ceph/qa/workunits/rados/test_pool_access.sh
Jason Dillaman 97e3f0aa01 qa/workunits/rados: test pool op permissions
Signed-off-by: Jason Dillaman <dillaman@redhat.com>
2018-06-26 11:41:19 -04:00

109 lines
2.2 KiB
Bash
Executable File

#!/usr/bin/env bash
set -ex
KEYRING=$(mktemp)
trap cleanup EXIT ERR HUP INT QUIT
cleanup() {
(ceph auth del client.mon_read || true) >/dev/null 2>&1
(ceph auth del client.mon_write || true) >/dev/null 2>&1
rm -f $KEYRING
}
expect_false()
{
set -x
if "$@"; then return 1; else return 0; fi
}
create_pool_op() {
ID=$1
POOL=$2
cat << EOF | CEPH_ARGS="-k $KEYRING" python
import rados
cluster = rados.Rados(conffile="", rados_id="${ID}")
cluster.connect()
cluster.create_pool("${POOL}")
EOF
}
delete_pool_op() {
ID=$1
POOL=$2
cat << EOF | CEPH_ARGS="-k $KEYRING" python
import rados
cluster = rados.Rados(conffile="", rados_id="${ID}")
cluster.connect()
cluster.delete_pool("${POOL}")
EOF
}
create_pool_snap_op() {
ID=$1
POOL=$2
SNAP=$3
cat << EOF | CEPH_ARGS="-k $KEYRING" python
import rados
cluster = rados.Rados(conffile="", rados_id="${ID}")
cluster.connect()
ioctx = cluster.open_ioctx("${POOL}")
ioctx.create_snap("${SNAP}")
EOF
}
remove_pool_snap_op() {
ID=$1
POOL=$2
SNAP=$3
cat << EOF | CEPH_ARGS="-k $KEYRING" python
import rados
cluster = rados.Rados(conffile="", rados_id="${ID}")
cluster.connect()
ioctx = cluster.open_ioctx("${POOL}")
ioctx.remove_snap("${SNAP}")
EOF
}
test_pool_op()
{
ceph auth get-or-create client.mon_read mon 'allow r' >> $KEYRING
ceph auth get-or-create client.mon_write mon 'allow *' >> $KEYRING
expect_false create_pool_op mon_read pool1
create_pool_op mon_write pool1
expect_false create_pool_snap_op mon_read pool1 snap1
create_pool_snap_op mon_write pool1 snap1
expect_false remove_pool_snap_op mon_read pool1 snap1
remove_pool_snap_op mon_write pool1 snap1
expect_false delete_pool_op mon_read pool1
delete_pool_op mon_write pool1
}
key=`ceph auth get-or-create-key client.poolaccess1 mon 'allow r' osd 'allow *'`
rados --id poolaccess1 --key $key -p rbd ls
key=`ceph auth get-or-create-key client.poolaccess2 mon 'allow r' osd 'allow * pool=nopool'`
expect_false rados --id poolaccess2 --key $key -p rbd ls
key=`ceph auth get-or-create-key client.poolaccess3 mon 'allow r' osd 'allow rw pool=nopool'`
expect_false rados --id poolaccess3 --key $key -p rbd ls
test_pool_op
echo OK