mirror of
https://github.com/ceph/ceph
synced 2025-01-03 17:42:36 +00:00
19984d729f
I'm not really sure why this test expected EPERM before when it expects 0 a bit earlier, but it should certainly expect EPERM after the user is deleted. Signed-off-by: Sage Weil <sage@redhat.com>
91 lines
2.7 KiB
Bash
Executable File
91 lines
2.7 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
set -x
|
|
|
|
tmp=/tmp/cephtest-mon-caps-madness
|
|
|
|
exit_on_error=1
|
|
|
|
[[ ! -z $TEST_EXIT_ON_ERROR ]] && exit_on_error=$TEST_EXIT_ON_ERROR
|
|
|
|
if [ `uname` = FreeBSD ]; then
|
|
ETIMEDOUT=60
|
|
else
|
|
ETIMEDOUT=110
|
|
fi
|
|
|
|
expect()
|
|
{
|
|
cmd=$1
|
|
expected_ret=$2
|
|
|
|
echo $cmd
|
|
eval $cmd >&/dev/null
|
|
ret=$?
|
|
|
|
if [[ $ret -ne $expected_ret ]]; then
|
|
echo "Error: Expected return $expected_ret, got $ret"
|
|
[[ $exit_on_error -eq 1 ]] && exit 1
|
|
return 1
|
|
fi
|
|
|
|
return 0
|
|
}
|
|
|
|
expect "ceph auth get-or-create client.bazar > $tmp.bazar.keyring" 0
|
|
expect "ceph -k $tmp.bazar.keyring --user bazar quorum_status" 13
|
|
ceph auth del client.bazar
|
|
|
|
c="'allow command \"auth ls\", allow command quorum_status'"
|
|
expect "ceph auth get-or-create client.foo mon $c > $tmp.foo.keyring" 0
|
|
expect "ceph -k $tmp.foo.keyring --user foo quorum_status" 0
|
|
expect "ceph -k $tmp.foo.keyring --user foo auth ls" 0
|
|
expect "ceph -k $tmp.foo.keyring --user foo auth export" 13
|
|
expect "ceph -k $tmp.foo.keyring --user foo auth del client.bazar" 13
|
|
expect "ceph -k $tmp.foo.keyring --user foo osd dump" 13
|
|
|
|
# monitor drops the subscribe message from client if it does not have enough caps
|
|
# for read from mon. in that case, the client will be waiting for mgrmap in vain,
|
|
# if it is instructed to send a command to mgr. "pg dump" is served by mgr. so,
|
|
# we need to set a timeout for testing this scenario.
|
|
#
|
|
# leave plenty of time here because the mons might be thrashing.
|
|
export CEPH_ARGS='--rados-mon-op-timeout=300'
|
|
expect "ceph -k $tmp.foo.keyring --user foo pg dump" $ETIMEDOUT
|
|
export CEPH_ARGS=''
|
|
|
|
ceph auth del client.foo
|
|
expect "ceph -k $tmp.foo.keyring --user foo quorum_status" 13
|
|
|
|
c="'allow command service with prefix=list, allow command quorum_status'"
|
|
expect "ceph auth get-or-create client.bar mon $c > $tmp.bar.keyring" 0
|
|
expect "ceph -k $tmp.bar.keyring --user bar quorum_status" 0
|
|
expect "ceph -k $tmp.bar.keyring --user bar auth ls" 13
|
|
expect "ceph -k $tmp.bar.keyring --user bar auth export" 13
|
|
expect "ceph -k $tmp.bar.keyring --user bar auth del client.foo" 13
|
|
expect "ceph -k $tmp.bar.keyring --user bar osd dump" 13
|
|
|
|
# again, we'll need to timeout.
|
|
export CEPH_ARGS='--rados-mon-op-timeout=300'
|
|
expect "ceph -k $tmp.bar.keyring --user bar pg dump" $ETIMEDOUT
|
|
export CEPH_ARGS=''
|
|
|
|
ceph auth del client.bar
|
|
expect "ceph -k $tmp.bar.keyring --user bar quorum_status" 13
|
|
|
|
rm $tmp.bazar.keyring $tmp.foo.keyring $tmp.bar.keyring
|
|
|
|
# invalid caps health warning
|
|
cat <<EOF | ceph auth import -i -
|
|
[client.bad]
|
|
caps mon = this is wrong
|
|
caps osd = does not parse
|
|
caps mds = also does not parse
|
|
EOF
|
|
ceph health | grep AUTH_BAD_CAP
|
|
ceph health detail | grep client.bad
|
|
ceph auth rm client.bad
|
|
expect "ceph auth health | grep AUTH_BAD_CAP" 1
|
|
|
|
echo OK
|