mon/MonClient: handle ms_handle_fast_authentication return

[batrick]

Fixes: https://tracker.ceph.com/issues/62382

Contribution Guidelines

• To sign and title your commits, please refer to Submitting Patches to Ceph.

• If you are submitting a fix for a stable branch (e.g. "pacific"), please refer to Submitting Patches to Ceph - Backports for the proper workflow.

Checklist

• Tracker (select at least one)
  • References tracker ticket
  • Very recent bug; references commit where it was introduced
  • New feature (ticket optional)
  • Doc update (no ticket needed)
  • Code cleanup (no ticket needed)
• Component impact
  • Affects Dashboard, opened tracker ticket
  • Affects Orchestrator, opened tracker ticket
  • No impact that needs to be tracked
• Documentation (select at least one)
  • Updates relevant documentation
  • No doc update is appropriate
• Tests (select at least one)
  • Includes unit test(s)
  • Includes integration test(s)
  • Includes bug reproducer
  • No tests

Show available Jenkins commands

• jenkins retest this please
• jenkins test classic perf
• jenkins test crimson perf
• jenkins test signed
• jenkins test make check
• jenkins test make check arm64
• jenkins test submodules
• jenkins test dashboard
• jenkins test dashboard cephadm
• jenkins test api
• jenkins test docs
• jenkins render docs
• jenkins test ceph-volume all
• jenkins test ceph-volume tox
• jenkins test windows

[github-actions]

This pull request can no longer be automatically merged: a rebase is needed and changes have to be manually resolved

[rzarzynski]

@batrick: #52292 is merged.

[batrick]

I think to test this would require having caps which parse correctly for the mon's AuthMonitor but are too new to parse for an older OSD/mgr/mds. Would you agree @idryomov @rzarzynski ?

[idryomov]

I think to test this would require having caps which parse correctly for the mon's AuthMonitor but are too new to parse for an older OSD/mgr/mds.

Most likely, given that the only thing these handlers do is parse the caps string.

[batrick]

I think to test this would require having caps which parse correctly for the mon's AuthMonitor but are too new to parse for an older OSD/mgr/mds.

Most likely, given that the only thing these handlers do is parse the caps string.

Okay, I'll have to think of an easy way to test this. Alternatively we can just skip tests as risk is low, IMO.

[batrick]

@idryomov actually this should probably be true, yes? Otherwise every dispatcher that does not implement this method will fail here. I'll make this change.

[idryomov]

I think it's dangerous to provide a default "yup, authenticated" implementation. I would rather make this a pure virtual.

[batrick]

So turning this into a pure virtual broke the build and required every dispatcher to be modified, even in places where it makes no sense, e.g. MonClient. I decided it's better to leave it as a regular virtual method which returns true.

[batrick]

I think to test this would require having caps which parse correctly for the mon's AuthMonitor but are too new to parse for an older OSD/mgr/mds.

Most likely, given that the only thing these handlers do is parse the caps string.

Given how brittle the test would be, I think we'll just take this as-is. Please review at your convenience @idryomov .

[idryomov]

I see two ms_handle_fast_authentication() calls in Monitor::handle_auth_request() where the return value is not checked. Is that intentional?

[idryomov]

I think it's dangerous to provide a default "yup, authenticated" implementation. I would rather make this a pure virtual.

[idryomov]

Given how brittle the test would be, I think we'll just take this as-is.

This is up to @rzarzynski.

[batrick]

I see two ms_handle_fast_authentication() calls in Monitor::handle_auth_request() where the return value is not checked. Is that intentional?

Taking a look at this now. Done.

[rzarzynski]

ACK.

[rzarzynski]

ACK.

[rzarzynski]

ACK.

[rzarzynski]

ACK.

[rzarzynski]

This handles the original ret eq 0 case (neither allow_all nor caps_info.caps.length() > 0). This blurs the information with EACCESS but I think it's fine.

[rzarzynski]

ACK.

[rzarzynski]

ACK.

[rzarzynski]

ACK.

[rzarzynski]

ACK.

[rzarzynski]

Any reason for not going pure virtual?

[batrick]

Dispatchers that don't handle authentication would need to have the method which seemed unnecessarily obtrusive.

[rzarzynski]

I share the @idryomov's concern.

How about introducing an intermediary stage (with the default implementation) in the inheritance hierarchy to address those auth-uninterested dispatchers explicitly?

$ grep -r ms_handle_fast_authentication ./
./mon/MonClient.cc:      handle_authentication_dispatcher->ms_handle_fast_authentication(con);
./mon/MonClient.cc:    handle_authentication_dispatcher->ms_handle_fast_authentication(con);
./mon/Monitor.h:  int ms_handle_fast_authentication(Connection *con) override;
./mon/AuthMonitor.cc:	  mon.ms_handle_fast_authentication(s->con.get()) > 0) {
./mon/Monitor.cc:      ms_handle_fast_authentication(con);
./mon/Monitor.cc:    ms_handle_fast_authentication(con);
./mon/Monitor.cc:int Monitor::ms_handle_fast_authentication(Connection *con)
./msg/Dispatcher.h:  virtual int ms_handle_fast_authentication(Connection *con) {
./mds/MDSDaemon.h:  int ms_handle_fast_authentication(Connection *con) override;
./mds/MDSDaemon.cc:int MDSDaemon::ms_handle_fast_authentication(Connection *con)
./mgr/DaemonServer.h:  int ms_handle_fast_authentication(Connection *con) override;
./mgr/DaemonServer.cc:int DaemonServer::ms_handle_fast_authentication(Connection *con)
./osd/OSD.h:    int ms_handle_fast_authentication(Connection *con) override {
./osd/OSD.h:  int ms_handle_fast_authentication(Connection *con) override;
./osd/OSD.cc:int OSD::ms_handle_fast_authentication(Connection *con)
./test/fio/fio_ceph_messenger.cc:  int ms_handle_fast_authentication(Connection *con) override {
./test/msgr/perf_msgr_client.cc:    int ms_handle_fast_authentication(Connection *con) override {
./test/msgr/test_msgr.cc:  int ms_handle_fast_authentication(Connection *con) override {
./test/msgr/test_msgr.cc:  int ms_handle_fast_authentication(Connection *con) override {
./test/msgr/test_msgr.cc:  int ms_handle_fast_authentication(Connection *con) override {
./test/msgr/perf_msgr_server.cc:  int ms_handle_fast_authentication(Connection *con) override {

$ grep -r public\ Dispatcher ./
./mon/Monitor.h:class Monitor : public Dispatcher,
./mon/MonClient.h:struct MonClientPinger : public Dispatcher,
./mon/MonClient.h:class MonClient : public Dispatcher,
./neorados/RADOSImpl.h:class RADOS : public Dispatcher
./tools/cephfs_mirror/ClusterWatcher.h:class ClusterWatcher : public Dispatcher {
./tools/cephfs/MDSUtility.h:class MDSUtility : public Dispatcher {
./librados/RadosClient.h:class librados::RadosClient : public Dispatcher,
./librbd/io/ImageDispatcher.h:class ImageDispatcher : public Dispatcher<ImageCtxT, ImageDispatcherInterface> {
./librbd/io/ObjectDispatcherInterface.h:  : public DispatcherInterface<ObjectDispatchInterface> {
./librbd/io/ObjectDispatcher.h:  : public Dispatcher<ImageCtxT, ObjectDispatcherInterface> {
./librbd/io/ImageDispatcherInterface.h:  : public DispatcherInterface<ImageDispatchInterface> {
./osdc/Objecter.h:class Objecter : public md_config_obs_t, public Dispatcher {
./mds/MDSDaemon.h:class MDSDaemon : public Dispatcher {
./mds/Beacon.h:class Beacon : public Dispatcher
./mds/MetricsHandler.h:class MetricsHandler : public Dispatcher {
./mds/MetricAggregator.h:class MetricAggregator : public Dispatcher {
./mgr/MgrStandby.h:class MgrStandby : public Dispatcher,
./mgr/DaemonServer.h:class DaemonServer : public Dispatcher, public md_config_obs_t
./mgr/MgrClient.h:class MgrClient : public Dispatcher
./osd/OSD.h:class OSD : public Dispatcher,
./osd/OSD.h:  struct HeartbeatDispatcher : public Dispatcher {
./test/crimson/test_messenger.cc:class FailoverSuite : public Dispatcher {
./test/crimson/test_messenger.cc:class FailoverTest : public Dispatcher {
./test/crimson/test_messenger.cc:class FailoverSuitePeer : public Dispatcher {
./test/crimson/test_messenger.cc:class FailoverTestPeer : public Dispatcher {
./test/crimson/test_messenger_peer.cc:class FailoverSuitePeer : public Dispatcher {
./test/crimson/test_messenger_peer.cc:class FailoverTestPeer : public Dispatcher {
./test/fio/fio_ceph_messenger.cc:class FioDispatcher : public Dispatcher {
./test/mon/test_mon_workloadgen.cc:class TestStub : public Dispatcher
./test/mon/test-mon-msg.cc:class MonClientHelper : public Dispatcher
./test/direct_messenger/test_direct_messenger.cc:class MockDispatcher : public Dispatcher {
./test/testmsgr.cc:class Admin : public Dispatcher {
./test/msgr/perf_msgr_client.cc:  class ClientDispatcher : public Dispatcher {
./test/msgr/test_msgr.cc:class FakeDispatcher : public Dispatcher {
./test/msgr/test_msgr.cc:class SyntheticDispatcher : public Dispatcher {
./test/msgr/test_msgr.cc:class MarkdownDispatcher : public Dispatcher {
./test/msgr/perf_msgr_server.cc:class ServerDispatcher : public Dispatcher {
./client/Client.h:class Client : public Dispatcher, public md_config_obs_t {

For many of them the burden could as low as running sed.

[batrick]

I think my concern in

#52939 (comment)

was not actually an issue. So I've changed the default return to false. That should render this conversation moot.

[batrick]

trivial rebase

[batrick]

jenkins test windows

[batrick]

This PR is under test in https://tracker.ceph.com/issues/66433.

[batrick]

This PR is under test in https://tracker.ceph.com/issues/66462.

[batrick]

This PR is under test in https://tracker.ceph.com/issues/66609.

[batrick]

@idryomov @rzarzynski this is ready for merge; just blocked on your review please.

[batrick]

jenkins test make check arm64

[batrick]

jenkins test make check

[batrick]

jenkins test make check

[batrick]

jenkins test make check arm64

[batrick]

jenkins test api

[batrick]

jenkins test make check arm64

[batrick]

This PR is under test in https://tracker.ceph.com/issues/66822.

[batrick]

jenkins test make check arm64

[batrick]

jenkins test make check arm64

[batrick]

This PR is under test in https://tracker.ceph.com/issues/67214.