} else {
out << g.match << g.spec;
}
+ if (g.network.size()) {
+ out << " network " << g.network;
+ }
out << ")";
return out;
}
equoted_string %=
lexeme['"' >> *(char_ - '"') >> '"'] |
lexeme['\'' >> *(char_ - '\'') >> '\''];
- unquoted_word %= +char_("a-zA-Z0-9_.-");
+ unquoted_word %= +char_("a-zA-Z0-9_./-");
str %= quoted_string | unquoted_word;
estr %= equoted_string | unquoted_word;
+ network_str %= +char_("/.:a-fA-F0-9][");
spaces = +ascii::space;
// grant := allow match capspec
grant = (*ascii::blank >>
- ((lit("allow") >> capspec >> match) [_val = phoenix::construct<OSDCapGrant>(_2, _1)] |
- (lit("allow") >> match >> capspec) [_val = phoenix::construct<OSDCapGrant>(_1, _2)] |
- (profile) [_val = phoenix::construct<OSDCapGrant>(_1)]
+ ((lit("allow") >> capspec >> match >>
+ -(spaces >> lit("network") >> spaces >> network_str))
+ [_val = phoenix::construct<OSDCapGrant>(_2, _1, _3)] |
+ (lit("allow") >> match >> capspec >>
+ -(spaces >> lit("network") >> spaces >> network_str))
+ [_val = phoenix::construct<OSDCapGrant>(_1, _2, _3)] |
+ (profile >> -(spaces >> lit("network") >> spaces >> network_str))
+ [_val = phoenix::construct<OSDCapGrant>(_1, _2)]
) >> *ascii::blank);
// osdcap := grant [grant ...]
grants %= (grant % (lit(';') | lit(',')));
qi::rule<Iterator, unsigned()> rwxa;
qi::rule<Iterator, string()> quoted_string, equoted_string;
qi::rule<Iterator, string()> unquoted_word;
- qi::rule<Iterator, string()> str, estr;
+ qi::rule<Iterator, string()> str, estr, network_str;
qi::rule<Iterator, string()> wildcard;
qi::rule<Iterator, int()> auid;
qi::rule<Iterator, string()> class_name;
OSDCapMatch match;
OSDCapSpec spec;
OSDCapProfile profile;
+ string network;
// explicit grants that a profile grant expands to; populated as
// needed by expand_profile() and cached here.
std::list<OSDCapGrant> profile_grants;
OSDCapGrant() {}
- OSDCapGrant(const OSDCapMatch& m, const OSDCapSpec& s) : match(m), spec(s) {}
- explicit OSDCapGrant(const OSDCapProfile& profile) : profile(profile) {
+ OSDCapGrant(const OSDCapMatch& m, const OSDCapSpec& s,
+ boost::optional<string> n = {})
+ : match(m), spec(s) {
+ if (n) {
+ network = *n;
+ }
+ }
+ explicit OSDCapGrant(const OSDCapProfile& profile,
+ boost::optional<string> n = {})
+ : profile(profile) {
+ if (n) {
+ network = *n;
+ }
expand_profile();
}
"allow rwx tag application key= value",
"allow rwx tag application key = value",
"allow all tag application all=all",
+ "allow rwx network 127.0.0.1/8",
+ "allow rwx network ::1/128",
+ "allow rwx network [ff::1]/128",
+ "profile foo network 127.0.0.1/8",
+ "allow rwx namespace foo tag cephfs data =cephfs_a network 127.0.0.1/8",
+ "allow pool foo rwx network 1.2.3.4/24",
0
};
"osdcap[grant(app application key key val value rwx)]"},
{"allow rwx namespace ns* tag application key=value",
"osdcap[grant(namespace ns* app application key key val value rwx)]"},
- {"allow all",
- "osdcap[grant(*)]"},
- {"allow rwx tag application all=all",
- "osdcap[grant(app application key * val * rwx)]"}
+ {"allow all",
+ "osdcap[grant(*)]"},
+ {"allow rwx tag application all=all",
+ "osdcap[grant(app application key * val * rwx)]"},
+ {"allow rwx network 1.2.3.4/24",
+ "osdcap[grant(rwx network 1.2.3.4/24)]"},
};
size_t num_tests = sizeof(test_values) / sizeof(*test_values);
projects / ceph.git / commitdiff