From: Dan Mick <dan.mick@inktank.com>
Date: Wed, 10 Jul 2013 23:45:53 +0000 (-0700)
Subject: auth: cephx: KeyServer: list secrets to formatter or plaintext
X-Git-Tag: v0.67-rc1~101
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=f8ee4a743967d3ac89e610575039db0fd77f6105;p=ceph.git

auth: cephx: KeyServer: list secrets to formatter or plaintext

Signed-off-by: Joao Eduardo Luis <joao.luis@inktank.com>
---

diff --git a/src/auth/cephx/CephxKeyServer.cc b/src/auth/cephx/CephxKeyServer.cc
index ffe356882ee9..e0c8174a2a1e 100644
--- a/src/auth/cephx/CephxKeyServer.cc
+++ b/src/auth/cephx/CephxKeyServer.cc
@@ -295,36 +295,71 @@ bool KeyServer::contains(const EntityName& name) const
   return data.contains(name);
 }
 
-void KeyServer::list_secrets(stringstream& ss, stringstream &ds) const
+int KeyServer::encode_secrets(Formatter *f, stringstream *ds) const
 {
   Mutex::Locker l(lock);
 
+  if (f)
+    f->open_array_section("auth_dump");
+
   map<EntityName, EntityAuth>::const_iterator mapiter = data.secrets_begin();
-  if (mapiter != data.secrets_end()) {
-    ss << "installed auth entries: " << std::endl;      
-
-    while (mapiter != data.secrets_end()) {
-      const EntityName& name = mapiter->first;
-      ds << name.to_str() << std::endl;
-
-      ds << "\tkey: " << mapiter->second.key << std::endl;
-
-      map<string, bufferlist>::const_iterator capsiter =
-	  mapiter->second.caps.begin();
-      for (; capsiter != mapiter->second.caps.end(); ++capsiter) {
-	// FIXME: need a const_iterator for bufferlist, but it doesn't exist yet.
-	bufferlist *bl = const_cast<bufferlist*>(&capsiter->second);
-        bufferlist::iterator dataiter = bl->begin();
-        string caps;
-        ::decode(caps, dataiter);
-	ds << "\tcaps: [" << capsiter->first << "] " << caps << std::endl;
-      }
-     
-      ++mapiter;
+
+  if (mapiter == data.secrets_end())
+    return -ENOENT;
+
+  while (mapiter != data.secrets_end()) {
+    const EntityName& name = mapiter->first;
+    if (ds) {
+      *ds << name.to_str() << std::endl;
+      *ds << "\tkey: " << mapiter->second.key << std::endl;
+    }
+    if (f) {
+      f->open_object_section("auth_entities");
+      f->dump_string("entity", name.to_str());
+      f->dump_stream("key") << mapiter->second.key;
+      f->open_object_section("caps");
     }
-  } else {
-    ss << "no installed auth entries!";
+
+    map<string, bufferlist>::const_iterator capsiter =
+        mapiter->second.caps.begin();
+    for (; capsiter != mapiter->second.caps.end(); ++capsiter) {
+      // FIXME: need a const_iterator for bufferlist, but it doesn't exist yet.
+      bufferlist *bl = const_cast<bufferlist*>(&capsiter->second);
+      bufferlist::iterator dataiter = bl->begin();
+      string caps;
+      ::decode(caps, dataiter);
+      if (ds)
+        *ds << "\tcaps: [" << capsiter->first << "] " << caps << std::endl;
+      if (f)
+        f->dump_string(capsiter->first.c_str(), caps);
+    }
+    if (f) {
+      f->close_section(); // caps
+      f->close_section(); // auth_entities
+    }
+
+    ++mapiter;
   }
+
+  if (f)
+    f->close_section(); // auth_dump
+  return 0;
+}
+
+void KeyServer::encode_formatted(string label, Formatter *f, bufferlist &bl)
+{
+  assert(f != NULL);
+  f->open_object_section(label.c_str());
+  encode_secrets(f, NULL);
+  f->close_section();
+  f->flush(bl);
+}
+
+void KeyServer::encode_plaintext(bufferlist &bl)
+{
+  stringstream os;
+  encode_secrets(NULL, &os);
+  bl.append(os.str());
 }
 
 bool KeyServer::updated_rotating(bufferlist& rotating_bl, version_t& rotating_ver)
diff --git a/src/auth/cephx/CephxKeyServer.h b/src/auth/cephx/CephxKeyServer.h
index 9f98f722c105..905eb71fe172 100644
--- a/src/auth/cephx/CephxKeyServer.h
+++ b/src/auth/cephx/CephxKeyServer.h
@@ -231,7 +231,12 @@ public:
     ::decode(data, bl);
   }
   bool contains(const EntityName& name) const;
-  void list_secrets(stringstream& ss, stringstream &ds) const;
+  int encode_secrets(Formatter *f, stringstream *ds) const;
+  void encode_formatted(string label, Formatter *f, bufferlist &bl);
+  void encode_plaintext(bufferlist &bl);
+  int list_secrets(stringstream& ds) const {
+    return encode_secrets(NULL, &ds);
+  }
   version_t get_ver() const {
     Mutex::Locker l(lock);
     return data.version;    
diff --git a/src/mon/AuthMonitor.cc b/src/mon/AuthMonitor.cc
index b812a049d39b..feec3f523d8b 100644
--- a/src/mon/AuthMonitor.cc
+++ b/src/mon/AuthMonitor.cc
@@ -624,7 +624,16 @@ bool AuthMonitor::preprocess_command(MMonCommand *m)
     }
     r = 0;
   } else if (prefix == "auth list") {
-    mon->key_server.list_secrets(ss, ds);
+    if (f) {
+      mon->key_server.encode_formatted("auth", f.get(), rdata);
+      f->flush(rdata);
+    } else {
+      mon->key_server.encode_plaintext(rdata);
+      if (rdata.length() > 0)
+        ss << "installed auth entries:" << std::endl;
+      else
+        ss << "no installed auth entries!" << std::endl;
+    }
     r = 0;
     goto done;
   } else {
diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index 2aa2f8a6d6ea..9f3f185299e9 100644
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -3616,7 +3616,11 @@ bool Monitor::ms_get_authorizer(int service_id, AuthAuthorizer **authorizer, boo
       !key_server.get_secret(name, secret)) {
     dout(0) << " couldn't get secret for mon service from keyring or keyserver" << dendl;
     stringstream ss, ds;
-    key_server.list_secrets(ss, ds);
+    int err = key_server.list_secrets(ds);
+    if (err < 0)
+      ss << "no installed auth entries!";
+    else
+      ss << "installed auth entries:";
     dout(0) << ss.str() << "\n" << ds.str() << dendl;
     return false;
   }