From 4ec5d62a16451bd9d06f5b2945f58805639e02ef Mon Sep 17 00:00:00 2001
From: Ramana Raja <rraja@redhat.com>
Date: Mon, 8 Aug 2022 14:33:06 -0400
Subject: [PATCH] qa/tasks/cephfs: Add reproducer for
 https://tracker.ceph.com/issues/56067

A kernel CephFS client with MDS root_squash caps is able to write to a
file as non-root user. However, the data written is lost after clearing
the kernel client cache, or re-mounting the client. This issue is not
observed with a FUSE CephFS client.

Signed-off-by: Ramana Raja <rraja@redhat.com>
(cherry picked from commit c8bae07f70453577d36e83e0bb02c3410ef9cade)
---
 qa/tasks/cephfs/test_admin.py | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/qa/tasks/cephfs/test_admin.py b/qa/tasks/cephfs/test_admin.py
index 8c4abf44fbd..cb9439be639 100644
--- a/qa/tasks/cephfs/test_admin.py
+++ b/qa/tasks/cephfs/test_admin.py
@@ -1317,6 +1317,28 @@ class TestFsAuthorize(CephFSTestCase):
         self.captester.conduct_neg_test_for_chown_caps()
         self.captester.conduct_neg_test_for_truncate_caps()
 
+    def test_single_path_rootsquash_issue_56067(self):
+        """
+        That a FS client using root squash MDS caps allows non-root user to write data
+        to a file. And after client remount, the non-root user can read the data that
+        was previously written by it. https://tracker.ceph.com/issues/56067
+        """
+        keyring = self.fs.authorize(self.client_id, ('/', 'rw', 'root_squash'))
+        keyring_path = self.mount_a.client_remote.mktemp(data=keyring)
+        self.mount_a.remount(client_id=self.client_id,
+                             client_keyring_path=keyring_path,
+                             cephfs_mntpt='/')
+        filedata, filename = 'some data on fs 1', 'file_on_fs1'
+        filepath = os_path_join(self.mount_a.hostfs_mntpt, filename)
+        self.mount_a.write_file(filepath, filedata)
+
+        self.mount_a.remount(client_id=self.client_id,
+                             client_keyring_path=keyring_path,
+                             cephfs_mntpt='/')
+        if filepath.find(self.mount_a.hostfs_mntpt) != -1:
+            contents = self.mount_a.read_file(filepath)
+            self.assertEqual(filedata, contents)
+
     def test_single_path_authorize_on_nonalphanumeric_fsname(self):
         """
         That fs authorize command works on filesystems with names having [_.-]
-- 
2.47.3