summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGoutham Pacha Ravi <gouthampravi@gmail.com>2017-07-11 11:03:45 -0700
committerGoutham Pacha Ravi <gouthampravi@gmail.com>2017-08-09 23:34:19 +0000
commit48b5c91ad73e74a8e35b3649b0433ba86d6bdf06 (patch)
tree4f6de27c71d6bb48303f368fc11432874336cadb
parent171636c778fcbfbd2aba645f080e3f7678c06dc4 (diff)
NetApp cDOT: Fix security style for CIFS shares4.0.1driverfixes/ocata
If the backing FlexVol security style is configured incorrectly, end users cannot write to their manila shares. Change-Id: I12c85c54c7318592ac0b34efe3624d175d2e6976 Closes-Bug: #1696000 (cherry picked from commit 5e8df296abcc2f08aac085b09aeae202508d5dc7)
Notes
Notes (review): Code-Review+2: Tom Barron <tpb@dyncloud.net> Code-Review+2: xing-yang <xing.yang@emc.com> Workflow+1: xing-yang <xing.yang@emc.com> Verified+2: Jenkins Submitted-by: Jenkins Submitted-at: Fri, 18 Aug 2017 04:15:39 +0000 Reviewed-on: https://review.openstack.org/492323 Project: openstack/manila Branch: refs/heads/stable/ocata
-rw-r--r--manila/share/drivers/netapp/dataontap/client/client_cmode.py30
-rw-r--r--manila/share/drivers/netapp/dataontap/protocols/cifs_cmode.py4
-rw-r--r--manila/tests/share/drivers/netapp/dataontap/client/test_client_cmode.py43
-rw-r--r--manila/tests/share/drivers/netapp/dataontap/protocols/test_cifs_cmode.py2
-rw-r--r--releasenotes/notes/bug-1696000-netapp-fix-security-style-on-cifs-shares-cbdd557a27d11961.yaml4
5 files changed, 83 insertions, 0 deletions
diff --git a/manila/share/drivers/netapp/dataontap/client/client_cmode.py b/manila/share/drivers/netapp/dataontap/client/client_cmode.py
index 6414e27..60b7eb3 100644
--- a/manila/share/drivers/netapp/dataontap/client/client_cmode.py
+++ b/manila/share/drivers/netapp/dataontap/client/client_cmode.py
@@ -1564,6 +1564,36 @@ class NetAppCmodeClient(client_base.NetAppBaseClient):
1564 errors[0].get_child_content('error-message')) 1564 errors[0].get_child_content('error-message'))
1565 1565
1566 @na_utils.trace 1566 @na_utils.trace
1567 def set_volume_security_style(self, volume_name, security_style='unix'):
1568 """Set volume security style"""
1569 api_args = {
1570 'query': {
1571 'volume-attributes': {
1572 'volume-id-attributes': {
1573 'name': volume_name,
1574 },
1575 },
1576 },
1577 'attributes': {
1578 'volume-attributes': {
1579 'volume-security-attributes': {
1580 'style': security_style,
1581 },
1582 },
1583 },
1584 }
1585 result = self.send_request('volume-modify-iter', api_args)
1586 failures = result.get_child_content('num-failed')
1587 if failures and int(failures) > 0:
1588 failure_list = result.get_child_by_name(
1589 'failure-list') or netapp_api.NaElement('none')
1590 errors = failure_list.get_children()
1591 if errors:
1592 raise netapp_api.NaApiError(
1593 errors[0].get_child_content('error-code'),
1594 errors[0].get_child_content('error-message'))
1595
1596 @na_utils.trace
1567 def set_volume_name(self, volume_name, new_volume_name): 1597 def set_volume_name(self, volume_name, new_volume_name):
1568 """Set flexvol name.""" 1598 """Set flexvol name."""
1569 api_args = { 1599 api_args = {
diff --git a/manila/share/drivers/netapp/dataontap/protocols/cifs_cmode.py b/manila/share/drivers/netapp/dataontap/protocols/cifs_cmode.py
index 244ba3b..40beca0 100644
--- a/manila/share/drivers/netapp/dataontap/protocols/cifs_cmode.py
+++ b/manila/share/drivers/netapp/dataontap/protocols/cifs_cmode.py
@@ -35,6 +35,10 @@ class NetAppCmodeCIFSHelper(base.NetAppBaseHelper):
35 if clear_current_export_policy: 35 if clear_current_export_policy:
36 self._client.remove_cifs_share_access(share_name, 'Everyone') 36 self._client.remove_cifs_share_access(share_name, 'Everyone')
37 37
38 # Ensure 'ntfs' security style
39 self._client.set_volume_security_style(share_name,
40 security_style='ntfs')
41
38 # Return a callback that may be used for generating export paths 42 # Return a callback that may be used for generating export paths
39 # for this share. 43 # for this share.
40 return (lambda export_address, share_name=share_name: 44 return (lambda export_address, share_name=share_name:
diff --git a/manila/tests/share/drivers/netapp/dataontap/client/test_client_cmode.py b/manila/tests/share/drivers/netapp/dataontap/client/test_client_cmode.py
index b54d757..4197502 100644
--- a/manila/tests/share/drivers/netapp/dataontap/client/test_client_cmode.py
+++ b/manila/tests/share/drivers/netapp/dataontap/client/test_client_cmode.py
@@ -2821,6 +2821,49 @@ class NetAppClientCmodeTestCase(test.TestCase):
2821 fake.SHARE_NAME, 2821 fake.SHARE_NAME,
2822 10) 2822 10)
2823 2823
2824 @ddt.data(None, 'ntfs')
2825 def test_set_volume_security_style(self, security_style):
2826
2827 api_response = netapp_api.NaElement(fake.VOLUME_MODIFY_ITER_RESPONSE)
2828 self.mock_object(self.client,
2829 'send_request',
2830 mock.Mock(return_value=api_response))
2831 kwargs = {'security_style': security_style} if security_style else {}
2832
2833 self.client.set_volume_security_style(fake.SHARE_NAME, **kwargs)
2834
2835 volume_modify_iter_args = {
2836 'query': {
2837 'volume-attributes': {
2838 'volume-id-attributes': {
2839 'name': fake.SHARE_NAME
2840 }
2841 }
2842 },
2843 'attributes': {
2844 'volume-attributes': {
2845 'volume-security-attributes': {
2846 'style': security_style or 'unix',
2847 },
2848 },
2849 },
2850 }
2851 self.client.send_request.assert_called_once_with(
2852 'volume-modify-iter', volume_modify_iter_args)
2853
2854 def test_set_volume_security_style_api_error(self):
2855
2856 api_response = netapp_api.NaElement(
2857 fake.VOLUME_MODIFY_ITER_ERROR_RESPONSE)
2858 self.mock_object(self.client,
2859 'send_request',
2860 mock.Mock(return_value=api_response))
2861
2862 self.assertRaises(netapp_api.NaApiError,
2863 self.client.set_volume_security_style,
2864 fake.SHARE_NAME,
2865 'ntfs')
2866
2824 def test_volume_exists(self): 2867 def test_volume_exists(self):
2825 2868
2826 api_response = netapp_api.NaElement(fake.VOLUME_GET_NAME_RESPONSE) 2869 api_response = netapp_api.NaElement(fake.VOLUME_GET_NAME_RESPONSE)
diff --git a/manila/tests/share/drivers/netapp/dataontap/protocols/test_cifs_cmode.py b/manila/tests/share/drivers/netapp/dataontap/protocols/test_cifs_cmode.py
index 143ba01..ef18c4d 100644
--- a/manila/tests/share/drivers/netapp/dataontap/protocols/test_cifs_cmode.py
+++ b/manila/tests/share/drivers/netapp/dataontap/protocols/test_cifs_cmode.py
@@ -55,6 +55,8 @@ class NetAppClusteredCIFSHelperTestCase(test.TestCase):
55 fake.SHARE_NAME) 55 fake.SHARE_NAME)
56 self.mock_client.remove_cifs_share_access.assert_called_once_with( 56 self.mock_client.remove_cifs_share_access.assert_called_once_with(
57 fake.SHARE_NAME, 'Everyone') 57 fake.SHARE_NAME, 'Everyone')
58 self.mock_client.set_volume_security_style.assert_called_once_with(
59 fake.SHARE_NAME, security_style='ntfs')
58 60
59 def test_delete_share(self): 61 def test_delete_share(self):
60 62
diff --git a/releasenotes/notes/bug-1696000-netapp-fix-security-style-on-cifs-shares-cbdd557a27d11961.yaml b/releasenotes/notes/bug-1696000-netapp-fix-security-style-on-cifs-shares-cbdd557a27d11961.yaml
new file mode 100644
index 0000000..351016a
--- /dev/null
+++ b/releasenotes/notes/bug-1696000-netapp-fix-security-style-on-cifs-shares-cbdd557a27d11961.yaml
@@ -0,0 +1,4 @@
1---
2fixes:
3 - The NetApp ONTAP driver has been fixed to ensure the "security style" on
4 CIFS shares is always "ntfs".