auth: cephx: KeyServer: list secrets to formatter or plaintext

Signed-off-by: Joao Eduardo Luis <joao.luis@inktank.com>

diff --git a/src/auth/cephx/CephxKeyServer.cc b/src/auth/cephx/CephxKeyServer.cc
index ffe356882ee97a283616e22f352aa0d4bace026b..e0c8174a2a1e60f84090a7fd838621a6c1277fa8 100644 (file)
--- a/src/auth/cephx/CephxKeyServer.cc
+++ b/src/auth/cephx/CephxKeyServer.cc
@@ -295,36 +295,71 @@ bool KeyServer::contains(const EntityName& name) const
   return data.contains(name);
 }
 
-void KeyServer::list_secrets(stringstream& ss, stringstream &ds) const
+int KeyServer::encode_secrets(Formatter *f, stringstream *ds) const
 {
   Mutex::Locker l(lock);
 
+  if (f)
+    f->open_array_section("auth_dump");
+
   map<EntityName, EntityAuth>::const_iterator mapiter = data.secrets_begin();
-  if (mapiter != data.secrets_end()) {
-    ss << "installed auth entries: " << std::endl;      
-
-    while (mapiter != data.secrets_end()) {
-      const EntityName& name = mapiter->first;
-      ds << name.to_str() << std::endl;
-
-      ds << "\tkey: " << mapiter->second.key << std::endl;
-
-      map<string, bufferlist>::const_iterator capsiter =
-         mapiter->second.caps.begin();
-      for (; capsiter != mapiter->second.caps.end(); ++capsiter) {
-       // FIXME: need a const_iterator for bufferlist, but it doesn't exist yet.
-       bufferlist *bl = const_cast<bufferlist*>(&capsiter->second);
-        bufferlist::iterator dataiter = bl->begin();
-        string caps;
-        ::decode(caps, dataiter);
-       ds << "\tcaps: [" << capsiter->first << "] " << caps << std::endl;
-      }
-     
-      ++mapiter;
+
+  if (mapiter == data.secrets_end())
+    return -ENOENT;
+
+  while (mapiter != data.secrets_end()) {
+    const EntityName& name = mapiter->first;
+    if (ds) {
+      *ds << name.to_str() << std::endl;
+      *ds << "\tkey: " << mapiter->second.key << std::endl;
+    }
+    if (f) {
+      f->open_object_section("auth_entities");
+      f->dump_string("entity", name.to_str());
+      f->dump_stream("key") << mapiter->second.key;
+      f->open_object_section("caps");
     }
-  } else {
-    ss << "no installed auth entries!";
+
+    map<string, bufferlist>::const_iterator capsiter =
+        mapiter->second.caps.begin();
+    for (; capsiter != mapiter->second.caps.end(); ++capsiter) {
+      // FIXME: need a const_iterator for bufferlist, but it doesn't exist yet.
+      bufferlist *bl = const_cast<bufferlist*>(&capsiter->second);
+      bufferlist::iterator dataiter = bl->begin();
+      string caps;
+      ::decode(caps, dataiter);
+      if (ds)
+        *ds << "\tcaps: [" << capsiter->first << "] " << caps << std::endl;
+      if (f)
+        f->dump_string(capsiter->first.c_str(), caps);
+    }
+    if (f) {
+      f->close_section(); // caps
+      f->close_section(); // auth_entities
+    }
+
+    ++mapiter;
   }
+
+  if (f)
+    f->close_section(); // auth_dump
+  return 0;
+}
+
+void KeyServer::encode_formatted(string label, Formatter *f, bufferlist &bl)
+{
+  assert(f != NULL);
+  f->open_object_section(label.c_str());
+  encode_secrets(f, NULL);
+  f->close_section();
+  f->flush(bl);
+}
+
+void KeyServer::encode_plaintext(bufferlist &bl)
+{
+  stringstream os;
+  encode_secrets(NULL, &os);
+  bl.append(os.str());
 }
 
 bool KeyServer::updated_rotating(bufferlist& rotating_bl, version_t& rotating_ver)

diff --git a/src/auth/cephx/CephxKeyServer.h b/src/auth/cephx/CephxKeyServer.h
index 9f98f722c10564cd141a933459e8ac8ea552b2da..905eb71fe17243c6ea6ede64cc8b32cd00f9025f 100644 (file)
--- a/src/auth/cephx/CephxKeyServer.h
+++ b/src/auth/cephx/CephxKeyServer.h
@@ -231,7 +231,12 @@ public:
     ::decode(data, bl);
   }
   bool contains(const EntityName& name) const;
-  void list_secrets(stringstream& ss, stringstream &ds) const;
+  int encode_secrets(Formatter *f, stringstream *ds) const;
+  void encode_formatted(string label, Formatter *f, bufferlist &bl);
+  void encode_plaintext(bufferlist &bl);
+  int list_secrets(stringstream& ds) const {
+    return encode_secrets(NULL, &ds);
+  }
   version_t get_ver() const {
     Mutex::Locker l(lock);
     return data.version;    

diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc
index b812a049d39bfa0958d4990f91b53a5426496d13..feec3f523d8bb7d68267421178b2216714105556 100644 (file)
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -624,7 +624,16 @@ bool AuthMonitor::preprocess_command(MMonCommand *m)
     }
     r = 0;
   } else if (prefix == "auth list") {
-    mon->key_server.list_secrets(ss, ds);
+    if (f) {
+      mon->key_server.encode_formatted("auth", f.get(), rdata);
+      f->flush(rdata);
+    } else {
+      mon->key_server.encode_plaintext(rdata);
+      if (rdata.length() > 0)
+        ss << "installed auth entries:" << std::endl;
+      else
+        ss << "no installed auth entries!" << std::endl;
+    }
     r = 0;
     goto done;
   } else {

diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index 2aa2f8a6d6ea734354d75ee0c835d500dcb6929c..9f3f185299e9a78b44e7f6ef6b6a93a969fbc568 100644 (file)
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -3616,7 +3616,11 @@ bool Monitor::ms_get_authorizer(int service_id, AuthAuthorizer **authorizer, boo
       !key_server.get_secret(name, secret)) {
     dout(0) << " couldn't get secret for mon service from keyring or keyserver" << dendl;
     stringstream ss, ds;
-    key_server.list_secrets(ss, ds);
+    int err = key_server.list_secrets(ds);
+    if (err < 0)
+      ss << "no installed auth entries!";
+    else
+      ss << "installed auth entries:";
     dout(0) << ss.str() << "\n" << ds.str() << dendl;
     return false;
   }