
223 trap cleanup EXIT ERR HUP INT QUIT
234 test_remove_self_managed_snapshots