From 226a5068ed3bbcae76927c784868d3808c549bef Mon Sep 17 00:00:00 2001 From: Xiaoxi Chen Date: Tue, 12 Apr 2016 17:12:25 +0800 Subject: [PATCH] tasks/cephfs: check data written to NS. NS is always used for security isolation. Signed-off-by: Xiaoxi Chen --- tasks/cephfs/filesystem.py | 6 ++++-- tasks/cephfs/test_volume_client.py | 13 +++++++++++++ 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/tasks/cephfs/filesystem.py b/tasks/cephfs/filesystem.py index c29fb8651e19c..f9ad1488aa9b3 100644 --- a/tasks/cephfs/filesystem.py +++ b/tasks/cephfs/filesystem.py @@ -723,7 +723,7 @@ class Filesystem(MDSCluster): log.info("All objects for ino {0} size {1} are absent".format(ino, size)) return True - def rados(self, args, pool=None, stdin_data=None): + def rados(self, args, pool=None, namespace=None, stdin_data=None): """ Call into the `rados` CLI from an MDS """ @@ -738,7 +738,9 @@ class Filesystem(MDSCluster): # NB we could alternatively use librados pybindings for this, but it's a one-liner # using the `rados` CLI - args = [os.path.join(self._prefix, "rados"), "-p", pool] + args + args = ([os.path.join(self._prefix, "rados"), "-p", pool] + + (["--namespace", namespace] if namespace else []) + + args) p = remote.run( args=args, stdin=stdin_data, diff --git a/tasks/cephfs/test_volume_client.py b/tasks/cephfs/test_volume_client.py index e537488bd556e..ec672371744bc 100644 --- a/tasks/cephfs/test_volume_client.py +++ b/tasks/cephfs/test_volume_client.py @@ -131,6 +131,19 @@ vc.disconnect() self.mounts[2].mount(mount_path=mount_path) self.mounts[2].write_n_mb("data.bin", 1) + #sync so that file data are persist to rados + self.mounts[2].run_shell(["sync"]) + + # Our data should stay in particular rados namespace + pool_name = self.mount_a.getfattr(os.path.join("volumes", group_id, volume_id), "ceph.dir.layout.pool") + NS_PREFIX = "fsvolumens_" + namespace = "{0}{1}".format(NS_PREFIX, volume_id) + ns_in_attr = self.mount_a.getfattr(os.path.join("volumes", group_id, volume_id), "ceph.dir.layout.pool_namespace") + self.assertEqual(namespace, ns_in_attr) + + objects_in_ns = set(self.fs.rados(["ls"], pool=pool_name, namespace=namespace).split("\n")) + self.assertNotEqual(objects_in_ns, set()) + # De-authorize the guest self._volume_client_python(self.mount_b, dedent(""" vp = VolumePath("{group_id}", "{volume_id}") -- 2.39.5