From 01f24caba86c987b0109f743979a4e99e8afed11 Mon Sep 17 00:00:00 2001
From: Josh Durgin <joshd@hq.newdream.net>
Date: Mon, 2 Apr 2012 16:41:07 -0700
Subject: Allow unprivileged RADOS users to access rbd volumes.

This makes it possible to access rbd volumes with RADOS users with
restricted privileges. Previously, the admin user was always used.

This requires libvirt 0.9.8 or higher.

Change-Id: Ia4665c2a93a58a1c1290f467a3d9cd6cd22d7bd5
---
 nova/tests/test_libvirt.py        | 53 +++++++++++++++++++++++++++++++++++++++
 nova/tests/test_libvirt_config.py | 25 ++++++++++++++++++
 2 files changed, 78 insertions(+)

(limited to 'nova/tests')

diff --git a/nova/tests/test_libvirt.py b/nova/tests/test_libvirt.py
index 4eea7b0b3..ba8764421 100644
--- a/nova/tests/test_libvirt.py
+++ b/nova/tests/test_libvirt.py
@@ -241,6 +241,59 @@ class LibvirtVolumeTestCase(test.TestCase):
         self.assertEqual(tree.find('./source').get('protocol'), 'rbd')
         rbd_name = '%s/%s' % (FLAGS.rbd_pool, name)
         self.assertEqual(tree.find('./source').get('name'), rbd_name)
+        self.assertEqual(tree.find('./source/auth'), None)
+        libvirt_driver.disconnect_volume(connection_info, mount_device)
+        connection_info = vol_driver.terminate_connection(vol, self.connr)
+
+    def test_libvirt_rbd_driver_auth_enabled(self):
+        vol_driver = volume_driver.RBDDriver()
+        libvirt_driver = volume.LibvirtNetVolumeDriver(self.fake_conn)
+        name = 'volume-00000001'
+        vol = {'id': 1, 'name': name}
+        connection_info = vol_driver.initialize_connection(vol, self.connr)
+        uuid = '875a8070-d0b9-4949-8b31-104d125c9a64'
+        user = 'foo'
+        secret_type = 'ceph'
+        connection_info['data']['auth_enabled'] = True
+        connection_info['data']['auth_username'] = user
+        connection_info['data']['secret_type'] = secret_type
+        connection_info['data']['secret_uuid'] = uuid
+
+        mount_device = "vde"
+        conf = libvirt_driver.connect_volume(connection_info, mount_device)
+        tree = conf.format_dom()
+        self.assertEqual(tree.get('type'), 'network')
+        self.assertEqual(tree.find('./source').get('protocol'), 'rbd')
+        rbd_name = '%s/%s' % (FLAGS.rbd_pool, name)
+        self.assertEqual(tree.find('./source').get('name'), rbd_name)
+        self.assertEqual(tree.find('./auth').get('username'), user)
+        self.assertEqual(tree.find('./auth/secret').get('type'), secret_type)
+        self.assertEqual(tree.find('./auth/secret').get('uuid'), uuid)
+        libvirt_driver.disconnect_volume(connection_info, mount_device)
+        connection_info = vol_driver.terminate_connection(vol, self.connr)
+
+    def test_libvirt_rbd_driver_auth_disabled(self):
+        vol_driver = volume_driver.RBDDriver()
+        libvirt_driver = volume.LibvirtNetVolumeDriver(self.fake_conn)
+        name = 'volume-00000001'
+        vol = {'id': 1, 'name': name}
+        connection_info = vol_driver.initialize_connection(vol, self.connr)
+        uuid = '875a8070-d0b9-4949-8b31-104d125c9a64'
+        user = 'foo'
+        secret_type = 'ceph'
+        connection_info['data']['auth_enabled'] = False
+        connection_info['data']['auth_username'] = user
+        connection_info['data']['secret_type'] = secret_type
+        connection_info['data']['secret_uuid'] = uuid
+
+        mount_device = "vde"
+        conf = libvirt_driver.connect_volume(connection_info, mount_device)
+        tree = conf.format_dom()
+        self.assertEqual(tree.get('type'), 'network')
+        self.assertEqual(tree.find('./source').get('protocol'), 'rbd')
+        rbd_name = '%s/%s' % (FLAGS.rbd_pool, name)
+        self.assertEqual(tree.find('./source').get('name'), rbd_name)
+        self.assertEqual(tree.find('./auth'), None)
         libvirt_driver.disconnect_volume(connection_info, mount_device)
         connection_info = vol_driver.terminate_connection(vol, self.connr)
 
diff --git a/nova/tests/test_libvirt_config.py b/nova/tests/test_libvirt_config.py
index b910849a5..df435690f 100644
--- a/nova/tests/test_libvirt_config.py
+++ b/nova/tests/test_libvirt_config.py
@@ -105,6 +105,31 @@ class LibvirtConfigGuestDiskTest(LibvirtConfigBaseTest):
               <target bus="ide" dev="/dev/hda"/>
             </disk>""")
 
+    def test_config_network_auth(self):
+        obj = config.LibvirtConfigGuestDisk()
+        obj.source_type = "network"
+        obj.source_protocol = "rbd"
+        obj.source_host = "pool/image"
+        obj.driver_name = "qemu"
+        obj.driver_format = "raw"
+        obj.target_dev = "/dev/vda"
+        obj.target_bus = "virtio"
+        obj.auth_username = "foo"
+        obj.auth_secret_type = "ceph"
+        obj.auth_secret_uuid = "b38a3f43-4be2-4046-897f-b67c2f5e0147"
+
+        xml = obj.to_xml()
+        self.assertXmlEqual(xml, """
+            <disk type="network" device="disk">
+              <driver name="qemu" type="raw"/>
+              <source protocol="rbd" name="pool/image"/>
+              <auth username="foo">
+                <secret type="ceph"
+                uuid="b38a3f43-4be2-4046-897f-b67c2f5e0147"/>
+              </auth>
+              <target bus="virtio" dev="/dev/vda"/>
+            </disk>""")
+
 
 class LibvirtConfigGuestFilesysTest(LibvirtConfigBaseTest):
 
-- 
cgit