blob: 1f59ae1f73476ce550c1a12de9d74f70c7bc6ce9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
|
#!/usr/bin/env bash
set -e
set -x
declare -A keymap
combinations="r w x rw rx wx rwx"
for i in ${combinations}; do
k="foo_$i"
k=`ceph auth get-or-create-key client.$i mon "allow $i"` || exit 1
keymap["$i"]=$k
done
# add special caps
keymap["all"]=`ceph auth get-or-create-key client.all mon 'allow *'` || exit 1
tmp=`mktemp`
ceph auth export > $tmp
trap "rm $tmp" INT ERR EXIT QUIT 0
expect() {
set +e
local expected_ret=$1
local ret
shift
cmd=$@
eval $cmd
ret=$?
set -e
if [[ $ret -ne $expected_ret ]]; then
echo "ERROR: running \'$cmd\': expected $expected_ret got $ret"
return 1
fi
return 0
}
read_ops() {
local caps=$1
local has_read=1 has_exec=1
local ret
local args
( echo $caps | grep 'r' ) || has_read=0
( echo $caps | grep 'x' ) || has_exec=0
if [[ "$caps" == "all" ]]; then
has_read=1
has_exec=1
fi
ret=13
if [[ $has_read -gt 0 && $has_exec -gt 0 ]]; then
ret=0
fi
args="--id $caps --key ${keymap[$caps]}"
expect $ret ceph auth get client.admin $args
expect $ret ceph auth get-key client.admin $args
expect $ret ceph auth export $args
expect $ret ceph auth export client.admin $args
expect $ret ceph auth ls $args
expect $ret ceph auth print-key client.admin $args
expect $ret ceph auth print_key client.admin $args
}
write_ops() {
local caps=$1
local has_read=1 has_write=1 has_exec=1
local ret
local args
( echo $caps | grep 'r' ) || has_read=0
( echo $caps | grep 'w' ) || has_write=0
( echo $caps | grep 'x' ) || has_exec=0
if [[ "$caps" == "all" ]]; then
has_read=1
has_write=1
has_exec=1
fi
ret=13
if [[ $has_read -gt 0 && $has_write -gt 0 && $has_exec -gt 0 ]]; then
ret=0
fi
args="--id $caps --key ${keymap[$caps]}"
expect $ret ceph auth add client.foo $args
expect $ret "ceph auth caps client.foo mon 'allow *' $args"
expect $ret ceph auth get-or-create client.admin $args
expect $ret ceph auth get-or-create-key client.admin $args
expect $ret ceph auth get-or-create-key client.baz $args
expect $ret ceph auth del client.foo $args
expect $ret ceph auth del client.baz $args
expect $ret ceph auth import -i $tmp $args
}
echo "running combinations: ${!keymap[@]}"
subcmd=$1
for i in ${!keymap[@]}; do
echo "caps: $i"
if [[ -z "$subcmd" || "$subcmd" == "read" || "$subcmd" == "all" ]]; then
read_ops $i
fi
if [[ -z "$subcmd" || "$subcmd" == "write" || "$subcmd" == "all" ]]; then
write_ops $i
fi
done
# cleanup
for i in ${combinations} all; do
ceph auth del client.$i || exit 1
done
echo "OK"
|