NetApp cDOT: Fix security style for CIFS shares

If the backing FlexVol security style is configured
incorrectly, end users cannot write to their manila
shares.

Change-Id: I12c85c54c7318592ac0b34efe3624d175d2e6976
Closes-Bug: #1696000
(cherry picked from commit 5e8df296ab)
(cherry picked from commit 48b5c91ad7)
This commit is contained in:
Goutham Pacha Ravi 2017-07-11 11:03:45 -07:00
parent 6b14188ac6
commit 0aecd7d994
5 changed files with 83 additions and 0 deletions

View File

@ -1383,6 +1383,36 @@ class NetAppCmodeClient(client_base.NetAppBaseClient):
errors[0].get_child_content('error-code'),
errors[0].get_child_content('error-message'))
@na_utils.trace
def set_volume_security_style(self, volume_name, security_style='unix'):
"""Set volume security style"""
api_args = {
'query': {
'volume-attributes': {
'volume-id-attributes': {
'name': volume_name,
},
},
},
'attributes': {
'volume-attributes': {
'volume-security-attributes': {
'style': security_style,
},
},
},
}
result = self.send_request('volume-modify-iter', api_args)
failures = result.get_child_content('num-failed')
if failures and int(failures) > 0:
failure_list = result.get_child_by_name(
'failure-list') or netapp_api.NaElement('none')
errors = failure_list.get_children()
if errors:
raise netapp_api.NaApiError(
errors[0].get_child_content('error-code'),
errors[0].get_child_content('error-message'))
@na_utils.trace
def set_volume_name(self, volume_name, new_volume_name):
"""Set flexvol name."""

View File

@ -33,6 +33,10 @@ class NetAppCmodeCIFSHelper(base.NetAppBaseHelper):
self._client.create_cifs_share(share_name)
self._client.remove_cifs_share_access(share_name, 'Everyone')
# Ensure 'ntfs' security style
self._client.set_volume_security_style(share_name,
security_style='ntfs')
# Return a callback that may be used for generating export paths
# for this share.
return (lambda export_address, share_name=share_name:

View File

@ -2597,6 +2597,49 @@ class NetAppClientCmodeTestCase(test.TestCase):
fake.SHARE_NAME,
10)
@ddt.data(None, 'ntfs')
def test_set_volume_security_style(self, security_style):
api_response = netapp_api.NaElement(fake.VOLUME_MODIFY_ITER_RESPONSE)
self.mock_object(self.client,
'send_request',
mock.Mock(return_value=api_response))
kwargs = {'security_style': security_style} if security_style else {}
self.client.set_volume_security_style(fake.SHARE_NAME, **kwargs)
volume_modify_iter_args = {
'query': {
'volume-attributes': {
'volume-id-attributes': {
'name': fake.SHARE_NAME
}
}
},
'attributes': {
'volume-attributes': {
'volume-security-attributes': {
'style': security_style or 'unix',
},
},
},
}
self.client.send_request.assert_called_once_with(
'volume-modify-iter', volume_modify_iter_args)
def test_set_volume_security_style_api_error(self):
api_response = netapp_api.NaElement(
fake.VOLUME_MODIFY_ITER_ERROR_RESPONSE)
self.mock_object(self.client,
'send_request',
mock.Mock(return_value=api_response))
self.assertRaises(netapp_api.NaApiError,
self.client.set_volume_security_style,
fake.SHARE_NAME,
'ntfs')
def test_volume_exists(self):
api_response = netapp_api.NaElement(fake.VOLUME_GET_NAME_RESPONSE)

View File

@ -55,6 +55,8 @@ class NetAppClusteredCIFSHelperTestCase(test.TestCase):
fake.SHARE_NAME)
self.mock_client.remove_cifs_share_access.assert_called_once_with(
fake.SHARE_NAME, 'Everyone')
self.mock_client.set_volume_security_style.assert_called_once_with(
fake.SHARE_NAME, security_style='ntfs')
def test_delete_share(self):

View File

@ -0,0 +1,4 @@
---
fixes:
- The NetApp ONTAP driver has been fixed to ensure the "security style" on
CIFS shares is always "ntfs".