summaryrefslogtreecommitdiffstats
path: root/qa/workunits/mon/auth_caps.sh
blob: 1f59ae1f73476ce550c1a12de9d74f70c7bc6ce9 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
#!/usr/bin/env bash

set -e
set -x
declare -A keymap

combinations="r w x rw rx wx rwx"

for i in ${combinations}; do
  k="foo_$i"
  k=`ceph auth get-or-create-key client.$i mon "allow $i"` || exit 1
  keymap["$i"]=$k
done

# add special caps
keymap["all"]=`ceph auth get-or-create-key client.all mon 'allow *'` || exit 1

tmp=`mktemp`
ceph auth export > $tmp

trap "rm $tmp" INT ERR EXIT QUIT 0

expect() {

  set +e

  local expected_ret=$1
  local ret

  shift
  cmd=$@

  eval $cmd
  ret=$?

  set -e

  if [[ $ret -ne $expected_ret ]]; then
    echo "ERROR: running \'$cmd\': expected $expected_ret got $ret"
    return 1
  fi

  return 0
}

read_ops() {
  local caps=$1
  local has_read=1 has_exec=1
  local ret
  local args

  ( echo $caps | grep 'r' ) || has_read=0
  ( echo $caps | grep 'x' ) || has_exec=0
  
  if [[ "$caps" == "all" ]]; then
    has_read=1
    has_exec=1
  fi

  ret=13
  if [[ $has_read -gt 0 && $has_exec -gt 0 ]]; then
    ret=0
  fi

  args="--id $caps --key ${keymap[$caps]}"
 
  expect $ret ceph auth get client.admin $args
  expect $ret ceph auth get-key client.admin $args
  expect $ret ceph auth export $args
  expect $ret ceph auth export client.admin $args
  expect $ret ceph auth ls $args
  expect $ret ceph auth print-key client.admin $args
  expect $ret ceph auth print_key client.admin $args
}

write_ops() {

  local caps=$1
  local has_read=1 has_write=1 has_exec=1
  local ret
  local args

  ( echo $caps | grep 'r' ) || has_read=0
  ( echo $caps | grep 'w' ) || has_write=0
  ( echo $caps | grep 'x' ) || has_exec=0

  if [[ "$caps" == "all" ]]; then
    has_read=1
    has_write=1
    has_exec=1
  fi

  ret=13
  if [[ $has_read -gt 0 && $has_write -gt 0 && $has_exec -gt 0 ]]; then
    ret=0
  fi

  args="--id $caps --key ${keymap[$caps]}"

  expect $ret ceph auth add client.foo $args
  expect $ret "ceph auth caps client.foo mon 'allow *' $args"
  expect $ret ceph auth get-or-create client.admin $args
  expect $ret ceph auth get-or-create-key client.admin $args
  expect $ret ceph auth get-or-create-key client.baz $args
  expect $ret ceph auth del client.foo $args
  expect $ret ceph auth del client.baz $args
  expect $ret ceph auth import -i $tmp $args
}

echo "running combinations: ${!keymap[@]}"

subcmd=$1

for i in ${!keymap[@]}; do
  echo "caps: $i"
  if [[ -z "$subcmd" || "$subcmd" == "read" || "$subcmd" == "all" ]]; then
    read_ops $i
  fi

  if [[ -z "$subcmd" || "$subcmd" == "write" || "$subcmd" == "all" ]]; then
    write_ops $i
  fi
done

# cleanup
for i in ${combinations} all; do
  ceph auth del client.$i || exit 1
done

echo "OK"