From b1418387df942065b490ae27f567d0141c6fc9bc Mon Sep 17 00:00:00 2001
From: Sage Weil <sage@redhat.com>
Date: Fri, 3 Aug 2018 13:27:28 -0500
Subject: [PATCH] osd/OSDCap: parse 'network' clause in grant

This mirrors what we do in the MonCap (but, naturally, is a slightly
different since we're using a the spirit parse in a totally different way).

Signed-off-by: Sage Weil <sage@redhat.com>
---
 src/osd/OSDCap.cc      | 19 ++++++++++++++-----
 src/osd/OSDCap.h       | 16 ++++++++++++++--
 src/test/osd/osdcap.cc | 16 ++++++++++++----
 3 files changed, 40 insertions(+), 11 deletions(-)

diff --git a/src/osd/OSDCap.cc b/src/osd/OSDCap.cc
index 368b59ffdda89..c6bdbe38da9ed 100644
--- a/src/osd/OSDCap.cc
+++ b/src/osd/OSDCap.cc
@@ -226,6 +226,9 @@ ostream& operator<<(ostream& out, const OSDCapGrant& g)
   } else {
     out << g.match << g.spec;
   }
+  if (g.network.size()) {
+    out << " network " << g.network;
+  }
   out << ")";
   return out;
 }
@@ -405,9 +408,10 @@ struct OSDCapParser : qi::grammar<Iterator, OSDCap()>
     equoted_string %=
       lexeme['"' >> *(char_ - '"') >> '"'] |
       lexeme['\'' >> *(char_ - '\'') >> '\''];
-    unquoted_word %= +char_("a-zA-Z0-9_.-");
+    unquoted_word %= +char_("a-zA-Z0-9_./-");
     str %= quoted_string | unquoted_word;
     estr %= equoted_string | unquoted_word;
+    network_str %= +char_("/.:a-fA-F0-9][");
 
     spaces = +ascii::space;
 
@@ -461,9 +465,14 @@ struct OSDCapParser : qi::grammar<Iterator, OSDCap()>
 
     // grant := allow match capspec
     grant = (*ascii::blank >>
-	     ((lit("allow") >> capspec >> match)  [_val = phoenix::construct<OSDCapGrant>(_2, _1)] |
-	      (lit("allow") >> match >> capspec)  [_val = phoenix::construct<OSDCapGrant>(_1, _2)] |
-              (profile)                           [_val = phoenix::construct<OSDCapGrant>(_1)]
+	     ((lit("allow") >> capspec >> match >>
+	       -(spaces >> lit("network") >> spaces >> network_str))
+	       [_val = phoenix::construct<OSDCapGrant>(_2, _1, _3)] |
+	      (lit("allow") >> match >> capspec >>
+	       -(spaces >> lit("network") >> spaces >> network_str))
+	       [_val = phoenix::construct<OSDCapGrant>(_1, _2, _3)] |
+              (profile >> -(spaces >> lit("network") >> spaces >> network_str))
+	       [_val = phoenix::construct<OSDCapGrant>(_1, _2)]
              ) >> *ascii::blank);
     // osdcap := grant [grant ...]
     grants %= (grant % (lit(';') | lit(',')));
@@ -473,7 +482,7 @@ struct OSDCapParser : qi::grammar<Iterator, OSDCap()>
   qi::rule<Iterator, unsigned()> rwxa;
   qi::rule<Iterator, string()> quoted_string, equoted_string;
   qi::rule<Iterator, string()> unquoted_word;
-  qi::rule<Iterator, string()> str, estr;
+  qi::rule<Iterator, string()> str, estr, network_str;
   qi::rule<Iterator, string()> wildcard;
   qi::rule<Iterator, int()> auid;
   qi::rule<Iterator, string()> class_name;
diff --git a/src/osd/OSDCap.h b/src/osd/OSDCap.h
index f6f22166799e0..f754e08c3ba20 100644
--- a/src/osd/OSDCap.h
+++ b/src/osd/OSDCap.h
@@ -185,14 +185,26 @@ struct OSDCapGrant {
   OSDCapMatch match;
   OSDCapSpec spec;
   OSDCapProfile profile;
+  string network;
 
   // explicit grants that a profile grant expands to; populated as
   // needed by expand_profile() and cached here.
   std::list<OSDCapGrant> profile_grants;
 
   OSDCapGrant() {}
-  OSDCapGrant(const OSDCapMatch& m, const OSDCapSpec& s) : match(m), spec(s) {}
-  explicit OSDCapGrant(const OSDCapProfile& profile) : profile(profile) {
+  OSDCapGrant(const OSDCapMatch& m, const OSDCapSpec& s,
+	      boost::optional<string> n = {})
+    : match(m), spec(s) {
+    if (n) {
+      network = *n;
+    }
+  }
+  explicit OSDCapGrant(const OSDCapProfile& profile,
+		       boost::optional<string> n = {})
+    : profile(profile) {
+    if (n) {
+      network = *n;
+    }
     expand_profile();
   }
 
diff --git a/src/test/osd/osdcap.cc b/src/test/osd/osdcap.cc
index 4486299efb07a..2f4f1ac288f49 100644
--- a/src/test/osd/osdcap.cc
+++ b/src/test/osd/osdcap.cc
@@ -80,6 +80,12 @@ const char *parse_good[] = {
   "allow rwx tag application key= value",
   "allow rwx tag application key  =   value",
   "allow all tag application all=all",
+  "allow rwx network 127.0.0.1/8",
+  "allow rwx network ::1/128",
+  "allow rwx network [ff::1]/128",
+  "profile foo network 127.0.0.1/8",
+  "allow rwx namespace foo tag cephfs data =cephfs_a network 127.0.0.1/8",
+  "allow pool foo rwx network 1.2.3.4/24",
   0
 };
 
@@ -911,10 +917,12 @@ TEST(OSDCap, OutputParsed)
      "osdcap[grant(app application key key val value rwx)]"},
     {"allow rwx namespace ns* tag application key=value",
      "osdcap[grant(namespace ns* app application key key val value rwx)]"},
-	 {"allow all",
-	  "osdcap[grant(*)]"},
-	 {"allow rwx tag application all=all",
-	  "osdcap[grant(app application key * val * rwx)]"}
+    {"allow all",
+     "osdcap[grant(*)]"},
+    {"allow rwx tag application all=all",
+     "osdcap[grant(app application key * val * rwx)]"},
+    {"allow rwx network 1.2.3.4/24",
+     "osdcap[grant(rwx network 1.2.3.4/24)]"},
   };
 
   size_t num_tests = sizeof(test_values) / sizeof(*test_values);
-- 
2.39.5