From fc816cbec5ca4068e121fcea2bd6b51c83a84bee Mon Sep 17 00:00:00 2001
From: Jason Dillaman <dillaman@redhat.com>
Date: Fri, 30 Jun 2017 09:58:36 -0400
Subject: [PATCH] mon,osd: drop the "allow" prefix for profile caps

The use of the a profile implies that it sets everything up. If
support for deny is ever added, it doesn't make much sense to
deny a profile.

Signed-off-by: Jason Dillaman <dillaman@redhat.com>
---
 src/mon/MonCap.cc      |  3 ++-
 src/osd/OSDCap.cc      | 10 +++++-----
 src/test/mon/moncap.cc |  2 ++
 src/test/osd/osdcap.cc |  8 ++++----
 4 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/src/mon/MonCap.cc b/src/mon/MonCap.cc
index b368091a545..f6f2b74f4ea 100644
--- a/src/mon/MonCap.cc
+++ b/src/mon/MonCap.cc
@@ -500,7 +500,8 @@ struct MonCapParser : qi::grammar<Iterator, MonCap()>
                              >> spaces >> rwxa;
 
     // profile foo
-    profile_match %= -spaces >> lit("allow") >> spaces >> lit("profile") >> (lit('=') | spaces)
+    profile_match %= -spaces >> -(lit("allow") >> spaces)
+                             >> lit("profile") >> (lit('=') | spaces)
 			     >> qi::attr(string())
 			     >> str
 			     >> qi::attr(string())
diff --git a/src/osd/OSDCap.cc b/src/osd/OSDCap.cc
index 68f3ba5379e..43988dc7635 100644
--- a/src/osd/OSDCap.cc
+++ b/src/osd/OSDCap.cc
@@ -362,16 +362,16 @@ struct OSDCapParser : qi::grammar<Iterator, OSDCap()>
       (class_name >> class_cap) [_val = phoenix::construct<OSDCapSpec>(_1, _2)]);
 
     // profile := profile <name> [pool[=]<pool> [namespace[=]<namespace>]]
-    profile_name %= (spaces >> lit("profile") >> spaces >> str);
+    profile_name %= (lit("profile") >> (lit('=') | spaces) >> str);
     profile = (
       (profile_name >> pool_name >> nspace) [_val = phoenix::construct<OSDCapProfile>(_1, _2, _3)] |
       (profile_name >> pool_name)           [_val = phoenix::construct<OSDCapProfile>(_1, _2)]);
 
     // grant := allow match capspec
-    grant = (*ascii::blank >> lit("allow") >>
-	     ((capspec >> match) [_val = phoenix::construct<OSDCapGrant>(_2, _1)] |
-	      (match >> capspec) [_val = phoenix::construct<OSDCapGrant>(_1, _2)] |
-              (profile)          [_val = phoenix::construct<OSDCapGrant>(_1)]
+    grant = (*ascii::blank >>
+	     ((lit("allow") >> capspec >> match)  [_val = phoenix::construct<OSDCapGrant>(_2, _1)] |
+	      (lit("allow") >> match >> capspec)  [_val = phoenix::construct<OSDCapGrant>(_1, _2)] |
+              (profile)                           [_val = phoenix::construct<OSDCapGrant>(_1)]
              ) >> *ascii::blank);
     // osdcap := grant [grant ...]
     grants %= (grant % (lit(';') | lit(',')));
diff --git a/src/test/mon/moncap.cc b/src/test/mon/moncap.cc
index f78e0e20774..a3379eefc6c 100644
--- a/src/test/mon/moncap.cc
+++ b/src/test/mon/moncap.cc
@@ -57,6 +57,8 @@ const char *parse_good[] = {
   "allow command abc.def with arg=foo arg2=bar, allow service foo r",
   "allow command \"foo bar\" with arg=\"baz\"",
   "allow command \"foo bar\" with arg=\"baz.xx\"",
+  "profile osd",
+  "profile \"mds-bootstrap\", profile foo",
   0
 };
 
diff --git a/src/test/osd/osdcap.cc b/src/test/osd/osdcap.cc
index 7820a77a666..3a594e3b8a7 100644
--- a/src/test/osd/osdcap.cc
+++ b/src/test/osd/osdcap.cc
@@ -70,7 +70,7 @@ const char *parse_good[] = {
   "allow pool foo namespace=nfoo rwx; allow pool bar namespace nbar object_prefix rbd r",
   "allow pool foo namespace=\"\" rwx; allow pool bar namespace='' object_prefix rbd r",
   "allow pool foo namespace \"\" rwx; allow pool bar namespace '' object_prefix rbd r",
-  "allow profile abc, allow profile abc pool=bar, allow profile abc pool=bar namespace=foo",
+  "profile abc, profile abc pool=bar, profile abc pool=bar namespace=foo",
   0
 };
 
@@ -1010,7 +1010,7 @@ TEST(OSDCap, AllowClassMultiRWX) {
 
 TEST(OSDCap, AllowProfile) {
   OSDCap cap;
-  ASSERT_TRUE(cap.parse("allow profile read-only, allow profile read-write pool abc", NULL));
+  ASSERT_TRUE(cap.parse("profile read-only, profile read-write pool abc", NULL));
   ASSERT_FALSE(cap.allow_all());
   ASSERT_FALSE(cap.is_capable("foo", "", 0, "asdf", true, true, {}));
   ASSERT_TRUE(cap.is_capable("foo", "", 0, "asdf", true, false, {}));
@@ -1018,7 +1018,7 @@ TEST(OSDCap, AllowProfile) {
 
   // RBD
   cap.grants.clear();
-  ASSERT_TRUE(cap.parse("allow profile rbd pool abc", NULL));
+  ASSERT_TRUE(cap.parse("profile rbd pool abc", NULL));
   ASSERT_FALSE(cap.allow_all());
   ASSERT_FALSE(cap.is_capable("foo", "", 0, "asdf", true, true, {}));
   ASSERT_FALSE(cap.is_capable("foo", "", 0, "rbd_children", true, false, {}));
@@ -1028,7 +1028,7 @@ TEST(OSDCap, AllowProfile) {
                              {{"rbd", true, true, true}}));
 
   cap.grants.clear();
-  ASSERT_TRUE(cap.parse("allow profile rbd-read-only pool abc", NULL));
+  ASSERT_TRUE(cap.parse("profile rbd-read-only pool abc", NULL));
   ASSERT_FALSE(cap.allow_all());
   ASSERT_FALSE(cap.is_capable("foo", "", 0, "rbd_children", true, false, {}));
   ASSERT_TRUE(cap.is_capable("abc", "", 0, "asdf", true, false,
-- 
2.39.5