openstack
/
manila
Code Issues Proposed changes

Fix generic and LVM driver access rules for CIDRs 

Linux 'exportfs' utility does not provide access when short forms of
CIDRs are used, as following:

1.2.3.0/24

It provides access only using long forms as following:

1.2.3.0/255.255.255.0

So, parse short forms into long ones in NFSHelper to
fix NFS exporting.

Change-Id: Ib9432d8123c6be395d3c7bdda347ae676431802c
Closes-Bug: #1552526
This commit is contained in:
Thomas Bechtold 2016-03-17 17:24:39 +01:00
parent 392680f122
commit 7bf936b901
2 changed files with 27 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
manila/share/drivers/helpers.py
View File

@ -157,6 +157,12 @@ class NFSHelper(NASHelperBase):
def remove_export(self, server, share_name):
"""Remove export."""
def _get_parsed_access_to(self, access_to):
netmask = utils.cidr_to_netmask(access_to)
if netmask == '255.255.255.255':
return access_to.split('/')[0]
return access_to.split('/')[0] + '/' + netmask
@nfs_synchronized
def update_access(self, server, share_name, access_rules, add_rules,
delete_rules):
@ -187,7 +193,8 @@ class NFSHelper(NASHelperBase):
server,
['sudo', 'exportfs', '-o',
rules_options % access['access_level'],
':'.join((access['access_to'], local_path))])
':'.join((self._get_parsed_access_to(access['access_to']),
local_path))])
self._sync_nfs_temp_and_perm_files(server)
# Adding/Deleting specific rules
else:
@ -197,6 +204,8 @@ class NFSHelper(NASHelperBase):
(const.ACCESS_LEVEL_RO, const.ACCESS_LEVEL_RW))
for access in delete_rules:
access['access_to'] = self._get_parsed_access_to(
access['access_to'])
try:
self.validate_access_rules(
[access], ('ip',),
@ -215,16 +224,16 @@ class NFSHelper(NASHelperBase):
if delete_rules:
self._sync_nfs_temp_and_perm_files(server)
for access in add_rules:
access_to, access_type = (access['access_to'],
access['access_type'])
access['access_to'] = self._get_parsed_access_to(
access['access_to'])
found_item = re.search(
re.escape(local_path) + '[\s\n]*' + re.escape(access_to),
out)
re.escape(local_path) + '[\s\n]*' + re.escape(
access['access_to']), out)
if found_item is not None:
LOG.warning(_LW("Access rule %(type)s:%(to)s already "
"exists for share %(name)s") % {
'to': access_to,
'type': access_type,
'to': access['access_to'],
'type': access['access_type'],
'name': share_name
})
else:

13
manila/tests/share/drivers/test_helpers.py
View File

@ -104,10 +104,12 @@ class NFSHelperTestCase(test.TestCase):
test_generic.get_fake_access_rule('2.2.2.3', access_level)]
add_rules = [
test_generic.get_fake_access_rule('2.2.2.2', access_level),
test_generic.get_fake_access_rule('2.2.2.3', access_level)]
test_generic.get_fake_access_rule('2.2.2.3', access_level),
test_generic.get_fake_access_rule('5.5.5.5/24', access_level)]
delete_rules = [
test_generic.get_fake_access_rule('3.3.3.3', access_level),
test_generic.get_fake_access_rule('4.4.4.4', access_level, 'user')]
test_generic.get_fake_access_rule('4.4.4.4', access_level, 'user'),
test_generic.get_fake_access_rule('6.6.6.6/0', access_level)]
self._helper.update_access(self.server, self.share_name, access_rules,
add_rules=add_rules,
delete_rules=delete_rules)
@ -116,9 +118,16 @@ class NFSHelperTestCase(test.TestCase):
mock.call(self.server, ['sudo', 'exportfs']),
mock.call(self.server, ['sudo', 'exportfs', '-u',
':'.join(['3.3.3.3', local_path])]),
mock.call(self.server, ['sudo', 'exportfs', '-u',
':'.join(['6.6.6.6/0.0.0.0',
local_path])]),
mock.call(self.server, ['sudo', 'exportfs', '-o',
expected_mount_options % access_level,
':'.join(['2.2.2.2', local_path])]),
mock.call(self.server, ['sudo', 'exportfs', '-o',
expected_mount_options % access_level,
':'.join(['5.5.5.5/255.255.255.0',
local_path])]),
])
self._helper._sync_nfs_temp_and_perm_files.assert_has_calls([
mock.call(self.server), mock.call(self.server)])