summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPrasanna Kumar Kalever <prasanna.kalever@redhat.com>2017-04-11 16:41:33 +0530
committerPrasanna Kumar Kalever <pkalever@redhat.com>2017-05-02 10:08:30 +0000
commit5d48aba7b65dfad09bfc639e3434f03227b8bd50 (patch)
tree3693acc473929c5592e68ffdd1990197cd6dfbed
parent1ed7bd14303fca5c3dd36a30a88d4d2d053f4334 (diff)
create: support 'auth enable' option
This patch add support to enable auth while create. The schematics of authentication setting for/while create, looks like $ gluster-block create block-test/sample-block ha 1 auth enable \ 192.168.0.105 1GiB --json-pretty { "IQN":"iqn.2016-12.org.gluster-block:dc6cca79-f9b7-44f5-acaf-ac81c9cc7c2e", "USERNAME":"dc6cca79-f9b7-44f5-acaf-ac81c9cc7c2e", "PASSWORD":"ae48635a-6902-454c-949a-f2ad0e056086", "PORTAL(S)":[ "192.168.0.105:3260" ], "RESULT":"SUCCESS" } Change-Id: Ib8f5ddd904cb879e0ee05f6a7c3c381c6615a0e4 Fixes: #5 Signed-off-by: Prasanna Kumar Kalever <prasanna.kalever@redhat.com>
-rw-r--r--cli/gluster-block.c25
-rw-r--r--rpc/block_svc_routines.c67
-rw-r--r--rpc/rpcl/block.x3
-rwxr-xr-xtests/basic.t12
4 files changed, 93 insertions, 14 deletions
diff --git a/cli/gluster-block.c b/cli/gluster-block.c
index 3020587..a980110 100644
--- a/cli/gluster-block.c
+++ b/cli/gluster-block.c
@@ -35,7 +35,8 @@ const char *argp_program_version = "" \
"in all cases as published by the Free Software Foundation.";
#define GB_CREATE_HELP_STR "gluster-block create <volname/blockname> "\
- "[ha <count>] <HOST1[,HOST2,...]> <size> [--json*]"
+ "[ha <count>] [auth enable|disable] "\
+ "<HOST1[,HOST2,...]> <size> [--json*]"
#define GB_DELETE_HELP_STR "gluster-block delete <volname/blockname> [--json*]"
#define GB_MODIFY_HELP_STR "gluster-block modify <volname/blockname> "\
@@ -182,7 +183,7 @@ glusterBlockHelp(void)
" gluster-block <command> <volname[/blockname]> [<args>] [--json*]\n"
"\n"
"commands:\n"
- " create <volname/blockname> [ha <count>] <host1[,host2,...]> <size>\n"
+ " create <volname/blockname> [ha <count>] [auth enable|disable] <host1[,host2,...]> <size>\n"
" create block device.\n"
"\n"
" list <volname>\n"
@@ -353,6 +354,26 @@ glusterBlockCreate(int argcount, char **options, int json)
}
}
+ if (argcount - optind >= 2) { /* atleast 2 needed */
+ /* if auth given then collect boolean which is next by 'auth' arg */
+ if (!strcmp(options[optind], "auth")) {
+ optind++;
+ if(strcmp (options[optind], "enable") == 0) {
+ cobj.auth_mode = 1;
+ } else if (strcmp (options[optind], "disable") == 0) {
+ cobj.auth_mode = 0;
+ } else {
+ MSG("%s\n", "argument to 'auth' doesn't seems to be right");
+ MSG("%s\n", GB_CREATE_HELP_STR);
+ LOG("cli", GB_LOG_ERROR, "Create failed while parsing argument "
+ "to auth for <%s/%s>",
+ cobj.volume, cobj.block_name);
+ goto out;
+ }
+ optind++;
+ }
+ }
+
if (argcount - optind < 2) { /* left with servers and size so 2 */
MSG("%s\n", "Insufficient arguments for create");
MSG("%s\n", GB_CREATE_HELP_STR);
diff --git a/rpc/block_svc_routines.c b/rpc/block_svc_routines.c
index 8b3eaea..c3875c8 100644
--- a/rpc/block_svc_routines.c
+++ b/rpc/block_svc_routines.c
@@ -481,6 +481,10 @@ glusterBlockCreateRemote(void *data)
GB_METAUPDATE_OR_GOTO(lock, args->glfs, cobj.block_name, cobj.volume,
ret, errMsg, out, "%s: CONFIGSUCCESS\n", args->addr);
+ if (cobj.auth_mode) {
+ GB_METAUPDATE_OR_GOTO(lock, args->glfs, cobj.block_name, cobj.volume,
+ ret, errMsg, out, "%s: AUTHENFORCED\n", args->addr);
+ }
out:
if (!args->reply) {
@@ -1059,6 +1063,7 @@ glusterBlockAuditRequest(struct glfs *glfs,
for (i = 0; i < info->nhosts; i++) {
switch (blockMetaStatusEnumParse(info->list[i]->status)) {
case GB_CONFIG_SUCCESS:
+ case GB_AUTH_ENFORCED:
successcnt++;
break;
case GB_CONFIG_INPROGRESS:
@@ -1286,7 +1291,7 @@ blockResponse *
block_modify_cli_1_svc(blockModifyCli *blk, struct svc_req *rqstp)
{
int ret = -1;
- static blockModify mobj;
+ static blockModify mobj = {0};
static blockRemoteModifyResp *savereply = NULL;
static blockResponse *reply = NULL;
struct glfs *glfs;
@@ -1421,13 +1426,15 @@ block_modify_cli_1_svc(blockModifyCli *blk, struct svc_req *rqstp)
}
void
-blockCreateCliFormatResponse(blockCreateCli *blk, int errCode,
- char *errMsg, blockRemoteCreateResp *savereply,
+blockCreateCliFormatResponse(blockCreateCli *blk, struct blockCreate *cobj,
+ int errCode, char *errMsg,
+ blockRemoteCreateResp *savereply,
struct blockResponse *reply)
{
json_object *json_obj = NULL;
json_object *json_array = NULL;
char *tmp = NULL;
+ char *tmp2 = NULL;
char *portals = NULL;
int i = 0;
@@ -1448,6 +1455,12 @@ blockCreateCliFormatResponse(blockCreateCli *blk, int errCode,
json_obj = json_object_new_object();
json_object_object_add(json_obj, "IQN",
json_object_new_string(savereply->iqn));
+ if (blk->auth_mode) {
+ json_object_object_add(json_obj, "USERNAME",
+ json_object_new_string(cobj->gbid));
+ json_object_object_add(json_obj, "PASSWORD",
+ json_object_new_string(cobj->passwd));
+ }
json_array = json_object_new_array();
@@ -1511,12 +1524,21 @@ blockCreateCliFormatResponse(blockCreateCli *blk, int errCode,
}
}
- GB_ASPRINTF(&reply->out, "IQN: %s\nPORTAL(S): %s\n%sRESULT: %s\n",
- savereply->iqn, portals, tmp?tmp:"", errCode?"FAIL":"SUCCESS");
+ if (blk->auth_mode) {
+ if (GB_ASPRINTF(&tmp2, "USERNAME: %s\nPASSWORD: %s\n",
+ cobj->gbid, cobj->passwd) == 1) {
+ goto out;
+ }
+ }
+
+ GB_ASPRINTF(&reply->out, "IQN: %s\n%sPORTAL(S): %s\n%sRESULT: %s\n",
+ savereply->iqn, blk->auth_mode?tmp2:"", portals, tmp?tmp:"",
+ errCode?"FAIL":"SUCCESS");
}
out:
GB_FREE(tmp);
+ GB_FREE(tmp2);
return;
}
@@ -1527,8 +1549,9 @@ block_create_cli_1_svc(blockCreateCli *blk, struct svc_req *rqstp)
uuid_t uuid;
blockRemoteCreateResp *savereply = NULL;
char gbid[UUID_BUF_SIZE];
- static blockCreate cobj;
- static blockResponse *reply;
+ char passwd[UUID_BUF_SIZE];
+ struct blockCreate cobj = {0};
+ struct blockResponse *reply;
struct glfs *glfs = NULL;
struct glfs_fd *lkfd = NULL;
blockServerDefPtr list = NULL;
@@ -1610,6 +1633,17 @@ block_create_cli_1_svc(blockCreateCli *blk, struct svc_req *rqstp)
cobj.size = blk->size;
strcpy(cobj.gbid, gbid);
+ if (blk->auth_mode) {
+ uuid_generate(uuid);
+ uuid_unparse(uuid, passwd);
+
+ strcpy(cobj.passwd, passwd);
+ cobj.auth_mode = 1;
+
+ GB_METAUPDATE_OR_GOTO(lock, glfs, blk->block_name, blk->volume,
+ errCode, errMsg, exist, "PASSWORD: %s\n", passwd);
+ }
+
errCode = glusterBlockCreateRemoteAsync(list, 0, blk->mpath,
glfs, &cobj, &savereply);
if (errCode) {
@@ -1652,7 +1686,7 @@ block_create_cli_1_svc(blockCreateCli *blk, struct svc_req *rqstp)
}
optfail:
- blockCreateCliFormatResponse(blk, errCode, errMsg, savereply, reply);
+ blockCreateCliFormatResponse(blk, &cobj, errCode, errMsg, savereply, reply);
GB_FREE(errMsg);
blockServerDefFree(list);
glfs_fini(glfs);
@@ -1672,6 +1706,7 @@ block_create_1_svc(blockCreate *blk, struct svc_req *rqstp)
char *lun = NULL;
char *portal = NULL;
char *attr = NULL;
+ char *authcred = NULL;
char *exec = NULL;
blockResponse *reply = NULL;
@@ -1716,16 +1751,23 @@ block_create_1_svc(blockCreate *blk, struct svc_req *rqstp)
goto out;
}
- if (GB_ASPRINTF(&attr, "%s/%s%s/tpg1 set attribute %s",
+ if (GB_ASPRINTF(&attr, "%s/%s%s/tpg1 set attribute %s %s",
GB_TGCLI_ISCSI, GB_TGCLI_IQN_PREFIX, blk->gbid,
- GB_TGCLI_ATTRIBUTES) == -1) {
+ blk->auth_mode?"authentication=1":"", GB_TGCLI_ATTRIBUTES) == -1) {
goto out;
}
- if (GB_ASPRINTF(&exec, "%s && %s && %s && %s && %s && %s && %s",
+ if (blk->auth_mode &&
+ GB_ASPRINTF(&authcred, "&& %s/%s%s/tpg1 set auth userid=%s "
+ "password=%s > %s", GB_TGCLI_ISCSI, GB_TGCLI_IQN_PREFIX,
+ blk->gbid, blk->gbid, blk->passwd, DEVNULLPATH) == -1) {
+ goto out;
+ }
+
+ if (GB_ASPRINTF(&exec, "%s && %s && %s && %s && %s && %s %s && %s",
GB_TGCLI_GLOBALS, backstore, iqn, lun, portal, attr,
- GB_TGCLI_SAVE) == -1) {
+ blk->auth_mode?authcred:"", GB_TGCLI_SAVE) == -1) {
goto out;
}
@@ -1753,6 +1795,7 @@ block_create_1_svc(blockCreate *blk, struct svc_req *rqstp)
out:
GB_FREE(exec);
+ GB_FREE(authcred);
GB_FREE(attr);
GB_FREE(portal);
GB_FREE(lun);
diff --git a/rpc/rpcl/block.x b/rpc/rpcl/block.x
index df29542..ddf381d 100644
--- a/rpc/rpcl/block.x
+++ b/rpc/rpcl/block.x
@@ -18,8 +18,10 @@ struct blockCreate {
char ipaddr[255];
char volume[255];
char gbid[127]; /* uuid */
+ char passwd[127]; /* uuid */
u_quad_t size;
char block_name[255];
+ bool auth_mode;
};
struct blockModify {
@@ -34,6 +36,7 @@ struct blockCreateCli {
char volume[255];
u_quad_t size;
u_int mpath; /* HA request count */
+ bool auth_mode;
char block_name[255];
string block_hosts<>;
enum JsonResponseFormat json_resp;
diff --git a/tests/basic.t b/tests/basic.t
index 6d8aa1a..3b8e677 100755
--- a/tests/basic.t
+++ b/tests/basic.t
@@ -94,6 +94,12 @@ TEST gluster-block modify ${VOLNAME}/${BLKNAME} auth disable
# Block delete
gluster-block delete ${VOLNAME}/${BLKNAME}
+# Block create with auth set
+TEST gluster-block create ${VOLNAME}/${BLKNAME} ha 1 auth enable ${HOST} 1GiB
+
+# Block delete
+TEST gluster-block delete ${VOLNAME}/${BLKNAME}
+
echo -e "\n*** JSON responses ***\n"
# Block create and expect json response
@@ -111,4 +117,10 @@ TEST gluster-block info ${VOLNAME}/${BLKNAME} --json-pretty
# Modify Block with auth disable and expect json response
TEST gluster-block modify ${VOLNAME}/${BLKNAME} auth disable --json-pretty
+# Block delete and expect json response
+TEST gluster-block delete ${VOLNAME}/${BLKNAME} --json-pretty
+
+# Block create with auth set and expect json response
+TEST gluster-block create ${VOLNAME}/${BLKNAME} ha 1 auth enable ${HOST} 1GiB --json-pretty
+
cleanup;