diff --git a/library/ceph_key.py b/library/ceph_key.py index 6b98e075c..5e3ccbce6 100644 --- a/library/ceph_key.py +++ b/library/ceph_key.py @@ -261,7 +261,7 @@ def generate_caps(_type, caps): return caps_cli -def generate_ceph_cmd(cluster, args, user, user_key_path, container_image=None): +def generate_ceph_cmd(cluster, args, user, user_key_path, container_image=None, no_log=False): ''' Generate 'ceph' command line to execute ''' @@ -269,7 +269,7 @@ def generate_ceph_cmd(cluster, args, user, user_key_path, container_image=None): if container_image: binary = 'ceph' cmd = container_exec( - binary, container_image) + binary, container_image, no_log=no_log) else: binary = ['ceph'] cmd = binary @@ -401,7 +401,7 @@ def info_key(cluster, name, user, user_key_path, output_format, container_image= return cmd_list -def list_keys(cluster, user, user_key_path, container_image=None): +def list_keys(cluster, user, user_key_path, container_image=None, no_log=False): ''' List all CephX keys ''' @@ -415,7 +415,7 @@ def list_keys(cluster, user, user_key_path, container_image=None): ] cmd_list.append(generate_ceph_cmd( - cluster, args, user, user_key_path, container_image)) + cluster, args, user, user_key_path, container_image, no_log=no_log)) return cmd_list @@ -645,7 +645,7 @@ def run_module(): keyring_filename = cluster + "-" + hostname + "/keyring" user_key_path = os.path.join("/var/lib/ceph/mon/", keyring_filename) rc, cmd, out, err = exec_commands( - module, list_keys(cluster, user, user_key_path, container_image)) + module, list_keys(cluster, user, user_key_path, container_image, no_log=True)) if rc != 0: result["stdout"] = "failed to retrieve ceph keys" result["sdterr"] = err diff --git a/module_utils/ca_common.py b/module_utils/ca_common.py index 0a7da58bc..9f777c2c8 100644 --- a/module_utils/ca_common.py +++ b/module_utils/ca_common.py @@ -26,7 +26,7 @@ def generate_ceph_cmd(sub_cmd, args, user_key=None, cluster='ceph', user='client return cmd -def container_exec(binary, container_image): +def container_exec(binary, container_image, no_log=False): ''' Build the docker CLI to run a command inside a container ''' @@ -38,8 +38,14 @@ def container_exec(binary, container_image): '--net=host', '-v', '/etc/ceph:/etc/ceph:z', '-v', '/var/lib/ceph/:/var/lib/ceph/:z', - '-v', '/var/log/ceph/:/var/log/ceph/:z', - '--entrypoint=' + binary, container_image] + '-v', '/var/log/ceph/:/var/log/ceph/:z' + ] + + if no_log: + command_exec.append('--log-drive=none') + + command_exec.extend(['--entrypoint=' + binary, container_image]) + return command_exec diff --git a/tests/library/test_ceph_key.py b/tests/library/test_ceph_key.py index bbeeecbc9..6e7e28029 100644 --- a/tests/library/test_ceph_key.py +++ b/tests/library/test_ceph_key.py @@ -577,3 +577,28 @@ class TestCephKeyModule(object): with pytest.raises(ca_test_common.AnsibleExitJson) as result: ceph_key.run_module() assert result.value.args[0]['stdout'] == fake_secret.decode() + + @mock.patch.dict(os.environ, {'CEPH_CONTAINER_BINARY': 'podman'}) + @mock.patch.dict(os.environ, {'CEPH_CONTAINER_IMAGE': 'docker.io/ceph/daemon:latest'}) + @mock.patch('ansible.module_utils.basic.AnsibleModule.fail_json') + @mock.patch('ceph_key.exec_commands') + def test_state_fetch_keys(self, m_exec_commands, m_fail_json): + output_format = "plain" + ca_test_common.set_module_args({"state": "fetch_initial_keys", + "cluster": "ceph", + "name": "client.admin", + "output_format": output_format}) + + m_exec_commands.return_value = (0, + ['ceph', 'auth', 'get', 'client.admin', '-f', output_format], + '[{"entity":"client.admin","key":"AQC1tw5fF156GhAAoJCvHGX/jl/k7/N4VZm8iQ==","caps":{"mds":"allow *","mgr":"allow *","mon":"allow *","osd":"allow *"}}]', # noqa: E501 + 'exported keyring for client.admin') + + + m_fail_json.side_effect = ca_test_common.fail_json + + with pytest.raises(ca_test_common.AnsibleFailJson) as result: + ceph_key.run_module() + + import pdb; pdb.set_trace() + result = result.value.args[0]