summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZuul <zuul@review.openstack.org>2018-11-29 23:11:42 +0000
committerGerrit Code Review <review@openstack.org>2018-11-29 23:11:42 +0000
commit61159cb80b7dc8f4ebfada704f73c63b688fcb59 (patch)
tree23d8851bd09cafa99e1848cf5ab9c7066f3c5800
parent0e82af6c51de3a357976ad364f0d01cdf61aad84 (diff)
parenta65c2b09746fe95d31c102d99c8e7674cddc82be (diff)
Merge "Fix ganesha for 0.0.0.0/0 access"
-rw-r--r--manila/share/drivers/ganesha/__init__.py4
-rw-r--r--manila/share/drivers/ganesha/utils.py13
-rw-r--r--manila/tests/share/drivers/ganesha/test_utils.py20
-rw-r--r--releasenotes/notes/fix-ganesha-allow-access-for-all-ips-09773a79dc76ad44.yaml6
4 files changed, 43 insertions, 0 deletions
diff --git a/manila/share/drivers/ganesha/__init__.py b/manila/share/drivers/ganesha/__init__.py
index 1b35db1..075d72a 100644
--- a/manila/share/drivers/ganesha/__init__.py
+++ b/manila/share/drivers/ganesha/__init__.py
@@ -129,6 +129,9 @@ class GaneshaNASHelper(NASHelperBase):
129 """Allow access to the share.""" 129 """Allow access to the share."""
130 if access['access_type'] != 'ip': 130 if access['access_type'] != 'ip':
131 raise exception.InvalidShareAccess('Only IP access type allowed') 131 raise exception.InvalidShareAccess('Only IP access type allowed')
132
133 access = ganesha_utils.fixup_access_rule(access)
134
132 cf = {} 135 cf = {}
133 accid = access['id'] 136 accid = access['id']
134 name = share['name'] 137 name = share['name']
@@ -240,6 +243,7 @@ class GaneshaNASHelper2(GaneshaNASHelper):
240 243
241 wanted_rw_clients, wanted_ro_clients = [], [] 244 wanted_rw_clients, wanted_ro_clients = [], []
242 for rule in access_rules: 245 for rule in access_rules:
246 rule = ganesha_utils.fixup_access_rule(rule)
243 if rule['access_level'] == 'rw': 247 if rule['access_level'] == 'rw':
244 wanted_rw_clients.append(rule['access_to']) 248 wanted_rw_clients.append(rule['access_to'])
245 elif rule['access_level'] == 'ro': 249 elif rule['access_level'] == 'ro':
diff --git a/manila/share/drivers/ganesha/utils.py b/manila/share/drivers/ganesha/utils.py
index 9f26df8..6208a98 100644
--- a/manila/share/drivers/ganesha/utils.py
+++ b/manila/share/drivers/ganesha/utils.py
@@ -134,3 +134,16 @@ def validate_access_rule(supported_access_types, supported_access_levels,
134 'details': "%(access_level)s"}) 134 'details': "%(access_level)s"})
135 135
136 return valid 136 return valid
137
138
139def fixup_access_rule(access_rule):
140 """Adjust access rule as required for ganesha to handle it properly.
141
142 :param access_rule: Access rules to be validated.
143 :return: access_rule
144 """
145 if access_rule['access_to'] == '0.0.0.0/0':
146 access_rule['access_to'] = '0.0.0.0'
147 LOG.debug("Set access_to field to '0.0.0.0' in ganesha back end.")
148
149 return access_rule
diff --git a/manila/tests/share/drivers/ganesha/test_utils.py b/manila/tests/share/drivers/ganesha/test_utils.py
index 2eacab2..2a28b13 100644
--- a/manila/tests/share/drivers/ganesha/test_utils.py
+++ b/manila/tests/share/drivers/ganesha/test_utils.py
@@ -98,6 +98,26 @@ class GaneshaUtilsTests(test.TestCase):
98 self.assertRaises(trouble, ganesha_utils.validate_access_rule, 98 self.assertRaises(trouble, ganesha_utils.validate_access_rule,
99 ['ip'], ['ro'], fake_access(rule), abort=True) 99 ['ip'], ['ro'], fake_access(rule), abort=True)
100 100
101 @ddt.data({'rule': {'access_type': 'ip',
102 'access_level': 'rw',
103 'access_to': '10.10.10.12'},
104 'result': {'access_type': 'ip',
105 'access_level': 'rw',
106 'access_to': '10.10.10.12'},
107 },
108 {'rule': {'access_type': 'ip',
109 'access_level': 'rw',
110 'access_to': '0.0.0.0/0'},
111 'result': {'access_type': 'ip',
112 'access_level': 'rw',
113 'access_to': '0.0.0.0'},
114 },
115 )
116 @ddt.unpack
117 def test_fixup_access_rules(self, rule, result):
118
119 self.assertEqual(result, ganesha_utils.fixup_access_rule(rule))
120
101 121
102@ddt.ddt 122@ddt.ddt
103class SSHExecutorTestCase(test.TestCase): 123class SSHExecutorTestCase(test.TestCase):
diff --git a/releasenotes/notes/fix-ganesha-allow-access-for-all-ips-09773a79dc76ad44.yaml b/releasenotes/notes/fix-ganesha-allow-access-for-all-ips-09773a79dc76ad44.yaml
new file mode 100644
index 0000000..def23f8
--- /dev/null
+++ b/releasenotes/notes/fix-ganesha-allow-access-for-all-ips-09773a79dc76ad44.yaml
@@ -0,0 +1,6 @@
1---
2fixes:
3 - |
4 Drivers using ganesha can now handle 'manila access-allow
5 <share-id> ip 0.0.0.0/0' as a way to allow access to the share
6 from all IPs.