radosgw_user: support caps on user

Supporting adding/removing caps on the user.

Signed-off-by: Seena Fallah <seenafallah@gmail.com>
(cherry picked from commit c1f1c1e900)
pull/7603/head
Seena Fallah 2024-07-31 15:02:42 +02:00
parent acf444f78f
commit 3b5e0b2bbc
2 changed files with 158 additions and 4 deletions

View File

@ -195,6 +195,24 @@ def generate_radosgw_cmd(cluster, args, container_image=None):
return cmd return cmd
def generate_caps_cmd(cluster, args, container_image=None):
'''
Generate 'radosgw' command line to execute for caps
'''
cmd = pre_generate_radosgw_cmd(container_image=container_image)
base_cmd = [
'--cluster',
cluster,
'caps'
]
cmd.extend(base_cmd + args)
return cmd
def exec_commands(module, cmd): def exec_commands(module, cmd):
''' '''
Execute command(s) Execute command(s)
@ -223,6 +241,7 @@ def create_user(module, container_image=None):
zone = module.params.get('zone', None) zone = module.params.get('zone', None)
system = module.params.get('system', False) system = module.params.get('system', False)
admin = module.params.get('admin', False) admin = module.params.get('admin', False)
caps = module.params.get('caps')
args = ['create', '--uid=' + name, '--display_name=' + display_name] args = ['create', '--uid=' + name, '--display_name=' + display_name]
@ -250,6 +269,10 @@ def create_user(module, container_image=None):
if admin: if admin:
args.append('--admin') args.append('--admin')
if caps:
caps_args = [f"{cap['type']}={cap['perm']}" for cap in caps]
args.extend(['--caps', ';'.join(caps_args)])
cmd = generate_radosgw_cmd(cluster=cluster, cmd = generate_radosgw_cmd(cluster=cluster,
args=args, args=args,
container_image=container_image) container_image=container_image)
@ -257,6 +280,70 @@ def create_user(module, container_image=None):
return cmd return cmd
def caps_add(module, caps, container_image=None):
'''
Create a new user
'''
cluster = module.params.get('cluster')
name = module.params.get('name')
realm = module.params.get('realm', None)
zonegroup = module.params.get('zonegroup', None)
zone = module.params.get('zone', None)
args = ['add', '--uid=' + name]
if realm:
args.extend(['--rgw-realm=' + realm])
if zonegroup:
args.extend(['--rgw-zonegroup=' + zonegroup])
if zone:
args.extend(['--rgw-zone=' + zone])
caps_args = [f"{cap['type']}={cap['perm']}" for cap in caps]
args.extend(['--caps', ';'.join(caps_args)])
cmd = generate_caps_cmd(cluster=cluster,
args=args,
container_image=container_image)
return cmd
def caps_rm(module, caps, container_image=None):
'''
Create a new user
'''
cluster = module.params.get('cluster')
name = module.params.get('name')
realm = module.params.get('realm', None)
zonegroup = module.params.get('zonegroup', None)
zone = module.params.get('zone', None)
args = ['rm', '--uid=' + name]
if realm:
args.extend(['--rgw-realm=' + realm])
if zonegroup:
args.extend(['--rgw-zonegroup=' + zonegroup])
if zone:
args.extend(['--rgw-zone=' + zone])
caps_args = [f"{cap['type']}={cap['perm']}" for cap in caps]
args.extend(['--caps', ';'.join(caps_args)])
cmd = generate_caps_cmd(cluster=cluster,
args=args,
container_image=container_image)
return cmd
def modify_user(module, container_image=None): def modify_user(module, container_image=None):
''' '''
Modify an existing user Modify an existing user
@ -398,7 +485,8 @@ def run_module():
zonegroup=dict(type='str', required=False), zonegroup=dict(type='str', required=False),
zone=dict(type='str', required=False), zone=dict(type='str', required=False),
system=dict(type='bool', required=False, default=False), system=dict(type='bool', required=False, default=False),
admin=dict(type='bool', required=False, default=False) admin=dict(type='bool', required=False, default=False),
caps=dict(type='list', required=False),
) )
module = AnsibleModule( module = AnsibleModule(
@ -417,6 +505,7 @@ def run_module():
secret_key = module.params.get('secret_key') secret_key = module.params.get('secret_key')
system = module.params.get('system') system = module.params.get('system')
admin = module.params.get('admin') admin = module.params.get('admin')
caps = module.params.get('caps')
startd = datetime.datetime.now() startd = datetime.datetime.now()
changed = False changed = False
@ -431,16 +520,19 @@ def run_module():
current = { current = {
'display_name': user['display_name'], 'display_name': user['display_name'],
'system': user.get('system', False), 'system': user.get('system', False),
'admin': user.get('admin', False) 'admin': user.get('admin', False),
} }
asked = { asked = {
'display_name': display_name, 'display_name': display_name,
'system': system, 'system': system,
'admin': admin 'admin': admin,
} }
if email: if email:
current['email'] = user['email'] current['email'] = user['email']
asked['email'] = email asked['email'] = email
if caps:
current['caps'] = user['caps']
asked['caps'] = caps
if access_key and secret_key: if access_key and secret_key:
asked['access_key'] = access_key asked['access_key'] = access_key
@ -453,7 +545,15 @@ def run_module():
changed = current != asked changed = current != asked
if changed and not module.check_mode: if changed and not module.check_mode:
rc, cmd, out, err = exec_commands(module, modify_user(module, container_image=container_image)) # noqa: E501 rc, cmd, out, err = exec_commands(module, modify_user(module, container_image=container_image))
if caps:
missing_caps = [cap for cap in asked['caps'] if cap not in current['caps']]
extra_caps = [cap for cap in current['caps'] if cap not in asked['caps']]
if extra_caps:
rc, cmd, out, err = exec_commands(module, caps_rm(module, extra_caps, container_image=container_image))
if missing_caps:
rc, cmd, out, err = exec_commands(module, caps_add(module, missing_caps, container_image=container_image))
else: else:
changed = True changed = True
if not module.check_mode: if not module.check_mode:

View File

@ -149,3 +149,57 @@ class TestRadosgwUserModule(object):
] ]
assert radosgw_user.remove_user(fake_module) == expected_cmd assert radosgw_user.remove_user(fake_module) == expected_cmd
def test_caps_add(self):
fake_module = MagicMock()
fake_module.params = fake_params
expected_cmd = [
fake_binary,
'--cluster', fake_cluster,
'caps', 'add',
'--uid=' + fake_user,
'--rgw-realm=' + fake_realm,
'--rgw-zonegroup=' + fake_zonegroup,
'--rgw-zone=' + fake_zone,
'--caps=metadata=read;buckets=read'
]
caps = [
{
'type': 'metadata',
'perm': 'read',
},
{
'type': 'buckets',
'perm': 'read',
},
]
assert radosgw_user.caps_add(fake_module, caps) == expected_cmd
def test_caps_rm(self):
fake_module = MagicMock()
fake_module.params = fake_params
expected_cmd = [
fake_binary,
'--cluster', fake_cluster,
'caps', 'rm',
'--uid=' + fake_user,
'--rgw-realm=' + fake_realm,
'--rgw-zonegroup=' + fake_zonegroup,
'--rgw-zone=' + fake_zone,
'--caps=metadata=read;buckets=read'
]
caps = [
{
'type': 'metadata',
'perm': 'read',
},
{
'type': 'buckets',
'perm': 'read',
},
]
assert radosgw_user.caps_rm(fake_module, caps) == expected_cmd