From 4ec3aceeddfe37b92be2a4de481f55ae24ef1cf6 Mon Sep 17 00:00:00 2001 From: haobing1 Date: Fri, 2 Mar 2018 10:49:28 +0800 Subject: [PATCH] Cannot remove user rule for NFS share Use generic driver create share, then add user type access failed. We can not use 'manila access-deny' to delete the user rule in a NFS share db. This path fix this issue. Change-Id: I9375c4be9361d593102a382eb9c14c2d776bb1aa Closes-Bug:#1591357 (cherry picked from commit 74989545065981ccf42152949f5f29566d68703c) --- manila/share/drivers/helpers.py | 4 ++-- manila/tests/share/drivers/test_helpers.py | 9 +++++++++ ...cannot-remove-user-rule-for-NFS-8e1130e2accabd56.yaml | 4 ++++ 3 files changed, 15 insertions(+), 2 deletions(-) create mode 100644 releasenotes/notes/bug-1591357-fix-cannot-remove-user-rule-for-NFS-8e1130e2accabd56.yaml diff --git a/manila/share/drivers/helpers.py b/manila/share/drivers/helpers.py index e302c5c6f7..c35772f6ee 100644 --- a/manila/share/drivers/helpers.py +++ b/manila/share/drivers/helpers.py @@ -263,8 +263,6 @@ class NFSHelper(NASHelperBase): (const.ACCESS_LEVEL_RO, const.ACCESS_LEVEL_RW)) for access in delete_rules: - access_to = self._get_parsed_address_or_cidr( - access['access_to']) try: self.validate_access_rules( [access], ('ip',), @@ -278,6 +276,8 @@ class NFSHelper(NASHelperBase): 'type': access['access_type'], 'to': access['access_to']}) continue + access_to = self._get_parsed_address_or_cidr( + access['access_to']) self._ssh_exec(server, ['sudo', 'exportfs', '-u', ':'.join((access_to, local_path))]) if delete_rules: diff --git a/manila/tests/share/drivers/test_helpers.py b/manila/tests/share/drivers/test_helpers.py index 6c5d9bf9a9..9894cf4834 100644 --- a/manila/tests/share/drivers/test_helpers.py +++ b/manila/tests/share/drivers/test_helpers.py @@ -215,6 +215,15 @@ class NFSHelperTestCase(test.TestCase): [], []) + def test_update_access_delete_invalid_rule(self): + delete_rules = [test_generic.get_fake_access_rule( + 'lala', 'fake_level', access_type='user'), ] + self.mock_object(self._helper, '_sync_nfs_temp_and_perm_files') + self._helper.update_access(self.server, self.share_name, [], + [], delete_rules) + self._helper._sync_nfs_temp_and_perm_files.assert_called_with( + self.server) + def test_get_host_list(self): fake_exportfs = ('/shares/share-1\n\t\t20.0.0.3\n' '/shares/share-1\n\t\t20.0.0.6\n' diff --git a/releasenotes/notes/bug-1591357-fix-cannot-remove-user-rule-for-NFS-8e1130e2accabd56.yaml b/releasenotes/notes/bug-1591357-fix-cannot-remove-user-rule-for-NFS-8e1130e2accabd56.yaml new file mode 100644 index 0000000000..a40b7cb291 --- /dev/null +++ b/releasenotes/notes/bug-1591357-fix-cannot-remove-user-rule-for-NFS-8e1130e2accabd56.yaml @@ -0,0 +1,4 @@ +--- +fixes: + - The generic driver has been fixed to allow removing + inappropriate CIFS rules on NFS shares.