diff options
| author | Sage Weil <sage@newdream.net> | 2011-08-23 15:18:29 -0700 |
|---|---|---|
| committer | Sage Weil <sage@newdream.net> | 2011-08-23 15:24:44 -0700 |
| commit | ddc567429d6e6c69171805e8ddc772998855b8e9 (patch) | |
| tree | 04fa5f791738a1b8923fa6e87c1b9bc0149e65ec /qa | |
| parent | 3432729397e907606a5e3104a190e9286f0bce0b (diff) | |
| download | ceph-ddc567429d6e6c69171805e8ddc772998855b8e9.tar.gz | |
mon: allow wildcards for mon cap command matching
We need wildcards, actually. * is any token, ... is 1 or more tokens.
Signed-off-by: Sage Weil <sage@newdream.net>
Diffstat (limited to 'qa')
| -rwxr-xr-x | qa/workunits/caps/mon_commands.sh | 27 |
1 files changed, 17 insertions, 10 deletions
diff --git a/qa/workunits/caps/mon_commands.sh b/qa/workunits/caps/mon_commands.sh index b0aca22f207..237055c3c16 100755 --- a/qa/workunits/caps/mon_commands.sh +++ b/qa/workunits/caps/mon_commands.sh @@ -1,18 +1,25 @@ #!/bin/sh -ex cauthtool --create-keyring k --gen-key -p --name client.xx -ceph auth add -i k client.xx mon 'allow command foo; allow command bar' +ceph auth add -i k client.xx mon "allow command foo; allow command bar *; allow command baz ...; allow command foo add * mon allow\\ rwx osd allow\\ *" -( ceph -k k -n client.xx foo || true ) | grep -v 'Access denied' -( ceph -k k -n client.xx foo ooo || true ) | grep -v 'Access denied' -( ceph -k k -n client.xx fo || true ) | grep 'Access denied' -( ceph -k k -n client.xx fooo || true ) | grep 'Access denied' +( ceph -k k -n client.xx foo || true ) | grep 'unrecog' +( ceph -k k -n client.xx foo ooo || true ) | grep 'Access denied' +( ceph -k k -n client.xx fo || true ) | grep 'Access denied' +( ceph -k k -n client.xx fooo || true ) | grep 'Access denied' -( ceph -k k -n client.xx bar || true ) | grep -v 'Access denied' -( ceph -k k -n client.xx bar a b c || true ) | grep -v 'Access denied' -( ceph -k k -n client.xx ba || true ) | grep 'Access denied' -( ceph -k k -n client.xx barr || true ) | grep 'Access denied' +( ceph -k k -n client.xx bar || true ) | grep 'Access denied' +( ceph -k k -n client.xx bar a || true ) | grep 'unrecog' +( ceph -k k -n client.xx bar a b c || true ) | grep 'Access denied' +( ceph -k k -n client.xx ba || true ) | grep 'Access denied' +( ceph -k k -n client.xx barr || true ) | grep 'Access denied' -( ceph -k k -n client.xx baz || true ) | grep 'Access denied' +( ceph -k k -n client.xx baz || true ) | grep -v 'Access denied' +( ceph -k k -n client.xx baz a || true ) | grep -v 'Access denied' +( ceph -k k -n client.xx baz a b || true ) | grep -v 'Access denied' + +( ceph -k k -n client.xx foo add osd.1 -i k mon 'allow rwx' osd 'allow *' || true ) | grep 'unrecog' +( ceph -k k -n client.xx foo add osd a b c -i k mon 'allow rwx' osd 'allow *' || true ) | grep 'Access denied' +( ceph -k k -n client.xx foo add osd a b c -i k mon 'allow *' || true ) | grep 'Access denied' echo OK
\ No newline at end of file |