From 1afa4c5c95e5bc28db192de685ca01ce4be2f211 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Han?= Date: Fri, 16 Nov 2018 10:37:07 +0100 Subject: [PATCH] ceph_key: remove set-uid support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The support of set-uid was remove from Ceph during the Nautilus cycle by the following commit: d6def8ba1126209f8dcb40e296977dc2b09a376e so this will not work anymore when deploying Nautilus clusters and above. Signed-off-by: Sébastien Han --- library/ceph_key.py | 18 +++----------- library/test_ceph_key.py | 51 +++++----------------------------------- 2 files changed, 9 insertions(+), 60 deletions(-) diff --git a/library/ceph_key.py b/library/ceph_key.py index eebda7db6..ba8f013d2 100644 --- a/library/ceph_key.py +++ b/library/ceph_key.py @@ -81,11 +81,6 @@ options: but not add them into Ceph. required: false default: True - auid: - description: - - Sets the auid (authenticated user id) for the specified keyring - required: false - default: None dest: description: - Destination to write the keyring @@ -116,7 +111,6 @@ caps: name: client.admin state: present secret: AQAin8tU2DsKFBAAFIAzVTzkL3+gtAjjpQiomw== - auid: 0 caps: mon: allow * osd: allow * @@ -313,10 +307,6 @@ def generate_ceph_authtool_cmd(cluster, name, secret, caps, dest, container_imag ] cmd.extend(base_cmd) - - if auid: - cmd.extend(['--set-uid', auid]) - cmd = generate_caps(cmd, "ceph-authtool", caps) return cmd @@ -338,7 +328,7 @@ def create_key(module, result, cluster, name, secret, caps, import_key, dest, co secret = generate_secret() cmd_list.append(generate_ceph_authtool_cmd( - cluster, name, secret, caps, auid, dest, container_image)) + cluster, name, secret, caps, dest, container_image)) if import_key: user = "client.admin" @@ -527,8 +517,7 @@ def run_module(): caps=dict(type='dict', required=False, default=None), secret=dict(type='str', required=False, default=None), import_key=dict(type='bool', required=False, default=True), - auid=dict(type='str', required=False, default=None), - dest=dict(type='str', required=False, default='/etc/ceph'), + dest=dict(type='str', required=False, default='/etc/ceph/'), ) module = AnsibleModule( @@ -544,7 +533,6 @@ def run_module(): caps = module.params.get('caps') secret = module.params.get('secret') import_key = module.params.get('import_key') - auid = module.params.get('auid') dest = module.params.get('dest') result = dict( @@ -602,7 +590,7 @@ def run_module(): module.exit_json(**result) rc, cmd, out, err = exec_commands(module, create_key( - module, result, cluster, name, secret, caps, import_key, auid, file_path, container_image)) # noqa E501 + module, result, cluster, name, secret, caps, import_key, dest, container_image)) # noqa E501 file_args = module.load_file_common_arguments(module.params) file_args['path'] = file_path diff --git a/library/test_ceph_key.py b/library/test_ceph_key.py index d9e217ccd..143b6c8f3 100644 --- a/library/test_ceph_key.py +++ b/library/test_ceph_key.py @@ -104,7 +104,6 @@ class TestCephKeyModule(object): fake_dest = "/fake/ceph" fake_file_destination = os.path.join( fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring") - fake_auid = None expected_command_list = [ 'ceph-authtool', '--create-keyring', @@ -121,40 +120,7 @@ class TestCephKeyModule(object): 'allow rwx', ] result = ceph_key.generate_ceph_authtool_cmd( - fake_cluster, fake_name, fake_secret, fake_caps, fake_auid, fake_file_destination) # noqa E501 - assert result == expected_command_list - - def test_generate_ceph_authtool_cmd_non_container_auid(self): - fake_cluster = "fake" - fake_name = "client.fake" - fake_secret = "super-secret" - fake_caps = { - 'mon': 'allow *', - 'osd': 'allow rwx', - } - fake_dest = "/fake/ceph" - fake_file_destination = os.path.join( - fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring") - fake_auid = 666 - expected_command_list = [ - 'ceph-authtool', - '--create-keyring', - fake_file_destination, - '--name', - fake_name, - '--add-key', - fake_secret, - '--set-uid', - fake_auid, - '--cap', - 'mon', - 'allow *', - '--cap', - 'osd', - 'allow rwx', - ] - result = ceph_key.generate_ceph_authtool_cmd( - fake_cluster, fake_name, fake_secret, fake_caps, fake_auid, fake_file_destination) # noqa E501 + fake_cluster, fake_name, fake_secret, fake_caps, fake_dest) # noqa E501 assert result == expected_command_list def test_generate_ceph_authtool_cmd_container(self): @@ -166,7 +132,6 @@ class TestCephKeyModule(object): 'osd': 'allow rwx', } fake_dest = "/fake/ceph" - fake_auid = None fake_file_destination = os.path.join( fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring") fake_container_image = "docker.io/ceph/daemon:latest-luminous" @@ -192,7 +157,7 @@ class TestCephKeyModule(object): 'osd', 'allow rwx'] result = ceph_key.generate_ceph_authtool_cmd( - fake_cluster, fake_name, fake_secret, fake_caps, fake_auid, fake_file_destination, fake_containerized) # noqa E501 + fake_cluster, fake_name, fake_secret, fake_caps, fake_dest, fake_container_image) # noqa E501 assert result == expected_command_list def test_create_key_non_container(self): @@ -206,7 +171,6 @@ class TestCephKeyModule(object): 'osd': 'allow rwx', } fake_import_key = True - fake_auid = None fake_dest = "/fake/ceph" fake_file_destination = os.path.join( fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring") @@ -217,7 +181,7 @@ class TestCephKeyModule(object): 'import', '-i', fake_file_destination], ] result = ceph_key.create_key(fake_module, fake_result, fake_cluster, - fake_name, fake_secret, fake_caps, fake_import_key, fake_auid, fake_file_destination) # noqa E501 + fake_name, fake_secret, fake_caps, fake_import_key, fake_dest) # noqa E501 assert result == expected_command_list def test_create_key_container(self): @@ -232,7 +196,6 @@ class TestCephKeyModule(object): } fake_dest = "/fake/ceph" fake_import_key = True - fake_auid = None fake_file_destination = os.path.join( fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring") fake_container_image = "docker.io/ceph/daemon:latest-luminous" @@ -267,7 +230,7 @@ class TestCephKeyModule(object): '-i', fake_file_destination] ] result = ceph_key.create_key(fake_module, fake_result, fake_cluster, fake_name, # noqa E501 - fake_secret, fake_caps, fake_import_key, fake_auid, fake_file_destination, fake_containerized) # noqa E501 + fake_secret, fake_caps, fake_import_key, fake_dest, fake_container_image) # noqa E501 assert result == expected_command_list def test_create_key_non_container_no_import(self): @@ -282,7 +245,6 @@ class TestCephKeyModule(object): } fake_dest = "/fake/ceph" fake_import_key = False - fake_auid = None fake_file_destination = os.path.join( fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring") # create_key passes (one for ceph-authtool and one for itself) itw own array so the expected result is an array within an array # noqa E501 @@ -302,7 +264,7 @@ class TestCephKeyModule(object): 'allow rwx', ] ] result = ceph_key.create_key(fake_module, fake_result, fake_cluster, - fake_name, fake_secret, fake_caps, fake_import_key, fake_auid, fake_file_destination) # noqa E501 + fake_name, fake_secret, fake_caps, fake_import_key, fake_dest) # noqa E501 assert result == expected_command_list def test_create_key_container_no_import(self): @@ -319,7 +281,6 @@ class TestCephKeyModule(object): fake_import_key = False fake_file_destination = os.path.join( fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring") - fake_auid = None # create_key passes (one for ceph-authtool and one for itself) itw own array so the expected result is an array within an array # noqa E501 fake_container_image = "docker.io/ceph/daemon:latest-luminous" expected_command_list = [['docker', # noqa E128 @@ -344,7 +305,7 @@ class TestCephKeyModule(object): 'osd', 'allow rwx']] result = ceph_key.create_key(fake_module, fake_result, fake_cluster, fake_name, # noqa E501 - fake_secret, fake_caps, fake_import_key, fake_auid, fake_file_destination, fake_containerized) # noqa E501 + fake_secret, fake_caps, fake_import_key, fake_dest, fake_container_image) # noqa E501 assert result == expected_command_list def test_update_key_non_container(self):