ch-sync and ceph-sync to pickup 1696073 fixes

Sync charmhelpers and charms.ceph code to pickup fixes for Bug #1696073 Change-Id: Icf844ec7d33f2e558dee7935fe5fa3d7f08e0d59 Closes-Bug: #1696073
2017-12-14 14:11:02 +00:00 · 2017-12-14 14:11:02 +00:00 · 4e411761bf
parent 73b92a4c7c
commit 4e411761bf
3 changed files with 42 additions and 10 deletions
--- a/hooks/charmhelpers/contrib/openstack/utils.py
+++ b/hooks/charmhelpers/contrib/openstack/utils.py
@ -2045,14 +2045,25 @@ def token_cache_pkgs(source=None, release=None):

 def update_json_file(filename, items):
    """Updates the json `filename` with a given dict.
-    :param filename: json filename (i.e.: /etc/glance/policy.json)
+    :param filename: path to json file (e.g. /etc/glance/policy.json)
    :param items: dict of items to update
    """
+    if not items:
+        return
+
    with open(filename) as fd:
        policy = json.load(fd)
+
+    # Compare before and after and if nothing has changed don't write the file
+    # since that could cause unnecessary service restarts.
+    before = json.dumps(policy, indent=4, sort_keys=True)
    policy.update(items)
+    after = json.dumps(policy, indent=4, sort_keys=True)
+    if before == after:
+        return
+
    with open(filename, "w") as fd:
-        fd.write(json.dumps(policy, indent=4))
+        fd.write(after)


@cached
--- a/hooks/charmhelpers/contrib/storage/linux/ceph.py
+++ b/hooks/charmhelpers/contrib/storage/linux/ceph.py
@ -1064,14 +1064,24 @@ class CephBrokerRq(object):
        self.ops = []

    def add_op_request_access_to_group(self, name, namespace=None,
-                                       permission=None, key_name=None):
+                                       permission=None, key_name=None,
+                                       object_prefix_permissions=None):
        """
        Adds the requested permissions to the current service's Ceph key,
-        allowing the key to access only the specified pools
+        allowing the key to access only the specified pools or
+        object prefixes. object_prefix_permissions should be a dictionary
+        keyed on the permission with the corresponding value being a list
+        of prefixes to apply that permission to.
+            {
+                'rwx': ['prefix1', 'prefix2'],
+                'class-read': ['prefix3']}
        """
-        self.ops.append({'op': 'add-permissions-to-key', 'group': name,
-                         'namespace': namespace, 'name': key_name or service_name(),
-                         'group-permission': permission})
+        self.ops.append({
+            'op': 'add-permissions-to-key', 'group': name,
+            'namespace': namespace,
+            'name': key_name or service_name(),
+            'group-permission': permission,
+            'object-prefix-permissions': object_prefix_permissions})

    def add_op_create_pool(self, name, replica_count=3, pg_num=None,
                           weight=None, group=None, namespace=None):
@ -1107,7 +1117,10 @@ class CephBrokerRq(object):
    def _ops_equal(self, other):
        if len(self.ops) == len(other.ops):
            for req_no in range(0, len(self.ops)):
-                for key in ['replicas', 'name', 'op', 'pg_num', 'weight']:
+                for key in [
+                        'replicas', 'name', 'op', 'pg_num', 'weight',
+                        'group', 'group-namespace', 'group-permission',
+                        'object-prefix-permissions']:
                    if self.ops[req_no].get(key) != other.ops[req_no].get(key):
                        return False
        else:
--- a/lib/ceph/broker.py
+++ b/lib/ceph/broker.py
@ -187,6 +187,9 @@ def handle_add_permissions_to_key(request, service):
    group = get_group(group_name=group_name)
    service_obj = get_service_groups(service=service_name,
                                     namespace=group_namespace)
+    if request.get('object-prefix-permissions'):
+        service_obj['object_prefix_perms'] = request.get(
+            'object-prefix-permissions')
    format("Service object: {}".format(service_obj))
    permission = request.get('group-permission') or "rwx"
    if service_name not in group['services']:
@ -233,7 +236,7 @@ def pool_permission_list_for_service(service):
    """Build the permission string for Ceph for a given service"""
    permissions = []
    permission_types = collections.OrderedDict()
-    for permission, group in service["group_names"].items():
+    for permission, group in sorted(service["group_names"].items()):
        if permission not in permission_types:
            permission_types[permission] = []
        for item in group:
@ -241,8 +244,13 @@ def pool_permission_list_for_service(service):
    for permission, groups in permission_types.items():
        permission = "allow {}".format(permission)
        for group in groups:
-            for pool in service['groups'][group]['pools']:
+            for pool in service['groups'][group].get('pools', []):
                permissions.append("{} pool={}".format(permission, pool))
+    for permission, prefixes in sorted(
+            service.get("object_prefix_perms", {}).items()):
+        for prefix in prefixes:
+            permissions.append("allow {} object_prefix {}".format(permission,
+                                                                  prefix))
    return ["mon", "allow r", "osd", ', '.join(permissions)]