From 7b9a6686bcb5ead98934b737d1523601dea33d16 Mon Sep 17 00:00:00 2001
From: Jon Bernard <jobernar@redhat.com>
Date: Fri, 17 Mar 2017 13:25:03 -0400
Subject: [PATCH] RBD: consider a custom keyring in connection info

If a 'keyring' key is found in the connection info passed to
connect_volume() use its value as the path to the keyring instead of the
default location (/etc/ceph/<cluster>.client.<user>.keyring).

This allows services such as cinder's RBD and Ceph backup drivers to
make use of a custom keyring path that an admin has defined.

Change-Id: Ib1230d3e40f56371567e1aead40db59667bad295
Closes-bug: #1668304
---
 os_brick/initiator/connectors/rbd.py            | 15 +++++++++++----
 os_brick/tests/initiator/connectors/test_rbd.py | 17 ++++++++++++++++-
 ...ing_for_rbd_connection-eccbaae9ee5f3491.yaml |  4 ++++
 3 files changed, 31 insertions(+), 5 deletions(-)
 create mode 100644 releasenotes/notes/add_custom_keyring_for_rbd_connection-eccbaae9ee5f3491.yaml

diff --git a/os_brick/initiator/connectors/rbd.py b/os_brick/initiator/connectors/rbd.py
index 1f060db93..a4bc48d9f 100644
--- a/os_brick/initiator/connectors/rbd.py
+++ b/os_brick/initiator/connectors/rbd.py
@@ -70,14 +70,19 @@ class RBDConnector(base.BaseLinuxConnector):
         return list(map(_sanitize_host, hosts))
 
     def _create_ceph_conf(self, monitor_ips, monitor_ports,
-                          cluster_name, user):
+                          cluster_name, user, keyring_path):
         monitors = ["%s:%s" % (ip, port) for ip, port in
                     zip(self._sanitize_mon_hosts(monitor_ips), monitor_ports)]
         mon_hosts = "mon_host = %s" % (','.join(monitors))
 
         client_section = "[client.%s]" % user
-        keyring = ("keyring = /etc/ceph/%s.client.%s.keyring" %
-                   (cluster_name, user))
+
+        if keyring_path is None:
+            keyring = ("keyring = /etc/ceph/%s.client.%s.keyring" %
+                       (cluster_name, user))
+        else:
+            keyring = "keyring = %s" % keyring_path
+
         try:
             fd, ceph_conf_path = tempfile.mkstemp(prefix="brickrbd_")
             with os.fdopen(fd, 'w') as conf_file:
@@ -95,12 +100,14 @@ class RBDConnector(base.BaseLinuxConnector):
             cluster_name = connection_properties.get('cluster_name')
             monitor_ips = connection_properties.get('hosts')
             monitor_ports = connection_properties.get('ports')
+            keyring_path = connection_properties.get('keyring')
         except IndexError:
             msg = _("Connect volume failed, malformed connection properties")
             raise exception.BrickException(msg=msg)
 
         conf = self._create_ceph_conf(monitor_ips, monitor_ports,
-                                      str(cluster_name), user)
+                                      str(cluster_name), user,
+                                      keyring_path)
         try:
             rbd_client = linuxrbd.RBDClient(user, pool, conffile=conf,
                                             rbd_cluster_name=str(cluster_name))
diff --git a/os_brick/tests/initiator/connectors/test_rbd.py b/os_brick/tests/initiator/connectors/test_rbd.py
index ada57a5e2..6a4ffdc06 100644
--- a/os_brick/tests/initiator/connectors/test_rbd.py
+++ b/os_brick/tests/initiator/connectors/test_rbd.py
@@ -94,6 +94,21 @@ class RBDConnectorTestCase(test_connector.ConnectorTestCase):
         self.assertIsInstance(device_info['path'],
                               linuxrbd.RBDVolumeIOWrapper)
 
+    @mock.patch('os_brick.initiator.linuxrbd.rbd')
+    @mock.patch('os_brick.initiator.linuxrbd.rados')
+    @mock.patch.object(rbd.RBDConnector, '_create_ceph_conf')
+    @mock.patch('os.path.exists')
+    def test_custom_keyring(self, mock_path, mock_conf, mock_rados, mock_rbd):
+        conn = rbd.RBDConnector(None)
+        mock_path.return_value = False
+        mock_conf.return_value = "/tmp/fake_dir/fake_ceph.conf"
+        custom_keyring_path = "/foo/bar/baz"
+        self.connection_properties['keyring'] = custom_keyring_path
+        conn.connect_volume(self.connection_properties)
+        mock_conf.assert_called_once_with(self.hosts, self.ports,
+                                          self.clustername, self.user,
+                                          custom_keyring_path)
+
     @ddt.data((['192.168.1.1', '192.168.1.2'],
                ['192.168.1.1', '192.168.1.2']),
               (['3ffe:1900:4545:3:200:f8ff:fe21:67cf',
@@ -122,7 +137,7 @@ class RBDConnectorTestCase(test_connector.ConnectorTestCase):
         with mock.patch('os.fdopen', mockopen, create=True):
             rbd_connector = rbd.RBDConnector(None)
             conf_path = rbd_connector._create_ceph_conf(
-                self.hosts, self.ports, self.clustername, self.user)
+                self.hosts, self.ports, self.clustername, self.user, None)
         self.assertEqual(conf_path, tmpfile)
         mock_mkstemp.assert_called_once_with(prefix='brickrbd_')
 
diff --git a/releasenotes/notes/add_custom_keyring_for_rbd_connection-eccbaae9ee5f3491.yaml b/releasenotes/notes/add_custom_keyring_for_rbd_connection-eccbaae9ee5f3491.yaml
new file mode 100644
index 000000000..4b1be40b1
--- /dev/null
+++ b/releasenotes/notes/add_custom_keyring_for_rbd_connection-eccbaae9ee5f3491.yaml
@@ -0,0 +1,4 @@
+---
+fixes:
+  - Add support to use custom Ceph keyring files (previously os-brick
+    hardcoded using /etc/ceph/<cluster>.client.<user>.keyring file).