ceph/qa/workunits/mon/auth_caps.sh
Kefu Chai 03b4a83f14 qa/workunits/mon/auth_caps.sh: remove tests for blank cap
* remove tests for blank cap: this feature is not supported/implemented by AuthMonitor.
* remove cap for client.baz after done with it. so we don't have error
  like: "entity client.baz exists but caps do not match" when trying to
  re-set the cap of it.

Signed-off-by: Kefu Chai <kchai@redhat.com>
2017-06-19 12:58:17 +08:00

131 lines
2.5 KiB
Bash
Executable File

#!/bin/bash
set -e
set -x
declare -A keymap
combinations="r w x rw rx wx rwx"
for i in ${combinations}; do
k="foo_$i"
k=`ceph auth get-or-create-key client.$i mon "allow $i"` || exit 1
keymap["$i"]=$k
done
# add special caps
keymap["all"]=`ceph auth get-or-create-key client.all mon 'allow *'` || exit 1
tmp=`mktemp`
ceph auth export > $tmp
trap "rm $tmp" INT ERR EXIT QUIT 0
expect() {
set +e
local expected_ret=$1
local ret
shift
cmd=$@
eval $cmd
ret=$?
set -e
if [[ $ret -ne $expected_ret ]]; then
echo "ERROR: running \'$cmd\': expected $expected_ret got $ret"
return 1
fi
return 0
}
read_ops() {
local caps=$1
local has_read=1 has_exec=1
local ret
local args
( echo $caps | grep 'r' ) || has_read=0
( echo $caps | grep 'x' ) || has_exec=0
if [[ "$caps" == "all" ]]; then
has_read=1
has_exec=1
fi
ret=13
if [[ $has_read -gt 0 && $has_exec -gt 0 ]]; then
ret=0
fi
args="--id $caps --key ${keymap[$caps]}"
expect $ret ceph auth get client.admin $args
expect $ret ceph auth get-key client.admin $args
expect $ret ceph auth export $args
expect $ret ceph auth export client.admin $args
expect $ret ceph auth list $args
expect $ret ceph auth print-key client.admin $args
expect $ret ceph auth print_key client.admin $args
}
write_ops() {
local caps=$1
local has_read=1 has_write=1 has_exec=1
local ret
local args
( echo $caps | grep 'r' ) || has_read=0
( echo $caps | grep 'w' ) || has_write=0
( echo $caps | grep 'x' ) || has_exec=0
if [[ "$caps" == "all" ]]; then
has_read=1
has_write=1
has_exec=1
fi
ret=13
if [[ $has_read -gt 0 && $has_write -gt 0 && $has_exec -gt 0 ]]; then
ret=0
fi
args="--id $caps --key ${keymap[$caps]}"
expect $ret ceph auth add client.foo $args
expect $ret "ceph auth caps client.foo mon 'allow *' $args"
expect $ret ceph auth get-or-create client.admin $args
expect $ret ceph auth get-or-create-key client.admin $args
expect $ret ceph auth get-or-create-key client.baz $args
expect $ret ceph auth del client.foo $args
expect $ret ceph auth del client.baz $args
expect $ret ceph auth import -i $tmp $args
}
echo "running combinations: ${!keymap[@]}"
subcmd=$1
for i in ${!keymap[@]}; do
echo "caps: $i"
if [[ -z "$subcmd" || "$subcmd" == "read" || "$subcmd" == "all" ]]; then
read_ops $i
fi
if [[ -z "$subcmd" || "$subcmd" == "write" || "$subcmd" == "all" ]]; then
write_ops $i
fi
done
# cleanup
for i in ${combinations} all; do
ceph auth del client.$i || exit 1
done
echo "OK"