Skip to content

Commit

Permalink
Merge pull request #51876 from idryomov/wip-61382-pacific
Browse files Browse the repository at this point in the history 
pacific: osd/OSDCap: allow rbd.metadata_list method under rbd-read-only profile

Reviewed-by: Mykola Golub <mgolub@suse.com>
  • Loading branch information
@yuriw
yuriw committed Jun 19, 2023
2 parents a86dd21 + 877ca0d commit b836b6b
Show file tree
Hide file tree
Showing 2 changed files with 48 additions and 1 deletion.
6 changes: 5 additions & 1 deletion src/osd/OSDCap.cc
View file
Expand Up @@ -339,7 +339,8 @@ void OSDCapGrant::expand_profile()
OSDCapSpec(osd_rwxa_t(OSD_CAP_CLS_R)));
profile_grants.emplace_back(OSDCapMatch(string(), "rbd_mirroring"),
OSDCapSpec(osd_rwxa_t(OSD_CAP_CLS_R)));
profile_grants.emplace_back(OSDCapMatch(profile.pool_namespace.pool_name),
profile_grants.emplace_back(OSDCapMatch(profile.pool_namespace.pool_name,
"", "rbd_info"),
OSDCapSpec("rbd", "metadata_list"));
profile_grants.emplace_back(OSDCapMatch(profile.pool_namespace),
OSDCapSpec(osd_rwxa_t(OSD_CAP_R |
Expand All @@ -348,6 +349,9 @@ void OSDCapGrant::expand_profile()
}
if (profile.name == "rbd-read-only") {
// RBD read-only grant
profile_grants.emplace_back(OSDCapMatch(profile.pool_namespace.pool_name,
"", "rbd_info"),
OSDCapSpec("rbd", "metadata_list"));
profile_grants.emplace_back(OSDCapMatch(profile.pool_namespace),
OSDCapSpec(osd_rwxa_t(OSD_CAP_R |
OSD_CAP_CLS_R)));
Expand Down
43 changes: 43 additions & 0 deletions src/test/osd/osdcap.cc
View file
Expand Up @@ -1336,6 +1336,49 @@ TEST(OSDCap, AllowProfile) {
{{"rbd", "child_detach", true, true, true}}, addr));
ASSERT_FALSE(cap.is_capable("abc", "", {}, "rbd_header.ABC", false, false,
{{"rbd", "other function", true, true, true}}, addr));

cap.grants.clear();
ASSERT_TRUE(cap.parse("profile rbd pool pool1 namespace ns1", nullptr));
ASSERT_TRUE(cap.is_capable("pool1", "", {}, "rbd_info", false, false,
{{"rbd", "metadata_list", true, false, true}},
addr));
ASSERT_TRUE(cap.is_capable("pool1", "ns1", {}, "rbd_info", false, false,
{{"rbd", "metadata_list", true, false, true}},
addr));
ASSERT_FALSE(cap.is_capable("pool1", "ns2", {}, "rbd_info", false, false,
{{"rbd", "metadata_list", true, false, true}},
addr));
ASSERT_FALSE(cap.is_capable("pool2", "", {}, "rbd_info", false, false,
{{"rbd", "metadata_list", true, false, true}},
addr));
ASSERT_FALSE(cap.is_capable("pool1", "", {}, "asdf", false, false,
{{"rbd", "metadata_list", true, false, true}},
addr));
ASSERT_FALSE(cap.is_capable("pool1", "", {}, "rbd_info", false, false,
{{"rbd", "other_method", true, false, true}},
addr));

cap.grants.clear();
ASSERT_TRUE(cap.parse("profile rbd-read-only pool pool1 namespace ns1",
nullptr));
ASSERT_TRUE(cap.is_capable("pool1", "", {}, "rbd_info", false, false,
{{"rbd", "metadata_list", true, false, true}},
addr));
ASSERT_TRUE(cap.is_capable("pool1", "ns1", {}, "rbd_info", false, false,
{{"rbd", "metadata_list", true, false, true}},
addr));
ASSERT_FALSE(cap.is_capable("pool1", "ns2", {}, "rbd_info", false, false,
{{"rbd", "metadata_list", true, false, true}},
addr));
ASSERT_FALSE(cap.is_capable("pool2", "", {}, "rbd_info", false, false,
{{"rbd", "metadata_list", true, false, true}},
addr));
ASSERT_FALSE(cap.is_capable("pool1", "", {}, "asdf", false, false,
{{"rbd", "metadata_list", true, false, true}},
addr));
ASSERT_FALSE(cap.is_capable("pool1", "", {}, "rbd_info", false, false,
{{"rbd", "other_method", true, false, true}},
addr));
}

TEST(OSDCap, network) {
Expand Down

0 comments on commit b836b6b

Please sign in to comment.