summaryrefslogtreecommitdiffstats
path: root/glustolibs-gluster/glustolibs/gluster
diff options
context:
space:
mode:
authorJilju Joy <jijoy@localhost.localdomain>2018-06-07 18:12:15 +0530
committerJilju Joy <jijoy@localhost.localdomain>2018-06-07 18:16:27 +0530
commit3eea36a83e35ae3571b8bd21ff4b2a1072347c4f (patch)
tree82a93d7ba5582dd19e1b83e115fb589dc669b082 /glustolibs-gluster/glustolibs/gluster
parente90cddca3204ee8e0447fd75e136cd5b979e489e (diff)
Gluster volume auth.reject operation
Adding minor enhancement Change-Id: I47cc2e6a134b0ebbc8573b3d46e7e0bd5e7fd0cc Signed-off-by: Jilju Joy <jijoy@localhost.localdomain>
Diffstat (limited to 'glustolibs-gluster/glustolibs/gluster')
-rw-r--r--glustolibs-gluster/glustolibs/gluster/auth_ops.py100
1 files changed, 100 insertions, 0 deletions
diff --git a/glustolibs-gluster/glustolibs/gluster/auth_ops.py b/glustolibs-gluster/glustolibs/gluster/auth_ops.py
index 9d812c1..af7b25b 100644
--- a/glustolibs-gluster/glustolibs/gluster/auth_ops.py
+++ b/glustolibs-gluster/glustolibs/gluster/auth_ops.py
@@ -120,3 +120,103 @@ def verify_auth_allow(volname, server, auth_dict):
g.log.info("Authentication verified successfully. auth.allow: %s",
auth_clients)
return True
+
+
+def verify_auth_reject(volname, server, auth_dict):
+ """
+ Verify auth reject for volumes or sub directories as required
+
+ Args:
+ volname(str): The name of volume in which auth reject
+ has to be set
+ server(str): IP or hostname of one node
+ auth_dict(dict): key-value pair of dirs and clients list
+ Example: auth_dict = {'/d1':['10.70.37.172','10.70.37,173'],
+ '/d3/subd1':['10.70.37.172','dhcp37-999.xyz.cdf.pqr.abc.com']}
+ If authentication has to set on entire volume, use 'all' as key.
+ auth_dict = {'all': ['10.70.37.172','10.70.37,173']}
+ 'all' refer to entire volume
+ Returns (bool):
+ True if all the authentication is success.
+ """
+ auth_details = []
+ if not auth_dict:
+ g.log.error("Authentication details are not provided")
+ return False
+
+ # Get the value of auth.reject option of the volume
+ auth_clients_dict = get_volume_options(server, volname, "auth.reject")
+ auth_clients = auth_clients_dict['auth.reject']
+
+ # When authentication has to be verified on entire volume(not on sub-dirs)
+ # check if the required clients names are listed in auth.reject option
+ if 'all' in auth_dict:
+ clients_list = auth_clients.split(',')
+ res = all(elem in clients_list for elem in auth_dict['all'])
+ if not res:
+ g.log.error("Authentication verification failed. auth.reject: %s",
+ auth_clients)
+ return False
+ g.log.info("Authentication verified successfully. auth.reject: %s",
+ auth_clients)
+ return True
+
+ # When authentication has to be verified on on sub-dirs, convert the key-
+ # value pair to a format which matches the value of auth.reject option.
+ for key, value in auth_dict.iteritems():
+ auth_details.append("%s(%s)" % (key, "|".join(value)))
+
+ # Check if the required clients names are listed in auth.reject option
+ for auth_detail in auth_details:
+ if auth_detail not in auth_clients:
+ g.log.error("Authentication verification failed. auth.reject: %s",
+ auth_clients)
+ return False
+ g.log.info("Authentication verified successfully. auth.reject: %s",
+ auth_clients)
+ return True
+
+
+def set_auth_reject(volname, server, auth_dict):
+ """
+ Set auth reject for volumes or sub directories as required
+
+ Args:
+ volname(str): The name of volume in which auth reject
+ has to be set
+ server(str): IP or hostname of one node
+ auth_dict(dict): key-value pair of dirs and clients list
+ Example: auth_dict = {'/d1':['10.70.37.172','10.70.37,173'],
+ '/d3/subd1':['10.70.37.172',''dh37-999.xyz.cdf.pqr.abc.com'']}
+ If authentication has to set on entire volume, use 'all' as key.
+ auth_dict = {'all': ['10.70.37.172','10.70.37,173']}
+ 'all' refer to entire volume
+ Returns (bool):
+ True if the auth reject operation is success.
+ """
+ auth_cmds = []
+ if not auth_dict:
+ g.log.error("Authentication details are not provided")
+ return False
+
+ # If authentication has to be set on sub-dirs, convert the key-value pair
+ # to gluster authentication set command format.
+ if 'all' not in auth_dict:
+ for key, value in auth_dict.iteritems():
+ auth_cmds.append("%s(%s)" % (key, "|".join(value)))
+
+ auth_cmd = ("gluster volume set %s auth.reject \"%s\""
+ % (volname, ",".join(auth_cmds)))
+
+ # When authentication has to be set on entire volume, convert the
+ # key-value pair to gluster authentication set command format.
+ else:
+ auth_cmd = ("gluster volume set %s auth.reject %s"
+ % (volname, ",".join(auth_dict["all"])))
+
+ # Execute auth.allow setting on server.
+ ret, _, _ = g.run(server, auth_cmd)
+ if (not ret) and (verify_auth_reject(volname, server, auth_dict)):
+ g.log.info("Auth reject set and verified successfully.")
+ return True
+ return False