ceph
/
ceph-ansible
mirror of https://github.com/ceph/ceph-ansible.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

ceph_key: remove set-uid support 

The support of set-uid was remove from Ceph during the Nautilus cycle by
the following commit: d6def8ba1126209f8dcb40e296977dc2b09a376e so this
will not work anymore when deploying Nautilus clusters and above.

Signed-off-by: Sébastien Han <seb@redhat.com>
pull/3367/head
Sébastien Han 2018-11-16 10:37:07 +01:00 committed by mergify[bot]
parent f192bc92a2
commit 1afa4c5c95
2 changed files with 9 additions and 60 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
library/ceph_key.py
View File

@ -81,11 +81,6 @@ options:
but not add them into Ceph. but not add them into Ceph.
required: false required: false
default: True default: True
auid:
description:
- Sets the auid (authenticated user id) for the specified keyring
required: false
default: None
dest: dest:
description: description:
- Destination to write the keyring - Destination to write the keyring
@ -116,7 +111,6 @@ caps:
name: client.admin name: client.admin
state: present state: present
secret: AQAin8tU2DsKFBAAFIAzVTzkL3+gtAjjpQiomw== secret: AQAin8tU2DsKFBAAFIAzVTzkL3+gtAjjpQiomw==
auid: 0
caps: caps:
mon: allow * mon: allow *
osd: allow * osd: allow *
@ -313,10 +307,6 @@ def generate_ceph_authtool_cmd(cluster, name, secret, caps, dest, container_imag
] ]
cmd.extend(base_cmd) cmd.extend(base_cmd)
if auid:
cmd.extend(['--set-uid', auid])
cmd = generate_caps(cmd, "ceph-authtool", caps) cmd = generate_caps(cmd, "ceph-authtool", caps)
return cmd return cmd
@ -338,7 +328,7 @@ def create_key(module, result, cluster, name, secret, caps, import_key, dest, co
secret = generate_secret() secret = generate_secret()
cmd_list.append(generate_ceph_authtool_cmd( cmd_list.append(generate_ceph_authtool_cmd(
cluster, name, secret, caps, auid, dest, container_image)) cluster, name, secret, caps, dest, container_image))
if import_key: if import_key:
user = "client.admin" user = "client.admin"
@ -527,8 +517,7 @@ def run_module():
caps=dict(type='dict', required=False, default=None), caps=dict(type='dict', required=False, default=None),
secret=dict(type='str', required=False, default=None), secret=dict(type='str', required=False, default=None),
import_key=dict(type='bool', required=False, default=True), import_key=dict(type='bool', required=False, default=True),
auid=dict(type='str', required=False, default=None), dest=dict(type='str', required=False, default='/etc/ceph/'),
dest=dict(type='str', required=False, default='/etc/ceph'),
) )
module = AnsibleModule( module = AnsibleModule(
@ -544,7 +533,6 @@ def run_module():
caps = module.params.get('caps') caps = module.params.get('caps')
secret = module.params.get('secret') secret = module.params.get('secret')
import_key = module.params.get('import_key') import_key = module.params.get('import_key')
auid = module.params.get('auid')
dest = module.params.get('dest') dest = module.params.get('dest')
result = dict( result = dict(
@ -602,7 +590,7 @@ def run_module():
module.exit_json(**result) module.exit_json(**result)
rc, cmd, out, err = exec_commands(module, create_key( rc, cmd, out, err = exec_commands(module, create_key(
module, result, cluster, name, secret, caps, import_key, auid, file_path, container_image)) # noqa E501 module, result, cluster, name, secret, caps, import_key, dest, container_image)) # noqa E501
file_args = module.load_file_common_arguments(module.params) file_args = module.load_file_common_arguments(module.params)
file_args['path'] = file_path file_args['path'] = file_path

51
library/test_ceph_key.py
View File

@ -104,7 +104,6 @@ class TestCephKeyModule(object):
fake_dest = "/fake/ceph" fake_dest = "/fake/ceph"
fake_file_destination = os.path.join( fake_file_destination = os.path.join(
fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring") fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring")
fake_auid = None
expected_command_list = [ expected_command_list = [
'ceph-authtool', 'ceph-authtool',
'--create-keyring', '--create-keyring',
@ -121,40 +120,7 @@ class TestCephKeyModule(object):
'allow rwx', 'allow rwx',
] ]
result = ceph_key.generate_ceph_authtool_cmd( result = ceph_key.generate_ceph_authtool_cmd(
fake_cluster, fake_name, fake_secret, fake_caps, fake_auid, fake_file_destination) # noqa E501 fake_cluster, fake_name, fake_secret, fake_caps, fake_dest) # noqa E501
assert result == expected_command_list
def test_generate_ceph_authtool_cmd_non_container_auid(self):
fake_cluster = "fake"
fake_name = "client.fake"
fake_secret = "super-secret"
fake_caps = {
'mon': 'allow *',
'osd': 'allow rwx',
}
fake_dest = "/fake/ceph"
fake_file_destination = os.path.join(
fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring")
fake_auid = 666
expected_command_list = [
'ceph-authtool',
'--create-keyring',
fake_file_destination,
'--name',
fake_name,
'--add-key',
fake_secret,
'--set-uid',
fake_auid,
'--cap',
'mon',
'allow *',
'--cap',
'osd',
'allow rwx',
]
result = ceph_key.generate_ceph_authtool_cmd(
fake_cluster, fake_name, fake_secret, fake_caps, fake_auid, fake_file_destination) # noqa E501
assert result == expected_command_list assert result == expected_command_list
def test_generate_ceph_authtool_cmd_container(self): def test_generate_ceph_authtool_cmd_container(self):
@ -166,7 +132,6 @@ class TestCephKeyModule(object):
'osd': 'allow rwx', 'osd': 'allow rwx',
} }
fake_dest = "/fake/ceph" fake_dest = "/fake/ceph"
fake_auid = None
fake_file_destination = os.path.join( fake_file_destination = os.path.join(
fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring") fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring")
fake_container_image = "docker.io/ceph/daemon:latest-luminous" fake_container_image = "docker.io/ceph/daemon:latest-luminous"
@ -192,7 +157,7 @@ class TestCephKeyModule(object):
'osd', 'osd',
'allow rwx'] 'allow rwx']
result = ceph_key.generate_ceph_authtool_cmd( result = ceph_key.generate_ceph_authtool_cmd(
fake_cluster, fake_name, fake_secret, fake_caps, fake_auid, fake_file_destination, fake_containerized) # noqa E501 fake_cluster, fake_name, fake_secret, fake_caps, fake_dest, fake_container_image) # noqa E501
assert result == expected_command_list assert result == expected_command_list
def test_create_key_non_container(self): def test_create_key_non_container(self):
@ -206,7 +171,6 @@ class TestCephKeyModule(object):
'osd': 'allow rwx', 'osd': 'allow rwx',
} }
fake_import_key = True fake_import_key = True
fake_auid = None
fake_dest = "/fake/ceph" fake_dest = "/fake/ceph"
fake_file_destination = os.path.join( fake_file_destination = os.path.join(
fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring") fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring")
@ -217,7 +181,7 @@ class TestCephKeyModule(object):
'import', '-i', fake_file_destination], 'import', '-i', fake_file_destination],
] ]
result = ceph_key.create_key(fake_module, fake_result, fake_cluster, result = ceph_key.create_key(fake_module, fake_result, fake_cluster,
fake_name, fake_secret, fake_caps, fake_import_key, fake_auid, fake_file_destination) # noqa E501 fake_name, fake_secret, fake_caps, fake_import_key, fake_dest) # noqa E501
assert result == expected_command_list assert result == expected_command_list
def test_create_key_container(self): def test_create_key_container(self):
@ -232,7 +196,6 @@ class TestCephKeyModule(object):
} }
fake_dest = "/fake/ceph" fake_dest = "/fake/ceph"
fake_import_key = True fake_import_key = True
fake_auid = None
fake_file_destination = os.path.join( fake_file_destination = os.path.join(
fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring") fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring")
fake_container_image = "docker.io/ceph/daemon:latest-luminous" fake_container_image = "docker.io/ceph/daemon:latest-luminous"
@ -267,7 +230,7 @@ class TestCephKeyModule(object):
'-i', fake_file_destination] '-i', fake_file_destination]
] ]
result = ceph_key.create_key(fake_module, fake_result, fake_cluster, fake_name, # noqa E501 result = ceph_key.create_key(fake_module, fake_result, fake_cluster, fake_name, # noqa E501
fake_secret, fake_caps, fake_import_key, fake_auid, fake_file_destination, fake_containerized) # noqa E501 fake_secret, fake_caps, fake_import_key, fake_dest, fake_container_image) # noqa E501
assert result == expected_command_list assert result == expected_command_list
def test_create_key_non_container_no_import(self): def test_create_key_non_container_no_import(self):
@ -282,7 +245,6 @@ class TestCephKeyModule(object):
} }
fake_dest = "/fake/ceph" fake_dest = "/fake/ceph"
fake_import_key = False fake_import_key = False
fake_auid = None
fake_file_destination = os.path.join( fake_file_destination = os.path.join(
fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring") fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring")
# create_key passes (one for ceph-authtool and one for itself) itw own array so the expected result is an array within an array # noqa E501 # create_key passes (one for ceph-authtool and one for itself) itw own array so the expected result is an array within an array # noqa E501
@ -302,7 +264,7 @@ class TestCephKeyModule(object):
'allow rwx', ] 'allow rwx', ]
] ]
result = ceph_key.create_key(fake_module, fake_result, fake_cluster, result = ceph_key.create_key(fake_module, fake_result, fake_cluster,
fake_name, fake_secret, fake_caps, fake_import_key, fake_auid, fake_file_destination) # noqa E501 fake_name, fake_secret, fake_caps, fake_import_key, fake_dest) # noqa E501
assert result == expected_command_list assert result == expected_command_list
def test_create_key_container_no_import(self): def test_create_key_container_no_import(self):
@ -319,7 +281,6 @@ class TestCephKeyModule(object):
fake_import_key = False fake_import_key = False
fake_file_destination = os.path.join( fake_file_destination = os.path.join(
fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring") fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring")
fake_auid = None
# create_key passes (one for ceph-authtool and one for itself) itw own array so the expected result is an array within an array # noqa E501 # create_key passes (one for ceph-authtool and one for itself) itw own array so the expected result is an array within an array # noqa E501
fake_container_image = "docker.io/ceph/daemon:latest-luminous" fake_container_image = "docker.io/ceph/daemon:latest-luminous"
expected_command_list = [['docker', # noqa E128 expected_command_list = [['docker', # noqa E128
@ -344,7 +305,7 @@ class TestCephKeyModule(object):
'osd', 'osd',
'allow rwx']] 'allow rwx']]
result = ceph_key.create_key(fake_module, fake_result, fake_cluster, fake_name, # noqa E501 result = ceph_key.create_key(fake_module, fake_result, fake_cluster, fake_name, # noqa E501
fake_secret, fake_caps, fake_import_key, fake_auid, fake_file_destination, fake_containerized) # noqa E501 fake_secret, fake_caps, fake_import_key, fake_dest, fake_container_image) # noqa E501
assert result == expected_command_list assert result == expected_command_list
def test_update_key_non_container(self): def test_update_key_non_container(self):