Fix ganesha for 0.0.0.0/0 access
Translate '0.0.0.0/0' to '0.0.0.0' when allowing IP access with the ganesha driver since the ganesha back end cannot handle the former expression and the latter has the desired effect of allowing access to all IPs. Depends-on: https://review.openstack.org/#/c/626879/ Closes-bug: #1800627 Change-Id: Ica698b6a70a128522c2c2de76a69e59207fd60ac (cherry picked from commit67f2f61395
) (cherry picked from commita65c2b0974
)
This commit is contained in:
parent
2049332391
commit
40792c69a7
|
@ -129,6 +129,9 @@ class GaneshaNASHelper(NASHelperBase):
|
|||
"""Allow access to the share."""
|
||||
if access['access_type'] != 'ip':
|
||||
raise exception.InvalidShareAccess('Only IP access type allowed')
|
||||
|
||||
access = ganesha_utils.fixup_access_rule(access)
|
||||
|
||||
cf = {}
|
||||
accid = access['id']
|
||||
name = share['name']
|
||||
|
@ -240,6 +243,7 @@ class GaneshaNASHelper2(GaneshaNASHelper):
|
|||
|
||||
wanted_rw_clients, wanted_ro_clients = [], []
|
||||
for rule in access_rules:
|
||||
rule = ganesha_utils.fixup_access_rule(rule)
|
||||
if rule['access_level'] == 'rw':
|
||||
wanted_rw_clients.append(rule['access_to'])
|
||||
elif rule['access_level'] == 'ro':
|
||||
|
|
|
@ -134,3 +134,16 @@ def validate_access_rule(supported_access_types, supported_access_levels,
|
|||
'details': "%(access_level)s"})
|
||||
|
||||
return valid
|
||||
|
||||
|
||||
def fixup_access_rule(access_rule):
|
||||
"""Adjust access rule as required for ganesha to handle it properly.
|
||||
|
||||
:param access_rule: Access rules to be validated.
|
||||
:return: access_rule
|
||||
"""
|
||||
if access_rule['access_to'] == '0.0.0.0/0':
|
||||
access_rule['access_to'] = '0.0.0.0'
|
||||
LOG.debug("Set access_to field to '0.0.0.0' in ganesha back end.")
|
||||
|
||||
return access_rule
|
||||
|
|
|
@ -98,6 +98,26 @@ class GaneshaUtilsTests(test.TestCase):
|
|||
self.assertRaises(trouble, ganesha_utils.validate_access_rule,
|
||||
['ip'], ['ro'], fake_access(rule), abort=True)
|
||||
|
||||
@ddt.data({'rule': {'access_type': 'ip',
|
||||
'access_level': 'rw',
|
||||
'access_to': '10.10.10.12'},
|
||||
'result': {'access_type': 'ip',
|
||||
'access_level': 'rw',
|
||||
'access_to': '10.10.10.12'},
|
||||
},
|
||||
{'rule': {'access_type': 'ip',
|
||||
'access_level': 'rw',
|
||||
'access_to': '0.0.0.0/0'},
|
||||
'result': {'access_type': 'ip',
|
||||
'access_level': 'rw',
|
||||
'access_to': '0.0.0.0'},
|
||||
},
|
||||
)
|
||||
@ddt.unpack
|
||||
def test_fixup_access_rules(self, rule, result):
|
||||
|
||||
self.assertEqual(result, ganesha_utils.fixup_access_rule(rule))
|
||||
|
||||
|
||||
@ddt.ddt
|
||||
class SSHExecutorTestCase(test.TestCase):
|
||||
|
|
|
@ -0,0 +1,6 @@
|
|||
---
|
||||
fixes:
|
||||
- |
|
||||
Drivers using ganesha can now handle 'manila access-allow
|
||||
<share-id> ip 0.0.0.0/0' as a way to allow access to the share
|
||||
from all IPs.
|
Loading…
Reference in New Issue