ceph
/
ceph-ansible
mirror of https://github.com/ceph/ceph-ansible.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
ceph-ansible/library/test_ceph_key.py

560 lines
25 KiB
Python
Raw Normal View History

ceph_key: add fetch_initial_keys capability This is needed for Nautilus since the ceph-create-keys script goes away. (https://github.com/ceph/ceph/pull/21305) Now the module if called with 'state: fetch_initial_keys' will lookup keys generated by the monitor and write them down on the filesystem to the right location (/etc/ceph and /var/lib/ceph/boostrap*). This is not applicable to container since keys are generated by the container only. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-10-24 00:38:40 +08:00
import json
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
import os
from . import ceph_key
ceph_key: fix after rebase Fix the tests Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-27 16:59:07 +08:00
import mock
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
ceph_key: fix after rebase Fix the tests Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-27 16:59:07 +08:00
@mock.patch.dict(os.environ, {'CEPH_CONTAINER_BINARY': 'docker'})
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
class TestCephKeyModule(object):
def test_generate_secret(self):
expected_length = 40
result = len(ceph_key.generate_secret())
assert result == expected_length
def test_generate_caps_ceph_authtool(self):
fake_caps = {
'mon': 'allow *',
'osd': 'allow rwx',
}
fake_cmd = ['ceph']
fake_type = "ceph-authtool"
expected_command_list = [
'ceph',
'--cap',
'mon',
'allow *',
'--cap',
'osd',
'allow rwx'
]
result = ceph_key.generate_caps(fake_cmd, fake_type, fake_caps)
assert result == expected_command_list
def test_generate_caps_not_ceph_authtool(self):
fake_caps = {
'mon': 'allow *',
'osd': 'allow rwx',
}
fake_cmd = ['ceph']
fake_type = ""
expected_command_list = [
'ceph',
'mon',
'allow *',
'osd',
'allow rwx'
]
result = ceph_key.generate_caps(fake_cmd, fake_type, fake_caps)
assert result == expected_command_list
def test_generate_ceph_cmd_list_non_container(self):
fake_cluster = "fake"
fake_args = ['arg']
ceph_key: add fetch_initial_keys capability This is needed for Nautilus since the ceph-create-keys script goes away. (https://github.com/ceph/ceph/pull/21305) Now the module if called with 'state: fetch_initial_keys' will lookup keys generated by the monitor and write them down on the filesystem to the right location (/etc/ceph and /var/lib/ceph/boostrap*). This is not applicable to container since keys are generated by the container only. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-10-24 00:38:40 +08:00
fake_user = "fake-user"
fake_key = "/tmp/my-key"
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
expected_command_list = [
'ceph',
ceph_key: add fetch_initial_keys capability This is needed for Nautilus since the ceph-create-keys script goes away. (https://github.com/ceph/ceph/pull/21305) Now the module if called with 'state: fetch_initial_keys' will lookup keys generated by the monitor and write them down on the filesystem to the right location (/etc/ceph and /var/lib/ceph/boostrap*). This is not applicable to container since keys are generated by the container only. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-10-24 00:38:40 +08:00
'-n',
"fake-user",
'-k',
"/tmp/my-key",
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
'--cluster',
fake_cluster,
'auth',
'arg'
]
ceph_key: add fetch_initial_keys capability This is needed for Nautilus since the ceph-create-keys script goes away. (https://github.com/ceph/ceph/pull/21305) Now the module if called with 'state: fetch_initial_keys' will lookup keys generated by the monitor and write them down on the filesystem to the right location (/etc/ceph and /var/lib/ceph/boostrap*). This is not applicable to container since keys are generated by the container only. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-10-24 00:38:40 +08:00
result = ceph_key.generate_ceph_cmd(
fake_cluster, fake_args, fake_user, fake_key)
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
assert result == expected_command_list
def test_generate_ceph_cmd_list_container(self):
fake_cluster = "fake"
fake_args = ['arg']
ceph_key: add fetch_initial_keys capability This is needed for Nautilus since the ceph-create-keys script goes away. (https://github.com/ceph/ceph/pull/21305) Now the module if called with 'state: fetch_initial_keys' will lookup keys generated by the monitor and write them down on the filesystem to the right location (/etc/ceph and /var/lib/ceph/boostrap*). This is not applicable to container since keys are generated by the container only. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-10-24 00:38:40 +08:00
fake_user = "fake-user"
fake_key = "/tmp/my-key"
ceph_key: rework container support Previously, we were doing a 'docker exec' inside a mon container, this worked but this wasn't ideal since it required a mon to be up to generate keys. We must be able to generate a key without a running mon, e.g, when we create the initial key or simply when you want to generate a key from any node that is not a mon. Now, just like the ceph_volume module we use a 'docker run' command with the right binary as an entrypoint to perform the choosen action, this is more elegant and also only requires an env variable to be set in the playbook: CEPH_CONTAINER_IMAGE. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-16 17:46:10 +08:00
fake_container_image = "docker.io/ceph/daemon:latest-luminous"
expected_command_list = ['docker',
'run',
'--rm',
'--net=host', # noqa E501
'-v', '/etc/ceph:/etc/ceph:z',
'-v', '/var/lib/ceph/:/var/lib/ceph/:z',
'-v', '/var/log/ceph/:/var/log/ceph/:z',
'--entrypoint=ceph',
'docker.io/ceph/daemon:latest-luminous',
ceph_key: add fetch_initial_keys capability This is needed for Nautilus since the ceph-create-keys script goes away. (https://github.com/ceph/ceph/pull/21305) Now the module if called with 'state: fetch_initial_keys' will lookup keys generated by the monitor and write them down on the filesystem to the right location (/etc/ceph and /var/lib/ceph/boostrap*). This is not applicable to container since keys are generated by the container only. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-10-24 00:38:40 +08:00
'-n',
"fake-user",
'-k',
"/tmp/my-key",
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
'--cluster',
fake_cluster,
'auth',
ceph_key: rework container support Previously, we were doing a 'docker exec' inside a mon container, this worked but this wasn't ideal since it required a mon to be up to generate keys. We must be able to generate a key without a running mon, e.g, when we create the initial key or simply when you want to generate a key from any node that is not a mon. Now, just like the ceph_volume module we use a 'docker run' command with the right binary as an entrypoint to perform the choosen action, this is more elegant and also only requires an env variable to be set in the playbook: CEPH_CONTAINER_IMAGE. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-16 17:46:10 +08:00
'arg']
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
result = ceph_key.generate_ceph_cmd(
ceph_key: rework container support Previously, we were doing a 'docker exec' inside a mon container, this worked but this wasn't ideal since it required a mon to be up to generate keys. We must be able to generate a key without a running mon, e.g, when we create the initial key or simply when you want to generate a key from any node that is not a mon. Now, just like the ceph_volume module we use a 'docker run' command with the right binary as an entrypoint to perform the choosen action, this is more elegant and also only requires an env variable to be set in the playbook: CEPH_CONTAINER_IMAGE. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-16 17:46:10 +08:00
fake_cluster, fake_args, fake_user, fake_key, fake_container_image)
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
assert result == expected_command_list
def test_generate_ceph_authtool_cmd_non_container_no_auid(self):
fake_cluster = "fake"
fake_name = "client.fake"
fake_secret = "super-secret"
fake_caps = {
'mon': 'allow *',
'osd': 'allow rwx',
}
fake_dest = "/fake/ceph"
fake_file_destination = os.path.join(
ceph_key: add fetch_initial_keys capability This is needed for Nautilus since the ceph-create-keys script goes away. (https://github.com/ceph/ceph/pull/21305) Now the module if called with 'state: fetch_initial_keys' will lookup keys generated by the monitor and write them down on the filesystem to the right location (/etc/ceph and /var/lib/ceph/boostrap*). This is not applicable to container since keys are generated by the container only. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-10-24 00:38:40 +08:00
fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring")
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
expected_command_list = [
'ceph-authtool',
'--create-keyring',
fake_file_destination,
'--name',
fake_name,
'--add-key',
fake_secret,
'--cap',
'mon',
'allow *',
'--cap',
'osd',
'allow rwx',
]
result = ceph_key.generate_ceph_authtool_cmd(
ceph_key: fix after rebase Fix the tests Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-27 16:59:07 +08:00
fake_cluster, fake_name, fake_secret, fake_caps, fake_file_destination) # noqa E501
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
assert result == expected_command_list
def test_generate_ceph_authtool_cmd_container(self):
fake_cluster = "fake"
fake_name = "client.fake"
fake_secret = "super-secret"
fake_caps = {
'mon': 'allow *',
'osd': 'allow rwx',
}
fake_dest = "/fake/ceph"
fake_file_destination = os.path.join(
fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring")
ceph_key: rework container support Previously, we were doing a 'docker exec' inside a mon container, this worked but this wasn't ideal since it required a mon to be up to generate keys. We must be able to generate a key without a running mon, e.g, when we create the initial key or simply when you want to generate a key from any node that is not a mon. Now, just like the ceph_volume module we use a 'docker run' command with the right binary as an entrypoint to perform the choosen action, this is more elegant and also only requires an env variable to be set in the playbook: CEPH_CONTAINER_IMAGE. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-16 17:46:10 +08:00
fake_container_image = "docker.io/ceph/daemon:latest-luminous"
expected_command_list = ['docker',
'run',
'--rm',
'--net=host',
'-v', '/etc/ceph:/etc/ceph:z',
'-v', '/var/lib/ceph/:/var/lib/ceph/:z',
'-v', '/var/log/ceph/:/var/log/ceph/:z',
'--entrypoint=ceph-authtool',
'docker.io/ceph/daemon:latest-luminous',
'--create-keyring',
fake_file_destination,
'--name',
fake_name,
'--add-key',
fake_secret,
'--cap',
'mon',
'allow *',
'--cap',
'osd',
'allow rwx']
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
result = ceph_key.generate_ceph_authtool_cmd(
ceph_key: fix after rebase Fix the tests Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-27 16:59:07 +08:00
fake_cluster, fake_name, fake_secret, fake_caps, fake_file_destination, fake_container_image) # noqa E501
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
assert result == expected_command_list
def test_create_key_non_container(self):
fake_module = "fake"
ceph_key: rework container support Previously, we were doing a 'docker exec' inside a mon container, this worked but this wasn't ideal since it required a mon to be up to generate keys. We must be able to generate a key without a running mon, e.g, when we create the initial key or simply when you want to generate a key from any node that is not a mon. Now, just like the ceph_volume module we use a 'docker run' command with the right binary as an entrypoint to perform the choosen action, this is more elegant and also only requires an env variable to be set in the playbook: CEPH_CONTAINER_IMAGE. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-16 17:46:10 +08:00
fake_result = " fake"
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
fake_cluster = "fake"
fake_name = "client.fake"
fake_secret = "super-secret"
fake_caps = {
'mon': 'allow *',
'osd': 'allow rwx',
}
fake_import_key = True
fake_dest = "/fake/ceph"
fake_file_destination = os.path.join(
fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring")
expected_command_list = [
ceph_key: add fetch_initial_keys capability This is needed for Nautilus since the ceph-create-keys script goes away. (https://github.com/ceph/ceph/pull/21305) Now the module if called with 'state: fetch_initial_keys' will lookup keys generated by the monitor and write them down on the filesystem to the right location (/etc/ceph and /var/lib/ceph/boostrap*). This is not applicable to container since keys are generated by the container only. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-10-24 00:38:40 +08:00
['ceph-authtool', '--create-keyring', fake_file_destination, '--name', fake_name, # noqa E501
'--add-key', fake_secret, '--cap', 'mon', 'allow *', '--cap', 'osd', 'allow rwx'], # noqa E501
['ceph', '-n', 'client.admin', '-k', '/etc/ceph/fake.client.admin.keyring', '--cluster', fake_cluster, 'auth', # noqa E501
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
'import', '-i', fake_file_destination],
]
result = ceph_key.create_key(fake_module, fake_result, fake_cluster,
ceph_key: fix after rebase Fix the tests Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-27 16:59:07 +08:00
fake_name, fake_secret, fake_caps, fake_import_key, fake_file_destination) # noqa E501
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
assert result == expected_command_list
def test_create_key_container(self):
fake_module = "fake"
fake_result = "fake"
fake_cluster = "fake"
fake_name = "client.fake"
fake_secret = "super-secret"
fake_caps = {
'mon': 'allow *',
'osd': 'allow rwx',
}
fake_dest = "/fake/ceph"
fake_import_key = True
fake_file_destination = os.path.join(
fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring")
ceph_key: rework container support Previously, we were doing a 'docker exec' inside a mon container, this worked but this wasn't ideal since it required a mon to be up to generate keys. We must be able to generate a key without a running mon, e.g, when we create the initial key or simply when you want to generate a key from any node that is not a mon. Now, just like the ceph_volume module we use a 'docker run' command with the right binary as an entrypoint to perform the choosen action, this is more elegant and also only requires an env variable to be set in the playbook: CEPH_CONTAINER_IMAGE. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-16 17:46:10 +08:00
fake_container_image = "docker.io/ceph/daemon:latest-luminous"
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
expected_command_list = [
ceph_key: rework container support Previously, we were doing a 'docker exec' inside a mon container, this worked but this wasn't ideal since it required a mon to be up to generate keys. We must be able to generate a key without a running mon, e.g, when we create the initial key or simply when you want to generate a key from any node that is not a mon. Now, just like the ceph_volume module we use a 'docker run' command with the right binary as an entrypoint to perform the choosen action, this is more elegant and also only requires an env variable to be set in the playbook: CEPH_CONTAINER_IMAGE. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-16 17:46:10 +08:00
['docker', # noqa E128
'run',
'--rm',
'--net=host',
'-v', '/etc/ceph:/etc/ceph:z',
'-v', '/var/lib/ceph/:/var/lib/ceph/:z',
'-v', '/var/log/ceph/:/var/log/ceph/:z',
'--entrypoint=ceph-authtool',
'docker.io/ceph/daemon:latest-luminous',
'--create-keyring', fake_file_destination,
'--name', fake_name,
'--add-key', fake_secret,
'--cap', 'mon', 'allow *',
'--cap', 'osd', 'allow rwx'],
['docker',
'run',
'--rm',
'--net=host',
'-v', '/etc/ceph:/etc/ceph:z',
'-v', '/var/lib/ceph/:/var/lib/ceph/:z',
'-v', '/var/log/ceph/:/var/log/ceph/:z',
'--entrypoint=ceph',
'docker.io/ceph/daemon:latest-luminous',
'-n', 'client.admin',
'-k', '/etc/ceph/fake.client.admin.keyring',
'--cluster', fake_cluster,
'auth', 'import',
'-i', fake_file_destination]
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
]
ceph_key: add fetch_initial_keys capability This is needed for Nautilus since the ceph-create-keys script goes away. (https://github.com/ceph/ceph/pull/21305) Now the module if called with 'state: fetch_initial_keys' will lookup keys generated by the monitor and write them down on the filesystem to the right location (/etc/ceph and /var/lib/ceph/boostrap*). This is not applicable to container since keys are generated by the container only. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-10-24 00:38:40 +08:00
result = ceph_key.create_key(fake_module, fake_result, fake_cluster, fake_name, # noqa E501
ceph_key: fix after rebase Fix the tests Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-27 16:59:07 +08:00
fake_secret, fake_caps, fake_import_key, fake_file_destination, fake_container_image) # noqa E501
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
assert result == expected_command_list
def test_create_key_non_container_no_import(self):
fake_module = "fake"
fake_result = "fake"
fake_cluster = "fake"
fake_name = "client.fake"
fake_secret = "super-secret"
fake_caps = {
'mon': 'allow *',
'osd': 'allow rwx',
}
fake_dest = "/fake/ceph"
fake_import_key = False
fake_file_destination = os.path.join(
fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring")
ceph_key: add fetch_initial_keys capability This is needed for Nautilus since the ceph-create-keys script goes away. (https://github.com/ceph/ceph/pull/21305) Now the module if called with 'state: fetch_initial_keys' will lookup keys generated by the monitor and write them down on the filesystem to the right location (/etc/ceph and /var/lib/ceph/boostrap*). This is not applicable to container since keys are generated by the container only. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-10-24 00:38:40 +08:00
# create_key passes (one for ceph-authtool and one for itself) itw own array so the expected result is an array within an array # noqa E501
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
expected_command_list = [[
'ceph-authtool',
'--create-keyring',
fake_file_destination,
'--name',
fake_name,
'--add-key',
fake_secret,
'--cap',
'mon',
'allow *',
'--cap',
'osd',
'allow rwx', ]
]
result = ceph_key.create_key(fake_module, fake_result, fake_cluster,
ceph_key: fix after rebase Fix the tests Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-27 16:59:07 +08:00
fake_name, fake_secret, fake_caps, fake_import_key, fake_file_destination) # noqa E501
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
assert result == expected_command_list
def test_create_key_container_no_import(self):
fake_module = "fake"
fake_result = "fake"
fake_cluster = "fake"
fake_name = "client.fake"
fake_secret = "super-secret"
fake_caps = {
'mon': 'allow *',
'osd': 'allow rwx',
}
fake_dest = "/fake/ceph"
fake_import_key = False
fake_file_destination = os.path.join(
fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring")
ceph_key: add fetch_initial_keys capability This is needed for Nautilus since the ceph-create-keys script goes away. (https://github.com/ceph/ceph/pull/21305) Now the module if called with 'state: fetch_initial_keys' will lookup keys generated by the monitor and write them down on the filesystem to the right location (/etc/ceph and /var/lib/ceph/boostrap*). This is not applicable to container since keys are generated by the container only. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-10-24 00:38:40 +08:00
# create_key passes (one for ceph-authtool and one for itself) itw own array so the expected result is an array within an array # noqa E501
ceph_key: rework container support Previously, we were doing a 'docker exec' inside a mon container, this worked but this wasn't ideal since it required a mon to be up to generate keys. We must be able to generate a key without a running mon, e.g, when we create the initial key or simply when you want to generate a key from any node that is not a mon. Now, just like the ceph_volume module we use a 'docker run' command with the right binary as an entrypoint to perform the choosen action, this is more elegant and also only requires an env variable to be set in the playbook: CEPH_CONTAINER_IMAGE. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-16 17:46:10 +08:00
fake_container_image = "docker.io/ceph/daemon:latest-luminous"
expected_command_list = [['docker', # noqa E128
'run',
'--rm',
'--net=host',
'-v', '/etc/ceph:/etc/ceph:z',
'-v', '/var/lib/ceph/:/var/lib/ceph/:z',
'-v', '/var/log/ceph/:/var/log/ceph/:z',
'--entrypoint=ceph-authtool',
'docker.io/ceph/daemon:latest-luminous',
'--create-keyring',
fake_file_destination,
'--name',
fake_name,
'--add-key',
fake_secret,
'--cap',
'mon',
'allow *',
'--cap',
'osd',
'allow rwx']]
ceph_key: add fetch_initial_keys capability This is needed for Nautilus since the ceph-create-keys script goes away. (https://github.com/ceph/ceph/pull/21305) Now the module if called with 'state: fetch_initial_keys' will lookup keys generated by the monitor and write them down on the filesystem to the right location (/etc/ceph and /var/lib/ceph/boostrap*). This is not applicable to container since keys are generated by the container only. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-10-24 00:38:40 +08:00
result = ceph_key.create_key(fake_module, fake_result, fake_cluster, fake_name, # noqa E501
ceph_key: fix after rebase Fix the tests Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-27 16:59:07 +08:00
fake_secret, fake_caps, fake_import_key, fake_file_destination, fake_container_image) # noqa E501
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
assert result == expected_command_list
def test_update_key_non_container(self):
fake_cluster = "fake"
fake_name = "client.fake"
fake_caps = {
'mon': 'allow *',
'osd': 'allow rwx',
}
expected_command_list = [
ceph_key: add fetch_initial_keys capability This is needed for Nautilus since the ceph-create-keys script goes away. (https://github.com/ceph/ceph/pull/21305) Now the module if called with 'state: fetch_initial_keys' will lookup keys generated by the monitor and write them down on the filesystem to the right location (/etc/ceph and /var/lib/ceph/boostrap*). This is not applicable to container since keys are generated by the container only. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-10-24 00:38:40 +08:00
['ceph', '-n', 'client.admin', '-k', '/etc/ceph/fake.client.admin.keyring', '--cluster', fake_cluster, 'auth', 'caps', # noqa E501
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
fake_name, 'mon', 'allow *', 'osd', 'allow rwx'],
]
result = ceph_key.update_key(fake_cluster, fake_name, fake_caps)
assert result == expected_command_list
def test_update_key_container(self):
fake_cluster = "fake"
fake_name = "client.fake"
fake_caps = {
'mon': 'allow *',
'osd': 'allow rwx',
}
ceph_key: rework container support Previously, we were doing a 'docker exec' inside a mon container, this worked but this wasn't ideal since it required a mon to be up to generate keys. We must be able to generate a key without a running mon, e.g, when we create the initial key or simply when you want to generate a key from any node that is not a mon. Now, just like the ceph_volume module we use a 'docker run' command with the right binary as an entrypoint to perform the choosen action, this is more elegant and also only requires an env variable to be set in the playbook: CEPH_CONTAINER_IMAGE. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-16 17:46:10 +08:00
fake_container_image = "docker.io/ceph/daemon:latest-luminous"
expected_command_list = [['docker', # noqa E128
'run',
'--rm',
'--net=host',
'-v', '/etc/ceph:/etc/ceph:z',
'-v', '/var/lib/ceph/:/var/lib/ceph/:z',
'-v', '/var/log/ceph/:/var/log/ceph/:z',
'--entrypoint=ceph',
'docker.io/ceph/daemon:latest-luminous',
'-n', 'client.admin',
'-k', '/etc/ceph/fake.client.admin.keyring',
'--cluster', fake_cluster,
'auth',
'caps', fake_name,
'mon', 'allow *', 'osd', 'allow rwx']
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
]
result = ceph_key.update_key(
ceph_key: rework container support Previously, we were doing a 'docker exec' inside a mon container, this worked but this wasn't ideal since it required a mon to be up to generate keys. We must be able to generate a key without a running mon, e.g, when we create the initial key or simply when you want to generate a key from any node that is not a mon. Now, just like the ceph_volume module we use a 'docker run' command with the right binary as an entrypoint to perform the choosen action, this is more elegant and also only requires an env variable to be set in the playbook: CEPH_CONTAINER_IMAGE. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-16 17:46:10 +08:00
fake_cluster, fake_name, fake_caps, fake_container_image)
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
assert result == expected_command_list
def test_delete_key_non_container(self):
fake_cluster = "fake"
fake_name = "client.fake"
expected_command_list = [
ceph_key: add fetch_initial_keys capability This is needed for Nautilus since the ceph-create-keys script goes away. (https://github.com/ceph/ceph/pull/21305) Now the module if called with 'state: fetch_initial_keys' will lookup keys generated by the monitor and write them down on the filesystem to the right location (/etc/ceph and /var/lib/ceph/boostrap*). This is not applicable to container since keys are generated by the container only. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-10-24 00:38:40 +08:00
['ceph', '-n', 'client.admin', '-k', '/etc/ceph/fake.client.admin.keyring', # noqa E501
'--cluster', fake_cluster, 'auth', 'del', fake_name],
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
]
result = ceph_key.delete_key(fake_cluster, fake_name)
assert result == expected_command_list
def test_delete_key_container(self):
fake_cluster = "fake"
fake_name = "client.fake"
ceph_key: rework container support Previously, we were doing a 'docker exec' inside a mon container, this worked but this wasn't ideal since it required a mon to be up to generate keys. We must be able to generate a key without a running mon, e.g, when we create the initial key or simply when you want to generate a key from any node that is not a mon. Now, just like the ceph_volume module we use a 'docker run' command with the right binary as an entrypoint to perform the choosen action, this is more elegant and also only requires an env variable to be set in the playbook: CEPH_CONTAINER_IMAGE. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-16 17:46:10 +08:00
fake_container_image = "docker.io/ceph/daemon:latest-luminous"
expected_command_list = [['docker', # noqa E128
'run',
'--rm',
'--net=host',
'-v', '/etc/ceph:/etc/ceph:z',
'-v', '/var/lib/ceph/:/var/lib/ceph/:z',
'-v', '/var/log/ceph/:/var/log/ceph/:z',
'--entrypoint=ceph',
'docker.io/ceph/daemon:latest-luminous',
'-n', 'client.admin',
'-k', '/etc/ceph/fake.client.admin.keyring',
'--cluster', fake_cluster,
'auth', 'del', fake_name]
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
]
result = ceph_key.delete_key(
ceph_key: rework container support Previously, we were doing a 'docker exec' inside a mon container, this worked but this wasn't ideal since it required a mon to be up to generate keys. We must be able to generate a key without a running mon, e.g, when we create the initial key or simply when you want to generate a key from any node that is not a mon. Now, just like the ceph_volume module we use a 'docker run' command with the right binary as an entrypoint to perform the choosen action, this is more elegant and also only requires an env variable to be set in the playbook: CEPH_CONTAINER_IMAGE. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-16 17:46:10 +08:00
fake_cluster, fake_name, fake_container_image)
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
assert result == expected_command_list
def test_info_key_non_container(self):
fake_cluster = "fake"
fake_name = "client.fake"
ceph_key: add fetch_initial_keys capability This is needed for Nautilus since the ceph-create-keys script goes away. (https://github.com/ceph/ceph/pull/21305) Now the module if called with 'state: fetch_initial_keys' will lookup keys generated by the monitor and write them down on the filesystem to the right location (/etc/ceph and /var/lib/ceph/boostrap*). This is not applicable to container since keys are generated by the container only. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-10-24 00:38:40 +08:00
fake_user = "fake-user"
fake_key = "/tmp/my-key"
fake_output_format = "json"
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
expected_command_list = [
ceph_key: add fetch_initial_keys capability This is needed for Nautilus since the ceph-create-keys script goes away. (https://github.com/ceph/ceph/pull/21305) Now the module if called with 'state: fetch_initial_keys' will lookup keys generated by the monitor and write them down on the filesystem to the right location (/etc/ceph and /var/lib/ceph/boostrap*). This is not applicable to container since keys are generated by the container only. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-10-24 00:38:40 +08:00
['ceph', '-n', "fake-user", '-k', "/tmp/my-key", '--cluster', fake_cluster, 'auth', # noqa E501
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
'get', fake_name, '-f', 'json'],
]
ceph_key: add fetch_initial_keys capability This is needed for Nautilus since the ceph-create-keys script goes away. (https://github.com/ceph/ceph/pull/21305) Now the module if called with 'state: fetch_initial_keys' will lookup keys generated by the monitor and write them down on the filesystem to the right location (/etc/ceph and /var/lib/ceph/boostrap*). This is not applicable to container since keys are generated by the container only. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-10-24 00:38:40 +08:00
result = ceph_key.info_key(
fake_cluster, fake_name, fake_user, fake_key, fake_output_format)
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
assert result == expected_command_list
def test_info_key_container(self):
fake_cluster = "fake"
fake_name = "client.fake"
ceph_key: add fetch_initial_keys capability This is needed for Nautilus since the ceph-create-keys script goes away. (https://github.com/ceph/ceph/pull/21305) Now the module if called with 'state: fetch_initial_keys' will lookup keys generated by the monitor and write them down on the filesystem to the right location (/etc/ceph and /var/lib/ceph/boostrap*). This is not applicable to container since keys are generated by the container only. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-10-24 00:38:40 +08:00
fake_user = "fake-user"
fake_key = "/tmp/my-key"
fake_output_format = "json"
ceph_key: rework container support Previously, we were doing a 'docker exec' inside a mon container, this worked but this wasn't ideal since it required a mon to be up to generate keys. We must be able to generate a key without a running mon, e.g, when we create the initial key or simply when you want to generate a key from any node that is not a mon. Now, just like the ceph_volume module we use a 'docker run' command with the right binary as an entrypoint to perform the choosen action, this is more elegant and also only requires an env variable to be set in the playbook: CEPH_CONTAINER_IMAGE. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-16 17:46:10 +08:00
fake_container_image = "docker.io/ceph/daemon:latest-luminous"
expected_command_list = [['docker', # noqa E128
'run',
'--rm',
'--net=host',
'-v', '/etc/ceph:/etc/ceph:z',
'-v', '/var/lib/ceph/:/var/lib/ceph/:z',
'-v', '/var/log/ceph/:/var/log/ceph/:z',
'--entrypoint=ceph',
'docker.io/ceph/daemon:latest-luminous',
'-n', "fake-user",
'-k', "/tmp/my-key",
'--cluster', fake_cluster,
'auth', 'get', fake_name,
'-f', 'json']
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
]
ceph_key: add fetch_initial_keys capability This is needed for Nautilus since the ceph-create-keys script goes away. (https://github.com/ceph/ceph/pull/21305) Now the module if called with 'state: fetch_initial_keys' will lookup keys generated by the monitor and write them down on the filesystem to the right location (/etc/ceph and /var/lib/ceph/boostrap*). This is not applicable to container since keys are generated by the container only. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-10-24 00:38:40 +08:00
result = ceph_key.info_key(
ceph_key: rework container support Previously, we were doing a 'docker exec' inside a mon container, this worked but this wasn't ideal since it required a mon to be up to generate keys. We must be able to generate a key without a running mon, e.g, when we create the initial key or simply when you want to generate a key from any node that is not a mon. Now, just like the ceph_volume module we use a 'docker run' command with the right binary as an entrypoint to perform the choosen action, this is more elegant and also only requires an env variable to be set in the playbook: CEPH_CONTAINER_IMAGE. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-16 17:46:10 +08:00
fake_cluster, fake_name, fake_user, fake_key, fake_output_format, fake_container_image) # noqa E501
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
assert result == expected_command_list
def test_list_key_non_container(self):
fake_cluster = "fake"
ceph_key: add fetch_initial_keys capability This is needed for Nautilus since the ceph-create-keys script goes away. (https://github.com/ceph/ceph/pull/21305) Now the module if called with 'state: fetch_initial_keys' will lookup keys generated by the monitor and write them down on the filesystem to the right location (/etc/ceph and /var/lib/ceph/boostrap*). This is not applicable to container since keys are generated by the container only. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-10-24 00:38:40 +08:00
fake_user = "fake-user"
fake_key = "/tmp/my-key"
expected_command_list = [
['ceph', '-n', "fake-user", '-k', "/tmp/my-key",
'--cluster', fake_cluster, 'auth', 'ls', '-f', 'json'],
]
result = ceph_key.list_keys(fake_cluster, fake_user, fake_key)
assert result == expected_command_list
ceph_key: add a get_key function When checking if a key exists we also have to ensure that the key exists on the filesystem, the key can change on Ceph but still have an outdated version on the filesystem. This solves this issue. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-21 23:17:04 +08:00
def test_get_key_container(self):
fake_cluster = "fake"
fake_name = "client.fake"
ceph_key: fix after rebase Fix the tests Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-27 16:59:07 +08:00
fake_container_image = "docker.io/ceph/daemon:latest-luminous"
ceph_key: add a get_key function When checking if a key exists we also have to ensure that the key exists on the filesystem, the key can change on Ceph but still have an outdated version on the filesystem. This solves this issue. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-21 23:17:04 +08:00
fake_dest = "/fake/ceph"
fake_file_destination = os.path.join(
fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring")
ceph_key: fix after rebase Fix the tests Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-27 16:59:07 +08:00
expected_command_list = [['docker', # noqa E128
'run',
'--rm',
'--net=host',
'-v', '/etc/ceph:/etc/ceph:z',
'-v', '/var/lib/ceph/:/var/lib/ceph/:z',
'-v', '/var/log/ceph/:/var/log/ceph/:z',
'--entrypoint=ceph',
'docker.io/ceph/daemon:latest-luminous',
'-n', "client.admin",
'-k', "/etc/ceph/fake.client.admin.keyring", # noqa E501
'--cluster', fake_cluster,
'auth', 'get',
fake_name, '-o', fake_file_destination],
ceph_key: add a get_key function When checking if a key exists we also have to ensure that the key exists on the filesystem, the key can change on Ceph but still have an outdated version on the filesystem. This solves this issue. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-21 23:17:04 +08:00
]
result = ceph_key.get_key(
ceph_key: fix after rebase Fix the tests Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-27 16:59:07 +08:00
fake_cluster, fake_name, fake_file_destination, fake_container_image) # noqa E501
ceph_key: add a get_key function When checking if a key exists we also have to ensure that the key exists on the filesystem, the key can change on Ceph but still have an outdated version on the filesystem. This solves this issue. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-21 23:17:04 +08:00
assert result == expected_command_list
def test_get_key_non_container(self):
fake_cluster = "fake"
fake_dest = "/fake/ceph"
fake_name = "client.fake"
fake_file_destination = os.path.join(
fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring")
expected_command_list = [
['ceph', '-n', "client.admin", '-k', "/etc/ceph/fake.client.admin.keyring", # noqa E501
'--cluster', fake_cluster, 'auth', 'get', fake_name, '-o', fake_file_destination], # noqa E501
]
result = ceph_key.get_key(
fake_cluster, fake_name, fake_file_destination) # noqa E501
assert result == expected_command_list
ceph_key: add fetch_initial_keys capability This is needed for Nautilus since the ceph-create-keys script goes away. (https://github.com/ceph/ceph/pull/21305) Now the module if called with 'state: fetch_initial_keys' will lookup keys generated by the monitor and write them down on the filesystem to the right location (/etc/ceph and /var/lib/ceph/boostrap*). This is not applicable to container since keys are generated by the container only. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-10-24 00:38:40 +08:00
def test_list_key_non_container_with_mon_key(self):
fake_hostname = "mon01"
fake_cluster = "fake"
fake_user = "mon."
fake_key = os.path.join("/var/lib/ceph/mon/" + fake_cluster + "-" + fake_hostname + "/keyring") # noqa E501
expected_command_list = [
['ceph', '-n', "mon.", '-k', "/var/lib/ceph/mon/fake-mon01/keyring", # noqa E501
'--cluster', fake_cluster, 'auth', 'ls', '-f', 'json'],
]
result = ceph_key.list_keys(fake_cluster, fake_user, fake_key)
assert result == expected_command_list
def test_list_key_container_with_mon_key(self):
fake_hostname = "mon01"
fake_cluster = "fake"
fake_user = "mon."
fake_key = os.path.join("/var/lib/ceph/mon/" + fake_cluster + "-" + fake_hostname + "/keyring") # noqa E501
ceph_key: rework container support Previously, we were doing a 'docker exec' inside a mon container, this worked but this wasn't ideal since it required a mon to be up to generate keys. We must be able to generate a key without a running mon, e.g, when we create the initial key or simply when you want to generate a key from any node that is not a mon. Now, just like the ceph_volume module we use a 'docker run' command with the right binary as an entrypoint to perform the choosen action, this is more elegant and also only requires an env variable to be set in the playbook: CEPH_CONTAINER_IMAGE. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-16 17:46:10 +08:00
fake_container_image = "docker.io/ceph/daemon:latest-luminous"
expected_command_list = [['docker', # noqa E128
'run',
'--rm',
'--net=host',
'-v', '/etc/ceph:/etc/ceph:z',
'-v', '/var/lib/ceph/:/var/lib/ceph/:z',
'-v', '/var/log/ceph/:/var/log/ceph/:z',
'--entrypoint=ceph',
'docker.io/ceph/daemon:latest-luminous',
'-n', "mon.",
'-k', "/var/lib/ceph/mon/fake-mon01/keyring", # noqa E501
'--cluster', fake_cluster,
'auth', 'ls',
'-f', 'json'],
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
]
ceph_key: rework container support Previously, we were doing a 'docker exec' inside a mon container, this worked but this wasn't ideal since it required a mon to be up to generate keys. We must be able to generate a key without a running mon, e.g, when we create the initial key or simply when you want to generate a key from any node that is not a mon. Now, just like the ceph_volume module we use a 'docker run' command with the right binary as an entrypoint to perform the choosen action, this is more elegant and also only requires an env variable to be set in the playbook: CEPH_CONTAINER_IMAGE. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-16 17:46:10 +08:00
result = ceph_key.list_keys(fake_cluster, fake_user, fake_key, fake_container_image) # noqa E501
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
assert result == expected_command_list
def test_list_key_container(self):
fake_cluster = "fake"
ceph_key: add fetch_initial_keys capability This is needed for Nautilus since the ceph-create-keys script goes away. (https://github.com/ceph/ceph/pull/21305) Now the module if called with 'state: fetch_initial_keys' will lookup keys generated by the monitor and write them down on the filesystem to the right location (/etc/ceph and /var/lib/ceph/boostrap*). This is not applicable to container since keys are generated by the container only. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-10-24 00:38:40 +08:00
fake_user = "fake-user"
fake_key = "/tmp/my-key"
ceph_key: rework container support Previously, we were doing a 'docker exec' inside a mon container, this worked but this wasn't ideal since it required a mon to be up to generate keys. We must be able to generate a key without a running mon, e.g, when we create the initial key or simply when you want to generate a key from any node that is not a mon. Now, just like the ceph_volume module we use a 'docker run' command with the right binary as an entrypoint to perform the choosen action, this is more elegant and also only requires an env variable to be set in the playbook: CEPH_CONTAINER_IMAGE. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-16 17:46:10 +08:00
fake_container_image = "docker.io/ceph/daemon:latest-luminous"
expected_command_list = [['docker', # noqa E128
'run',
'--rm',
'--net=host',
'-v', '/etc/ceph:/etc/ceph:z',
'-v', '/var/lib/ceph/:/var/lib/ceph/:z',
'-v', '/var/log/ceph/:/var/log/ceph/:z',
'--entrypoint=ceph',
'docker.io/ceph/daemon:latest-luminous',
'-n', "fake-user",
'-k', "/tmp/my-key",
'--cluster', fake_cluster,
'auth', 'ls',
'-f', 'json'],
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
]
ceph_key: add fetch_initial_keys capability This is needed for Nautilus since the ceph-create-keys script goes away. (https://github.com/ceph/ceph/pull/21305) Now the module if called with 'state: fetch_initial_keys' will lookup keys generated by the monitor and write them down on the filesystem to the right location (/etc/ceph and /var/lib/ceph/boostrap*). This is not applicable to container since keys are generated by the container only. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-10-24 00:38:40 +08:00
result = ceph_key.list_keys(
ceph_key: rework container support Previously, we were doing a 'docker exec' inside a mon container, this worked but this wasn't ideal since it required a mon to be up to generate keys. We must be able to generate a key without a running mon, e.g, when we create the initial key or simply when you want to generate a key from any node that is not a mon. Now, just like the ceph_volume module we use a 'docker run' command with the right binary as an entrypoint to perform the choosen action, this is more elegant and also only requires an env variable to be set in the playbook: CEPH_CONTAINER_IMAGE. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-16 17:46:10 +08:00
fake_cluster, fake_user, fake_key, fake_container_image)
add ceph_key module Signed-off-by: Sébastien Han <seb@redhat.com>
2018-03-18 22:53:45 +08:00
assert result == expected_command_list
ceph_key: add fetch_initial_keys capability This is needed for Nautilus since the ceph-create-keys script goes away. (https://github.com/ceph/ceph/pull/21305) Now the module if called with 'state: fetch_initial_keys' will lookup keys generated by the monitor and write them down on the filesystem to the right location (/etc/ceph and /var/lib/ceph/boostrap*). This is not applicable to container since keys are generated by the container only. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-10-24 00:38:40 +08:00
def test_lookup_ceph_initial_entities(self):
ceph_keys: pass in module for error messages fixes: #3421 Signed-off-by: Noah Watkins <nwatkins@redhat.com>
2018-12-07 02:34:49 +08:00
fake_module = "fake"
test_lookup_ceph_initial_entities: fix The previous dict was missing 2 entities: * client.bootstrap-mgr * client.bootstrap-rbd-mirror So the test was failing since it expects 7 entities to match. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-16 17:42:34 +08:00
fake_ceph_dict = { "auth_dump":[ { "entity":"osd.0", "key":"AQAJkMhbszeBBBAA4/V1tDFXGlft1GnHJS5wWg==", "caps":{ "mgr":"allow profile osd", "mon":"allow profile osd", "osd":"allow *" } }, { "entity":"osd.1", "key":"AQAjkMhbshueAhAAjZec50aBgd1NObLz57SQvg==", "caps":{ "mgr":"allow profile osd", "mon":"allow profile osd", "osd":"allow *" } }, { "entity":"client.admin", "key":"AQDZjshbrJv6EhAAY9v6LzLYNDpPdlC3HD5KHA==", "auid":0, "caps":{ "mds":"allow", "mgr":"allow *", "mon":"allow *", "osd":"allow *" } }, { "entity":"client.bootstrap-mds", "key":"AQDojshbc4QCHhAA1ZTrkt9dbSZRVU2GzI6U4A==", "caps":{ "mon":"allow profile bootstrap-mds" } }, { "entity":"client.bootstrap-mgr", "key":"AQBfiu5bAAAAABAARcNG24hUMlk4AdstVA5MVQ==", "caps":{ "mon":"allow profile bootstrap-mgr" } }, { "entity":"client.bootstrap-osd", "key":"AQDjjshbYW+uGxAAyHcPCXXmVoL8VsTBI8z1Ng==", "caps":{ "mon":"allow profile bootstrap-osd" } }, { "entity":"client.bootstrap-rbd", "key":"AQDyjshb522eIhAAtAz6nUPMOdG4H9u0NgpXhA==", "caps":{ "mon":"allow profile bootstrap-rbd" } }, { "entity":"client.bootstrap-rbd-mirror", "key":"AQDfh+5bAAAAABAAEGBD59Lj2vAKIdN8pq4lbQ==", "caps":{ "mon":"allow profile bootstrap-rbd-mirror" } }, { "entity":"client.bootstrap-rgw", "key":"AQDtjshbDl8oIBAAq1SfSYQKDR49hJNWJVwDQw==", "caps":{ "mon":"allow profile bootstrap-rgw" } }, { "entity":"mgr.mon0", "key":"AQA0j8hbgGapORAAoDkyAvXVkM5ej4wNn4cwTQ==", "caps":{ "mds":"allow *", "mon":"allow profile mgr", "osd":"allow *" } } ] } # noqa E501
fake_ceph_dict_str = json.dumps(fake_ceph_dict) # convert to string
expected_entity_list = ['client.admin', 'client.bootstrap-mds', 'client.bootstrap-mgr', # noqa E501
'client.bootstrap-osd', 'client.bootstrap-rbd', 'client.bootstrap-rbd-mirror', 'client.bootstrap-rgw'] # noqa E501
ceph_keys: pass in module for error messages fixes: #3421 Signed-off-by: Noah Watkins <nwatkins@redhat.com>
2018-12-07 02:34:49 +08:00
result = ceph_key.lookup_ceph_initial_entities(fake_module, fake_ceph_dict_str)
ceph_key: add fetch_initial_keys capability This is needed for Nautilus since the ceph-create-keys script goes away. (https://github.com/ceph/ceph/pull/21305) Now the module if called with 'state: fetch_initial_keys' will lookup keys generated by the monitor and write them down on the filesystem to the right location (/etc/ceph and /var/lib/ceph/boostrap*). This is not applicable to container since keys are generated by the container only. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-10-24 00:38:40 +08:00
assert result == expected_entity_list
def test_build_key_path_admin(self):
fake_cluster = "fake"
entity = "client.admin"
expected_result = "/etc/ceph/fake.client.admin.keyring"
result = ceph_key.build_key_path(fake_cluster, entity)
assert result == expected_result
def test_build_key_path_bootstrap_osd(self):
fake_cluster = "fake"
test_build_key_path_bootstrap_osd: fix The entity name is client.bootstrap-osd (as returned by Ceph), and not bootstrap-osd. The build_key_path function split 'client.bootstrap-osd' on the '.' so using bootstrap-osd fails with index out of range. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-11-16 17:41:12 +08:00
entity = "client.bootstrap-osd"
ceph_key: add fetch_initial_keys capability This is needed for Nautilus since the ceph-create-keys script goes away. (https://github.com/ceph/ceph/pull/21305) Now the module if called with 'state: fetch_initial_keys' will lookup keys generated by the monitor and write them down on the filesystem to the right location (/etc/ceph and /var/lib/ceph/boostrap*). This is not applicable to container since keys are generated by the container only. Signed-off-by: Sébastien Han <seb@redhat.com>
2018-10-24 00:38:40 +08:00
expected_result = "/var/lib/ceph/bootstrap-osd/fake.keyring"
result = ceph_key.build_key_path(fake_cluster, entity)
assert result == expected_result