From 5887f25883a17844c6ac3235c084678a1cafdbea Mon Sep 17 00:00:00 2001 From: zhongjun Date: Wed, 22 Mar 2017 16:42:06 +0800 Subject: [PATCH] change user access name limit from 32 to 255 characters Currently, The user access name is limited to 32 characters in manila API service, but actually the user access name is longer than 32 characters. so we need to change user access name limit from 32 to 255 characters APIImpact Closes-bug: 1674908 Change-Id: I68d8afabcd3fef57e472b4067ea8949e0aa8f53a --- manila/api/common.py | 4 ++-- manila/tests/api/v1/test_shares.py | 4 ++-- manila/tests/api/v2/test_shares.py | 4 ++-- manila_tempest_tests/tests/api/test_rules_negative.py | 2 +- .../bug-1674908-allow-user-access-fix-495b3e42bdc985ec.yaml | 5 +++++ 5 files changed, 12 insertions(+), 7 deletions(-) create mode 100644 releasenotes/notes/bug-1674908-allow-user-access-fix-495b3e42bdc985ec.yaml diff --git a/manila/api/common.py b/manila/api/common.py index 385c9214..cb2242d6 100644 --- a/manila/api/common.py +++ b/manila/api/common.py @@ -334,10 +334,10 @@ def validate_common_name(access): def validate_username(access): - valid_username_re = '[\w\.\-_\`;\'\{\}\[\]\\\\]{4,32}$' + valid_username_re = '[\w\.\-_\`;\'\{\}\[\]\\\\]{4,255}$' username = access if not re.match(valid_username_re, username): - exc_str = ('Invalid user or group name. Must be 4-32 characters ' + exc_str = ('Invalid user or group name. Must be 4-255 characters ' 'and consist of alphanumeric characters and ' 'special characters ]{.-_\'`;}[\\') raise webob.exc.HTTPBadRequest(explanation=exc_str) diff --git a/manila/tests/api/v1/test_shares.py b/manila/tests/api/v1/test_shares.py index 572baf2b..d5c63fc1 100644 --- a/manila/tests/api/v1/test_shares.py +++ b/manila/tests/api/v1/test_shares.py @@ -778,7 +778,7 @@ class ShareActionsTest(test.TestCase): @ddt.data( {'access_type': 'ip', 'access_to': '127.0.0.1'}, {'access_type': 'user', 'access_to': '1' * 4}, - {'access_type': 'user', 'access_to': '1' * 32}, + {'access_type': 'user', 'access_to': '1' * 255}, {'access_type': 'user', 'access_to': 'fake\\]{.-_\'`;}['}, {'access_type': 'user', 'access_to': 'MYDOMAIN\\Administrator'}, {'access_type': 'cert', 'access_to': 'x'}, @@ -812,7 +812,7 @@ class ShareActionsTest(test.TestCase): {'access_type': 'ip', 'access_to': '127.0.0.256'}, {'access_type': 'user', 'access_to': '1'}, {'access_type': 'user', 'access_to': '1' * 3}, - {'access_type': 'user', 'access_to': '1' * 33}, + {'access_type': 'user', 'access_to': '1' * 256}, {'access_type': 'user', 'access_to': 'root^'}, {'access_type': 'cert', 'access_to': ''}, {'access_type': 'cert', 'access_to': ' '}, diff --git a/manila/tests/api/v2/test_shares.py b/manila/tests/api/v2/test_shares.py index 72be15f4..fd3166a3 100644 --- a/manila/tests/api/v2/test_shares.py +++ b/manila/tests/api/v2/test_shares.py @@ -1771,7 +1771,7 @@ class ShareActionsTest(test.TestCase): @ddt.data( {'access_type': 'ip', 'access_to': '127.0.0.1'}, {'access_type': 'user', 'access_to': '1' * 4}, - {'access_type': 'user', 'access_to': '1' * 32}, + {'access_type': 'user', 'access_to': '1' * 255}, {'access_type': 'user', 'access_to': 'fake\\]{.-_\'`;}['}, {'access_type': 'user', 'access_to': 'MYDOMAIN\\Administrator'}, {'access_type': 'cert', 'access_to': 'x'}, @@ -1803,7 +1803,7 @@ class ShareActionsTest(test.TestCase): {'access_type': 'ip', 'access_to': '127.0.0.256'}, {'access_type': 'user', 'access_to': '1'}, {'access_type': 'user', 'access_to': '1' * 3}, - {'access_type': 'user', 'access_to': '1' * 33}, + {'access_type': 'user', 'access_to': '1' * 256}, {'access_type': 'user', 'access_to': 'root^'}, {'access_type': 'cert', 'access_to': ''}, {'access_type': 'cert', 'access_to': ' '}, diff --git a/manila_tempest_tests/tests/api/test_rules_negative.py b/manila_tempest_tests/tests/api/test_rules_negative.py index 8049f144..2bc09eea 100644 --- a/manila_tempest_tests/tests/api/test_rules_negative.py +++ b/manila_tempest_tests/tests/api/test_rules_negative.py @@ -229,7 +229,7 @@ class ShareUserRulesForNFSNegativeTest(base.BaseSharesTest): def test_create_access_rule_user_with_too_big_key(self, client_name): self.assertRaises(lib_exc.BadRequest, getattr(self, client_name).create_access_rule, - self.share["id"], "user", "a" * 33) + self.share["id"], "user", "a" * 256) @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND) @ddt.data('shares_client', 'shares_v2_client') diff --git a/releasenotes/notes/bug-1674908-allow-user-access-fix-495b3e42bdc985ec.yaml b/releasenotes/notes/bug-1674908-allow-user-access-fix-495b3e42bdc985ec.yaml new file mode 100644 index 00000000..3cf51efd --- /dev/null +++ b/releasenotes/notes/bug-1674908-allow-user-access-fix-495b3e42bdc985ec.yaml @@ -0,0 +1,5 @@ +--- +fixes: + - Changed user access name limit from 32 to 255 characters + since there are security services that allow user names + longer than 32 characters.