driver.create/remove_export() require elevated context

The volume manager should call driver.create_export() and driver.remove_export() with an elevated context. This is already done for remove_export() in some cases but not in initialize_connection error paths, or for terminate_connection. This will at a minimum cause issues with the LVM LIO driver as its create/remove_export methods uses database queries requiring admin access (volume_get_iscsi_target_num, iscsi_target_count_by_host). Partial-Bug: #1300148 Closes-Bug: #1305197 Change-Id: I5c1091cf9720ebccefc328b64fbf2982b3aac397
2014-04-09 13:05:54 -04:00 · 2014-04-09 13:05:54 -04:00 · d09d12ab2b
parent d196d54e76
commit d09d12ab2b
2 changed files with 7 additions and 6 deletions
--- a/cinder/tests/zonemanager/test_volume_manager_fc.py
+++ b/cinder/tests/zonemanager/test_volume_manager_fc.py
@ -119,7 +119,7 @@ class TestVolumeManager(manager.VolumeManager, test.TestCase):
        with mock.patch.object(manager.VolumeManager,
                               '_add_or_delete_fc_connection')\
                as add_del_conn_mock:
-            self.terminate_connection(None, None, None, False)
+            self.terminate_connection(self.context_mock, None, None, False)
            add_del_conn_mock.assert_called_once_with(conn_info, 0)

    @mock.patch.object(utils, 'require_driver_initialized')
@ -131,7 +131,7 @@ class TestVolumeManager(manager.VolumeManager, test.TestCase):
                as add_del_conn_mock:
            self.configuration.zoning_mode = 'none'
            self.zonemanager = None
-            self.terminate_connection(None, None, None, False)
+            self.terminate_connection(self.context_mock, None, None, False)
            assert not add_del_conn_mock.called

    @mock.patch.object(utils, 'require_driver_initialized')
@ -142,7 +142,7 @@ class TestVolumeManager(manager.VolumeManager, test.TestCase):
        with mock.patch.object(manager.VolumeManager,
                               '_add_or_delete_fc_connection')\
                as add_del_conn_mock:
-            self.terminate_connection(None, None, None, False)
+            self.terminate_connection(self.context_mock, None, None, False)
            assert not add_del_conn_mock.called

    @mock.patch.object(fc_zone_manager.ZoneManager, 'add_connection')
--- a/cinder/volume/manager.py
+++ b/cinder/volume/manager.py
@ -779,7 +779,8 @@ class VolumeManager(manager.SchedulerDependentManager):
        model_update = None
        try:
            LOG.debug(_("Volume %s: creating export"), volume_id)
-            model_update = self.driver.create_export(context, volume)
+            model_update = self.driver.create_export(context.elevated(),
+                                                     volume)
            if model_update:
                volume = self.db.volume_update(context,
                                               volume_id,
@ -798,7 +799,7 @@ class VolumeManager(manager.SchedulerDependentManager):
                         'backend: %(err)s') % {'err': err})
            LOG.error(err_msg)

-            self.driver.remove_export(context, volume)
+            self.driver.remove_export(context.elevated(), volume)

            raise exception.VolumeBackendAPIException(data=err_msg)

@ -867,7 +868,7 @@ class VolumeManager(manager.SchedulerDependentManager):

        try:
            LOG.debug(_("volume %s: removing export"), volume_id)
-            self.driver.remove_export(context, volume_ref)
+            self.driver.remove_export(context.elevated(), volume_ref)
        except Exception as ex:
            LOG.exception(_("Error detaching volume %(volume)s, "
                            "due to remove export failure."),