Add request_access_to_group method
Add request_access_to_group method to allow a client to request ceph permissions. Change-Id: I8a7f0bf47c39509eec71a286bd51ec53c58d7e0d
This commit is contained in:
parent
e4997e5ab8
commit
288bab66dd
29
requires.py
29
requires.py
|
@ -113,6 +113,35 @@ class CephClientRequires(RelationBase):
|
|||
self.set_local(key='broker_req', value=current_request.request)
|
||||
send_request_if_needed(current_request, relation=self.relation_name)
|
||||
|
||||
def request_access_to_group(self, name, namespace=None, permission=None,
|
||||
key_name=None, object_prefix_permissions=None):
|
||||
"""
|
||||
Adds the requested permissions to service's Ceph key
|
||||
|
||||
Adds the requested permissions to the current service's Ceph key,
|
||||
allowing the key to access only the specified pools or
|
||||
object prefixes. object_prefix_permissions should be a dictionary
|
||||
keyed on the permission with the corresponding value being a list
|
||||
of prefixes to apply that permission to.
|
||||
{
|
||||
'rwx': ['prefix1', 'prefix2'],
|
||||
'class-read': ['prefix3']}
|
||||
@param name: Target group name for permissions request.
|
||||
@param namespace: namespace to further restrict pool access.
|
||||
@param permission: Permission to be requested against pool
|
||||
@param key_name: userid to grant permission to
|
||||
@param object_prefix_permissions: Add object_prefix permissions.
|
||||
"""
|
||||
current_request = self.get_current_request()
|
||||
current_request.add_op_request_access_to_group(
|
||||
name,
|
||||
namespace=namespace,
|
||||
permission=permission,
|
||||
key_name=key_name,
|
||||
object_prefix_permissions=object_prefix_permissions)
|
||||
self.set_local(key='broker_req', value=current_request.request)
|
||||
send_request_if_needed(current_request, relation=self.relation_name)
|
||||
|
||||
def get_remote_all(self, key, default=None):
|
||||
"""Return a list of all values presented by remote units for key"""
|
||||
# TODO: might be a nicer way todo this - written a while back!
|
||||
|
|
|
@ -264,6 +264,59 @@ class TestCephClientRequires(unittest.TestCase):
|
|||
'pg_num': None,
|
||||
'weight': None}])
|
||||
|
||||
def test_request_access_to_group_new_request(self):
|
||||
self.patch_kr('get_local', '{"ops": []}')
|
||||
self.patch_kr('set_local')
|
||||
self.cr.request_access_to_group(
|
||||
'volumes',
|
||||
key_name='cinder',
|
||||
object_prefix_permissions={'class-read': ['rbd_children']},
|
||||
permission='rwx')
|
||||
ceph_broker_rq = self.send_request_if_needed.mock_calls[0][1][0]
|
||||
self.assertEqual(
|
||||
ceph_broker_rq.ops,
|
||||
[{
|
||||
'group': 'volumes',
|
||||
'group-permission': 'rwx',
|
||||
'name': 'cinder',
|
||||
'namespace': None,
|
||||
'object-prefix-permissions': {'class-read': ['rbd_children']},
|
||||
'op': 'add-permissions-to-key'}])
|
||||
|
||||
def test_request_access_to_group_existing_request(self):
|
||||
req = (
|
||||
'{"api-version": 1, '
|
||||
'"ops": [{"op": "create-pool", "name": "volumes", "replicas": 3, '
|
||||
'"pg_num": null, "weight": null, "group": null, '
|
||||
'"group-namespace": null}], '
|
||||
'"request-id": "9e34123e-fa0c-11e8-ad9c-fa163ed1cc55"}')
|
||||
self.patch_kr('get_local', req)
|
||||
self.cr.request_access_to_group(
|
||||
'volumes',
|
||||
key_name='cinder',
|
||||
object_prefix_permissions={'class-read': ['rbd_children']},
|
||||
permission='rwx')
|
||||
ceph_broker_rq = self.send_request_if_needed.mock_calls[0][1][0]
|
||||
self.assertEqual(
|
||||
ceph_broker_rq.ops,
|
||||
[
|
||||
{
|
||||
'op': 'create-pool',
|
||||
'name': 'volumes',
|
||||
'replicas': 3,
|
||||
'group': None,
|
||||
'group-namespace': None,
|
||||
'pg_num': None,
|
||||
'weight': None},
|
||||
{
|
||||
'group': 'volumes',
|
||||
'group-permission': 'rwx',
|
||||
'name': 'cinder',
|
||||
'namespace': None,
|
||||
'object-prefix-permissions': {
|
||||
'class-read': ['rbd_children']},
|
||||
'op': 'add-permissions-to-key'}])
|
||||
|
||||
@mock.patch.object(requires.hookenv, 'related_units')
|
||||
@mock.patch.object(requires.hookenv, 'relation_get')
|
||||
def test_get_remote_all(self, relation_get, related_units):
|
||||
|
|
Loading…
Reference in New Issue