From: Sage Weil Date: Thu, 21 Feb 2019 19:45:00 +0000 (-0600) Subject: unittest_auth: add unit tests for AuthRegistry con_mode selection X-Git-Tag: v14.1.0~7^2 X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F26568%2Fhead;p=ceph.git unittest_auth: add unit tests for AuthRegistry con_mode selection Signed-off-by: Sage Weil --- diff --git a/src/common/ceph_context.h b/src/common/ceph_context.h index 97595791f2afb..15b25afc6beb1 100644 --- a/src/common/ceph_context.h +++ b/src/common/ceph_context.h @@ -128,6 +128,11 @@ public: /* Get the module type (client, mon, osd, mds, etc.) */ uint32_t get_module_type() const; + // this is here only for testing purposes! + void _set_module_type(uint32_t t) { + _module_type = t; + } + void set_init_flags(int flags); int get_init_flags() const; diff --git a/src/test/CMakeLists.txt b/src/test/CMakeLists.txt index 3a14441e5c9aa..378677f3f0c18 100644 --- a/src/test/CMakeLists.txt +++ b/src/test/CMakeLists.txt @@ -597,6 +597,14 @@ add_executable(unittest_addrs add_ceph_unittest(unittest_addrs) target_link_libraries(unittest_addrs ceph-common) +# unittest_auth +add_executable(unittest_auth + test_auth.cc + $ + ) +add_ceph_unittest(unittest_auth) +target_link_libraries(unittest_auth global) + # unittest_workqueue add_executable(unittest_workqueue test_workqueue.cc diff --git a/src/test/test_auth.cc b/src/test/test_auth.cc new file mode 100644 index 0000000000000..190a5d3940479 --- /dev/null +++ b/src/test/test_auth.cc @@ -0,0 +1,242 @@ +// -*- mode:C; tab-width:8; c-basic-offset:2; indent-tabs-mode:t -*- +// vim: ts=8 sw=2 smarttab + +#include "include/types.h" +#include "include/stringify.h" +#include "auth/Auth.h" +#include "gtest/gtest.h" +#include "common/ceph_context.h" +#include "global/global_context.h" +#include "auth/AuthRegistry.h" + +#include + +TEST(AuthRegistry, con_modes) +{ + auto cct = g_ceph_context; + AuthRegistry reg(cct); + std::vector modes; + + const std::vector crc_secure = { CEPH_CON_MODE_CRC, + CEPH_CON_MODE_SECURE }; + const std::vector secure_crc = { CEPH_CON_MODE_SECURE, + CEPH_CON_MODE_CRC }; + const std::vector secure = { CEPH_CON_MODE_SECURE }; + + // baseline: everybody agrees + cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT); + cct->_conf.set_val("ms_cluster_mode", "crc secure"); + cct->_conf.set_val("ms_service_mode", "crc secure"); + cct->_conf.set_val("ms_client_mode", "crc secure"); + cct->_conf.set_val("ms_mon_cluster_mode", "crc secure"); + cct->_conf.set_val("ms_mon_service_mode", "crc secure"); + cct->_conf.set_val("ms_mon_client_mode", "crc secure"); + cct->_conf.apply_changes(NULL); + + reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, crc_secure); + reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, crc_secure); + ASSERT_EQ((uint32_t)CEPH_CON_MODE_CRC, reg.pick_mode(CEPH_ENTITY_TYPE_OSD, + CEPH_AUTH_CEPHX, + crc_secure)); + + // what mons prefer secure, internal to mon cluster only + cct->_conf.set_val("ms_mon_cluster_mode", "secure"); + cct->_conf.apply_changes(NULL); + + cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, crc_secure); + reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, crc_secure); + + cct->_set_module_type(CEPH_ENTITY_TYPE_OSD); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, crc_secure); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, crc_secure); + + cct->_set_module_type(CEPH_ENTITY_TYPE_MON); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, secure); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, crc_secure); + + // how all cluster -> mon connections secure? + cct->_conf.set_val("ms_mon_service_mode", "secure"); + cct->_conf.apply_changes(NULL); + + cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, crc_secure); + reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, crc_secure); + + cct->_set_module_type(CEPH_ENTITY_TYPE_OSD); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, crc_secure); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, crc_secure); + + cct->_set_module_type(CEPH_ENTITY_TYPE_MON); + reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, secure); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MDS, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, secure); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, secure); + + + // how about client -> mon connections? + cct->_conf.set_val("ms_mon_client_mode", "secure"); + cct->_conf.apply_changes(NULL); + + cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, secure); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, crc_secure); + + // ms_mon)client_mode doesn't does't affect daemons, though... + cct->_conf.set_val("ms_mon_service_mode", "crc secure"); + cct->_conf.apply_changes(NULL); + + cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, secure); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, crc_secure); + + cct->_set_module_type(CEPH_ENTITY_TYPE_MON); + reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, crc_secure); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MDS, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, crc_secure); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, crc_secure); + + // how about all internal cluster connection secure? + cct->_conf.set_val("ms_cluster_mode", "secure"); + cct->_conf.set_val("ms_mon_service_mode", "secure"); + cct->_conf.apply_changes(NULL); + + cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, secure); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, crc_secure); + + cct->_set_module_type(CEPH_ENTITY_TYPE_OSD); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, secure); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, secure); + reg.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, crc_secure); + + cct->_set_module_type(CEPH_ENTITY_TYPE_MGR); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, secure); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MDS, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, secure); + reg.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, crc_secure); + + cct->_set_module_type(CEPH_ENTITY_TYPE_MDS); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, secure); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, secure); + reg.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, crc_secure); + + cct->_set_module_type(CEPH_ENTITY_TYPE_MON); + reg.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, secure); + reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, secure); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, secure); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, secure); + + // how about all connections to the cluster? + cct->_conf.set_val("ms_service_mode", "secure"); + cct->_conf.apply_changes(NULL); + + cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, secure); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, crc_secure); + reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, crc_secure); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MDS, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, crc_secure); + + cct->_set_module_type(CEPH_ENTITY_TYPE_OSD); + reg.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, secure); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, secure); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, secure); + + cct->_set_module_type(CEPH_ENTITY_TYPE_MGR); + reg.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, secure); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, secure); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MDS, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, secure); + + cct->_set_module_type(CEPH_ENTITY_TYPE_MDS); + reg.get_supported_modes(CEPH_ENTITY_TYPE_CLIENT, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, secure); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, secure); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, secure); + + // client forcing things? + cct->_conf.set_val("ms_cluster_mode", "crc secure"); + cct->_conf.set_val("ms_service_mode", "crc secure"); + cct->_conf.set_val("ms_client_mode", "secure"); + cct->_conf.set_val("ms_mon_cluster_mode", "crc secure"); + cct->_conf.set_val("ms_mon_service_mode", "crc secure"); + cct->_conf.set_val("ms_mon_client_mode", "secure"); + cct->_conf.apply_changes(NULL); + + cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, secure); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, secure); + reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, secure); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MDS, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, secure); + + // client *preferring* secure? + cct->_conf.set_val("ms_cluster_mode", "crc secure"); + cct->_conf.set_val("ms_service_mode", "crc secure"); + cct->_conf.set_val("ms_client_mode", "secure crc"); + cct->_conf.set_val("ms_mon_cluster_mode", "crc secure"); + cct->_conf.set_val("ms_mon_service_mode", "crc secure"); + cct->_conf.set_val("ms_mon_client_mode", "secure crc"); + cct->_conf.apply_changes(NULL); + + cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MON, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, secure_crc); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MGR, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, secure_crc); + reg.get_supported_modes(CEPH_ENTITY_TYPE_OSD, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, secure_crc); + reg.get_supported_modes(CEPH_ENTITY_TYPE_MDS, CEPH_AUTH_CEPHX, &modes); + ASSERT_EQ(modes, secure_crc); + + // back to normalish, for the benefit of the next test(s) + cct->_set_module_type(CEPH_ENTITY_TYPE_CLIENT); +}