From 4b874c5ddc154629a82814d26b64b7eb0c0fb5d6 Mon Sep 17 00:00:00 2001
From: "Erlon R. Cruz" <erlon@netapp.com>
Date: Fri, 20 Oct 2017 10:39:59 -0200
Subject: [PATCH] NetApp cDot: Fix manage volumes

When running NetApp cDot driver using nas_secure_files_operation=false,
managing a volume will always fail if the files permissions are not set
to 0777.

This patch changes the python call from shutil.move to _execute() which
is run using elevated permissions.

Change-Id: I41484ced6269d0d4b7553e84c734ef22ab46fcd9
Closes-bug: #1691771
---
 .../volume/drivers/netapp/dataontap/test_nfs_base.py   | 10 +++-------
 cinder/volume/drivers/netapp/dataontap/nfs_base.py     |  7 ++++---
 etc/cinder/rootwrap.d/volume.filters                   |  1 +
 ...771-fix-netapp-manage-volumes-62bec192a08b3ceb.yaml |  5 +++++
 4 files changed, 13 insertions(+), 10 deletions(-)
 create mode 100644 releasenotes/notes/bug-1691771-fix-netapp-manage-volumes-62bec192a08b3ceb.yaml

diff --git a/cinder/tests/unit/volume/drivers/netapp/dataontap/test_nfs_base.py b/cinder/tests/unit/volume/drivers/netapp/dataontap/test_nfs_base.py
index c31d8112ca0..d85058621de 100644
--- a/cinder/tests/unit/volume/drivers/netapp/dataontap/test_nfs_base.py
+++ b/cinder/tests/unit/volume/drivers/netapp/dataontap/test_nfs_base.py
@@ -26,7 +26,6 @@ import mock
 from os_brick.remotefs import remotefs as remotefs_brick
 from oslo_concurrency import processutils
 from oslo_utils import units
-import shutil
 
 from cinder import context
 from cinder import exception
@@ -802,7 +801,6 @@ class NetAppNfsDriverTestCase(test.TestCase):
         vol_path = "%s/%s" % (self.fake_nfs_export_1, test_file)
         vol_ref = {'source-name': vol_path}
         self.driver._check_volume_type = mock.Mock()
-        shutil.move = mock.Mock()
         self.mock_object(self.driver, '_execute')
         self.driver._ensure_shares_mounted = mock.Mock()
         self.driver._get_mount_point_for_share = mock.Mock(
@@ -835,14 +833,15 @@ class NetAppNfsDriverTestCase(test.TestCase):
         volume = fake.FAKE_MANAGE_VOLUME
         vol_path = "%s/%s" % (self.fake_nfs_export_1, test_file)
         vol_ref = {'source-name': vol_path}
-        mock_check_volume_type = self.driver._check_volume_type = mock.Mock()
+        self.driver._check_volume_type = mock.Mock()
         self.driver._ensure_shares_mounted = mock.Mock()
         self.driver._get_mount_point_for_share = mock.Mock(
             return_value=self.fake_mount_point)
         self.driver._get_share_mount_and_vol_from_vol_ref = mock.Mock(
             return_value=(self.fake_nfs_export_1, self.fake_mount_point,
                           test_file))
-        self.driver._execute = mock.Mock(side_effect=OSError)
+        self.driver._execute = mock.Mock(
+            side_effect=processutils.ProcessExecutionError)
         mock_get_specs = self.mock_object(na_utils, 'get_volume_extra_specs')
         mock_get_specs.return_value = {}
         self.mock_object(self.driver, '_do_qos_for_volume')
@@ -850,9 +849,6 @@ class NetAppNfsDriverTestCase(test.TestCase):
         self.assertRaises(exception.VolumeBackendAPIException,
                           self.driver.manage_existing, volume, vol_ref)
 
-        mock_check_volume_type.assert_called_once_with(
-            volume, self.fake_nfs_export_1, test_file, {})
-
     def test_unmanage(self):
         mock_log = self.mock_object(nfs_base, 'LOG')
         volume = {'id': '123', 'provider_location': '/share'}
diff --git a/cinder/volume/drivers/netapp/dataontap/nfs_base.py b/cinder/volume/drivers/netapp/dataontap/nfs_base.py
index a014e20c007..151aa5e71b4 100644
--- a/cinder/volume/drivers/netapp/dataontap/nfs_base.py
+++ b/cinder/volume/drivers/netapp/dataontap/nfs_base.py
@@ -25,7 +25,6 @@ import copy
 import math
 import os
 import re
-import shutil
 import threading
 import time
 
@@ -1001,11 +1000,13 @@ class NetAppNfsDriver(driver.ManageableVD,
             src_vol = os.path.join(nfs_mount, vol_path)
             dst_vol = os.path.join(nfs_mount, volume['name'])
             try:
-                shutil.move(src_vol, dst_vol)
+                self._execute("mv", src_vol, dst_vol,
+                              run_as_root=self._execute_as_root,
+                              check_exit_code=True)
                 LOG.debug("Setting newly managed Cinder volume name to %s",
                           volume['name'])
                 self._set_rw_permissions_for_all(dst_vol)
-            except (OSError, IOError) as err:
+            except processutils.ProcessExecutionError as err:
                 exception_msg = (_("Failed to manage existing volume %(name)s,"
                                    " because rename operation failed:"
                                    " Error msg: %(msg)s."),
diff --git a/etc/cinder/rootwrap.d/volume.filters b/etc/cinder/rootwrap.d/volume.filters
index 2bb364a8700..733bc9b8273 100644
--- a/etc/cinder/rootwrap.d/volume.filters
+++ b/etc/cinder/rootwrap.d/volume.filters
@@ -149,6 +149,7 @@ blockdev: CommandFilter, blockdev, root
 
 # cinder/volume/drivers/ibm/gpfs.py
 # cinder/volume/drivers/tintri.py
+# cinder/volume/drivers/netapp/dataontap/nfs_base.py
 mv: CommandFilter, mv, root
 
 # cinder/volume/drivers/ibm/gpfs.py
diff --git a/releasenotes/notes/bug-1691771-fix-netapp-manage-volumes-62bec192a08b3ceb.yaml b/releasenotes/notes/bug-1691771-fix-netapp-manage-volumes-62bec192a08b3ceb.yaml
new file mode 100644
index 00000000000..f1b3c3324b0
--- /dev/null
+++ b/releasenotes/notes/bug-1691771-fix-netapp-manage-volumes-62bec192a08b3ceb.yaml
@@ -0,0 +1,5 @@
+---
+fixes:
+  - The NetApp cDOT driver operating with NFS protocol has been fixed to
+    manage volumes correctly when ``nas_secure_file_operations`` option has
+    been set to False.
\ No newline at end of file