ceph auth del client.xx
expect_false ceph auth get client.xx
+ # test rotation
+ ceph auth get-or-create client.admin2 mon 'allow *'
+ ceph auth get client.admin2 >> keyring1
+ env CEPH_KEYRING=keyring1 ceph -n client.admin2 auth get client.admin2 >> keyring2
+ # they are the same:
+ expect_true diff -au keyring1 keyring2
+ # rotate itself
+ env CEPH_KEYRING=keyring1 ceph -n client.admin2 auth rotate client.admin2 >> keyring3
+ # only the key has changed:
+ diff -au keyring1 keyring3 | grep -E '^[-+][^-+]' | expect_false grep -v key
+ # the key in keyring1 no longer works:
+ expect_false env CEPH_KEYRING=keyring1 ceph -n client.admin2 auth get client.admin2
+ # the key in keyring3 should work:
+ expect_true env CEPH_KEYRING=keyring3 ceph -n client.admin2 auth get client.admin2
+ # now verify the key from `auth get` matches what rotate produced:
+ expect_true ceph auth get client.admin2 >> keyring4
+ expect_true diff -au keyring3 keyring4
+ expect_true ceph auth rm client.admin2
+ rm keyring[1234]
+
# (almost) interactive mode
echo -e 'auth add client.xx mon "allow *" osd "allow *"\n' | ceph
ceph auth get client.xx
projects / ceph.git / commitdiff