mon,osd: drop the "allow" prefix for profile caps

The use of the a profile implies that it sets everything up. If
support for deny is ever added, it doesn't make much sense to
deny a profile.

Signed-off-by: Jason Dillaman <dillaman@redhat.com>

diff --git a/src/mon/MonCap.cc b/src/mon/MonCap.cc
index b368091a545cb4e32066955a26ae3c841c0aaf5c..f6f2b74f4ea1f89c1e6c52d987c6ce69ef91d99e 100644 (file)
--- a/src/mon/MonCap.cc
+++ b/src/mon/MonCap.cc
@@ -500,7 +500,8 @@ struct MonCapParser : qi::grammar<Iterator, MonCap()>
                              >> spaces >> rwxa;
 
     // profile foo
-    profile_match %= -spaces >> lit("allow") >> spaces >> lit("profile") >> (lit('=') | spaces)
+    profile_match %= -spaces >> -(lit("allow") >> spaces)
+                             >> lit("profile") >> (lit('=') | spaces)
                             >> qi::attr(string())
                             >> str
                             >> qi::attr(string())

diff --git a/src/osd/OSDCap.cc b/src/osd/OSDCap.cc
index 68f3ba5379ed34b63da2fadbc52c2cf0986a49ee..43988dc7635d81e9ca57e4223b5fbd378ca93a96 100644 (file)
--- a/src/osd/OSDCap.cc
+++ b/src/osd/OSDCap.cc
@@ -362,16 +362,16 @@ struct OSDCapParser : qi::grammar<Iterator, OSDCap()>
       (class_name >> class_cap) [_val = phoenix::construct<OSDCapSpec>(_1, _2)]);
 
     // profile := profile <name> [pool[=]<pool> [namespace[=]<namespace>]]
-    profile_name %= (spaces >> lit("profile") >> spaces >> str);
+    profile_name %= (lit("profile") >> (lit('=') | spaces) >> str);
     profile = (
       (profile_name >> pool_name >> nspace) [_val = phoenix::construct<OSDCapProfile>(_1, _2, _3)] |
       (profile_name >> pool_name)           [_val = phoenix::construct<OSDCapProfile>(_1, _2)]);
 
     // grant := allow match capspec
-    grant = (*ascii::blank >> lit("allow") >>
-            ((capspec >> match) [_val = phoenix::construct<OSDCapGrant>(_2, _1)] |
-             (match >> capspec) [_val = phoenix::construct<OSDCapGrant>(_1, _2)] |
-              (profile)          [_val = phoenix::construct<OSDCapGrant>(_1)]
+    grant = (*ascii::blank >>
+            ((lit("allow") >> capspec >> match)  [_val = phoenix::construct<OSDCapGrant>(_2, _1)] |
+             (lit("allow") >> match >> capspec)  [_val = phoenix::construct<OSDCapGrant>(_1, _2)] |
+              (profile)                           [_val = phoenix::construct<OSDCapGrant>(_1)]
              ) >> *ascii::blank);
     // osdcap := grant [grant ...]
     grants %= (grant % (lit(';') | lit(',')));

diff --git a/src/test/mon/moncap.cc b/src/test/mon/moncap.cc
index f78e0e20774d8cb979ea5d72ffd43d2aae9c278a..a3379eefc6c79aabf8053750b1495508cea15443 100644 (file)
--- a/src/test/mon/moncap.cc
+++ b/src/test/mon/moncap.cc
@@ -57,6 +57,8 @@ const char *parse_good[] = {
   "allow command abc.def with arg=foo arg2=bar, allow service foo r",
   "allow command \"foo bar\" with arg=\"baz\"",
   "allow command \"foo bar\" with arg=\"baz.xx\"",
+  "profile osd",
+  "profile \"mds-bootstrap\", profile foo",
   0
 };
 

diff --git a/src/test/osd/osdcap.cc b/src/test/osd/osdcap.cc
index 7820a77a666a2eaf991ed3d549b3e8b70cfcb20f..3a594e3b8a7cfc06ca0df961539849699775bbfd 100644 (file)
--- a/src/test/osd/osdcap.cc
+++ b/src/test/osd/osdcap.cc
@@ -70,7 +70,7 @@ const char *parse_good[] = {
   "allow pool foo namespace=nfoo rwx; allow pool bar namespace nbar object_prefix rbd r",
   "allow pool foo namespace=\"\" rwx; allow pool bar namespace='' object_prefix rbd r",
   "allow pool foo namespace \"\" rwx; allow pool bar namespace '' object_prefix rbd r",
-  "allow profile abc, allow profile abc pool=bar, allow profile abc pool=bar namespace=foo",
+  "profile abc, profile abc pool=bar, profile abc pool=bar namespace=foo",
   0
 };
 
@@ -1010,7 +1010,7 @@ TEST(OSDCap, AllowClassMultiRWX) {
 
 TEST(OSDCap, AllowProfile) {
   OSDCap cap;
-  ASSERT_TRUE(cap.parse("allow profile read-only, allow profile read-write pool abc", NULL));
+  ASSERT_TRUE(cap.parse("profile read-only, profile read-write pool abc", NULL));
   ASSERT_FALSE(cap.allow_all());
   ASSERT_FALSE(cap.is_capable("foo", "", 0, "asdf", true, true, {}));
   ASSERT_TRUE(cap.is_capable("foo", "", 0, "asdf", true, false, {}));
@@ -1018,7 +1018,7 @@ TEST(OSDCap, AllowProfile) {
 
   // RBD
   cap.grants.clear();
-  ASSERT_TRUE(cap.parse("allow profile rbd pool abc", NULL));
+  ASSERT_TRUE(cap.parse("profile rbd pool abc", NULL));
   ASSERT_FALSE(cap.allow_all());
   ASSERT_FALSE(cap.is_capable("foo", "", 0, "asdf", true, true, {}));
   ASSERT_FALSE(cap.is_capable("foo", "", 0, "rbd_children", true, false, {}));
@@ -1028,7 +1028,7 @@ TEST(OSDCap, AllowProfile) {
                              {{"rbd", true, true, true}}));
 
   cap.grants.clear();
-  ASSERT_TRUE(cap.parse("allow profile rbd-read-only pool abc", NULL));
+  ASSERT_TRUE(cap.parse("profile rbd-read-only pool abc", NULL));
   ASSERT_FALSE(cap.allow_all());
   ASSERT_FALSE(cap.is_capable("foo", "", 0, "rbd_children", true, false, {}));
   ASSERT_TRUE(cap.is_capable("abc", "", 0, "asdf", true, false,