diff options
Diffstat (limited to '')
-rw-r--r-- | src/test/mds/CMakeLists.txt | 16 | ||||
-rw-r--r-- | src/test/mds/TestMDSAuthCaps.cc | 313 | ||||
-rw-r--r-- | src/test/mds/TestSessionFilter.cc | 142 |
3 files changed, 471 insertions, 0 deletions
diff --git a/src/test/mds/CMakeLists.txt b/src/test/mds/CMakeLists.txt new file mode 100644 index 000000000..857b205e1 --- /dev/null +++ b/src/test/mds/CMakeLists.txt @@ -0,0 +1,16 @@ +# unittest_mds_authcap +add_executable(unittest_mds_authcap + TestMDSAuthCaps.cc + $<TARGET_OBJECTS:unit-main> + ) +add_ceph_unittest(unittest_mds_authcap) +target_link_libraries(unittest_mds_authcap mds global ${BLKID_LIBRARIES}) + +# unittest_mds_sessionfilter +add_executable(unittest_mds_sessionfilter + TestSessionFilter.cc + $<TARGET_OBJECTS:unit-main> + ) +add_ceph_unittest(unittest_mds_sessionfilter) +target_link_libraries(unittest_mds_sessionfilter mds osdc ceph-common global ${BLKID_LIBRARIES}) + diff --git a/src/test/mds/TestMDSAuthCaps.cc b/src/test/mds/TestMDSAuthCaps.cc new file mode 100644 index 000000000..3556a8591 --- /dev/null +++ b/src/test/mds/TestMDSAuthCaps.cc @@ -0,0 +1,313 @@ +// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- +// vim: ts=8 sw=2 smarttab +/* + * Ceph - scalable distributed file system + * + * Copyright (C) 2012 Inktank + * + * This is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License version 2.1, as published by the Free Software + * Foundation. See file COPYING. + * + */ + +#include <iostream> + +#include "include/stringify.h" +#include "mds/MDSAuthCaps.h" + +#include "gtest/gtest.h" + +using std::string; +using std::cout; + +entity_addr_t addr; + +const char *parse_good[] = { + "allow rw uid=1 gids=1", + "allow * path=\"/foo\"", + "allow * path=/foo", + "allow * path=/foo-bar_baz", + "allow * path=\"/foo bar/baz\"", + "allow * uid=1", + "allow * path=\"/foo\" uid=1", + "allow *", + "allow r", + "allow rw", + "allow rw uid=1 gids=1,2,3", + "allow rw path=/foo uid=1 gids=1,2,3", + "allow r, allow rw path=/foo", + "allow r, allow * uid=1", + "allow r ,allow * uid=1", + "allow r ;allow * uid=1", + "allow r ; allow * uid=1", + "allow r ; allow * uid=1", + "allow r uid=1 gids=1,2,3, allow * uid=2", + "allow r network 1.2.3.4/8", + "allow rw path=/foo uid=1 gids=1,2,3 network 2.3.4.5/16", + "allow r root_squash", + "allow rw path=/foo root_squash", + "allow rw fsname=a root_squash", + "allow rw fsname=a path=/foo root_squash", + "allow rw fsname=a root_squash, allow rwp fsname=a path=/volumes", + 0 +}; + +TEST(MDSAuthCaps, ParseGood) { + for (int i=0; parse_good[i]; i++) { + string str = parse_good[i]; + MDSAuthCaps cap; + std::cout << "Testing good input: '" << str << "'" << std::endl; + ASSERT_TRUE(cap.parse(g_ceph_context, str, &cout)); + } +} + +const char *parse_bad[] = { + "allow r poolfoo", + "allow r w", + "ALLOW r", + "allow w", + "allow rwx,", + "allow rwx x", + "allow r pool foo r", + "allow wwx pool taco", + "allow wwx pool taco^funny&chars", + "allow rwx pool 'weird name''", + "allow rwx object_prefix \"beforepool\" pool weird", + "allow rwx auid 123 pool asdf", + "allow xrwx pool foo,, allow r pool bar", + ";allow rwx pool foo rwx ; allow r pool bar", + "allow rwx pool foo ;allow r pool bar gibberish", + "allow rwx auid 123 pool asdf namespace=foo", + "allow rwx auid 123 namespace", + "allow rwx namespace", + "allow namespace", + "allow namespace=foo", + "allow rwx auid 123 namespace asdf", + "allow wwx pool ''", + "allow rw gids=1", + "allow rw gids=1,2,3", + "allow rw uid=123 gids=asdf", + "allow rw uid=123 gids=1,2,asdf", + 0 +}; + +TEST(MDSAuthCaps, ParseBad) { + for (int i=0; parse_bad[i]; i++) { + string str = parse_bad[i]; + MDSAuthCaps cap; + std::cout << "Testing bad input: '" << str << "'" << std::endl; + ASSERT_FALSE(cap.parse(g_ceph_context, str, &cout)); + } +} + +TEST(MDSAuthCaps, AllowAll) { + MDSAuthCaps cap; + ASSERT_FALSE(cap.allow_all()); + + ASSERT_TRUE(cap.parse(g_ceph_context, "allow r", NULL)); + ASSERT_FALSE(cap.allow_all()); + cap = MDSAuthCaps(); + + ASSERT_TRUE(cap.parse(g_ceph_context, "allow rw", NULL)); + ASSERT_FALSE(cap.allow_all()); + cap = MDSAuthCaps(); + + ASSERT_TRUE(cap.parse(g_ceph_context, "allow", NULL)); + ASSERT_FALSE(cap.allow_all()); + cap = MDSAuthCaps(); + + ASSERT_TRUE(cap.parse(g_ceph_context, "allow *", NULL)); + ASSERT_TRUE(cap.allow_all()); + ASSERT_TRUE(cap.is_capable("foo/bar", 0, 0, 0777, 0, 0, NULL, MAY_READ | MAY_WRITE, 0, 0, addr)); +} + +TEST(MDSAuthCaps, AllowUid) { + MDSAuthCaps cap(g_ceph_context); + ASSERT_TRUE(cap.parse(g_ceph_context, "allow * uid=10", NULL)); + ASSERT_FALSE(cap.allow_all()); + + // uid/gid must be valid + ASSERT_FALSE(cap.is_capable("foo", 0, 0, 0777, 0, 0, NULL, MAY_READ, 0, 0, addr)); + ASSERT_TRUE(cap.is_capable("foo", 0, 0, 0777, 10, 0, NULL, MAY_READ, 0, 0, addr)); + ASSERT_TRUE(cap.is_capable("foo", 0, 0, 0777, 10, 10, NULL, MAY_READ, 0, 0, addr)); + ASSERT_FALSE(cap.is_capable("foo", 0, 0, 0777, 12, 12, NULL, MAY_READ, 0, 0, addr)); + ASSERT_TRUE(cap.is_capable("foo", 0, 0, 0777, 10, 13, NULL, MAY_READ, 0, 0, addr)); +} + +TEST(MDSAuthCaps, AllowUidGid) { + MDSAuthCaps cap(g_ceph_context); + ASSERT_TRUE(cap.parse(g_ceph_context, "allow * uid=10 gids=10,11,12; allow * uid=12 gids=12,10", NULL)); + ASSERT_FALSE(cap.allow_all()); + + // uid/gid must be valid + ASSERT_FALSE(cap.is_capable("foo", 0, 0, 0777, 0, 0, NULL, MAY_READ, 0, 0, addr)); + ASSERT_FALSE(cap.is_capable("foo", 0, 0, 0777, 10, 0, NULL, MAY_READ, 0, 0, addr)); + ASSERT_FALSE(cap.is_capable("foo", 0, 0, 0777, 9, 10, NULL, MAY_READ, 0, 0, addr)); + ASSERT_TRUE(cap.is_capable("foo", 0, 0, 0777, 10, 10, NULL, MAY_READ, 0, 0, addr)); + ASSERT_TRUE(cap.is_capable("foo", 0, 0, 0777, 12, 12, NULL, MAY_READ, 0, 0, addr)); + ASSERT_FALSE(cap.is_capable("foo", 0, 0, 0777, 10, 13, NULL, MAY_READ, 0, 0, addr)); + + // user + ASSERT_TRUE(cap.is_capable("foo", 10, 10, 0500, 10, 11, NULL, MAY_READ, 0, 0, addr)); + ASSERT_FALSE(cap.is_capable("foo", 10, 10, 0500, 10, 11, NULL, MAY_WRITE, 0, 0, addr)); + ASSERT_FALSE(cap.is_capable("foo", 10, 10, 0500, 10, 11, NULL, MAY_READ | MAY_WRITE, 0, 0, addr)); + ASSERT_TRUE(cap.is_capable("foo", 10, 10, 0700, 10, 11, NULL, MAY_READ, 0, 0, addr)); + ASSERT_TRUE(cap.is_capable("foo", 10, 10, 0700, 10, 11, NULL, MAY_WRITE, 0, 0, addr)); + ASSERT_TRUE(cap.is_capable("foo", 10, 10, 0700, 10, 10, NULL, MAY_READ | MAY_WRITE, 0, 0, addr)); + ASSERT_TRUE(cap.is_capable("foo", 10, 0, 0700, 10, 10, NULL, MAY_READ | MAY_WRITE, 0, 0, addr)); + ASSERT_FALSE(cap.is_capable("foo", 12, 0, 0700, 10, 10, NULL, MAY_READ | MAY_WRITE, 0, 0, addr)); + ASSERT_TRUE(cap.is_capable("foo", 12, 0, 0700, 12, 12, NULL, MAY_READ | MAY_WRITE, 0, 0, addr)); + ASSERT_FALSE(cap.is_capable("foo", 0, 0, 0700, 10, 10, NULL, MAY_READ | MAY_WRITE, 0, 0, addr)); + + // group + vector<uint64_t> glist10; + glist10.push_back(10); + vector<uint64_t> dglist10; + dglist10.push_back(8); + dglist10.push_back(10); + vector<uint64_t> glist11; + glist11.push_back(11); + vector<uint64_t> glist12; + glist12.push_back(12); + ASSERT_TRUE(cap.is_capable("foo", 0, 10, 0750, 10, 10, NULL, MAY_READ, 0, 0, addr)); + ASSERT_FALSE(cap.is_capable("foo", 0, 10, 0750, 10, 10, NULL, MAY_WRITE, 0, 0, addr)); + ASSERT_TRUE(cap.is_capable("foo", 0, 10, 0770, 10, 10, NULL, MAY_READ | MAY_WRITE, 0, 0, addr)); + ASSERT_TRUE(cap.is_capable("foo", 0, 10, 0770, 10, 11, &glist10, MAY_READ | MAY_WRITE, 0, 0, addr)); + ASSERT_TRUE(cap.is_capable("foo", 0, 11, 0770, 10, 10, &glist11, MAY_READ | MAY_WRITE, 0, 0, addr)); + ASSERT_TRUE(cap.is_capable("foo", 0, 11, 0770, 10, 11, NULL, MAY_READ | MAY_WRITE, 0, 0, addr)); + ASSERT_TRUE(cap.is_capable("foo", 0, 12, 0770, 12, 12, NULL, MAY_READ | MAY_WRITE, 0, 0, addr)); + ASSERT_FALSE(cap.is_capable("foo", 0, 10, 0770, 12, 12, NULL, MAY_READ | MAY_WRITE, 0, 0, addr)); + ASSERT_TRUE(cap.is_capable("foo", 0, 10, 0770, 12, 12, &glist10, MAY_READ | MAY_WRITE, 0, 0, addr)); + ASSERT_TRUE(cap.is_capable("foo", 0, 10, 0770, 12, 12, &dglist10, MAY_READ | MAY_WRITE, 0, 0, addr)); + ASSERT_FALSE(cap.is_capable("foo", 0, 11, 0770, 12, 12, &glist11, MAY_READ | MAY_WRITE, 0, 0, addr)); + ASSERT_FALSE(cap.is_capable("foo", 0, 12, 0770, 10, 10, NULL, MAY_READ | MAY_WRITE, 0, 0, addr)); + ASSERT_TRUE(cap.is_capable("foo", 0, 12, 0770, 10, 10, &glist12, MAY_READ | MAY_WRITE, 0, 0, addr)); + + // user > group + ASSERT_TRUE(cap.is_capable("foo", 10, 10, 0570, 10, 10, NULL, MAY_READ, 0, 0, addr)); + ASSERT_FALSE(cap.is_capable("foo", 10, 10, 0570, 10, 10, NULL, MAY_WRITE, 0, 0, addr)); + + // other + ASSERT_TRUE(cap.is_capable("foo", 0, 0, 0775, 10, 10, NULL, MAY_READ, 0, 0, addr)); + ASSERT_FALSE(cap.is_capable("foo", 0, 0, 0770, 10, 10, NULL, MAY_READ, 0, 0, addr)); + ASSERT_FALSE(cap.is_capable("foo", 0, 0, 0775, 10, 10, NULL, MAY_WRITE, 0, 0, addr)); + ASSERT_FALSE(cap.is_capable("foo", 0, 0, 0775, 10, 10, NULL, MAY_READ | MAY_WRITE, 0, 0, addr)); + ASSERT_TRUE(cap.is_capable("foo", 0, 0, 0777, 10, 10, NULL, MAY_READ | MAY_WRITE, 0, 0, addr)); + ASSERT_FALSE(cap.is_capable("foo", 0, 0, 0773, 10, 10, NULL, MAY_READ, 0, 0, addr)); + + // group > other + ASSERT_TRUE(cap.is_capable("foo", 0, 0, 0557, 10, 10, NULL, MAY_READ, 0, 0, addr)); + ASSERT_FALSE(cap.is_capable("foo", 0, 10, 0557, 10, 10, NULL, MAY_WRITE, 0, 0, addr)); + + // user > other + ASSERT_TRUE(cap.is_capable("foo", 0, 0, 0557, 10, 10, NULL, MAY_READ, 0, 0, addr)); + ASSERT_FALSE(cap.is_capable("foo", 10, 0, 0557, 10, 10, NULL, MAY_WRITE, 0, 0, addr)); +} + +TEST(MDSAuthCaps, AllowPath) { + MDSAuthCaps cap; + ASSERT_TRUE(cap.parse(g_ceph_context, "allow * path=/sandbox", NULL)); + ASSERT_FALSE(cap.allow_all()); + ASSERT_TRUE(cap.is_capable("sandbox/foo", 0, 0, 0777, 0, 0, NULL, MAY_READ | MAY_WRITE, 0, 0, addr)); + ASSERT_TRUE(cap.is_capable("sandbox", 0, 0, 0777, 0, 0, NULL, MAY_READ | MAY_WRITE, 0, 0, addr)); + ASSERT_FALSE(cap.is_capable("sandboxed", 0, 0, 0777, 0, 0, NULL, MAY_READ | MAY_WRITE, 0, 0, addr)); + ASSERT_FALSE(cap.is_capable("foo", 0, 0, 0777, 0, 0, NULL, MAY_READ | MAY_WRITE, 0, 0, addr)); +} + +TEST(MDSAuthCaps, AllowPathChars) { + MDSAuthCaps unquo_cap; + ASSERT_TRUE(unquo_cap.parse(g_ceph_context, "allow * path=/sandbox-._foo", NULL)); + ASSERT_FALSE(unquo_cap.allow_all()); + ASSERT_TRUE(unquo_cap.is_capable("sandbox-._foo/foo", 0, 0, 0777, 0, 0, NULL, MAY_READ | MAY_WRITE, 0, 0, addr)); + ASSERT_FALSE(unquo_cap.is_capable("sandbox", 0, 0, 0777, 0, 0, NULL, MAY_READ | MAY_WRITE, 0, 0, addr)); + ASSERT_FALSE(unquo_cap.is_capable("sandbox-._food", 0, 0, 0777, 0, 0, NULL, MAY_READ | MAY_WRITE, 0, 0, addr)); + ASSERT_FALSE(unquo_cap.is_capable("foo", 0, 0, 0777, 0, 0, NULL, MAY_READ | MAY_WRITE, 0, 0, addr)); +} + + +TEST(MDSAuthCaps, AllowPathCharsQuoted) { + MDSAuthCaps quo_cap; + ASSERT_TRUE(quo_cap.parse(g_ceph_context, "allow * path=\"/sandbox-._foo\"", NULL)); + ASSERT_FALSE(quo_cap.allow_all()); + ASSERT_TRUE(quo_cap.is_capable("sandbox-._foo/foo", 0, 0, 0777, 0, 0, NULL, MAY_READ | MAY_WRITE, 0, 0, addr)); + ASSERT_FALSE(quo_cap.is_capable("sandbox", 0, 0, 0777, 0, 0, NULL, MAY_READ | MAY_WRITE, 0, 0, addr)); + ASSERT_FALSE(quo_cap.is_capable("sandbox-._food", 0, 0, 0777, 0, 0, NULL, MAY_READ | MAY_WRITE, 0, 0, addr)); + ASSERT_FALSE(quo_cap.is_capable("foo", 0, 0, 0777, 0, 0, NULL, MAY_READ | MAY_WRITE, 0, 0, addr)); +} + +TEST(MDSAuthCaps, RootSquash) { + MDSAuthCaps rs_cap; + ASSERT_TRUE(rs_cap.parse(g_ceph_context, "allow rw root_squash, allow rw path=/sandbox", NULL)); + ASSERT_TRUE(rs_cap.is_capable("foo", 0, 0, 0777, 0, 0, NULL, MAY_READ, 0, 0, addr)); + ASSERT_TRUE(rs_cap.is_capable("foo", 0, 0, 0777, 10, 10, NULL, MAY_READ | MAY_WRITE, 0, 0, addr)); + ASSERT_FALSE(rs_cap.is_capable("foo", 0, 0, 0777, 0, 0, NULL, MAY_READ | MAY_WRITE, 0, 0, addr)); + ASSERT_TRUE(rs_cap.is_capable("sandbox", 0, 0, 0777, 0, 0, NULL, MAY_READ | MAY_WRITE, 0, 0, addr)); + ASSERT_TRUE(rs_cap.is_capable("sandbox/foo", 0, 0, 0777, 0, 0, NULL, MAY_READ | MAY_WRITE, 0, 0, addr)); + ASSERT_TRUE(rs_cap.is_capable("sandbox/foo", 0, 0, 0777, 10, 10, NULL, MAY_READ | MAY_WRITE, 0, 0, addr)); +} + +TEST(MDSAuthCaps, OutputParsed) { + struct CapsTest { + const char *input; + const char *output; + }; + CapsTest test_values[] = { + {"allow", + "MDSAuthCaps[allow rwps]"}, + {"allow *", + "MDSAuthCaps[allow *]"}, + {"allow r", + "MDSAuthCaps[allow r]"}, + {"allow rw", + "MDSAuthCaps[allow rw]"}, + {"allow * uid=1", + "MDSAuthCaps[allow * uid=1]"}, + {"allow * uid=1 gids=1", + "MDSAuthCaps[allow * uid=1 gids=1]"}, + {"allow * uid=1 gids=1,2,3", + "MDSAuthCaps[allow * uid=1 gids=1,2,3]"}, + {"allow * path=/foo", + "MDSAuthCaps[allow * path=\"/foo\"]"}, + {"allow * path=\"/foo\"", + "MDSAuthCaps[allow * path=\"/foo\"]"}, + {"allow rw root_squash", + "MDSAuthCaps[allow rw root_squash]"}, + {"allow rw fsname=a root_squash", + "MDSAuthCaps[allow rw fsname=a root_squash]"}, + {"allow * path=\"/foo\" root_squash", + "MDSAuthCaps[allow * path=\"/foo\" root_squash]"}, + {"allow * path=\"/foo\" uid=1", + "MDSAuthCaps[allow * path=\"/foo\" uid=1]"}, + {"allow * path=\"/foo\" uid=1 gids=1,2,3", + "MDSAuthCaps[allow * path=\"/foo\" uid=1 gids=1,2,3]"}, + {"allow r uid=1 gids=1,2,3, allow * uid=2", + "MDSAuthCaps[allow r uid=1 gids=1,2,3, allow * uid=2]"}, + {"allow r uid=1 gids=1,2,3, allow * uid=2 network 10.0.0.0/8", + "MDSAuthCaps[allow r uid=1 gids=1,2,3, allow * uid=2 network 10.0.0.0/8]"}, + {"allow rw fsname=b, allow rw fsname=a root_squash", + "MDSAuthCaps[allow rw fsname=b, allow rw fsname=a root_squash]"}, + }; + size_t num_tests = sizeof(test_values) / sizeof(*test_values); + for (size_t i = 0; i < num_tests; ++i) { + MDSAuthCaps cap; + std::cout << "Testing input '" << test_values[i].input << "'" << std::endl; + ASSERT_TRUE(cap.parse(g_ceph_context, test_values[i].input, &cout)); + ASSERT_EQ(test_values[i].output, stringify(cap)); + } +} + +TEST(MDSAuthCaps, network) { + entity_addr_t a, b, c; + a.parse("10.1.2.3"); + b.parse("192.168.2.3"); + c.parse("192.167.2.3"); + + MDSAuthCaps cap; + ASSERT_TRUE(cap.parse(g_ceph_context, "allow * network 192.168.0.0/16, allow * network 10.0.0.0/8", NULL)); + + ASSERT_TRUE(cap.is_capable("foo", 0, 0, 0777, 0, 0, NULL, MAY_READ, 0, 0, a)); + ASSERT_TRUE(cap.is_capable("foo", 0, 0, 0777, 0, 0, NULL, MAY_READ, 0, 0, b)); + ASSERT_FALSE(cap.is_capable("foo", 0, 0, 0777, 0, 0, NULL, MAY_READ, 0, 0, c)); +} diff --git a/src/test/mds/TestSessionFilter.cc b/src/test/mds/TestSessionFilter.cc new file mode 100644 index 000000000..9fa33f451 --- /dev/null +++ b/src/test/mds/TestSessionFilter.cc @@ -0,0 +1,142 @@ +// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- +// vim: ts=8 sw=2 smarttab +/* + * Ceph - scalable distributed file system + * + * Copyright (C) 2012 Inktank + * + * This is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License version 2.1, as published by the Free Software + * Foundation. See file COPYING. + * + */ + +#include <iostream> + +#include "include/stringify.h" +#include "mds/SessionMap.h" + +#include "gtest/gtest.h" + +typedef std::vector<std::string> args_eg; +typedef std::vector<args_eg> args_eg_set; + +TEST(MDSSessionFilter, ParseGood) +{ + args_eg_set examples = { + {"id=34"}, + {"auth_name=foxtrot"}, + {"state=reconnecting"}, + {"reconnecting=true"}, + {"client_metadata.root=/foo/bar"}, + {}, + {"id=123"}, + {"id=34", "client_metadata.root=/foo/bar", "auth_name=foxtrot", + "state=reconnecting", "reconnecting=true"} + }; + + for (auto ex : examples) { + SessionFilter f; + std::stringstream ss; + + std::cout << "Testing '" << ex << "'" << std::endl; + int r = f.parse(ex, &ss); + ASSERT_EQ(r, 0); + ASSERT_TRUE(ss.str().empty()); + } +} + +TEST(MDSSessionFilter, ParseBad) +{ + args_eg_set examples = { + {"rhubarb"}, + {"id="}, + {"id=custard"}, + {"=custard"}, + {"reconnecting=MAYBE"}, + {"reconnecting=2"} + }; + + for (auto ex : examples) { + SessionFilter f; + std::stringstream ss; + + std::cout << "Testing '" << ex << "'" << std::endl; + int r = f.parse(ex, &ss); + ASSERT_EQ(r, -EINVAL); + ASSERT_FALSE(ss.str().empty()); + } +} + +TEST(MDSSessionFilter, IdEquality) +{ + SessionFilter filter; + std::stringstream ss; + filter.parse({"id=123"}, &ss); + auto a = ceph::make_ref<Session>(nullptr);; + auto b = ceph::make_ref<Session>(nullptr);; + a->info.inst.name.parse("client.123"); + b->info.inst.name.parse("client.456"); + + ASSERT_TRUE(filter.match(*a, [](client_t c) -> bool {return false;})); + ASSERT_FALSE(filter.match(*b, [](client_t c) -> bool {return false;})); +} + +TEST(MDSSessionFilter, StateEquality) +{ + SessionFilter filter; + std::stringstream ss; + filter.parse({"state=closing"}, &ss); + auto a = ceph::make_ref<Session>(nullptr); + a->set_state(Session::STATE_CLOSING); + auto b = ceph::make_ref<Session>(nullptr); + b->set_state(Session::STATE_OPENING); + + ASSERT_TRUE(filter.match(*a, [](client_t c) -> bool {return false;})); + ASSERT_FALSE(filter.match(*b, [](client_t c) -> bool {return false;})); +} + +TEST(MDSSessionFilter, AuthEquality) +{ + SessionFilter filter; + std::stringstream ss; + filter.parse({"auth_name=rhubarb"}, &ss); + auto a = ceph::make_ref<Session>(nullptr); + a->info.auth_name.set_id("rhubarb"); + auto b = ceph::make_ref<Session>(nullptr); + b->info.auth_name.set_id("custard"); + + ASSERT_TRUE(filter.match(*a, [](client_t c) -> bool {return false;})); + ASSERT_FALSE(filter.match(*b, [](client_t c) -> bool {return false;})); +} + +TEST(MDSSessionFilter, MetadataEquality) +{ + SessionFilter filter; + std::stringstream ss; + int r = filter.parse({"client_metadata.root=/rhubarb"}, &ss); + ASSERT_EQ(r, 0); + client_metadata_t meta; + auto a = ceph::make_ref<Session>(nullptr); + meta.kv_map = {{"root", "/rhubarb"}}; + a->set_client_metadata(meta); + auto b = ceph::make_ref<Session>(nullptr); + meta.kv_map = {{"root", "/custard"}}; + b->set_client_metadata(meta); + + ASSERT_TRUE(filter.match(*a, [](client_t c) -> bool {return false;})); + ASSERT_FALSE(filter.match(*b, [](client_t c) -> bool {return false;})); +} + +TEST(MDSSessionFilter, ReconnectingEquality) +{ + SessionFilter filter; + std::stringstream ss; + int r = filter.parse({"reconnecting=true"}, &ss); + ASSERT_EQ(r, 0); + auto a = ceph::make_ref<Session>(nullptr); + + ASSERT_TRUE(filter.match(*a, [](client_t c) -> bool {return true;})); + ASSERT_FALSE(filter.match(*a, [](client_t c) -> bool {return false;})); +} |