mon: dropped daemon type argument for MonCap

This was a placeholder for handling MGR caps within the MonCap
class. Now that the MGR has its own MgrCap class, this is no
longer required.

Signed-off-by: Jason Dillaman <dillaman@redhat.com>
(cherry picked from commit dbb1b54d492134b677b4e239415c0579e34032b4)

Conflicts:
	src/mon/MonCap.h: trivial resolution
	src/mon/Monitor.cc: trivial resolution

diff --git a/src/mon/MonCap.cc b/src/mon/MonCap.cc
index a0e91c3614b9bad580d1793a8ae0a35a239a218a..b262929aeb5f174ef9f92c4cad5a75d1228c44d4 100644 (file)
--- a/src/mon/MonCap.cc
+++ b/src/mon/MonCap.cc
@@ -146,7 +146,7 @@ void MonCapGrant::parse_network()
                                  &network_prefix);
 }
 
-void MonCapGrant::expand_profile(int daemon_type, const EntityName& name) const
+void MonCapGrant::expand_profile(const EntityName& name) const
 {
   // only generate this list once
   if (!profile_grants.empty())
@@ -166,25 +166,6 @@ void MonCapGrant::expand_profile(int daemon_type, const EntityName& name) const
     return;
   }
 
-  switch (daemon_type) {
-  case CEPH_ENTITY_TYPE_MON:
-    expand_profile_mon(name);
-    return;
-  case CEPH_ENTITY_TYPE_MGR:
-    expand_profile_mgr(name);
-    return;
-  }
-}
-
-void MonCapGrant::expand_profile_mgr(const EntityName& name) const
-{
-  if (profile == "crash") {
-    profile_grants.push_back(MonCapGrant("crash post"));
-  }
-}
-
-void MonCapGrant::expand_profile_mon(const EntityName& name) const
-{
   if (profile == "mon") {
     profile_grants.push_back(MonCapGrant("mon", MON_CAP_ALL));
     profile_grants.push_back(MonCapGrant("log", MON_CAP_ALL));
@@ -333,17 +314,16 @@ void MonCapGrant::expand_profile_mon(const EntityName& name) const
 }
 
 mon_rwxa_t MonCapGrant::get_allowed(CephContext *cct,
-                                   int daemon_type,
                                    EntityName name,
                                    const std::string& s, const std::string& c,
                                    const map<string,string>& c_args) const
 {
   if (profile.length()) {
-    expand_profile(daemon_type, name);
+    expand_profile(name);
     mon_rwxa_t a;
     for (list<MonCapGrant>::const_iterator p = profile_grants.begin();
         p != profile_grants.end(); ++p)
-      a = a | p->get_allowed(cct, daemon_type, name, s, c, c_args);
+      a = a | p->get_allowed(cct, name, s, c, c_args);
     return a;
   }
   if (service.length()) {
@@ -420,7 +400,6 @@ void MonCap::set_allow_all()
 
 bool MonCap::is_capable(
   CephContext *cct,
-  int daemon_type,
   EntityName name,
   const string& service,
   const string& command, const map<string,string>& command_args,
@@ -458,8 +437,7 @@ bool MonCap::is_capable(
     }
 
     // check enumerated caps
-    allow = allow | p->get_allowed(cct, daemon_type, name, service, command,
-                                  command_args);
+    allow = allow | p->get_allowed(cct, name, service, command, command_args);
     if ((!op_may_read || (allow & MON_CAP_R)) &&
        (!op_may_write || (allow & MON_CAP_W)) &&
        (!op_may_exec || (allow & MON_CAP_X))) {

diff --git a/src/mon/MonCap.h b/src/mon/MonCap.h
index 67ed105ebda518d182381753e1bc8db7e874c3ce..7f74ea99b12e52cdb6e92f399909d4a4ed903c08 100644 (file)
--- a/src/mon/MonCap.h
+++ b/src/mon/MonCap.h
@@ -96,9 +96,7 @@ struct MonCapGrant {
   // needed by expand_profile() (via is_match()) and cached here.
   mutable list<MonCapGrant> profile_grants;
 
-  void expand_profile(int daemon_type, const EntityName& name) const;
-  void expand_profile_mon(const EntityName& name) const;
-  void expand_profile_mgr(const EntityName& name) const;
+  void expand_profile(const EntityName& name) const;
 
   MonCapGrant() : allow(0) {}
   // cppcheck-suppress noExplicitConstructor
@@ -121,7 +119,6 @@ struct MonCapGrant {
    * @return bits we allow
    */
   mon_rwxa_t get_allowed(CephContext *cct,
-                        int daemon_type, ///< CEPH_ENTITY_TYPE_*
                         EntityName name,
                         const std::string& service,
                         const std::string& command,
@@ -159,7 +156,6 @@ struct MonCap {
    * This method actually checks a description of a particular operation against
    * what the capability has specified.
    *
-   * @param daemon_type CEPH_ENTITY_TYPE_* for the service (MON or MGR)
    * @param service service name
    * @param command command id
    * @param command_args
@@ -169,7 +165,6 @@ struct MonCap {
    * @return true if the operation is allowed, false otherwise
    */
   bool is_capable(CephContext *cct,
-                 int daemon_type,
                  EntityName name,
                  const string& service,
                  const string& command, const map<string,string>& command_args,

diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index 1c46c38774d87b496301ccff602e42d065b1b292..1549580b973a11abe19d5c9554ec857bd71e8696 100644 (file)
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -3088,7 +3088,6 @@ bool Monitor::_allowed_command(MonSession *s, const string &module,
 
   bool capable = s->caps.is_capable(
     g_ceph_context,
-    CEPH_ENTITY_TYPE_MON,
     s->entity_name,
     module, prefix, param_str_map,
     cmd_r, cmd_w, cmd_x,

diff --git a/src/mon/OSDMonitor.cc b/src/mon/OSDMonitor.cc
index c8441c3ebd5caeb2e6022b47591f8e0f923f7687..4f8f4d421fa4e178e55add6d495f1b542f37a1d3 100644 (file)
--- a/src/mon/OSDMonitor.cc
+++ b/src/mon/OSDMonitor.cc
@@ -223,8 +223,7 @@ bool is_unmanaged_snap_op_permitted(CephContext* cct,
   typedef std::map<std::string, std::string> CommandArgs;
 
   if (mon_caps.is_capable(
-       cct, CEPH_ENTITY_TYPE_MON,
-       entity_name, "osd",
+       cct, entity_name, "osd",
        "osd pool op unmanaged-snap",
        (pool_name == nullptr ?
         CommandArgs{} /* pool DNE, require unrestricted cap */ :
@@ -3861,7 +3860,6 @@ bool OSDMonitor::preprocess_remove_snaps(MonOpRequestRef op)
     goto ignore;
   if (!session->caps.is_capable(
        cct,
-       CEPH_ENTITY_TYPE_MON,
        session->entity_name,
         "osd", "osd pool rmsnap", {}, true, true, false,
        session->get_peer_socket_addr())) {

diff --git a/src/mon/Session.h b/src/mon/Session.h
index 8981599573ad679865bc99132b9d23820f7b0427..fba33381f75e3e53c808b6038ad708cf8716c4bd 100644 (file)
--- a/src/mon/Session.h
+++ b/src/mon/Session.h
@@ -95,7 +95,6 @@ struct MonSession : public RefCountedObject {
     map<string,string> args;
     return caps.is_capable(
       g_ceph_context,
-      CEPH_ENTITY_TYPE_MON,
       entity_name,
       service, "", args,
       mask & MON_CAP_R, mask & MON_CAP_W, mask & MON_CAP_X,

diff --git a/src/test/mon/moncap.cc b/src/test/mon/moncap.cc
index 388227ccb808f5498b4938297996def7ae8c7cc7..1c151b1e3994f42cc8419b63d0caf69fc87a07d1 100644 (file)
--- a/src/test/mon/moncap.cc
+++ b/src/test/mon/moncap.cc
@@ -188,8 +188,8 @@ TEST(MonCap, AllowAll) {
 
   ASSERT_TRUE(cap.parse("allow *", NULL));
   ASSERT_TRUE(cap.is_allow_all());
-  ASSERT_TRUE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON, EntityName(),
-                            "foo", "asdf", map<string,string>(), true, true, true, entity_addr_t()));
+  ASSERT_TRUE(cap.is_capable(NULL, {}, "foo", "asdf", {}, true, true, true,
+                             {}));
 
   MonCap cap2;
   ASSERT_FALSE(cap2.is_allow_all());
@@ -207,17 +207,11 @@ TEST(MonCap, Network) {
   b.parse("192.168.2.3");
   c.parse("192.167.2.3");
 
-  ASSERT_TRUE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON, EntityName(),
-                            "foo", "asdf", map<string,string>(),
-                            true, true, true,
+  ASSERT_TRUE(cap.is_capable(NULL, {}, "foo", "asdf", {}, true, true, true,
                             a));
-  ASSERT_TRUE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON, EntityName(),
-                            "foo", "asdf", map<string,string>(),
-                            true, true, true,
+  ASSERT_TRUE(cap.is_capable(NULL, {}, "foo", "asdf", {}, true, true, true,
                             b));
-  ASSERT_FALSE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON, EntityName(),
-                            "foo", "asdf", map<string,string>(),
-                            true, true, true,
+  ASSERT_FALSE(cap.is_capable(NULL, {}, "foo", "asdf", {}, true, true, true,
                             c));
 }
 
@@ -230,87 +224,62 @@ TEST(MonCap, ProfileOSD) {
   name.from_str("osd.123");
   map<string,string> ca;
 
-  ASSERT_TRUE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON,
-                            name, "osd", "", ca, true, false, false,
-                            entity_addr_t()));
-  ASSERT_TRUE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON,
-                            name, "osd", "", ca, true, true, false,
-                            entity_addr_t()));
-  ASSERT_TRUE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON,
-                            name, "osd", "", ca, true, true, true,
-                            entity_addr_t()));
-  ASSERT_TRUE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON,
-                            name, "osd", "", ca, true, true, true,
-                            entity_addr_t()));
-  ASSERT_TRUE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON,
-                            name, "mon", "", ca, true, false,false,
-                            entity_addr_t()));
-
-  ASSERT_FALSE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON,
-                            name, "mds", "", ca, true, true, true,
-                            entity_addr_t()));
-  ASSERT_FALSE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON,
-                            name, "mon", "", ca, true, true, true,
-                            entity_addr_t()));
+  ASSERT_TRUE(cap.is_capable(NULL, name, "osd", "", ca, true, false, false,
+                            {}));
+  ASSERT_TRUE(cap.is_capable(NULL, name, "osd", "", ca, true, true, false, {}));
+  ASSERT_TRUE(cap.is_capable(NULL, name, "osd", "", ca, true, true, true, {}));
+  ASSERT_TRUE(cap.is_capable(NULL, name, "osd", "", ca, true, true, true, {}));
+  ASSERT_TRUE(cap.is_capable(NULL, name, "mon", "", ca, true, false, false,
+                             {}));
+
+  ASSERT_FALSE(cap.is_capable(NULL, name, "mds", "", ca, true, true, true, {}));
+  ASSERT_FALSE(cap.is_capable(NULL, name, "mon", "", ca, true, true, true, {}));
 
   ca.clear();
-  ASSERT_FALSE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON,
-                            name, "", "config-key get", ca, true, true, true,
-                            entity_addr_t()));
+  ASSERT_FALSE(cap.is_capable(NULL, name, "", "config-key get", ca, true, true,
+                              true, {}));
   ca["key"] = "daemon-private/osd.123";
-  ASSERT_FALSE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON,
-                            name, "", "config-key get", ca, true, true, true,
-                            entity_addr_t()));
+  ASSERT_FALSE(cap.is_capable(NULL, name, "", "config-key get", ca, true, true,
+                              true, {}));
   ca["key"] = "daemon-private/osd.12/asdf";
-  ASSERT_FALSE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON,
-                            name, "", "config-key get", ca, true, true, true,
-                            entity_addr_t()));
+  ASSERT_FALSE(cap.is_capable(NULL, name, "", "config-key get", ca, true, true,
+                              true, {}));
   ca["key"] = "daemon-private/osd.123/";
-  ASSERT_TRUE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON,
-                            name, "", "config-key get", ca, true, true, true,
-                            entity_addr_t()));
-  ASSERT_TRUE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON,
-                            name, "", "config-key get", ca, true, true, true,
-                            entity_addr_t()));
-  ASSERT_TRUE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON,
-                            name, "", "config-key get", ca, true, true, true,
-                            entity_addr_t()));
+  ASSERT_TRUE(cap.is_capable(NULL, name, "", "config-key get", ca, true, true,
+                             true, {}));
+  ASSERT_TRUE(cap.is_capable(NULL, name, "", "config-key get", ca, true, true,
+                             true, {}));
+  ASSERT_TRUE(cap.is_capable(NULL, name, "", "config-key get", ca, true, true,
+                             true, {}));
   ca["key"] = "daemon-private/osd.123/foo";
-  ASSERT_TRUE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON,
-                            name, "", "config-key get", ca, true, true, true,
-                            entity_addr_t()));
-  ASSERT_TRUE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON,
-                            name, "", "config-key put", ca, true, true, true,
-                            entity_addr_t()));
-  ASSERT_TRUE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON,
-                            name, "", "config-key set", ca, true, true, true,
-                            entity_addr_t()));
-  ASSERT_TRUE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON,
-                            name, "", "config-key exists", ca, true, true, true,
-                            entity_addr_t()));
-  ASSERT_TRUE(cap.is_capable(NULL, CEPH_ENTITY_TYPE_MON,
-                            name, "", "config-key delete", ca, true, true, true,
-                            entity_addr_t()));
+  ASSERT_TRUE(cap.is_capable(NULL, name, "", "config-key get", ca, true, true,
+                             true, {}));
+  ASSERT_TRUE(cap.is_capable(NULL, name, "", "config-key put", ca, true, true,
+                             true, {}));
+  ASSERT_TRUE(cap.is_capable(NULL, name, "", "config-key set", ca, true, true,
+                             true, {}));
+  ASSERT_TRUE(cap.is_capable(NULL, name, "", "config-key exists", ca, true,
+                             true, true, {}));
+  ASSERT_TRUE(cap.is_capable(NULL, name, "", "config-key delete", ca, true,
+                             true, true, {}));
 }
 
 TEST(MonCap, CommandRegEx) {
   MonCap cap;
   ASSERT_FALSE(cap.is_allow_all());
-  ASSERT_TRUE(cap.parse("allow command abc with arg regex \"^[0-9a-z.]*$\"", NULL));
+  ASSERT_TRUE(cap.parse("allow command abc with arg regex \"^[0-9a-z.]*$\"",
+                        NULL));
 
   EntityName name;
   name.from_str("osd.123");
-  ASSERT_TRUE(cap.is_capable(nullptr, CEPH_ENTITY_TYPE_OSD, name, "",
-                             "abc", {{"arg", "12345abcde"}}, true, true, true,
-                            entity_addr_t()));
-  ASSERT_FALSE(cap.is_capable(nullptr, CEPH_ENTITY_TYPE_OSD, name, "",
-                              "abc", {{"arg", "~!@#$"}}, true, true, true,
-                             entity_addr_t()));
+  ASSERT_TRUE(cap.is_capable(nullptr, name, "", "abc", {{"arg", "12345abcde"}},
+                             true, true, true, {}));
+  ASSERT_FALSE(cap.is_capable(nullptr, name, "", "abc", {{"arg", "~!@#$"}},
+                              true, true, true, {}));
 
   ASSERT_TRUE(cap.parse("allow command abc with arg regex \"[*\"", NULL));
-  ASSERT_FALSE(cap.is_capable(nullptr, CEPH_ENTITY_TYPE_OSD, name, "",
-                              "abc", {{"arg", ""}}, true, true, true,
-                             entity_addr_t()));
+  ASSERT_FALSE(cap.is_capable(nullptr, name, "", "abc", {{"arg", ""}}, true,
+                              true, true, {}));
 }
 
 TEST(MonCap, ProfileBootstrapRBD) {
@@ -320,27 +289,27 @@ TEST(MonCap, ProfileBootstrapRBD) {
 
   EntityName name;
   name.from_str("mon.a");
-  ASSERT_TRUE(cap.is_capable(nullptr, CEPH_ENTITY_TYPE_MON, name, "",
+  ASSERT_TRUE(cap.is_capable(nullptr,  name, "",
                              "auth get-or-create", {
                                {"entity", "client.rbd"},
                                {"caps_mon", "profile rbd"},
                                {"caps_osd", "profile rbd pool=foo, profile rbd-read-only"},
                              }, true, true, true,
-                            entity_addr_t()));
-  ASSERT_FALSE(cap.is_capable(nullptr, CEPH_ENTITY_TYPE_MON, name, "",
+                            {}));
+  ASSERT_FALSE(cap.is_capable(nullptr,  name, "",
                               "auth get-or-create", {
                                 {"entity", "client.rbd"},
                                 {"caps_mon", "allow *"},
                                 {"caps_osd", "profile rbd"},
                               }, true, true, true,
-                             entity_addr_t()));
-  ASSERT_FALSE(cap.is_capable(nullptr, CEPH_ENTITY_TYPE_MON, name, "",
+                             {}));
+  ASSERT_FALSE(cap.is_capable(nullptr,  name, "",
                               "auth get-or-create", {
                                 {"entity", "client.rbd"},
                                 {"caps_mon", "profile rbd"},
                                 {"caps_osd", "profile rbd pool=foo, allow *, profile rbd-read-only"},
                               }, true, true, true,
-                             entity_addr_t()));
+                             {}));
 }
 
 TEST(MonCap, ProfileBootstrapRBDMirror) {
@@ -350,34 +319,34 @@ TEST(MonCap, ProfileBootstrapRBDMirror) {
 
   EntityName name;
   name.from_str("mon.a");
-  ASSERT_TRUE(cap.is_capable(nullptr, CEPH_ENTITY_TYPE_MON, name, "",
+  ASSERT_TRUE(cap.is_capable(nullptr,  name, "",
                              "auth get-or-create", {
                                {"entity", "client.rbd"},
                                {"caps_mon", "profile rbd-mirror"},
                                {"caps_osd", "profile rbd pool=foo, profile rbd-read-only"},
                              }, true, true, true,
-                            entity_addr_t()));
-  ASSERT_FALSE(cap.is_capable(nullptr, CEPH_ENTITY_TYPE_MON, name, "",
+                            {}));
+  ASSERT_FALSE(cap.is_capable(nullptr,  name, "",
                               "auth get-or-create", {
                                 {"entity", "client.rbd"},
                                 {"caps_mon", "profile rbd"},
                                 {"caps_osd", "profile rbd pool=foo, profile rbd-read-only"},
                               }, true, true, true,
-                             entity_addr_t()));
-  ASSERT_FALSE(cap.is_capable(nullptr, CEPH_ENTITY_TYPE_MON, name, "",
+                             {}));
+  ASSERT_FALSE(cap.is_capable(nullptr,  name, "",
                               "auth get-or-create", {
                                 {"entity", "client.rbd"},
                                 {"caps_mon", "allow *"},
                                 {"caps_osd", "profile rbd"},
                               }, true, true, true,
-                             entity_addr_t()));
-  ASSERT_FALSE(cap.is_capable(nullptr, CEPH_ENTITY_TYPE_MON, name, "",
+                             {}));
+  ASSERT_FALSE(cap.is_capable(nullptr,  name, "",
                               "auth get-or-create", {
                                 {"entity", "client.rbd"},
                                 {"caps_mon", "profile rbd-mirror"},
                                 {"caps_osd", "profile rbd pool=foo, allow *, profile rbd-read-only"},
                               }, true, true, true,
-                             entity_addr_t()));
+                             {}));
 }
 
 TEST(MonCap, ProfileRBD) {
@@ -387,10 +356,10 @@ TEST(MonCap, ProfileRBD) {
 
   EntityName name;
   name.from_str("mon.a");
-  ASSERT_FALSE(cap.is_capable(nullptr, CEPH_ENTITY_TYPE_MON, name, "config-key",
+  ASSERT_FALSE(cap.is_capable(nullptr,  name, "config-key",
                               "config-key get", {
                                 {"key", "rbd/mirror/peer/1/1234"},
-                              }, true, false, false, entity_addr_t()));
+                              }, true, false, false, {}));
 }
 
 TEST(MonCap, ProfileRBDMirror) {
@@ -400,8 +369,8 @@ TEST(MonCap, ProfileRBDMirror) {
 
   EntityName name;
   name.from_str("mon.a");
-  ASSERT_TRUE(cap.is_capable(nullptr, CEPH_ENTITY_TYPE_MON, name, "config-key",
+  ASSERT_TRUE(cap.is_capable(nullptr, name, "config-key",
                              "config-key get", {
                                {"key", "rbd/mirror/peer/1/1234"},
-                             }, true, false, false, entity_addr_t()));
+                             }, true, false, false, {}));
 }