summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGoutham Pacha Ravi <gouthampravi@gmail.com>2017-07-11 11:03:45 -0700
committerGoutham Pacha Ravi <gouthampravi@gmail.com>2018-08-01 04:55:25 +0000
commit0aecd7d9943ae435dcb9b95f74292d5debea7ae5 (patch)
tree7a4739b079fba8e15e0ec0877d884210c69a3500
parent6b14188ac6e2bd8d9f9084f3ef0463a62ed96af1 (diff)
NetApp cDOT: Fix security style for CIFS shares
If the backing FlexVol security style is configured incorrectly, end users cannot write to their manila shares. Change-Id: I12c85c54c7318592ac0b34efe3624d175d2e6976 Closes-Bug: #1696000 (cherry picked from commit 5e8df296abcc2f08aac085b09aeae202508d5dc7) (cherry picked from commit 48b5c91ad73e74a8e35b3649b0433ba86d6bdf06)
Notes
Notes (review): Code-Review+2: Tom Barron <tpb@dyncloud.net> Workflow+1: Tom Barron <tpb@dyncloud.net> Verified+2: Zuul Submitted-by: Zuul Submitted-at: Thu, 02 Aug 2018 12:01:12 +0000 Reviewed-on: https://review.openstack.org/587686 Project: openstack/manila Branch: refs/heads/driverfixes/newton
-rw-r--r--manila/share/drivers/netapp/dataontap/client/client_cmode.py30
-rw-r--r--manila/share/drivers/netapp/dataontap/protocols/cifs_cmode.py4
-rw-r--r--manila/tests/share/drivers/netapp/dataontap/client/test_client_cmode.py43
-rw-r--r--manila/tests/share/drivers/netapp/dataontap/protocols/test_cifs_cmode.py2
-rw-r--r--releasenotes/notes/bug-1696000-netapp-fix-security-style-on-cifs-shares-cbdd557a27d11961.yaml4
5 files changed, 83 insertions, 0 deletions
diff --git a/manila/share/drivers/netapp/dataontap/client/client_cmode.py b/manila/share/drivers/netapp/dataontap/client/client_cmode.py
index f92227c..8ba456f 100644
--- a/manila/share/drivers/netapp/dataontap/client/client_cmode.py
+++ b/manila/share/drivers/netapp/dataontap/client/client_cmode.py
@@ -1384,6 +1384,36 @@ class NetAppCmodeClient(client_base.NetAppBaseClient):
1384 errors[0].get_child_content('error-message')) 1384 errors[0].get_child_content('error-message'))
1385 1385
1386 @na_utils.trace 1386 @na_utils.trace
1387 def set_volume_security_style(self, volume_name, security_style='unix'):
1388 """Set volume security style"""
1389 api_args = {
1390 'query': {
1391 'volume-attributes': {
1392 'volume-id-attributes': {
1393 'name': volume_name,
1394 },
1395 },
1396 },
1397 'attributes': {
1398 'volume-attributes': {
1399 'volume-security-attributes': {
1400 'style': security_style,
1401 },
1402 },
1403 },
1404 }
1405 result = self.send_request('volume-modify-iter', api_args)
1406 failures = result.get_child_content('num-failed')
1407 if failures and int(failures) > 0:
1408 failure_list = result.get_child_by_name(
1409 'failure-list') or netapp_api.NaElement('none')
1410 errors = failure_list.get_children()
1411 if errors:
1412 raise netapp_api.NaApiError(
1413 errors[0].get_child_content('error-code'),
1414 errors[0].get_child_content('error-message'))
1415
1416 @na_utils.trace
1387 def set_volume_name(self, volume_name, new_volume_name): 1417 def set_volume_name(self, volume_name, new_volume_name):
1388 """Set flexvol name.""" 1418 """Set flexvol name."""
1389 api_args = { 1419 api_args = {
diff --git a/manila/share/drivers/netapp/dataontap/protocols/cifs_cmode.py b/manila/share/drivers/netapp/dataontap/protocols/cifs_cmode.py
index 7ce58ae..95cfbdf 100644
--- a/manila/share/drivers/netapp/dataontap/protocols/cifs_cmode.py
+++ b/manila/share/drivers/netapp/dataontap/protocols/cifs_cmode.py
@@ -33,6 +33,10 @@ class NetAppCmodeCIFSHelper(base.NetAppBaseHelper):
33 self._client.create_cifs_share(share_name) 33 self._client.create_cifs_share(share_name)
34 self._client.remove_cifs_share_access(share_name, 'Everyone') 34 self._client.remove_cifs_share_access(share_name, 'Everyone')
35 35
36 # Ensure 'ntfs' security style
37 self._client.set_volume_security_style(share_name,
38 security_style='ntfs')
39
36 # Return a callback that may be used for generating export paths 40 # Return a callback that may be used for generating export paths
37 # for this share. 41 # for this share.
38 return (lambda export_address, share_name=share_name: 42 return (lambda export_address, share_name=share_name:
diff --git a/manila/tests/share/drivers/netapp/dataontap/client/test_client_cmode.py b/manila/tests/share/drivers/netapp/dataontap/client/test_client_cmode.py
index d370bb5..206bd83 100644
--- a/manila/tests/share/drivers/netapp/dataontap/client/test_client_cmode.py
+++ b/manila/tests/share/drivers/netapp/dataontap/client/test_client_cmode.py
@@ -2597,6 +2597,49 @@ class NetAppClientCmodeTestCase(test.TestCase):
2597 fake.SHARE_NAME, 2597 fake.SHARE_NAME,
2598 10) 2598 10)
2599 2599
2600 @ddt.data(None, 'ntfs')
2601 def test_set_volume_security_style(self, security_style):
2602
2603 api_response = netapp_api.NaElement(fake.VOLUME_MODIFY_ITER_RESPONSE)
2604 self.mock_object(self.client,
2605 'send_request',
2606 mock.Mock(return_value=api_response))
2607 kwargs = {'security_style': security_style} if security_style else {}
2608
2609 self.client.set_volume_security_style(fake.SHARE_NAME, **kwargs)
2610
2611 volume_modify_iter_args = {
2612 'query': {
2613 'volume-attributes': {
2614 'volume-id-attributes': {
2615 'name': fake.SHARE_NAME
2616 }
2617 }
2618 },
2619 'attributes': {
2620 'volume-attributes': {
2621 'volume-security-attributes': {
2622 'style': security_style or 'unix',
2623 },
2624 },
2625 },
2626 }
2627 self.client.send_request.assert_called_once_with(
2628 'volume-modify-iter', volume_modify_iter_args)
2629
2630 def test_set_volume_security_style_api_error(self):
2631
2632 api_response = netapp_api.NaElement(
2633 fake.VOLUME_MODIFY_ITER_ERROR_RESPONSE)
2634 self.mock_object(self.client,
2635 'send_request',
2636 mock.Mock(return_value=api_response))
2637
2638 self.assertRaises(netapp_api.NaApiError,
2639 self.client.set_volume_security_style,
2640 fake.SHARE_NAME,
2641 'ntfs')
2642
2600 def test_volume_exists(self): 2643 def test_volume_exists(self):
2601 2644
2602 api_response = netapp_api.NaElement(fake.VOLUME_GET_NAME_RESPONSE) 2645 api_response = netapp_api.NaElement(fake.VOLUME_GET_NAME_RESPONSE)
diff --git a/manila/tests/share/drivers/netapp/dataontap/protocols/test_cifs_cmode.py b/manila/tests/share/drivers/netapp/dataontap/protocols/test_cifs_cmode.py
index 143ba01..ef18c4d 100644
--- a/manila/tests/share/drivers/netapp/dataontap/protocols/test_cifs_cmode.py
+++ b/manila/tests/share/drivers/netapp/dataontap/protocols/test_cifs_cmode.py
@@ -55,6 +55,8 @@ class NetAppClusteredCIFSHelperTestCase(test.TestCase):
55 fake.SHARE_NAME) 55 fake.SHARE_NAME)
56 self.mock_client.remove_cifs_share_access.assert_called_once_with( 56 self.mock_client.remove_cifs_share_access.assert_called_once_with(
57 fake.SHARE_NAME, 'Everyone') 57 fake.SHARE_NAME, 'Everyone')
58 self.mock_client.set_volume_security_style.assert_called_once_with(
59 fake.SHARE_NAME, security_style='ntfs')
58 60
59 def test_delete_share(self): 61 def test_delete_share(self):
60 62
diff --git a/releasenotes/notes/bug-1696000-netapp-fix-security-style-on-cifs-shares-cbdd557a27d11961.yaml b/releasenotes/notes/bug-1696000-netapp-fix-security-style-on-cifs-shares-cbdd557a27d11961.yaml
new file mode 100644
index 0000000..351016a
--- /dev/null
+++ b/releasenotes/notes/bug-1696000-netapp-fix-security-style-on-cifs-shares-cbdd557a27d11961.yaml
@@ -0,0 +1,4 @@
1---
2fixes:
3 - The NetApp ONTAP driver has been fixed to ensure the "security style" on
4 CIFS shares is always "ntfs".