diff options
author | Jilju Joy <jijoy@localhost.localdomain> | 2018-06-07 18:12:15 +0530 |
---|---|---|
committer | Jilju Joy <jijoy@localhost.localdomain> | 2018-06-07 18:16:27 +0530 |
commit | 3eea36a83e35ae3571b8bd21ff4b2a1072347c4f (patch) | |
tree | 82a93d7ba5582dd19e1b83e115fb589dc669b082 | |
parent | e90cddca3204ee8e0447fd75e136cd5b979e489e (diff) |
Gluster volume auth.reject operation
Adding minor enhancement
Change-Id: I47cc2e6a134b0ebbc8573b3d46e7e0bd5e7fd0cc
Signed-off-by: Jilju Joy <jijoy@localhost.localdomain>
-rw-r--r-- | glustolibs-gluster/glustolibs/gluster/auth_ops.py | 100 |
1 files changed, 100 insertions, 0 deletions
diff --git a/glustolibs-gluster/glustolibs/gluster/auth_ops.py b/glustolibs-gluster/glustolibs/gluster/auth_ops.py index 9d812c192..af7b25b78 100644 --- a/glustolibs-gluster/glustolibs/gluster/auth_ops.py +++ b/glustolibs-gluster/glustolibs/gluster/auth_ops.py @@ -120,3 +120,103 @@ def verify_auth_allow(volname, server, auth_dict): g.log.info("Authentication verified successfully. auth.allow: %s", auth_clients) return True + + +def verify_auth_reject(volname, server, auth_dict): + """ + Verify auth reject for volumes or sub directories as required + + Args: + volname(str): The name of volume in which auth reject + has to be set + server(str): IP or hostname of one node + auth_dict(dict): key-value pair of dirs and clients list + Example: auth_dict = {'/d1':['10.70.37.172','10.70.37,173'], + '/d3/subd1':['10.70.37.172','dhcp37-999.xyz.cdf.pqr.abc.com']} + If authentication has to set on entire volume, use 'all' as key. + auth_dict = {'all': ['10.70.37.172','10.70.37,173']} + 'all' refer to entire volume + Returns (bool): + True if all the authentication is success. + """ + auth_details = [] + if not auth_dict: + g.log.error("Authentication details are not provided") + return False + + # Get the value of auth.reject option of the volume + auth_clients_dict = get_volume_options(server, volname, "auth.reject") + auth_clients = auth_clients_dict['auth.reject'] + + # When authentication has to be verified on entire volume(not on sub-dirs) + # check if the required clients names are listed in auth.reject option + if 'all' in auth_dict: + clients_list = auth_clients.split(',') + res = all(elem in clients_list for elem in auth_dict['all']) + if not res: + g.log.error("Authentication verification failed. auth.reject: %s", + auth_clients) + return False + g.log.info("Authentication verified successfully. auth.reject: %s", + auth_clients) + return True + + # When authentication has to be verified on on sub-dirs, convert the key- + # value pair to a format which matches the value of auth.reject option. + for key, value in auth_dict.iteritems(): + auth_details.append("%s(%s)" % (key, "|".join(value))) + + # Check if the required clients names are listed in auth.reject option + for auth_detail in auth_details: + if auth_detail not in auth_clients: + g.log.error("Authentication verification failed. auth.reject: %s", + auth_clients) + return False + g.log.info("Authentication verified successfully. auth.reject: %s", + auth_clients) + return True + + +def set_auth_reject(volname, server, auth_dict): + """ + Set auth reject for volumes or sub directories as required + + Args: + volname(str): The name of volume in which auth reject + has to be set + server(str): IP or hostname of one node + auth_dict(dict): key-value pair of dirs and clients list + Example: auth_dict = {'/d1':['10.70.37.172','10.70.37,173'], + '/d3/subd1':['10.70.37.172',''dh37-999.xyz.cdf.pqr.abc.com'']} + If authentication has to set on entire volume, use 'all' as key. + auth_dict = {'all': ['10.70.37.172','10.70.37,173']} + 'all' refer to entire volume + Returns (bool): + True if the auth reject operation is success. + """ + auth_cmds = [] + if not auth_dict: + g.log.error("Authentication details are not provided") + return False + + # If authentication has to be set on sub-dirs, convert the key-value pair + # to gluster authentication set command format. + if 'all' not in auth_dict: + for key, value in auth_dict.iteritems(): + auth_cmds.append("%s(%s)" % (key, "|".join(value))) + + auth_cmd = ("gluster volume set %s auth.reject \"%s\"" + % (volname, ",".join(auth_cmds))) + + # When authentication has to be set on entire volume, convert the + # key-value pair to gluster authentication set command format. + else: + auth_cmd = ("gluster volume set %s auth.reject %s" + % (volname, ",".join(auth_dict["all"]))) + + # Execute auth.allow setting on server. + ret, _, _ = g.run(server, auth_cmd) + if (not ret) and (verify_auth_reject(volname, server, auth_dict)): + g.log.info("Auth reject set and verified successfully.") + return True + return False |