Gluster volume auth.reject operation

Adding minor enhancement

Change-Id: I47cc2e6a134b0ebbc8573b3d46e7e0bd5e7fd0cc
Signed-off-by: Jilju Joy <jijoy@localhost.localdomain>

1 files changed, 100 insertions, 0 deletions

diff --git a/glustolibs-gluster/glustolibs/gluster/auth_ops.py b/glustolibs-gluster/glustolibs/gluster/auth_ops.py
index 9d812c192..af7b25b78 100644
--- a/glustolibs-gluster/glustolibs/gluster/auth_ops.py
+++ b/glustolibs-gluster/glustolibs/gluster/auth_ops.py
@@ -120,3 +120,103 @@ def verify_auth_allow(volname, server, auth_dict):
     g.log.info("Authentication verified successfully. auth.allow: %s",
                auth_clients)
     return True
+
+
+def verify_auth_reject(volname, server, auth_dict):
+    """
+    Verify auth reject for volumes or sub directories as required
+
+    Args:
+        volname(str): The name of volume in which auth reject
+            has to be set
+        server(str): IP or hostname of one node
+        auth_dict(dict): key-value pair of dirs and clients list
+            Example: auth_dict = {'/d1':['10.70.37.172','10.70.37,173'],
+                '/d3/subd1':['10.70.37.172','dhcp37-999.xyz.cdf.pqr.abc.com']}
+            If authentication has to set on entire volume, use 'all' as key.
+                auth_dict = {'all': ['10.70.37.172','10.70.37,173']}
+                            'all' refer to entire volume
+    Returns (bool):
+        True if all the authentication is success.
+    """
+    auth_details = []
+    if not auth_dict:
+        g.log.error("Authentication details are not provided")
+        return False
+
+    # Get the value of auth.reject option of the volume
+    auth_clients_dict = get_volume_options(server, volname, "auth.reject")
+    auth_clients = auth_clients_dict['auth.reject']
+
+    # When authentication has to be verified on entire volume(not on sub-dirs)
+    # check if the required clients names are listed in auth.reject option
+    if 'all' in auth_dict:
+        clients_list = auth_clients.split(',')
+        res = all(elem in clients_list for elem in auth_dict['all'])
+        if not res:
+            g.log.error("Authentication verification failed. auth.reject: %s",
+                        auth_clients)
+            return False
+        g.log.info("Authentication verified successfully. auth.reject: %s",
+                   auth_clients)
+        return True
+
+    # When authentication has to be verified on on sub-dirs, convert the key-
+    # value pair to a format which matches the value of auth.reject option.
+    for key, value in auth_dict.iteritems():
+        auth_details.append("%s(%s)" % (key, "|".join(value)))
+
+    # Check if the required clients names are listed in auth.reject option
+    for auth_detail in auth_details:
+        if auth_detail not in auth_clients:
+            g.log.error("Authentication verification failed. auth.reject: %s",
+                        auth_clients)
+            return False
+    g.log.info("Authentication verified successfully. auth.reject: %s",
+               auth_clients)
+    return True
+
+
+def set_auth_reject(volname, server, auth_dict):
+    """
+    Set auth reject for volumes or sub directories as required
+
+    Args:
+        volname(str): The name of volume in which auth reject
+                    has to be set
+        server(str): IP or hostname of one node
+        auth_dict(dict): key-value pair of dirs and clients list
+            Example: auth_dict = {'/d1':['10.70.37.172','10.70.37,173'],
+                '/d3/subd1':['10.70.37.172',''dh37-999.xyz.cdf.pqr.abc.com'']}
+            If authentication has to set on entire volume, use 'all' as key.
+                auth_dict = {'all': ['10.70.37.172','10.70.37,173']}
+                            'all' refer to entire volume
+    Returns (bool):
+        True if the auth reject operation is success.
+    """
+    auth_cmds = []
+    if not auth_dict:
+        g.log.error("Authentication details are not provided")
+        return False
+
+    # If authentication has to be set on sub-dirs, convert the key-value pair
+    # to gluster authentication set command format.
+    if 'all' not in auth_dict:
+        for key, value in auth_dict.iteritems():
+            auth_cmds.append("%s(%s)" % (key, "|".join(value)))
+
+            auth_cmd = ("gluster volume set %s auth.reject \"%s\""
+                        % (volname, ",".join(auth_cmds)))
+
+    # When authentication has to be set on entire volume, convert the
+    # key-value pair to gluster authentication set command format.
+    else:
+        auth_cmd = ("gluster volume set %s auth.reject %s"
+                    % (volname, ",".join(auth_dict["all"])))
+
+    # Execute auth.allow setting on server.
+    ret, _, _ = g.run(server, auth_cmd)
+    if (not ret) and (verify_auth_reject(volname, server, auth_dict)):
+        g.log.info("Auth reject set and verified successfully.")
+        return True
+    return False