e2e: make use of ceph users created in e2e

This commit adds support to create and delete new ceph users to test various functionalities. Signed-off-by: Madhu Rajanna <madhupr007@gmail.com>
2025-06-13 10:33:35 +00:00 · 2021-02-22 16:43:40 +05:30
parent e261191f0b
commit a8fcf70cb8
10 changed files with 313 additions and 60 deletions
--- a/e2e/ceph_user.go
+++ b/e2e/ceph_user.go
@ -0,0 +1,93 @@
+package e2e
+
+import (
+	"fmt"
+	"strings"
+
+	"k8s.io/kubernetes/test/e2e/framework"
+)
+
+// #nosec because of the word `Secret`
+const (
+	// ceph user names
+	keyringRBDProvisionerUsername          = "cephcsi-rbd-provisioner"
+	keyringRBDNodePluginUsername           = "cephcsi-rbd-node"
+	keyringRBDNamespaceProvisionerUsername = "cephcsi-rbd-ns-provisioner"
+	keyringRBDNamespaceNodePluginUsername  = "cephcsi-rbd-ns-node"
+	keyringCephFSProvisionerUsername       = "cephcsi-cephfs-provisioner"
+	keyringCephFSNodePluginUsername        = "cephcsi-cephfs-node"
+	// secret names
+	rbdNodePluginSecretName           = "cephcsi-rbd-node"
+	rbdProvisionerSecretName          = "cephcsi-rbd-provisioner"
+	rbdNamespaceNodePluginSecretName  = "cephcsi-rbd-ns-node"
+	rbdNamespaceProvisionerSecretName = "cephcsi-rbd-ns-provisioner"
+	cephFSNodePluginSecretName        = "cephcsi-cephfs-node"
+	cephFSProvisionerSecretName       = "cephcsi-cephfs-provisioner"
+)
+
+// refer https://github.com/ceph/ceph-csi/blob/devel/docs/capabilities.md#rbd
+// for RBD caps.
+func rbdNodePluginCaps(pool, rbdNamespace string) []string {
+	caps := []string{
+		"mon", "'profile rbd'",
+		"mgr", "'allow rw'",
+	}
+	if rbdNamespace == "" {
+		caps = append(caps, "osd", "'profile rbd'")
+	} else {
+		caps = append(caps, fmt.Sprintf("osd 'profile rbd pool=%s namespace=%s'", pool, rbdNamespace))
+	}
+	return caps
+}
+
+func rbdProvisionerCaps(pool, rbdNamespace string) []string {
+	caps := []string{
+		"mon", "'profile rbd'",
+		"mgr", "'allow rw'",
+	}
+	if rbdNamespace == "" {
+		caps = append(caps, "osd", "'profile rbd'")
+	} else {
+		caps = append(caps, fmt.Sprintf("osd 'profile rbd pool=%s namespace=%s'", pool, rbdNamespace))
+	}
+	return caps
+}
+
+// refer https://github.com/ceph/ceph-csi/blob/devel/docs/capabilities.md#rbd
+// for cephFS caps.
+func cephFSNodePluginCaps() []string {
+	caps := []string{
+		"mon", "'allow r'",
+		"mgr", "'allow rw'",
+		"osd", "'allow rw tag cephfs *=*'",
+		"mds", "'allow rw'",
+	}
+	return caps
+}
+
+func cephFSProvisionerCaps() []string {
+	caps := []string{
+		"mon", "'allow r'",
+		"mgr", "'allow rw'",
+		"osd", "'allow rw tag cephfs metadata=*'",
+	}
+	return caps
+}
+
+func createCephUser(f *framework.Framework, user string, caps []string) (string, error) {
+	cmd := fmt.Sprintf("ceph auth get-or-create-key client.%s %s", user, strings.Join(caps, " "))
+	stdOut, stdErr, err := execCommandInToolBoxPod(f, cmd, rookNamespace)
+	if err != nil {
+		return "", err
+	}
+	if stdErr != "" {
+		return "", fmt.Errorf("failed to create user %s with error %v", cmd, stdErr)
+	}
+	return strings.TrimSpace(stdOut), nil
+}
+
+func deleteCephUser(f *framework.Framework, user string) error {
+	cmd := fmt.Sprintf("ceph auth del client.%s", user)
+	_, _, err := execCommandInToolBoxPod(f, cmd, rookNamespace)
+	return err
+}