Skip to content

Commit

Permalink
Add a CLI command to change host DHCHAP keys.
Browse files Browse the repository at this point in the history
Fixes ceph#924

Signed-off-by: Gil Bregman <gbregman@il.ibm.com>
  • Loading branch information
gbregman committed Oct 31, 2024

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
1 parent 00b63ed commit b36dfab
Showing 12 changed files with 605 additions and 74 deletions.
3 changes: 3 additions & 0 deletions .env
Original file line number Diff line number Diff line change
@@ -98,3 +98,6 @@ DHCHAP_KEY3="DHHC-1:01:eNNXGjidEHHStbUi2Gmpps0JcnofReFfy+NaulguGgt327hz:"
DHCHAP_KEY4="DHHC-1:01:c8D8fVPP/wcuxxRCd8mdQQFjOWtjcS2KmspzvkeOEoF6SUm6:"
DHCHAP_KEY5="DHHC-1:01:zNZ6nrs5JDIpqbH/ZP1VTAATxNf5i/rH44dci+vvjhsyI2ha:"
DHCHAP_KEY6="DHHC-1:01:Bu4tZd7X2oW7XxmVH5tGCdoS30pDX6bZvexHYoudeVlJW9yz:"
DHCHAP_KEY7="DHHC-1:01:JPJkDQ2po2FfLmKYlTF/sJ2HzVO/FKWxgXKE/H6XfL8ogQ1T:"
DHCHAP_KEY8="DHHC-1:01:e0B0vDxKleDzYVtG42xqFvoWZfiufkoywmfRKrETzayRdf1j:"
DHCHAP_KEY9="DHHC-1:01:KD+sfH3/o2bRQoV0ESjBUywQlMnSaYpZISUbVa0k0nsWpNST:"
2 changes: 1 addition & 1 deletion .github/workflows/build-container.yml
Original file line number Diff line number Diff line change
@@ -133,7 +133,7 @@ jobs:
strategy:
fail-fast: false
matrix:
test: ["cli", "cli_change_lb", "state", "multi_gateway", "server", "grpc", "omap_lock", "log_files", "nsid", "psk", "dhchap"]
test: ["cli", "cli_change_lb", "cli_change_keys", "state", "multi_gateway", "server", "grpc", "omap_lock", "log_files", "nsid", "psk", "dhchap"]
runs-on: ubuntu-latest
env:
HUGEPAGES: 512 # for multi gateway test, approx 256 per gateway instance
58 changes: 55 additions & 3 deletions control/cli.py
Original file line number Diff line number Diff line change
@@ -1167,6 +1167,50 @@ def host_del(self, args):

return rc

def host_change_keys(self, args):
"""Change host's inband authentication keys."""

rc = 0
out_func, err_func = self.get_output_functions(args)

if args.host_nqn == "*":
self.cli.parser.error(f"Can't change keys for host NQN '*', please use a real NQN")

if args.dhchap_ctrlr_key:
if not args.dhchap_key:
self.cli.parser.error(f"DH-HMAC-CHAP controller keys can not be used without DH-HMAC-CHAP keys")

req = pb2.change_host_keys_req(subsystem_nqn=args.subsystem, host_nqn=args.host_nqn,
dhchap_key=args.dhchap_key, dhchap_ctrlr_key=args.dhchap_ctrlr_key)
try:
ret = self.stub.change_host_keys(req)
except Exception as ex:
errmsg = f"Failure changing keys for host {args.host_nqn} on subsystem {args.subsystem}"
ret = pb2.req_status(status = errno.EINVAL, error_message = f"{errmsg}:\n{ex}")

if args.format == "text" or args.format == "plain":
if ret.status == 0:
out_func(f"Changing keys for host {args.host_nqn} on subsystem {args.subsystem}: Successful")
else:
err_func(f"{ret.error_message}")
elif args.format == "json" or args.format == "yaml":
ret_str = json_format.MessageToJson(
ret,
indent=4,
including_default_value_fields=True,
preserving_proto_field_name=True)
if args.format == "json":
out_func(f"{ret_str}")
elif args.format == "yaml":
obj = json.loads(ret_str)
out_func(yaml.dump(obj))
elif args.format == "python":
return ret
else:
assert False

return ret.status

def host_list(self, args):
"""List a host for a subsystem."""

@@ -1223,19 +1267,25 @@ def host_list(self, args):
]
host_add_args = host_common_args + [
argument("--host-nqn", "-t", help="Host NQN list", nargs="+", required=True),
argument("--psk", help="Hosts PSK key", required=False),
argument("--dhchap-key", help="Host DH-HMAC-CHAP key", required=False),
argument("--dhchap-ctrlr-key", help="Host DH-HMAC-CHAP controller key", required=False),
argument("--psk", "-p", help="Hosts PSK key", required=False),
argument("--dhchap-key", "-k", help="Host DH-HMAC-CHAP key", required=False),
argument("--dhchap-ctrlr-key", "-c", help="Host DH-HMAC-CHAP controller key", required=False),
]
host_del_args = host_common_args + [
argument("--host-nqn", "-t", help="Host NQN list", nargs="+", required=True),
]
host_list_args = host_common_args + [
]
host_change_keys_args = host_common_args + [
argument("--host-nqn", "-t", help="Host NQN", required=True),
argument("--dhchap-key", "-k", help="Host DH-HMAC-CHAP key", required=False),
argument("--dhchap-ctrlr-key", "-c", help="Host DH-HMAC-CHAP controller key", required=False),
]
host_actions = []
host_actions.append({"name" : "add", "args" : host_add_args, "help" : "Add host access to a subsystem"})
host_actions.append({"name" : "del", "args" : host_del_args, "help" : "Remove host access from a subsystem"})
host_actions.append({"name" : "list", "args" : host_list_args, "help" : "List subsystem's host access"})
host_actions.append({"name" : "change_keys", "args" : host_change_keys_args, "help" : "Change host's inband authentication keys"})
host_choices = get_actions(host_actions)
@cli.cmd(host_actions)
def host(self, args):
@@ -1246,6 +1296,8 @@ def host(self, args):
return self.host_del(args)
elif args.action == "list":
return self.host_list(args)
elif args.action == "change_keys":
return self.host_change_keys(args)
if not args.action:
self.cli.parser.error(f"missing action for host command (choose from {GatewayClient.host_choices})")

Loading

0 comments on commit b36dfab

Please sign in to comment.