ceph_key: remove set-uid support

The support of set-uid was remove from Ceph during the Nautilus cycle by
the following commit: d6def8ba1126209f8dcb40e296977dc2b09a376e so this
will not work anymore when deploying Nautilus clusters and above.

Signed-off-by: Sébastien Han <seb@redhat.com>

diff --git a/library/ceph_key.py b/library/ceph_key.py
index eebda7db637a10a01a1a450ff6f9bf137bc9e262..ba8f013d24ec6c1be61057f13ebad530c76cffe4 100644 (file)
--- a/library/ceph_key.py
+++ b/library/ceph_key.py
@@ -81,11 +81,6 @@ options:
             but not add them into Ceph.
         required: false
         default: True
-    auid:
-        description:
-            - Sets the auid (authenticated user id) for the specified keyring
-        required: false
-        default: None
     dest:
         description:
             - Destination to write the keyring
@@ -116,7 +111,6 @@ caps:
     name: client.admin
     state: present
     secret: AQAin8tU2DsKFBAAFIAzVTzkL3+gtAjjpQiomw==
-    auid: 0
     caps:
       mon: allow *
       osd: allow *
@@ -313,10 +307,6 @@ def generate_ceph_authtool_cmd(cluster, name, secret, caps, dest, container_imag
     ]
 
     cmd.extend(base_cmd)
-
-    if auid:
-        cmd.extend(['--set-uid', auid])
-
     cmd = generate_caps(cmd, "ceph-authtool", caps)
 
     return cmd
@@ -338,7 +328,7 @@ def create_key(module, result, cluster, name, secret, caps, import_key, dest, co
         secret = generate_secret()
 
     cmd_list.append(generate_ceph_authtool_cmd(
-        cluster, name, secret, caps, auid, dest, container_image))
+        cluster, name, secret, caps, dest, container_image))
 
     if import_key:
         user = "client.admin"
@@ -527,8 +517,7 @@ def run_module():
         caps=dict(type='dict', required=False, default=None),
         secret=dict(type='str', required=False, default=None),
         import_key=dict(type='bool', required=False, default=True),
-        auid=dict(type='str', required=False, default=None),
-        dest=dict(type='str', required=False, default='/etc/ceph'),
+        dest=dict(type='str', required=False, default='/etc/ceph/'),
     )
 
     module = AnsibleModule(
@@ -544,7 +533,6 @@ def run_module():
     caps = module.params.get('caps')
     secret = module.params.get('secret')
     import_key = module.params.get('import_key')
-    auid = module.params.get('auid')
     dest = module.params.get('dest')
 
     result = dict(
@@ -602,7 +590,7 @@ def run_module():
                 module.exit_json(**result)
 
         rc, cmd, out, err = exec_commands(module, create_key(
-            module, result, cluster, name, secret, caps, import_key, auid, file_path, container_image))  # noqa E501
+            module, result, cluster, name, secret, caps, import_key, dest, container_image))  # noqa E501
 
         file_args = module.load_file_common_arguments(module.params)
         file_args['path'] = file_path

diff --git a/library/test_ceph_key.py b/library/test_ceph_key.py
index d9e217ccdfc0686cd187e51288dd3ca69f429cde..143b6c8f3e3a64e13067f8a1eecd48772f7c0a44 100644 (file)
--- a/library/test_ceph_key.py
+++ b/library/test_ceph_key.py
@@ -104,7 +104,6 @@ class TestCephKeyModule(object):
         fake_dest = "/fake/ceph"
         fake_file_destination = os.path.join(
             fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring")
-        fake_auid = None
         expected_command_list = [
             'ceph-authtool',
             '--create-keyring',
@@ -121,40 +120,7 @@ class TestCephKeyModule(object):
             'allow rwx',
         ]
         result = ceph_key.generate_ceph_authtool_cmd(
-            fake_cluster, fake_name, fake_secret, fake_caps, fake_auid, fake_file_destination)  # noqa E501
-        assert result == expected_command_list
-
-    def test_generate_ceph_authtool_cmd_non_container_auid(self):
-        fake_cluster = "fake"
-        fake_name = "client.fake"
-        fake_secret = "super-secret"
-        fake_caps = {
-            'mon': 'allow *',
-            'osd': 'allow rwx',
-        }
-        fake_dest = "/fake/ceph"
-        fake_file_destination = os.path.join(
-            fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring")
-        fake_auid = 666
-        expected_command_list = [
-            'ceph-authtool',
-            '--create-keyring',
-            fake_file_destination,
-            '--name',
-            fake_name,
-            '--add-key',
-            fake_secret,
-            '--set-uid',
-            fake_auid,
-            '--cap',
-            'mon',
-            'allow *',
-            '--cap',
-            'osd',
-            'allow rwx',
-        ]
-        result = ceph_key.generate_ceph_authtool_cmd(
-            fake_cluster, fake_name, fake_secret, fake_caps, fake_auid, fake_file_destination)  # noqa E501
+            fake_cluster, fake_name, fake_secret, fake_caps, fake_dest)  # noqa E501
         assert result == expected_command_list
 
     def test_generate_ceph_authtool_cmd_container(self):
@@ -166,7 +132,6 @@ class TestCephKeyModule(object):
             'osd': 'allow rwx',
         }
         fake_dest = "/fake/ceph"
-        fake_auid = None
         fake_file_destination = os.path.join(
             fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring")
         fake_container_image = "docker.io/ceph/daemon:latest-luminous"
@@ -192,7 +157,7 @@ class TestCephKeyModule(object):
                                  'osd',
                                  'allow rwx']
         result = ceph_key.generate_ceph_authtool_cmd(
-            fake_cluster, fake_name, fake_secret, fake_caps, fake_auid, fake_file_destination, fake_containerized)  # noqa E501
+            fake_cluster, fake_name, fake_secret, fake_caps, fake_dest, fake_container_image)  # noqa E501
         assert result == expected_command_list
 
     def test_create_key_non_container(self):
@@ -206,7 +171,6 @@ class TestCephKeyModule(object):
             'osd': 'allow rwx',
         }
         fake_import_key = True
-        fake_auid = None
         fake_dest = "/fake/ceph"
         fake_file_destination = os.path.join(
             fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring")
@@ -217,7 +181,7 @@ class TestCephKeyModule(object):
                 'import', '-i', fake_file_destination],
         ]
         result = ceph_key.create_key(fake_module, fake_result, fake_cluster,
-                                     fake_name, fake_secret, fake_caps, fake_import_key, fake_auid, fake_file_destination)  # noqa E501
+                                     fake_name, fake_secret, fake_caps, fake_import_key, fake_dest)  # noqa E501
         assert result == expected_command_list
 
     def test_create_key_container(self):
@@ -232,7 +196,6 @@ class TestCephKeyModule(object):
         }
         fake_dest = "/fake/ceph"
         fake_import_key = True
-        fake_auid = None
         fake_file_destination = os.path.join(
             fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring")
         fake_container_image = "docker.io/ceph/daemon:latest-luminous"
@@ -267,7 +230,7 @@ class TestCephKeyModule(object):
             '-i', fake_file_destination]
         ]
         result = ceph_key.create_key(fake_module, fake_result, fake_cluster, fake_name,  # noqa E501
-                                     fake_secret, fake_caps, fake_import_key, fake_auid, fake_file_destination, fake_containerized)  # noqa E501
+                                     fake_secret, fake_caps, fake_import_key, fake_dest, fake_container_image)  # noqa E501
         assert result == expected_command_list
 
     def test_create_key_non_container_no_import(self):
@@ -282,7 +245,6 @@ class TestCephKeyModule(object):
         }
         fake_dest = "/fake/ceph"
         fake_import_key = False
-        fake_auid = None
         fake_file_destination = os.path.join(
             fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring")
         # create_key passes (one for ceph-authtool and one for itself) itw own array so the expected result is an array within an array # noqa E501
@@ -302,7 +264,7 @@ class TestCephKeyModule(object):
             'allow rwx', ]
         ]
         result = ceph_key.create_key(fake_module, fake_result, fake_cluster,
-                                     fake_name, fake_secret, fake_caps, fake_import_key, fake_auid, fake_file_destination)  # noqa E501
+                                     fake_name, fake_secret, fake_caps, fake_import_key, fake_dest)  # noqa E501
         assert result == expected_command_list
 
     def test_create_key_container_no_import(self):
@@ -319,7 +281,6 @@ class TestCephKeyModule(object):
         fake_import_key = False
         fake_file_destination = os.path.join(
             fake_dest + "/" + fake_cluster + "." + fake_name + ".keyring")
-        fake_auid = None
         # create_key passes (one for ceph-authtool and one for itself) itw own array so the expected result is an array within an array # noqa E501
         fake_container_image = "docker.io/ceph/daemon:latest-luminous"
         expected_command_list = [['docker',   # noqa E128
@@ -344,7 +305,7 @@ class TestCephKeyModule(object):
                                  'osd',
                                  'allow rwx']]
         result = ceph_key.create_key(fake_module, fake_result, fake_cluster, fake_name,  # noqa E501
-                                     fake_secret, fake_caps, fake_import_key, fake_auid, fake_file_destination, fake_containerized)  # noqa E501
+                                     fake_secret, fake_caps, fake_import_key, fake_dest, fake_container_image)  # noqa E501
         assert result == expected_command_list
 
     def test_update_key_non_container(self):