summaryrefslogtreecommitdiffstats
path: root/glustolibs-gluster/glustolibs/gluster/auth_ops.py
diff options
context:
space:
mode:
Diffstat (limited to 'glustolibs-gluster/glustolibs/gluster/auth_ops.py')
-rw-r--r--glustolibs-gluster/glustolibs/gluster/auth_ops.py122
1 files changed, 122 insertions, 0 deletions
diff --git a/glustolibs-gluster/glustolibs/gluster/auth_ops.py b/glustolibs-gluster/glustolibs/gluster/auth_ops.py
new file mode 100644
index 0000000..9d812c1
--- /dev/null
+++ b/glustolibs-gluster/glustolibs/gluster/auth_ops.py
@@ -0,0 +1,122 @@
+# Copyright (C) 2017-2018 Red Hat, Inc. <http://www.redhat.com>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+"""
+ Description: This contains the gluster volume auth allow and
+ reject operations
+"""
+from glusto.core import Glusto as g
+from glustolibs.gluster.volume_ops import get_volume_options
+
+
+def set_auth_allow(volname, server, auth_dict):
+ """
+ Set authentication for volumes or sub directories as required
+
+ Args:
+ volname(str): The name of volume in which auth
+ has to be set
+ server(str): IP or hostname of one node
+ auth_dict(dict): key-value pair of dirs and clients list
+ Example: auth_dict = {'/d1':['10.70.37.172','10.70.37,173'],
+ '/d3/subd1':['10.70.37.172','dhcp37-999.xyz.cdf.pqr.abc.com']}
+ If authentication has to set on entire volume, use 'all' as key.
+ auth_dict = {'all': ['10.70.37.172','10.70.37,173']}
+ 'all' refers to entire volume
+ Returns (bool):
+ True if all the auth set operation is success.
+ """
+ auth_cmds = []
+ if not auth_dict:
+ g.log.error("Authentication details are not provided")
+ return False
+
+ # If authentication has to be set on sub-dirs, convert the key-value pair
+ # to gluster authentication set command format.
+ if 'all' not in auth_dict:
+ for key, value in auth_dict.iteritems():
+ auth_cmds.append("%s(%s)" % (key, "|".join(value)))
+
+ auth_cmd = ("gluster volume set %s auth.allow \"%s\""
+ % (volname, ",".join(auth_cmds)))
+
+ # When authentication has to be set on entire volume, convert the
+ # key-value pair to gluster authentication set command format
+ else:
+ auth_cmd = ("gluster volume set %s auth.allow %s"
+ % (volname, ",".join(auth_dict["all"])))
+
+ # Execute auth.allow setting on server.
+ ret, _, _ = g.run(server, auth_cmd)
+ if (not ret) and (verify_auth_allow(volname, server, auth_dict)):
+ g.log.info("Authentication set and verified successfully.")
+ return True
+ return False
+
+
+def verify_auth_allow(volname, server, auth_dict):
+ """
+ Verify authentication for volumes or sub directories as required
+
+ Args:
+ volname(str): The name of volume in which auth
+ has to be set
+ server(str): IP or hostname of one node
+ auth_dict(dict): key-value pair of dirs and clients list
+ Example: auth_dict = {'/d1':['10.70.37.172','10.70.37,173'],
+ '/d3/subd1':['10.70.37.172','10.70.37.197']}
+ If authentication has to set on entire volume, use 'all' as key.
+ auth_dict = {'all': ['10.70.37.172','10.70.37,173']}
+ 'all' refers to entire volume
+ Returns (bool):
+ True if the verification is success.
+ """
+ auth_details = []
+ if not auth_dict:
+ g.log.error("Authentication details are not provided")
+ return False
+
+ # Get the value of auth.allow option of the volume
+ auth_clients_dict = get_volume_options(server, volname, "auth.allow")
+ auth_clients = auth_clients_dict['auth.allow']
+
+ # When authentication has to be verified on entire volume(not on sub-dirs)
+ # check whether the required clients names are listed in auth.allow option
+ if 'all' in auth_dict:
+ clients_list = auth_clients.split(',')
+ res = all(elem in clients_list for elem in auth_dict['all'])
+ if not res:
+ g.log.error("Authentication verification failed. auth.allow: %s",
+ auth_clients)
+ return False
+ g.log.info("Authentication verified successfully. auth.allow: %s",
+ auth_clients)
+ return True
+
+ # When authentication has to be verified on on sub-dirs, convert the key-
+ # value pair to a format which matches the value of auth.allow option.
+ for key, value in auth_dict.iteritems():
+ auth_details.append("%s(%s)" % (key, "|".join(value)))
+
+ # Check whether the required clients names are listed in auth.allow option
+ for auth_detail in auth_details:
+ if auth_detail not in auth_clients:
+ g.log.error("Authentication verification failed. auth.allow: %s",
+ auth_clients)
+ return False
+ g.log.info("Authentication verified successfully. auth.allow: %s",
+ auth_clients)
+ return True