From patchwork Wed Apr 19 19:07:11 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lance Richardson X-Patchwork-Id: 752430 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3w7WmS1JNyz9s3s for ; Thu, 20 Apr 2017 05:10:32 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id 63D5EC24; Wed, 19 Apr 2017 19:07:15 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id A5DC9C19 for ; Wed, 19 Apr 2017 19:07:13 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 02FB31B8 for ; Wed, 19 Apr 2017 19:07:12 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 52AB1C04B302; Wed, 19 Apr 2017 19:07:12 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 52AB1C04B302 Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx07.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=lrichard@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 52AB1C04B302 Received: from thinkcentre.localdomain.com (ovpn-120-23.rdu2.redhat.com [10.10.120.23]) by smtp.corp.redhat.com (Postfix) with ESMTP id DEE2F832A0; Wed, 19 Apr 2017 19:07:11 +0000 (UTC) From: Lance Richardson To: dev@openvswitch.org, blp@ovn.org, russell@ovn.org, mickeys.dev@gmail.com Date: Wed, 19 Apr 2017 15:07:11 -0400 Message-Id: <20170419190711.4363-1-lrichard@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Wed, 19 Apr 2017 19:07:12 +0000 (UTC) X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [RFC v3 6/6] ovn-sbctl: support setting rbac role for remote connections X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org Add support for specifying rbac "role" when setting remote connection configuration in southbound database. Signed-off-by: Lance Richardson --- v2: no changes v3: no changes ovn/utilities/ovn-sbctl.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/ovn/utilities/ovn-sbctl.c b/ovn/utilities/ovn-sbctl.c index ffa931a..bf09ef7 100644 --- a/ovn/utilities/ovn-sbctl.c +++ b/ovn/utilities/ovn-sbctl.c @@ -862,6 +862,7 @@ pre_connection(struct ctl_context *ctx) ovsdb_idl_add_column(ctx->idl, &sbrec_sb_global_col_connections); ovsdb_idl_add_column(ctx->idl, &sbrec_connection_col_target); ovsdb_idl_add_column(ctx->idl, &sbrec_connection_col_read_only); + ovsdb_idl_add_column(ctx->idl, &sbrec_connection_col_role); } static void @@ -879,8 +880,10 @@ cmd_get_connection(struct ctl_context *ctx) SBREC_CONNECTION_FOR_EACH(conn, ctx->idl) { char *s; - s = xasprintf("%s %s", conn->read_only ? "read-only" : "read-write", - conn->target); + s = xasprintf("%s role=\"%s\" %s", + conn->read_only ? "read-only" : "read-write", + conn->role, + conn->target); svec_add(&targets, s); free(s); } @@ -921,6 +924,7 @@ insert_connections(struct ctl_context *ctx, char *targets[], size_t n) struct sbrec_connection **connections; size_t i, conns=0; bool read_only = false; + char *role = ""; /* Insert each connection in a new row in Connection table. */ connections = xmalloc(n * sizeof *connections); @@ -931,6 +935,9 @@ insert_connections(struct ctl_context *ctx, char *targets[], size_t n) } else if (!strcmp(targets[i], "read-write")) { read_only = false; continue; + } else if (!strncmp(targets[i], "role=", 5)) { + role = targets[i] + 5; + continue; } else if (stream_verify_name(targets[i]) && pstream_verify_name(targets[i])) { VLOG_WARN("target type \"%s\" is possibly erroneous", targets[i]); @@ -939,6 +946,7 @@ insert_connections(struct ctl_context *ctx, char *targets[], size_t n) connections[conns] = sbrec_connection_insert(ctx->txn); sbrec_connection_set_target(connections[conns], targets[i]); sbrec_connection_set_read_only(connections[conns], read_only); + sbrec_connection_set_role(connections[conns], role); conns++; }