cephfs/cephconf: added cephFullCapsKeyring

2024-11-09 16:00:22 +00:00 · 2018-04-13 14:38:44 +02:00 · 2018-04-13 14:38:44 +02:00 · c21d05a536
commit c21d05a536
parent f881bf5249
1 changed files with 39 additions and 14 deletions
--- a/pkg/cephfs/cephconf.go
+++ b/pkg/cephfs/cephconf.go
@ -33,11 +33,18 @@ auth_client_required = cephx
 fuse_set_user_groups = false
 `

-const cephKeyring = `[client.{{.User}}]
+const cephKeyring = `[client.{{.UserId}}]
 key = {{.Key}}
-caps mds = "allow {{perms .ReadOnly}} path={{.RootPath}}"
+caps mds = "allow rw path={{.RootPath}}"
 caps mon = "allow r"
-caps osd = "allow {{perms .ReadOnly}}"
+caps osd = "allow rw{{if .Pool}} pool={{.Pool}}{{end}}{{if .Namespace}} namespace={{.Namespace}}{{end}}"
+`
+
+const cephFullCapsKeyring = `[client.{{.UserId}}]
+key = {{.Key}}
+caps mds = "allow"
+caps mon = "allow *"
+caps osd = "allow *"
 `

 const cephSecret = `{{.Key}}`
@ -50,9 +57,10 @@ const (
 )

 var (
-	cephConfigTempl  *template.Template
-	cephKeyringTempl *template.Template
-	cephSecretTempl  *template.Template
+	cephConfigTempl          *template.Template
+	cephKeyringTempl         *template.Template
+	cephFullCapsKeyringTempl *template.Template
+	cephSecretTempl          *template.Template
 )

 func init() {
@ -68,6 +76,7 @@ func init() {

 	cephConfigTempl = template.Must(template.New("config").Parse(cephConfig))
 	cephKeyringTempl = template.Must(template.New("keyring").Funcs(fm).Parse(cephKeyring))
+	cephFullCapsKeyringTempl = template.Must(template.New("keyringFullCaps").Parse(cephFullCapsKeyring))
 	cephSecretTempl = template.Must(template.New("secret").Parse(cephSecret))
 }

@ -102,23 +111,39 @@ func (d *cephConfigData) writeToFile() error {
 }

 type cephKeyringData struct {
-	User, Key string
-	RootPath  string
-	ReadOnly  bool
+	UserId, Key     string
+	RootPath        string
+	Pool, Namespace string
 }

 func (d *cephKeyringData) writeToFile() error {
-	return writeCephTemplate(fmt.Sprintf(cephKeyringFileNameFmt, d.User), 0600, cephKeyringTempl, d)
+	return writeCephTemplate(fmt.Sprintf(cephKeyringFileNameFmt, d.UserId), 0600, cephKeyringTempl, d)
+}
+
+type cephFullCapsKeyringData struct {
+	UserId, Key string
+}
+
+func (d *cephFullCapsKeyringData) writeToFile() error {
+	return writeCephTemplate(fmt.Sprintf(cephKeyringFileNameFmt, d.UserId), 0600, cephFullCapsKeyringTempl, d)
 }

 type cephSecretData struct {
-	User, Key string
+	UserId, Key string
 }

 func (d *cephSecretData) writeToFile() error {
-	return writeCephTemplate(fmt.Sprintf(cephSecretFileNameFmt, d.User), 0600, cephSecretTempl, d)
+	return writeCephTemplate(fmt.Sprintf(cephSecretFileNameFmt, d.UserId), 0600, cephSecretTempl, d)
 }

-func getCephSecretPath(user string) string {
-	return path.Join(cephConfigRoot, fmt.Sprintf(cephSecretFileNameFmt, user))
+func getCephSecretPath(userId string) string {
+	return path.Join(cephConfigRoot, fmt.Sprintf(cephSecretFileNameFmt, userId))
+}
+
+func getCephKeyringPath(userId string) string {
+	return path.Join(cephConfigRoot, fmt.Sprintf(cephKeyringFileNameFmt, userId))
+}
+
+func getCephConfPath() string {
+	return path.Join(cephConfigRoot, cephConfigFileName)
 }