Merge "Add new permission request to broker"
This commit is contained in:
Zuul
Gerrit Code Review
commit
3b6a74bea0
|
|
@ -212,6 +212,18 @@ def handle_add_permissions_to_key(request, service):
|
|||
return resp
|
||||
|
||||
|
||||
def handle_set_key_permissions(request, service):
|
||||
"""Ensure the key has the requested permissions."""
|
||||
permissions = request.get('permissions')
|
||||
client = request.get('client')
|
||||
call = ['ceph', '--id', service, 'auth', 'caps',
|
||||
'client.{}'.format(client)] + permissions
|
||||
try:
|
||||
check_call(call)
|
||||
except CalledProcessError as e:
|
||||
log("Error updating key capabilities: {}".format(e), level=ERROR)
|
||||
|
||||
|
||||
def update_service_permissions(service, service_obj=None, namespace=None):
|
||||
"""Update the key permissions for the named client in Ceph"""
|
||||
if not service_obj:
|
||||
|
|
@ -866,6 +878,8 @@ def process_requests_v1(reqs):
|
|||
ret = handle_put_osd_in_bucket(request=req, service=svc)
|
||||
elif op == "add-permissions-to-key":
|
||||
ret = handle_add_permissions_to_key(request=req, service=svc)
|
||||
elif op == 'set-key-permissions':
|
||||
ret = handle_set_key_permissions(request=req, service=svc)
|
||||
else:
|
||||
msg = "Unknown operation '{}'".format(op)
|
||||
log(msg, level=ERROR)
|
||||
|
|
|
|||
|
|
@ -105,6 +105,72 @@ class CephBrokerTestCase(unittest.TestCase):
|
|||
value=json.dumps({"pools": ["glance"], "services": []},
|
||||
sort_keys=True))
|
||||
|
||||
@patch.object(ceph.broker, 'handle_set_key_permissions')
|
||||
@patch.object(ceph.broker, 'log')
|
||||
def test_process_requests_set_perms(self, mock_log,
|
||||
handle_set_key_permissions):
|
||||
request = {
|
||||
"api-version": 1,
|
||||
"request-id": "0155c14b",
|
||||
"ops": [
|
||||
{
|
||||
"client": "manila-ganesha",
|
||||
"op": "set-key-permissions",
|
||||
"permissions": [
|
||||
"mds 'allow *'",
|
||||
"osd 'allow rw'",
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
reqs = json.dumps(request)
|
||||
rc = ceph.broker.process_requests(reqs)
|
||||
handle_set_key_permissions.assert_called_once_with(
|
||||
request={
|
||||
u'client': u'manila-ganesha',
|
||||
u'op': u'set-key-permissions',
|
||||
u'permissions': [
|
||||
u"mds 'allow *'",
|
||||
u"osd 'allow rw'",
|
||||
]},
|
||||
service='admin')
|
||||
self.assertEqual(
|
||||
json.loads(rc),
|
||||
{'exit-code': 0, u'request-id': u'0155c14b'})
|
||||
|
||||
@patch.object(ceph.broker, 'check_call')
|
||||
def test_handle_set_key_permissions(self, _check_call):
|
||||
ceph.broker.handle_set_key_permissions(
|
||||
request={
|
||||
u'client': u'manila-ganesha',
|
||||
u'op': u'set-key-permissions',
|
||||
u'permissions': [
|
||||
u"mds 'allow *'",
|
||||
u"osd 'allow rw'",
|
||||
]},
|
||||
service='admin')
|
||||
expected = ['ceph', '--id', 'admin', 'auth', 'caps',
|
||||
'client.manila-ganesha', "mds 'allow *'", "osd 'allow rw'"]
|
||||
_check_call.assert_called_once_with(expected)
|
||||
|
||||
@patch.object(ceph.broker, 'check_call')
|
||||
def test_set_key_permission(self, _check_call):
|
||||
request = {
|
||||
u'client': u'manila-ganesha',
|
||||
u'op': u'set-key-permissions',
|
||||
u'permissions': [
|
||||
u"mds 'allow *'",
|
||||
u"osd 'allow rw'",
|
||||
]}
|
||||
service = 'admin'
|
||||
ceph.broker.handle_set_key_permissions(request=request,
|
||||
service=service)
|
||||
_check_call.assert_called_once_with([
|
||||
'ceph',
|
||||
'--id', 'admin',
|
||||
'auth', 'caps',
|
||||
'client.manila-ganesha', "mds 'allow *'", "osd 'allow rw'"])
|
||||
|
||||
def test_pool_permission_list_for_service(self):
|
||||
service = {
|
||||
'group_names': {'rwx': ['images']},
|
||||
|
|
|
|||
Loading…
Reference in New Issue