VMAX driver - Enable CHAP authentication for vmax backend

This integrates Initiator (one way) CHAP authentication functionality into the VMAX backend. Prior discovery should have been established. When an initiator tries to manually connect to the array that is CHAP enabled, use_chap_auth=True, chap_username and chap_password must be set in the backend configuration Change-Id: I037ae494eeb234fe2285b3635d24ee8c5226b9bc Implements: blueprint vmax-iscsi-chap-authentication
2017-10-09 16:17:22 +01:00 · 2017-10-09 16:17:22 +01:00 · 77055e7cc6
commit 77055e7cc6
parent 84e39916c7
3 changed files with 30 additions and 14 deletions
--- a/cinder/tests/unit/volume/drivers/dell_emc/vmax/test_vmax.py
+++ b/cinder/tests/unit/volume/drivers/dell_emc/vmax/test_vmax.py
@ -876,6 +876,12 @@ class FakeConfiguration(object):
                self.vmax_port_groups = value
            elif key == 'vmax_array':
                self.vmax_array = value
+            elif key == 'use_chap_auth':
+                self.use_chap_auth = value
+            elif key == 'chap_username':
+                self.chap_username = value
+            elif key == 'chap_password':
+                self.chap_password = value

    def safe_get(self, key):
        try:
@ -4978,7 +4984,14 @@ class VMAXISCSITest(test.TestCase):

    def test_vmax_get_iscsi_properties_auth(self):
        vol = deepcopy(self.data.test_volume)
-        vol.provider_auth = "auth_method auth_username auth_secret"
+        backup_conf = self.common.configuration
+        configuration = FakeConfiguration(
+            None, 'ISCSITests', 1, 1, san_ip='1.1.1.1', san_login='smc',
+            vmax_array=self.data.array, vmax_srp='SRP_1', san_password='smc',
+            san_rest_port=8443, use_chap_auth=True,
+            chap_username='auth_username', chap_password='auth_secret',
+            vmax_port_groups=[self.data.port_group_name_i])
+        self.driver.configuration = configuration
        ip_and_iqn = [{'ip': self.data.ip, 'iqn': self.data.initiator},
                      {'ip': self.data.ip, 'iqn': self.data.iqn}]
        host_lun_id = self.data.iscsi_device_info['hostlunid']
@ -4993,12 +5006,13 @@ class VMAXISCSITest(test.TestCase):
            'target_portal': ip_and_iqn[0]['ip'] + ":3260",
            'target_lun': host_lun_id,
            'volume_id': self.data.test_volume.id,
-            'auth_method': 'auth_method',
+            'auth_method': 'CHAP',
            'auth_username': 'auth_username',
            'auth_password': 'auth_secret'}
        iscsi_properties = self.driver.vmax_get_iscsi_properties(
            vol, ip_and_iqn, True, host_lun_id)
        self.assertEqual(ref_properties, iscsi_properties)
+        self.driver.configuration = backup_conf

    def test_terminate_connection(self):
        with mock.patch.object(self.common, 'terminate_connection'):
--- a/cinder/volume/drivers/dell_emc/vmax/iscsi.py
+++ b/cinder/volume/drivers/dell_emc/vmax/iscsi.py
@ -17,6 +17,7 @@ ISCSI Drivers for Dell EMC VMAX arrays based on REST.

 """
 from oslo_log import log as logging
+from oslo_utils import strutils
 import six

 from cinder import exception
@ -260,12 +261,11 @@ class VMAXISCSIDriver(san.SanISCSIDriver):
            volume, ip_and_iqn, is_multipath, host_lun_id)

        LOG.info("iSCSI properties are: %(props)s",
-                 {'props': iscsi_properties})
+                 {'props': strutils.mask_dict_password(iscsi_properties)})
        return {'driver_volume_type': 'iscsi',
                'data': iscsi_properties}

-    @staticmethod
-    def vmax_get_iscsi_properties(volume, ip_and_iqn,
+    def vmax_get_iscsi_properties(self, volume, ip_and_iqn,
                                  is_multipath, host_lun_id):
        """Gets iscsi configuration.

@ -305,15 +305,13 @@ class VMAXISCSIDriver(san.SanISCSIDriver):
                 {'properties': properties})
        LOG.info("ISCSI volume is: %(volume)s.", {'volume': volume})

-        if hasattr(volume, 'provider_auth'):
-            auth = volume.provider_auth
-
-            if auth is not None:
-                (auth_method, auth_username, auth_secret) = auth.split()
-
-                properties['auth_method'] = auth_method
-                properties['auth_username'] = auth_username
-                properties['auth_password'] = auth_secret
+        if self.configuration.safe_get('use_chap_auth'):
+            LOG.info("Chap authentication enabled.")
+            properties['auth_method'] = 'CHAP'
+            properties['auth_username'] = self.configuration.safe_get(
+                'chap_username')
+            properties['auth_password'] = self.configuration.safe_get(
+                'chap_password')

        return properties

--- a/releasenotes/notes/vmax-iscsi-chap-authentication-e47fcfe310b85f7b.yaml
+++ b/releasenotes/notes/vmax-iscsi-chap-authentication-e47fcfe310b85f7b.yaml
@ -0,0 +1,4 @@
+---
+features:
+  - |
+    Add chap authentication support for the vmax backend.