From 00a2c32ce3d13bf144cf9f67937d1020b4dae779 Mon Sep 17 00:00:00 2001
From: Josh Durgin <joshd@hq.newdream.net>
Date: Mon, 2 Apr 2012 16:41:07 -0700
Subject: [PATCH] Allow unprivileged RADOS users to access rbd volumes.

This makes it possible to access rbd volumes with RADOS users with
restricted privileges. Previously, the admin user was always used.

This requires libvirt 0.9.8 or higher.

Change-Id: Ia4665c2a93a58a1c1290f467a3d9cd6cd22d7bd5
---
 nova/tests/test_libvirt.py        | 53 +++++++++++++++++++++++++++++++
 nova/tests/test_libvirt_config.py | 25 +++++++++++++++
 2 files changed, 78 insertions(+)

diff --git a/nova/tests/test_libvirt.py b/nova/tests/test_libvirt.py
index 4eea7b0b..ba876442 100644
--- a/nova/tests/test_libvirt.py
+++ b/nova/tests/test_libvirt.py
@@ -241,6 +241,59 @@ class LibvirtVolumeTestCase(test.TestCase):
         self.assertEqual(tree.find('./source').get('protocol'), 'rbd')
         rbd_name = '%s/%s' % (FLAGS.rbd_pool, name)
         self.assertEqual(tree.find('./source').get('name'), rbd_name)
+        self.assertEqual(tree.find('./source/auth'), None)
+        libvirt_driver.disconnect_volume(connection_info, mount_device)
+        connection_info = vol_driver.terminate_connection(vol, self.connr)
+
+    def test_libvirt_rbd_driver_auth_enabled(self):
+        vol_driver = volume_driver.RBDDriver()
+        libvirt_driver = volume.LibvirtNetVolumeDriver(self.fake_conn)
+        name = 'volume-00000001'
+        vol = {'id': 1, 'name': name}
+        connection_info = vol_driver.initialize_connection(vol, self.connr)
+        uuid = '875a8070-d0b9-4949-8b31-104d125c9a64'
+        user = 'foo'
+        secret_type = 'ceph'
+        connection_info['data']['auth_enabled'] = True
+        connection_info['data']['auth_username'] = user
+        connection_info['data']['secret_type'] = secret_type
+        connection_info['data']['secret_uuid'] = uuid
+
+        mount_device = "vde"
+        conf = libvirt_driver.connect_volume(connection_info, mount_device)
+        tree = conf.format_dom()
+        self.assertEqual(tree.get('type'), 'network')
+        self.assertEqual(tree.find('./source').get('protocol'), 'rbd')
+        rbd_name = '%s/%s' % (FLAGS.rbd_pool, name)
+        self.assertEqual(tree.find('./source').get('name'), rbd_name)
+        self.assertEqual(tree.find('./auth').get('username'), user)
+        self.assertEqual(tree.find('./auth/secret').get('type'), secret_type)
+        self.assertEqual(tree.find('./auth/secret').get('uuid'), uuid)
+        libvirt_driver.disconnect_volume(connection_info, mount_device)
+        connection_info = vol_driver.terminate_connection(vol, self.connr)
+
+    def test_libvirt_rbd_driver_auth_disabled(self):
+        vol_driver = volume_driver.RBDDriver()
+        libvirt_driver = volume.LibvirtNetVolumeDriver(self.fake_conn)
+        name = 'volume-00000001'
+        vol = {'id': 1, 'name': name}
+        connection_info = vol_driver.initialize_connection(vol, self.connr)
+        uuid = '875a8070-d0b9-4949-8b31-104d125c9a64'
+        user = 'foo'
+        secret_type = 'ceph'
+        connection_info['data']['auth_enabled'] = False
+        connection_info['data']['auth_username'] = user
+        connection_info['data']['secret_type'] = secret_type
+        connection_info['data']['secret_uuid'] = uuid
+
+        mount_device = "vde"
+        conf = libvirt_driver.connect_volume(connection_info, mount_device)
+        tree = conf.format_dom()
+        self.assertEqual(tree.get('type'), 'network')
+        self.assertEqual(tree.find('./source').get('protocol'), 'rbd')
+        rbd_name = '%s/%s' % (FLAGS.rbd_pool, name)
+        self.assertEqual(tree.find('./source').get('name'), rbd_name)
+        self.assertEqual(tree.find('./auth'), None)
         libvirt_driver.disconnect_volume(connection_info, mount_device)
         connection_info = vol_driver.terminate_connection(vol, self.connr)
 
diff --git a/nova/tests/test_libvirt_config.py b/nova/tests/test_libvirt_config.py
index b910849a..df435690 100644
--- a/nova/tests/test_libvirt_config.py
+++ b/nova/tests/test_libvirt_config.py
@@ -105,6 +105,31 @@ class LibvirtConfigGuestDiskTest(LibvirtConfigBaseTest):
               <target bus="ide" dev="/dev/hda"/>
             </disk>""")
 
+    def test_config_network_auth(self):
+        obj = config.LibvirtConfigGuestDisk()
+        obj.source_type = "network"
+        obj.source_protocol = "rbd"
+        obj.source_host = "pool/image"
+        obj.driver_name = "qemu"
+        obj.driver_format = "raw"
+        obj.target_dev = "/dev/vda"
+        obj.target_bus = "virtio"
+        obj.auth_username = "foo"
+        obj.auth_secret_type = "ceph"
+        obj.auth_secret_uuid = "b38a3f43-4be2-4046-897f-b67c2f5e0147"
+
+        xml = obj.to_xml()
+        self.assertXmlEqual(xml, """
+            <disk type="network" device="disk">
+              <driver name="qemu" type="raw"/>
+              <source protocol="rbd" name="pool/image"/>
+              <auth username="foo">
+                <secret type="ceph"
+                uuid="b38a3f43-4be2-4046-897f-b67c2f5e0147"/>
+              </auth>
+              <target bus="virtio" dev="/dev/vda"/>
+            </disk>""")
+
 
 class LibvirtConfigGuestFilesysTest(LibvirtConfigBaseTest):