Fix generic and LVM driver access rules for CIDRs
Linux 'exportfs' utility does not provide access when short forms of CIDRs are used, as following: 1.2.3.0/24 It provides access only using long forms as following: 1.2.3.0/255.255.255.0 So, parse short forms into long ones in NFSHelper to fix NFS exporting. Change-Id: Ib9432d8123c6be395d3c7bdda347ae676431802c Closes-Bug: #1552526
This commit is contained in:
parent
392680f122
commit
7bf936b901
|
@ -157,6 +157,12 @@ class NFSHelper(NASHelperBase):
|
|||
def remove_export(self, server, share_name):
|
||||
"""Remove export."""
|
||||
|
||||
def _get_parsed_access_to(self, access_to):
|
||||
netmask = utils.cidr_to_netmask(access_to)
|
||||
if netmask == '255.255.255.255':
|
||||
return access_to.split('/')[0]
|
||||
return access_to.split('/')[0] + '/' + netmask
|
||||
|
||||
@nfs_synchronized
|
||||
def update_access(self, server, share_name, access_rules, add_rules,
|
||||
delete_rules):
|
||||
|
@ -187,7 +193,8 @@ class NFSHelper(NASHelperBase):
|
|||
server,
|
||||
['sudo', 'exportfs', '-o',
|
||||
rules_options % access['access_level'],
|
||||
':'.join((access['access_to'], local_path))])
|
||||
':'.join((self._get_parsed_access_to(access['access_to']),
|
||||
local_path))])
|
||||
self._sync_nfs_temp_and_perm_files(server)
|
||||
# Adding/Deleting specific rules
|
||||
else:
|
||||
|
@ -197,6 +204,8 @@ class NFSHelper(NASHelperBase):
|
|||
(const.ACCESS_LEVEL_RO, const.ACCESS_LEVEL_RW))
|
||||
|
||||
for access in delete_rules:
|
||||
access['access_to'] = self._get_parsed_access_to(
|
||||
access['access_to'])
|
||||
try:
|
||||
self.validate_access_rules(
|
||||
[access], ('ip',),
|
||||
|
@ -215,16 +224,16 @@ class NFSHelper(NASHelperBase):
|
|||
if delete_rules:
|
||||
self._sync_nfs_temp_and_perm_files(server)
|
||||
for access in add_rules:
|
||||
access_to, access_type = (access['access_to'],
|
||||
access['access_type'])
|
||||
access['access_to'] = self._get_parsed_access_to(
|
||||
access['access_to'])
|
||||
found_item = re.search(
|
||||
re.escape(local_path) + '[\s\n]*' + re.escape(access_to),
|
||||
out)
|
||||
re.escape(local_path) + '[\s\n]*' + re.escape(
|
||||
access['access_to']), out)
|
||||
if found_item is not None:
|
||||
LOG.warning(_LW("Access rule %(type)s:%(to)s already "
|
||||
"exists for share %(name)s") % {
|
||||
'to': access_to,
|
||||
'type': access_type,
|
||||
'to': access['access_to'],
|
||||
'type': access['access_type'],
|
||||
'name': share_name
|
||||
})
|
||||
else:
|
||||
|
|
|
@ -104,10 +104,12 @@ class NFSHelperTestCase(test.TestCase):
|
|||
test_generic.get_fake_access_rule('2.2.2.3', access_level)]
|
||||
add_rules = [
|
||||
test_generic.get_fake_access_rule('2.2.2.2', access_level),
|
||||
test_generic.get_fake_access_rule('2.2.2.3', access_level)]
|
||||
test_generic.get_fake_access_rule('2.2.2.3', access_level),
|
||||
test_generic.get_fake_access_rule('5.5.5.5/24', access_level)]
|
||||
delete_rules = [
|
||||
test_generic.get_fake_access_rule('3.3.3.3', access_level),
|
||||
test_generic.get_fake_access_rule('4.4.4.4', access_level, 'user')]
|
||||
test_generic.get_fake_access_rule('4.4.4.4', access_level, 'user'),
|
||||
test_generic.get_fake_access_rule('6.6.6.6/0', access_level)]
|
||||
self._helper.update_access(self.server, self.share_name, access_rules,
|
||||
add_rules=add_rules,
|
||||
delete_rules=delete_rules)
|
||||
|
@ -116,9 +118,16 @@ class NFSHelperTestCase(test.TestCase):
|
|||
mock.call(self.server, ['sudo', 'exportfs']),
|
||||
mock.call(self.server, ['sudo', 'exportfs', '-u',
|
||||
':'.join(['3.3.3.3', local_path])]),
|
||||
mock.call(self.server, ['sudo', 'exportfs', '-u',
|
||||
':'.join(['6.6.6.6/0.0.0.0',
|
||||
local_path])]),
|
||||
mock.call(self.server, ['sudo', 'exportfs', '-o',
|
||||
expected_mount_options % access_level,
|
||||
':'.join(['2.2.2.2', local_path])]),
|
||||
mock.call(self.server, ['sudo', 'exportfs', '-o',
|
||||
expected_mount_options % access_level,
|
||||
':'.join(['5.5.5.5/255.255.255.0',
|
||||
local_path])]),
|
||||
])
|
||||
self._helper._sync_nfs_temp_and_perm_files.assert_has_calls([
|
||||
mock.call(self.server), mock.call(self.server)])
|
||||
|
|
Loading…
Reference in New Issue