diff options
| author | David Wolinsky <davidiw@fb.com> | 2015-10-07 15:13:31 -0700 |
|---|---|---|
| committer | Jeff Darcy <jeff@pl.atyp.us> | 2017-07-13 00:54:16 +0000 |
| commit | e8029ec1fc205b5dace0c29ae3d1fe5b960e54fc (patch) | |
| tree | bb077cd22b4ffd3b16128a94eb8237d119a9acdf /tests/basic/mount-nfs-auth.t | |
| parent | 90d375de2e1ea49468c432126babbaee66d85fc0 (diff) | |
[nfs] exports_auth per (sub) volume
Summary:
- exports_auth changed to a per-volume option
- parse exports_auth in nfs3.c
- set nfs3_export state for exports_auth
- all calls into mnt3_authenticate_request must pass in volname
- volname is checked to determine if auth is enabled for that volume
Test Plan: manual testing, will look into unit testing
Reviewers: rwareing, sshreyas
Reviewed By: sshreyas
Subscribers: rappleye
Differential Revision: https://phabricator.fb.com/D2519423
Tasks: 6863942
Change-Id: Ia9fd92ca5a5bd4cbb57e9ce61075f024ab7dbc27
Signature: t1:2519423:1444775772:24dc39e22684784b75899e97e9d1e294b059a077
Signed-off-by: Jeff Darcy <jdarcy@fb.com>
Reviewed-on: https://review.gluster.org/17762
Tested-by: Jeff Darcy <jeff@pl.atyp.us>
CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
Smoke: Gluster Build System <jenkins@build.gluster.org>
Reviewed-by: Jeff Darcy <jeff@pl.atyp.us>
Diffstat (limited to 'tests/basic/mount-nfs-auth.t')
| -rwxr-xr-x | tests/basic/mount-nfs-auth.t | 40 |
1 files changed, 39 insertions, 1 deletions
diff --git a/tests/basic/mount-nfs-auth.t b/tests/basic/mount-nfs-auth.t index 5c5e62e0d58..7f990c9aeb2 100755 --- a/tests/basic/mount-nfs-auth.t +++ b/tests/basic/mount-nfs-auth.t @@ -48,7 +48,7 @@ EXPORT_ALLOW_L1="/$V0L1 $H0(sec=sys,rw,anonuid=0) @ngtop(sec=sys,rw,anonuid=0)" EXPORT_WILDCARD="/$V0 *(sec=sys,rw,anonuid=0) @ngtop(sec=sys,rw,anonuid=0)" function build_dirs () { - mkdir -p $B0/b{0,1,2}/L1/L2/L3 + mkdir -p $B0/b{0,1,2,3,4,5}/L1/L2/L3 } function export_allow_this_host_ipv6 () { @@ -64,6 +64,9 @@ function export_allow_this_host_with_slash () { } function export_deny_this_host () { + if [[ "$1" && "$1" != "$V0" ]]; then + local EXPORT_DENY=$(echo $EXPORT_DENY | sed "s/$V0/$1/") + fi printf "$EXPORT_DENY\n" > ${NFSDIR}/exports } @@ -134,6 +137,10 @@ function check_mount_failure { fi } +function do_mount () { + mount_nfs $H0:/$1 $N0 nolock +} + function small_write () { dd if=/dev/zero of=$N0/test-small-write count=1 bs=1k 2>&1 if [ $? -ne 0 ]; then @@ -377,9 +384,40 @@ TEST $CLI vol set $V0 nfs.auth-refresh-interval-sec 20 ## Do a simple test to see if the volume option exists TEST $CLI vol set $V0 nfs.auth-cache-ttl-sec 400 +## Test authentication in 1 of 2 (sub)volumes +ME=$(hostname) +TEST $CLI vol create $V1 replica 3 $ME:$B0/b3 $ME:$B0/b4 $ME:$B0/b5 +TEST $CLI vol set $V1 cluster.self-heal-daemon off +TEST $CLI vol set $V1 nfs.disable off +TEST $CLI vol set $V1 cluster.choose-local off +TEST $CLI vol start $V1 +TEST $CLI volume info $V1; + +EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "2" is_nfs_export_available $V0 +EXPECT_WITHIN $NFS_EXPORT_TIMEOUT "1" is_nfs_export_available $V1 +TEST $CLI vol set $V0 nfs.exports-auth-enable on +TEST $CLI vol set $V1 nfs.exports-auth-enable off +# Deny the hosts, but only effective on $V0 +TEST export_deny_this_host $V0 +TEST netgroup_deny_this_host +TEST export_deny_this_host $V1 + +sleep $AUTH_REFRESH_INTERVAL +TEST ! do_mount $V0 # Do a mount & test +TEST do_mount $V1 # Do a mount & test + +TEST touch /tmp/foo +TEST cp /tmp/foo $N0/ + +EXPECT_WITHIN $UMOUNT_TIMEOUT "Y" umount_nfs $N0 + ## Finish up TEST $CLI volume stop $V0 TEST $CLI volume delete $V0; TEST ! $CLI volume info $V0; +TEST $CLI volume stop $V1 +TEST $CLI volume delete $V1; +TEST ! $CLI volume info $V1; + cleanup |