tasks/cephfs: check data written to NS.

NS is always used for security isolation.

Signed-off-by: Xiaoxi Chen <xiaoxchen@ebay.com>

tasks/cephfs/filesystem.py

@@ -723,7 +723,7 @@ class Filesystem(MDSCluster):
             log.info("All objects for ino {0} size {1} are absent".format(ino, size))
             return True
 
-    def rados(self, args, pool=None, stdin_data=None):
+    def rados(self, args, pool=None, namespace=None, stdin_data=None):
         """
         Call into the `rados` CLI from an MDS
         """
@@ -738,7 +738,9 @@ class Filesystem(MDSCluster):
 
         # NB we could alternatively use librados pybindings for this, but it's a one-liner
         # using the `rados` CLI
-        args = [os.path.join(self._prefix, "rados"), "-p", pool] + args
+        args = ([os.path.join(self._prefix, "rados"), "-p", pool] +
+                (["--namespace", namespace] if namespace else []) +
+                args)
         p = remote.run(
             args=args,
             stdin=stdin_data,

tasks/cephfs/test_volume_client.py

@@ -131,6 +131,19 @@ vc.disconnect()
         self.mounts[2].mount(mount_path=mount_path)
         self.mounts[2].write_n_mb("data.bin", 1)
 
+        #sync so that file data are persist to rados
+        self.mounts[2].run_shell(["sync"])
+
+        # Our data should stay in particular rados namespace
+        pool_name = self.mount_a.getfattr(os.path.join("volumes", group_id, volume_id), "ceph.dir.layout.pool")
+        NS_PREFIX = "fsvolumens_"
+        namespace = "{0}{1}".format(NS_PREFIX, volume_id)
+        ns_in_attr = self.mount_a.getfattr(os.path.join("volumes", group_id, volume_id), "ceph.dir.layout.pool_namespace")
+        self.assertEqual(namespace, ns_in_attr)
+
+        objects_in_ns = set(self.fs.rados(["ls"], pool=pool_name, namespace=namespace).split("\n"))
+        self.assertNotEqual(objects_in_ns, set())
+
         # De-authorize the guest
         self._volume_client_python(self.mount_b, dedent("""
             vp = VolumePath("{group_id}", "{volume_id}")