Adding upstream version 14.2.21.upstream/14.2.21 upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-27 18:24:20 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-27 18:24:20 +0000
commit: 483eb2f56657e8e7f419ab1a4fab8dce9ade8609 (patch)
tree: e5d88d25d870d5dedacb6bbdbe2a966086a0a5cf /src/test/test_auth.cc
parent: Initial commit. (diff)
download: ceph-483eb2f56657e8e7f419ab1a4fab8dce9ade8609.tar.xz
ceph-483eb2f56657e8e7f419ab1a4fab8dce9ade8609.zip
1 files changed, 245 insertions, 0 deletions
diff --git a/src/test/test_auth.cc b/src/test/test_auth.cc
new file mode 100644
index 00000000..a35fbe1b
--- /dev/null
+++ b/src/test/test_auth.cc
@@ -0,0 +1,245 @@
+// -*- mode:C; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*-
+// vim: ts=8 sw=2 smarttab
+
+#include "include/types.h"
+#include "include/stringify.h"
+#include "auth/Auth.h"
+#include "gtest/gtest.h"
+#include "common/ceph_context.h"
+#include "global/global_context.h"
+#include "auth/AuthRegistry.h"
+
+#include <sstream>
+
+TEST(AuthRegistry, con_modes)
+{
+  auto cct = g_ceph_context;
+  AuthRegistry reg(cct);
+  std::vector<uint32_t> modes;
+
+  const std::vector<uint32_t> crc_secure = { CEPH_CON_MODE_CRC,
+					     CEPH_CON_MODE_SECURE };
+  const std::vector<uint32_t> secure_crc = { CEPH_CON_MODE_SECURE,
+					     CEPH_CON_MODE_CRC };
+  const std::vector<uint32_t> secure = { CEPH_CON_MODE_SECURE };
+
+  cct->_conf.set_val(
+    "enable_experimental_unrecoverable_data_corrupting_features", "*");
+
+  // baseline: everybody agrees
+  cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT);
+  cct->_conf.set_val("ms_cluster_mode", "crc secure");
+  cct->_conf.set_val("ms_service_mode", "crc secure");
+  cct->_conf.set_val("ms_client_mode", "crc secure");
+  cct->_conf.set_val("ms_mon_cluster_mode", "crc secure");
+  cct->_conf.set_val("ms_mon_service_mode", "crc secure");
+  cct->_conf.set_val("ms_mon_client_mode", "crc secure");
+  cct->_conf.apply_changes(NULL);
+
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, crc_secure);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, crc_secure);
+  ASSERT_EQ((uint32_t)CEPH_CON_MODE_CRC, reg.pick_mode(CEPH_ENTITY_TYPE_OSD,
+						       CEPH_AUTH_CEPHX,
+						       crc_secure));
+
+  // what mons prefer secure, internal to mon cluster only
+  cct->_conf.set_val("ms_mon_cluster_mode", "secure");
+  cct->_conf.apply_changes(NULL);
+
+  cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, crc_secure);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, crc_secure);
+
+  cct->_set_module_type(CEPH_ENTITY_TYPE_OSD);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, crc_secure);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, crc_secure);
+
+  cct->_set_module_type(CEPH_ENTITY_TYPE_MON);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, secure);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, crc_secure);
+
+  // how all cluster -> mon connections secure?
+  cct->_conf.set_val("ms_mon_service_mode", "secure");
+  cct->_conf.apply_changes(NULL);
+
+  cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, crc_secure);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, crc_secure);
+
+  cct->_set_module_type(CEPH_ENTITY_TYPE_OSD);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, crc_secure);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, crc_secure);
+
+  cct->_set_module_type(CEPH_ENTITY_TYPE_MON);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, secure);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MDS, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, secure);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, secure);
+
+
+  // how about client -> mon connections?
+  cct->_conf.set_val("ms_mon_client_mode", "secure");
+  cct->_conf.apply_changes(NULL);
+
+  cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, secure);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, crc_secure);
+
+  //  ms_mon)client_mode doesn't does't affect daemons, though...
+  cct->_conf.set_val("ms_mon_service_mode", "crc secure");
+  cct->_conf.apply_changes(NULL);
+
+  cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, secure);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, crc_secure);
+
+  cct->_set_module_type(CEPH_ENTITY_TYPE_MON);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, crc_secure);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MDS, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, crc_secure);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, crc_secure);
+
+  // how about all internal cluster connection secure?
+  cct->_conf.set_val("ms_cluster_mode", "secure");
+  cct->_conf.set_val("ms_mon_service_mode", "secure");
+  cct->_conf.apply_changes(NULL);
+
+  cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, secure);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, crc_secure);
+
+  cct->_set_module_type(CEPH_ENTITY_TYPE_OSD);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, secure);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, secure);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, crc_secure);
+
+  cct->_set_module_type(CEPH_ENTITY_TYPE_MGR);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, secure);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MDS, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, secure);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, crc_secure);
+
+  cct->_set_module_type(CEPH_ENTITY_TYPE_MDS);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, secure);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, secure);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, crc_secure);
+
+  cct->_set_module_type(CEPH_ENTITY_TYPE_MON);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, secure);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, secure);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, secure);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, secure);
+
+  // how about all connections to the cluster?
+  cct->_conf.set_val("ms_service_mode", "secure");
+  cct->_conf.apply_changes(NULL);
+
+  cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, secure);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, crc_secure);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, crc_secure);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MDS, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, crc_secure);
+
+  cct->_set_module_type(CEPH_ENTITY_TYPE_OSD);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, secure);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, secure);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, secure);
+
+  cct->_set_module_type(CEPH_ENTITY_TYPE_MGR);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, secure);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, secure);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MDS, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, secure);
+
+  cct->_set_module_type(CEPH_ENTITY_TYPE_MDS);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, secure);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, secure);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, secure);
+
+  // client forcing things?
+  cct->_conf.set_val("ms_cluster_mode", "crc secure");
+  cct->_conf.set_val("ms_service_mode", "crc secure");
+  cct->_conf.set_val("ms_client_mode", "secure");
+  cct->_conf.set_val("ms_mon_cluster_mode", "crc secure");
+  cct->_conf.set_val("ms_mon_service_mode", "crc secure");
+  cct->_conf.set_val("ms_mon_client_mode", "secure");
+  cct->_conf.apply_changes(NULL);
+
+  cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, secure);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, secure);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, secure);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MDS, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, secure);
+
+  // client *preferring* secure?
+  cct->_conf.set_val("ms_cluster_mode", "crc secure");
+  cct->_conf.set_val("ms_service_mode", "crc secure");
+  cct->_conf.set_val("ms_client_mode", "secure crc");
+  cct->_conf.set_val("ms_mon_cluster_mode", "crc secure");
+  cct->_conf.set_val("ms_mon_service_mode", "crc secure");
+  cct->_conf.set_val("ms_mon_client_mode", "secure crc");
+  cct->_conf.apply_changes(NULL);
+
+  cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, secure_crc);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, secure_crc);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, secure_crc);
+  reg.get_supported_modes(CEPH_ENTITY_TYPE_MDS, CEPH_AUTH_CEPHX, &modes);
+  ASSERT_EQ(modes, secure_crc);
+
+  // back to normalish, for the benefit of the next test(s)
+  cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT);  
+}
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-27 18:24:20 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-27 18:24:20 +0000
commit	483eb2f56657e8e7f419ab1a4fab8dce9ade8609 (patch)
tree	e5d88d25d870d5dedacb6bbdbe2a966086a0a5cf /src/test/test_auth.cc
parent	Initial commit. (diff)
download	ceph-483eb2f56657e8e7f419ab1a4fab8dce9ade8609.tar.xz ceph-483eb2f56657e8e7f419ab1a4fab8dce9ade8609.zip