From e90cddca3204ee8e0447fd75e136cd5b979e489e Mon Sep 17 00:00:00 2001
From: Jilju Joy <jijoy@localhost.localdomain>
Date: Fri, 1 Jun 2018 13:38:23 +0530
Subject: Gluster volume auth.allow operation

Adding minor enhancement
Addressed comments
Change-Id: Ic4b693be51c853531a63218be7485374d1f6934e
---
 glustolibs-gluster/glustolibs/gluster/auth_ops.py | 122 ++++++++++++++++++++++
 1 file changed, 122 insertions(+)
 create mode 100644 glustolibs-gluster/glustolibs/gluster/auth_ops.py

diff --git a/glustolibs-gluster/glustolibs/gluster/auth_ops.py b/glustolibs-gluster/glustolibs/gluster/auth_ops.py
new file mode 100644
index 000000000..9d812c192
--- /dev/null
+++ b/glustolibs-gluster/glustolibs/gluster/auth_ops.py
@@ -0,0 +1,122 @@
+#  Copyright (C) 2017-2018  Red Hat, Inc. <http://www.redhat.com>
+#
+#  This program is free software; you can redistribute it and/or modify
+#  it under the terms of the GNU General Public License as published by
+#  the Free Software Foundation; either version 2 of the License, or
+#  any later version.
+#
+#  This program is distributed in the hope that it will be useful,
+#  but WITHOUT ANY WARRANTY; without even the implied warranty of
+#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+#  GNU General Public License for more details.
+#
+#  You should have received a copy of the GNU General Public License along
+#  with this program; if not, write to the Free Software Foundation, Inc.,
+#  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+"""
+    Description: This contains the gluster volume auth allow and
+    reject operations
+"""
+from glusto.core import Glusto as g
+from glustolibs.gluster.volume_ops import get_volume_options
+
+
+def set_auth_allow(volname, server, auth_dict):
+    """
+    Set authentication for volumes or sub directories as required
+
+    Args:
+        volname(str): The name of volume in which auth
+            has to be set
+        server(str): IP or hostname of one node
+        auth_dict(dict): key-value pair of dirs and clients list
+            Example: auth_dict = {'/d1':['10.70.37.172','10.70.37,173'],
+                '/d3/subd1':['10.70.37.172','dhcp37-999.xyz.cdf.pqr.abc.com']}
+            If authentication has to set on entire volume, use 'all' as key.
+                auth_dict = {'all': ['10.70.37.172','10.70.37,173']}
+                'all' refers to entire volume
+    Returns (bool):
+        True if all the auth set operation is success.
+    """
+    auth_cmds = []
+    if not auth_dict:
+        g.log.error("Authentication details are not provided")
+        return False
+
+    # If authentication has to be set on sub-dirs, convert the key-value pair
+    # to gluster authentication set command format.
+    if 'all' not in auth_dict:
+        for key, value in auth_dict.iteritems():
+            auth_cmds.append("%s(%s)" % (key, "|".join(value)))
+
+        auth_cmd = ("gluster volume set %s auth.allow \"%s\""
+                    % (volname, ",".join(auth_cmds)))
+
+    # When authentication has to be set on entire volume, convert the
+    # key-value pair to gluster authentication set command format
+    else:
+        auth_cmd = ("gluster volume set %s auth.allow %s"
+                    % (volname, ",".join(auth_dict["all"])))
+
+    # Execute auth.allow setting on server.
+    ret, _, _ = g.run(server, auth_cmd)
+    if (not ret) and (verify_auth_allow(volname, server, auth_dict)):
+        g.log.info("Authentication set and verified successfully.")
+        return True
+    return False
+
+
+def verify_auth_allow(volname, server, auth_dict):
+    """
+    Verify authentication for volumes or sub directories as required
+
+    Args:
+        volname(str): The name of volume in which auth
+            has to be set
+        server(str): IP or hostname of one node
+        auth_dict(dict): key-value pair of dirs and clients list
+            Example: auth_dict = {'/d1':['10.70.37.172','10.70.37,173'],
+                '/d3/subd1':['10.70.37.172','10.70.37.197']}
+            If authentication has to set on entire volume, use 'all' as key.
+                auth_dict = {'all': ['10.70.37.172','10.70.37,173']}
+                'all' refers to entire volume
+    Returns (bool):
+        True if the verification is success.
+    """
+    auth_details = []
+    if not auth_dict:
+        g.log.error("Authentication details are not provided")
+        return False
+
+    # Get the value of auth.allow option of the volume
+    auth_clients_dict = get_volume_options(server, volname, "auth.allow")
+    auth_clients = auth_clients_dict['auth.allow']
+
+    # When authentication has to be verified on entire volume(not on sub-dirs)
+    # check whether the required clients names are listed in auth.allow option
+    if 'all' in auth_dict:
+        clients_list = auth_clients.split(',')
+        res = all(elem in clients_list for elem in auth_dict['all'])
+        if not res:
+            g.log.error("Authentication verification failed. auth.allow: %s",
+                        auth_clients)
+            return False
+        g.log.info("Authentication verified successfully. auth.allow: %s",
+                   auth_clients)
+        return True
+
+    # When authentication has to be verified on on sub-dirs, convert the key-
+    # value pair to a format which matches the value of auth.allow option.
+    for key, value in auth_dict.iteritems():
+        auth_details.append("%s(%s)" % (key, "|".join(value)))
+
+    # Check whether the required clients names are listed in auth.allow option
+    for auth_detail in auth_details:
+        if auth_detail not in auth_clients:
+            g.log.error("Authentication verification failed. auth.allow: %s",
+                        auth_clients)
+            return False
+    g.log.info("Authentication verified successfully. auth.allow: %s",
+               auth_clients)
+    return True
-- 
cgit