diff --git a/manila/share/drivers/dell_emc/plugins/powermax/connection.py b/manila/share/drivers/dell_emc/plugins/powermax/connection.py index 6ee8caf520..45deca9577 100644 --- a/manila/share/drivers/dell_emc/plugins/powermax/connection.py +++ b/manila/share/drivers/dell_emc/plugins/powermax/connection.py @@ -38,8 +38,10 @@ from manila import utils 1.0.0 - Initial version 2.0.0 - Implement IPv6 support 3.0.0 - Rebranding to PowerMax + 3.1.0 - Access Host details prevents a read-only share mounts + (bug #1845147) """ -VERSION = "3.0.0" +VERSION = "3.1.0" LOG = log.getLogger(__name__) diff --git a/manila/share/drivers/dell_emc/plugins/powermax/object_manager.py b/manila/share/drivers/dell_emc/plugins/powermax/object_manager.py index 589358503f..527f5e8d53 100644 --- a/manila/share/drivers/dell_emc/plugins/powermax/object_manager.py +++ b/manila/share/drivers/dell_emc/plugins/powermax/object_manager.py @@ -2031,12 +2031,14 @@ class NFSShare(StorageObject): if access_hosts is None: access_hosts = set() + try: + access_hosts.remove('-0.0.0.0/0.0.0.0') + except(ValueError, KeyError): + pass - if '-0.0.0.0/0.0.0.0' not in access_hosts: - access_hosts.add('-0.0.0.0/0.0.0.0') + access_str = ('access=%(access)s' % {'access': ':'.join( + list(access_hosts) + ['-0.0.0.0/0.0.0.0'])}) - access_str = ('access=%(access)s' - % {'access': ':'.join(access_hosts)}) if root_hosts: access_str += (',root=%(root)s' % {'root': ':'.join(root_hosts)}) if rw_hosts: diff --git a/manila/share/drivers/dell_emc/plugins/vnx/connection.py b/manila/share/drivers/dell_emc/plugins/vnx/connection.py index 65b41ce2ae..949ee28734 100644 --- a/manila/share/drivers/dell_emc/plugins/vnx/connection.py +++ b/manila/share/drivers/dell_emc/plugins/vnx/connection.py @@ -39,8 +39,9 @@ from manila import utils 3.0.0 - Bumped the version for Ocata 4.0.0 - Bumped the version for Pike 5.0.0 - Bumped the version for Queens + 9.0.0 - Bumped the version for Ussuri """ -VERSION = "5.0.0" +VERSION = "9.0.0" LOG = log.getLogger(__name__) diff --git a/manila/share/drivers/dell_emc/plugins/vnx/object_manager.py b/manila/share/drivers/dell_emc/plugins/vnx/object_manager.py index 44111c8869..1411dd2d4c 100644 --- a/manila/share/drivers/dell_emc/plugins/vnx/object_manager.py +++ b/manila/share/drivers/dell_emc/plugins/vnx/object_manager.py @@ -2029,12 +2029,14 @@ class NFSShare(StorageObject): if access_hosts is None: access_hosts = set() + try: + access_hosts.remove('-0.0.0.0/0.0.0.0') + except (ValueError, KeyError): + pass - if '-0.0.0.0/0.0.0.0' not in access_hosts: - access_hosts.add('-0.0.0.0/0.0.0.0') + access_str = ('access=%(access)s' % {'access': ':'.join( + list(access_hosts) + ['-0.0.0.0/0.0.0.0'])}) - access_str = ('access=%(access)s' - % {'access': ':'.join(access_hosts)}) if root_hosts: access_str += (',root=%(root)s' % {'root': ':'.join(root_hosts)}) if rw_hosts: diff --git a/manila/tests/share/drivers/dell_emc/common/enas/fakes.py b/manila/tests/share/drivers/dell_emc/common/enas/fakes.py index 0e7ca4619a..88e3b7b9b7 100644 --- a/manila/tests/share/drivers/dell_emc/common/enas/fakes.py +++ b/manila/tests/share/drivers/dell_emc/common/enas/fakes.py @@ -1477,7 +1477,7 @@ class NFSShareTestData(StorageObjectTestData): if rw_hosts and ro_hosts: return ( '%(mover_name)s :\nexport "%(path)s" ' - 'access=-0.0.0.0/0.0.0.0:%(host)s root=%(host)s ' + 'access=%(host)s:-0.0.0.0/0.0.0.0 root=%(host)s ' 'rw=%(rw_host)s ro=%(ro_host)s\n' % {'mover_name': self.vdm_name, 'path': self.path, @@ -1488,7 +1488,7 @@ class NFSShareTestData(StorageObjectTestData): elif rw_hosts: return ( '%(mover_name)s :\nexport "%(path)s" ' - 'access=-0.0.0.0/0.0.0.0:%(host)s root=%(host)s ' + 'access=%(host)s:-0.0.0.0/0.0.0.0 root=%(host)s ' 'rw=%(rw_host)s\n' % {'mover_name': self.vdm_name, 'host': ":".join(rw_hosts), @@ -1498,7 +1498,7 @@ class NFSShareTestData(StorageObjectTestData): elif ro_hosts: return ( '%(mover_name)s :\nexport "%(path)s" ' - 'access=-0.0.0.0/0.0.0.0:%(host)s root=%(host)s ' + 'access=%(host)s:-0.0.0.0/0.0.0.0 root=%(host)s ' 'ro=%(ro_host)s\n' % {'mover_name': self.vdm_name, 'host': ":".join(ro_hosts), @@ -1540,7 +1540,7 @@ class NFSShareTestData(StorageObjectTestData): ro_hosts = [utils.convert_ipv6_format_if_needed(ip_addr) for ip_addr in ro_hosts] - access_str = ("access=-0.0.0.0/0.0.0.0:%(access_hosts)s," + access_str = ("access=%(access_hosts)s:-0.0.0.0/0.0.0.0," "root=%(root_hosts)s,rw=%(rw_hosts)s,ro=%(ro_hosts)s" % {'rw_hosts': ":".join(rw_hosts), 'ro_hosts': ":".join(ro_hosts), diff --git a/releasenotes/notes/bug-1845147-powermax-read-only-policy-585c29c5ff020007.yaml b/releasenotes/notes/bug-1845147-powermax-read-only-policy-585c29c5ff020007.yaml new file mode 100644 index 0000000000..0c49a68152 --- /dev/null +++ b/releasenotes/notes/bug-1845147-powermax-read-only-policy-585c29c5ff020007.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Manila PowerMax fix ensuring that hosts that are given access to a share + i.e read only, will always precede '-0.0.0.0/0.0.0.0'. Any host after + this string will be denied access. diff --git a/releasenotes/notes/bug-1845147-vnx-read-only-policy-75b0f414ea5ef471.yaml b/releasenotes/notes/bug-1845147-vnx-read-only-policy-75b0f414ea5ef471.yaml new file mode 100644 index 0000000000..44738a236d --- /dev/null +++ b/releasenotes/notes/bug-1845147-vnx-read-only-policy-75b0f414ea5ef471.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Manila VNX fix ensuring that hosts that are given access to a share + i.e read only, will always precede '-0.0.0.0/0.0.0.0'. Any host after + this string will be denied access.