Sync back in charms.ceph

Change-Id: I188fd24fa2382657d14842b9022a6610f790d7db Partial-Bug: 1424771
2017-02-14 13:22:50 -06:00 · 2017-02-14 13:22:50 -06:00 · 06f517d18d
parent 3dfeff7a19
commit 06f517d18d
2 changed files with 57 additions and 14 deletions
--- a/lib/ceph/init.py
+++ b/lib/ceph/init.py
@ -1092,6 +1092,26 @@ def get_named_key(name, caps=None, pool_list=None):
    :param caps:  dict of cephx capabilities
    :return: Returns a cephx key
    """
+    try:
+        # Does the key already exist?
+        output = subprocess.check_output(
+            [
+                'sudo',
+                '-u', ceph_user(),
+                'ceph',
+                '--name', 'mon.',
+                '--keyring',
+                '/var/lib/ceph/mon/ceph-{}/keyring'.format(
+                    socket.gethostname()
+                ),
+                'auth',
+                'get',
+                'client.{}'.format(name),
+            ]).strip()
+        return parse_key(output)
+    except subprocess.CalledProcessError:
+        # Couldn't get the key, time to create it!
+        log("Creating new key for {}".format(name), level=DEBUG)
    caps = caps or _default_caps
    cmd = [
        "sudo",
--- a/lib/ceph/ceph_broker.py
+++ b/lib/ceph/ceph_broker.py
@ -186,7 +186,8 @@ def handle_add_permissions_to_key(request, service):
    if group_name not in service_obj['group_names'][permission]:
        service_obj['group_names'][permission].append(group_name)
    save_service(service=service_obj, service_name=service_name)
-    service_obj['groups'][group_name] = group
+    service_obj['groups'] = _build_service_groups(service_obj,
+                                                  group_namespace)
    update_service_permissions(service_name, service_obj, group_namespace)


@ -208,7 +209,8 @@ def add_pool_to_group(pool, group, namespace=None):
    if namespace:
        group_name = "{}-{}".format(namespace, group_name)
    group = get_group(group_name=group_name)
-    group["pools"].append(pool)
+    if pool not in group['pools']:
+        group["pools"].append(pool)
    save_group(group, group_name=group_name)
    for service in group['services']:
        update_service_permissions(service, namespace=namespace)
@ -216,7 +218,7 @@ def add_pool_to_group(pool, group, namespace=None):

 def pool_permission_list_for_service(service):
    """Build the permission string for Ceph for a given service"""
-    permissions = ""
+    permissions = []
    permission_types = {}
    for permission, group in service["group_names"].items():
        if permission not in permission_types:
@ -224,12 +226,11 @@ def pool_permission_list_for_service(service):
        for item in group:
            permission_types[permission].append(item)
    for permission, groups in permission_types.items():
-        permission = " allow {}".format(permission)
+        permission = "allow {}".format(permission)
        for group in groups:
            for pool in service['groups'][group]['pools']:
-                permission = "{} pool={}".format(permission, pool)
-        permissions += permission
-    return ["mon", "allow r", "osd", permissions.strip()]
+                permissions.append("{} pool={}".format(permission, pool))
+    return ["mon", "allow r", "osd", ', '.join(permissions)]


 def get_service_groups(service, namespace=None):
@ -244,7 +245,7 @@ def get_service_groups(service, namespace=None):
    {
        group_names: {'rwx': ['images']},
        groups: {
-    1        'images': {
+            'images': {
                pools: ['glance'],
                services: ['nova']
            }
@ -260,17 +261,39 @@ def get_service_groups(service, namespace=None):
    except ValueError:
        service = None
    if service:
-        for permission, groups in service['group_names'].items():
-            for group in groups:
-                name = group
-                if namespace:
-                    name = "{}-{}".format(namespace, name)
-                service['groups'][group] = get_group(group_name=name)
+        service['groups'] = _build_service_groups(service, namespace)
    else:
        service = {'group_names': {}, 'groups': {}}
    return service


+def _build_service_groups(service, namespace=None):
+    '''Rebuild the 'groups' dict for a service group
+
+    :returns: dict: dictionary keyed by group name of the following
+                    format:
+
+                    {
+                        'images': {
+                            pools: ['glance'],
+                            services: ['nova', 'glance]
+                         },
+                         'vms':{
+                            pools: ['nova'],
+                            services: ['nova']
+                         }
+                    }
+    '''
+    all_groups = {}
+    for _, groups in service['group_names'].items():
+        for group in groups:
+            name = group
+            if namespace:
+                name = "{}-{}".format(namespace, name)
+            all_groups[group] = get_group(group_name=name)
+    return all_groups
+
+
 def get_group(group_name):
    """
    A group is a structure to hold data about a named group, structured as: