X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=src%2Fceph%2Fsrc%2Ftest%2Fmon%2Fmoncap.cc;fp=src%2Fceph%2Fsrc%2Ftest%2Fmon%2Fmoncap.cc;h=0000000000000000000000000000000000000000;hb=7da45d65be36d36b880cc55c5036e96c24b53f00;hp=38ecfca7f37814fe4098b00f5916924d8fae3874;hpb=691462d09d0987b47e112d6ee8740375df3c51b2;p=stor4nfv.git diff --git a/src/ceph/src/test/mon/moncap.cc b/src/ceph/src/test/mon/moncap.cc deleted file mode 100644 index 38ecfca..0000000 --- a/src/ceph/src/test/mon/moncap.cc +++ /dev/null @@ -1,289 +0,0 @@ -// -*- mode:C++; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- -// vim: ts=8 sw=2 smarttab -/* - * Ceph - scalable distributed file system - * - * Copyright (C) 2012 Inktank - * - * This is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License version 2.1, as published by the Free Software - * Foundation. See file COPYING. - * - */ - -#include - -#include "include/stringify.h" -#include "mon/MonCap.h" - -#include "gtest/gtest.h" - -const char *parse_good[] = { - - // MonCapMatch - "allow *", - "allow r", - "allow rwx", - "allow r", - " allow rwx", - "allow rwx ", - " allow rwx ", - " allow\t rwx ", - "\tallow\nrwx\t", - "allow service=foo x", - "allow service=\"froo\" x", - "allow profile osd", - "allow profile osd-bootstrap", - "allow profile \"mds-bootstrap\", allow *", - "allow command \"a b c\"", - "allow command abc", - "allow command abc with arg=foo", - "allow command abc with arg=foo arg2=bar", - "allow command abc with arg=foo arg2=bar", - "allow command abc with arg=foo arg2 prefix bar arg3 prefix baz", - "allow command abc with arg=foo arg2 prefix \"bar bingo\" arg3 prefix baz", - "allow command abc with arg regex \"^[0-9a-z.]*$\"", - "allow command abc with arg regex \"\(invaluid regex\"", - "allow service foo x", - "allow service foo x; allow service bar x", - "allow service foo w ;allow service bar x", - "allow service foo w , allow service bar x", - "allow service foo r , allow service bar x", - "allow service foo_foo r, allow service bar r", - "allow service foo-foo r, allow service bar r", - "allow service \" foo \" w, allow service bar r", - "allow command abc with arg=foo arg2=bar, allow service foo r", - "allow command abc.def with arg=foo arg2=bar, allow service foo r", - "allow command \"foo bar\" with arg=\"baz\"", - "allow command \"foo bar\" with arg=\"baz.xx\"", - "profile osd", - "profile \"mds-bootstrap\", profile foo", - 0 -}; - -TEST(MonCap, ParseGood) { - for (int i=0; parse_good[i]; ++i) { - string str = parse_good[i]; - MonCap cap; - std::cout << "Testing good input: '" << str << "'" << std::endl; - ASSERT_TRUE(cap.parse(str, &cout)); - std::cout << " -> " << cap << std::endl; - } -} - -// these should stringify to the input value -const char *parse_identity[] = { - "allow *", - "allow r", - "allow rwx", - "allow service foo x", - "allow profile osd", - "allow profile osd-bootstrap", - "allow profile mds-bootstrap, allow *", - "allow profile \"foo bar\", allow *", - "allow command abc", - "allow command \"a b c\"", - "allow command abc with arg=foo", - "allow command abc with arg=foo arg2=bar", - "allow command abc with arg=foo arg2=bar", - "allow command abc with arg=foo arg2 prefix bar arg3 prefix baz", - "allow command abc with arg=foo arg2 prefix \"bar bingo\" arg3 prefix baz", - "allow service foo x", - "allow service foo x, allow service bar x", - "allow service foo w, allow service bar x", - "allow service foo r, allow service bar x", - "allow service foo_foo r, allow service bar r", - "allow service foo-foo r, allow service bar r", - "allow service \" foo \" w, allow service bar r", - "allow command abc with arg=foo arg2=bar, allow service foo r", - 0 -}; - -TEST(MonCap, ParseIdentity) -{ - for (int i=0; parse_identity[i]; ++i) { - string str = parse_identity[i]; - MonCap cap; - std::cout << "Testing good input: '" << str << "'" << std::endl; - ASSERT_TRUE(cap.parse(str, &cout)); - string out = stringify(cap); - ASSERT_EQ(out, str); - } -} - -const char *parse_bad[] = { - "allow r foo", - "allow*", - "foo allow *", - "allow profile foo rwx", - "allow profile", - "allow profile foo bar rwx", - "allow service bar", - "allow command baz x", - "allow r w", - "ALLOW r", - "allow rwx,", - "allow rwx x", - "allow r pool foo r", - "allow wwx pool taco", - "allow wwx pool taco^funny&chars", - "allow rwx pool 'weird name''", - "allow rwx object_prefix \"beforepool\" pool weird", - "allow rwx auid 123 pool asdf", - "allow command foo a prefix b", - "allow command foo with a prefixb", - "allow command foo with a = prefix b", - "allow command foo with a prefix b c", - 0 -}; - -TEST(MonCap, ParseBad) { - for (int i=0; parse_bad[i]; ++i) { - string str = parse_bad[i]; - MonCap cap; - std::cout << "Testing bad input: '" << str << "'" << std::endl; - ASSERT_FALSE(cap.parse(str, &cout)); - } -} - -TEST(MonCap, AllowAll) { - MonCap cap; - ASSERT_FALSE(cap.is_allow_all()); - - ASSERT_TRUE(cap.parse("allow r", NULL)); - ASSERT_FALSE(cap.is_allow_all()); - cap.grants.clear(); - - ASSERT_TRUE(cap.parse("allow w", NULL)); - ASSERT_FALSE(cap.is_allow_all()); - cap.grants.clear(); - - ASSERT_TRUE(cap.parse("allow x", NULL)); - ASSERT_FALSE(cap.is_allow_all()); - cap.grants.clear(); - - ASSERT_TRUE(cap.parse("allow rwx", NULL)); - ASSERT_FALSE(cap.is_allow_all()); - cap.grants.clear(); - - ASSERT_TRUE(cap.parse("allow rw", NULL)); - ASSERT_FALSE(cap.is_allow_all()); - cap.grants.clear(); - - ASSERT_TRUE(cap.parse("allow rx", NULL)); - ASSERT_FALSE(cap.is_allow_all()); - cap.grants.clear(); - - ASSERT_TRUE(cap.parse("allow wx", NULL)); - ASSERT_FALSE(cap.is_allow_all()); - cap.grants.clear(); - - ASSERT_TRUE(cap.parse("allow *", NULL)); - ASSERT_TRUE(cap.is_allow_all()); - ASSERT_TRUE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON, EntityName(), - "foo", "asdf", map(), true, true, true)); - - MonCap cap2; - ASSERT_FALSE(cap2.is_allow_all()); - cap2.set_allow_all(); - ASSERT_TRUE(cap2.is_allow_all()); -} - -TEST(MonCap, ProfileOSD) { - MonCap cap; - bool r = cap.parse("allow profile osd", NULL); - ASSERT_TRUE(r); - - EntityName name; - name.from_str("osd.123"); - map ca; - - ASSERT_TRUE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON, - name, "osd", "", ca, true, false, false)); - ASSERT_TRUE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON, - name, "osd", "", ca, true, true, false)); - ASSERT_TRUE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON, - name, "osd", "", ca, true, true, true)); - ASSERT_TRUE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON, - name, "osd", "", ca, true, true, true)); - ASSERT_TRUE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON, - name, "mon", "", ca, true, false,false)); - - ASSERT_FALSE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON, - name, "mds", "", ca, true, true, true)); - ASSERT_FALSE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON, - name, "mon", "", ca, true, true, true)); - - ca.clear(); - ASSERT_FALSE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON, - name, "", "config-key get", ca, true, true, true)); - ca["key"] = "daemon-private/osd.123"; - ASSERT_FALSE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON, - name, "", "config-key get", ca, true, true, true)); - ca["key"] = "daemon-private/osd.12/asdf"; - ASSERT_FALSE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON, - name, "", "config-key get", ca, true, true, true)); - ca["key"] = "daemon-private/osd.123/"; - ASSERT_TRUE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON, - name, "", "config-key get", ca, true, true, true)); - ASSERT_TRUE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON, - name, "", "config-key get", ca, true, true, true)); - ASSERT_TRUE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON, - name, "", "config-key get", ca, true, true, true)); - ca["key"] = "daemon-private/osd.123/foo"; - ASSERT_TRUE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON, - name, "", "config-key get", ca, true, true, true)); - ASSERT_TRUE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON, - name, "", "config-key put", ca, true, true, true)); - ASSERT_TRUE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON, - name, "", "config-key set", ca, true, true, true)); - ASSERT_TRUE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON, - name, "", "config-key exists", ca, true, true, true)); - ASSERT_TRUE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON, - name, "", "config-key delete", ca, true, true, true)); -} - -TEST(MonCap, CommandRegEx) { - MonCap cap; - ASSERT_FALSE(cap.is_allow_all()); - ASSERT_TRUE(cap.parse("allow command abc with arg regex \"^[0-9a-z.]*$\"", NULL)); - - EntityName name; - name.from_str("osd.123"); - ASSERT_TRUE(cap.is_capable(nullptr, CEPH_ENTITY_TYPE_OSD, name, "", - "abc", {{"arg", "12345abcde"}}, true, true, true)); - ASSERT_FALSE(cap.is_capable(nullptr, CEPH_ENTITY_TYPE_OSD, name, "", - "abc", {{"arg", "~!@#$"}}, true, true, true)); - - ASSERT_TRUE(cap.parse("allow command abc with arg regex \"[*\"", NULL)); - ASSERT_FALSE(cap.is_capable(nullptr, CEPH_ENTITY_TYPE_OSD, name, "", - "abc", {{"arg", ""}}, true, true, true)); -} - -TEST(MonCap, ProfileBootstrapRBD) { - MonCap cap; - ASSERT_FALSE(cap.is_allow_all()); - ASSERT_TRUE(cap.parse("profile bootstrap-rbd", NULL)); - - EntityName name; - name.from_str("mon.a"); - ASSERT_TRUE(cap.is_capable(nullptr, CEPH_ENTITY_TYPE_MON, name, "", - "auth get-or-create", { - {"entity", "client.rbd"}, - {"caps_mon", "profile rbd"}, - {"caps_osd", "profile rbd pool=foo, profile rbd-read-only"}, - }, true, true, true)); - ASSERT_FALSE(cap.is_capable(nullptr, CEPH_ENTITY_TYPE_MON, name, "", - "auth get-or-create", { - {"entity", "client.rbd"}, - {"caps_mon", "allow *"}, - {"caps_osd", "profile rbd"}, - }, true, true, true)); - ASSERT_FALSE(cap.is_capable(nullptr, CEPH_ENTITY_TYPE_MON, name, "", - "auth get-or-create", { - {"entity", "client.rbd"}, - {"caps_mon", "profile rbd"}, - {"caps_osd", "profile rbd pool=foo, allow *, profile rbd-read-only"}, - }, true, true, true)); -}