From: Kotresh HR Date: Mon, 23 Nov 2020 12:19:04 +0000 (+0530) Subject: mgr/volumes: Add subvolume authorized_list command X-Git-Tag: v14.2.17~53^2~12 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=c02b94852297894040bdba2a648167f0a39a9134;p=ceph.git mgr/volumes: Add subvolume authorized_list command Fixes: https://tracker.ceph.com/issues/44931 Signed-off-by: Kotresh HR (cherry picked from commit 1abec3d0ca8c4fa405cdbf56c55f44f37aca9ca8) --- diff --git a/src/pybind/mgr/volumes/fs/operations/versions/subvolume_v1.py b/src/pybind/mgr/volumes/fs/operations/versions/subvolume_v1.py index 33ddcabbeffe..9680ee2a4aec 100644 --- a/src/pybind/mgr/volumes/fs/operations/versions/subvolume_v1.py +++ b/src/pybind/mgr/volumes/fs/operations/versions/subvolume_v1.py @@ -6,6 +6,7 @@ import errno import logging import json from datetime import datetime +from typing import List, Dict import cephfs @@ -514,6 +515,27 @@ class SubvolumeV1(SubvolumeBase, SubvolumeTemplate): for access_level in access_levels] deny_access(self.mgr, client_entity, want_mds_caps, want_osd_caps) + def authorized_list(self): + """ + Expose a list of auth IDs that have access to a subvolume. + + return: a list of (auth_id, access_level) tuples, where + the access_level can be 'r' , or 'rw'. + None if no auth ID is given access to the subvolume. + """ + with self.auth_mdata_mgr.subvol_metadata_lock(self.group.groupname, self.subvolname): + meta = self.auth_mdata_mgr.subvol_metadata_get(self.group.groupname, self.subvolname) + auths = [] # type: List[Dict[str,str]] + if not meta or not meta['auths']: + return auths + + for auth, auth_data in meta['auths'].items(): + # Skip partial auth updates. + if not auth_data['dirty']: + auths.append({auth: auth_data['access_level']}) + + return auths + def _get_clone_source(self): try: clone_source = { diff --git a/src/pybind/mgr/volumes/fs/volume.py b/src/pybind/mgr/volumes/fs/volume.py index 09051ab9f1b8..2e4b687bfc37 100644 --- a/src/pybind/mgr/volumes/fs/volume.py +++ b/src/pybind/mgr/volumes/fs/volume.py @@ -243,6 +243,22 @@ class VolumeClient(object): ret = self.volume_exception_to_retval(ve) return ret + def authorized_list(self, **kwargs): + ret = 0, "", "" + volname = kwargs['vol_name'] + subvolname = kwargs['sub_name'] + groupname = kwargs['group_name'] + + try: + with open_volume(self, volname) as fs_handle: + with open_group(fs_handle, self.volspec, groupname) as group: + with open_subvol(self.mgr, fs_handle, self.volspec, group, subvolname, SubvolumeOpType.ALLOW_ACCESS) as subvolume: + auths = subvolume.authorized_list() + ret = 0, json.dumps(auths, indent=4, sort_keys=True), "" + except VolumeException as ve: + ret = self.volume_exception_to_retval(ve) + return ret + def resize_subvolume(self, **kwargs): ret = 0, "", "" volname = kwargs['vol_name'] diff --git a/src/pybind/mgr/volumes/module.py b/src/pybind/mgr/volumes/module.py index a538a86fd971..efdd4064df9e 100644 --- a/src/pybind/mgr/volumes/module.py +++ b/src/pybind/mgr/volumes/module.py @@ -135,6 +135,14 @@ class Module(orchestrator.OrchestratorClientMixin, MgrModule): 'desc': "Deny a cephx auth ID access to a subvolume", 'perm': 'rw' }, + { + 'cmd': 'fs subvolume authorized_list ' + 'name=vol_name,type=CephString ' + 'name=sub_name,type=CephString ' + 'name=group_name,type=CephString,req=false ', + 'desc': "List auth IDs that have access to a subvolume", + 'perm': 'r' + }, { 'cmd': 'fs subvolumegroup getpath ' 'name=vol_name,type=CephString ' @@ -436,6 +444,15 @@ class Module(orchestrator.OrchestratorClientMixin, MgrModule): auth_id=cmd['auth_id'], group_name=cmd.get('group_name', None)) + @mgr_cmd_wrap + def _cmd_fs_subvolume_authorized_list(self, inbuf, cmd): + """ + :return: a 3-tuple of return code(int), list of authids(json), error message (str) + """ + return self.vc.authorized_list(vol_name=cmd['vol_name'], + sub_name=cmd['sub_name'], + group_name=cmd.get('group_name', None)) + @mgr_cmd_wrap def _cmd_fs_subvolume_ls(self, inbuf, cmd): return self.vc.list_subvolumes(vol_name=cmd['vol_name'],