From patchwork Wed May 31 23:06:11 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Lance Richardson X-Patchwork-Id: 769421 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from mail.linuxfoundation.org (mail.linuxfoundation.org [140.211.169.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3wdR1M0vHZz9s2G for ; Thu, 1 Jun 2017 09:06:31 +1000 (AEST) Received: from mail.linux-foundation.org (localhost [127.0.0.1]) by mail.linuxfoundation.org (Postfix) with ESMTP id A0296C2E; Wed, 31 May 2017 23:06:19 +0000 (UTC) X-Original-To: dev@openvswitch.org Delivered-To: ovs-dev@mail.linuxfoundation.org Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id B3791259 for ; Wed, 31 May 2017 23:06:18 +0000 (UTC) X-Greylist: domain auto-whitelisted by SQLgrey-1.7.6 Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by smtp1.linuxfoundation.org (Postfix) with ESMTPS id 502C515F for ; Wed, 31 May 2017 23:06:18 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id B75033DBF7 for ; Wed, 31 May 2017 23:06:17 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com B75033DBF7 Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx06.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=lrichard@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com B75033DBF7 Received: from thinkcentre.localdomain.com (ovpn-120-178.rdu2.redhat.com [10.10.120.178]) by smtp.corp.redhat.com (Postfix) with ESMTP id E733481407 for ; Wed, 31 May 2017 23:06:16 +0000 (UTC) From: Lance Richardson To: dev@openvswitch.org Date: Wed, 31 May 2017 19:06:11 -0400 Message-Id: <20170531230611.6195-1-lrichard@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Wed, 31 May 2017 23:06:17 +0000 (UTC) X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Subject: [ovs-dev] [PATCH v3 3/3] ovn-sbctl: support setting rbac role for remote connections X-BeenThere: ovs-dev@openvswitch.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org Add support for specifying rbac "role" when setting remote connection configuration in the southbound database. Prior to this change, usage examples included: ovn-sbctl set-connection ptcp:6642 ovn-sbctl set-connection pssl:6642 \ read-only ptcp:7777 \ read-write punix:/tmp.foo With this change, in addition to the above: ovn-sbctl set-connection role=ovn-controller pssl:6642 \ read-only role= ptcp:7777 \ read-write punix:/tmp/foo As with the "read-only"/"read-write" attributes, the specified role is applied to all subsequent connections until changed. Signed-off-by: Lance Richardson --- v3: No changes. v2: No changes. ovn/utilities/ovn-sbctl.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/ovn/utilities/ovn-sbctl.c b/ovn/utilities/ovn-sbctl.c index 4a88423..4301971 100644 --- a/ovn/utilities/ovn-sbctl.c +++ b/ovn/utilities/ovn-sbctl.c @@ -943,6 +943,7 @@ pre_connection(struct ctl_context *ctx) ovsdb_idl_add_column(ctx->idl, &sbrec_sb_global_col_connections); ovsdb_idl_add_column(ctx->idl, &sbrec_connection_col_target); ovsdb_idl_add_column(ctx->idl, &sbrec_connection_col_read_only); + ovsdb_idl_add_column(ctx->idl, &sbrec_connection_col_role); } static void @@ -960,8 +961,10 @@ cmd_get_connection(struct ctl_context *ctx) SBREC_CONNECTION_FOR_EACH(conn, ctx->idl) { char *s; - s = xasprintf("%s %s", conn->read_only ? "read-only" : "read-write", - conn->target); + s = xasprintf("%s role=\"%s\" %s", + conn->read_only ? "read-only" : "read-write", + conn->role, + conn->target); svec_add(&targets, s); free(s); } @@ -1002,6 +1005,7 @@ insert_connections(struct ctl_context *ctx, char *targets[], size_t n) struct sbrec_connection **connections; size_t i, conns=0; bool read_only = false; + char *role = ""; /* Insert each connection in a new row in Connection table. */ connections = xmalloc(n * sizeof *connections); @@ -1012,6 +1016,9 @@ insert_connections(struct ctl_context *ctx, char *targets[], size_t n) } else if (!strcmp(targets[i], "read-write")) { read_only = false; continue; + } else if (!strncmp(targets[i], "role=", 5)) { + role = targets[i] + 5; + continue; } else if (stream_verify_name(targets[i]) && pstream_verify_name(targets[i])) { VLOG_WARN("target type \"%s\" is possibly erroneous", targets[i]); @@ -1020,6 +1027,7 @@ insert_connections(struct ctl_context *ctx, char *targets[], size_t n) connections[conns] = sbrec_connection_insert(ctx->txn); sbrec_connection_set_target(connections[conns], targets[i]); sbrec_connection_set_read_only(connections[conns], read_only); + sbrec_connection_set_role(connections[conns], role); conns++; }