NetApp cDOT: Fix security style for CIFS shares
If the backing FlexVol security style is configured
incorrectly, end users cannot write to their manila
shares.
Change-Id: I12c85c54c7318592ac0b34efe3624d175d2e6976
Closes-Bug: #1696000
(cherry picked from commit 5e8df296ab
)
This commit is contained in:
parent
171636c778
commit
48b5c91ad7
|
@ -1563,6 +1563,36 @@ class NetAppCmodeClient(client_base.NetAppBaseClient):
|
||||||
errors[0].get_child_content('error-code'),
|
errors[0].get_child_content('error-code'),
|
||||||
errors[0].get_child_content('error-message'))
|
errors[0].get_child_content('error-message'))
|
||||||
|
|
||||||
|
@na_utils.trace
|
||||||
|
def set_volume_security_style(self, volume_name, security_style='unix'):
|
||||||
|
"""Set volume security style"""
|
||||||
|
api_args = {
|
||||||
|
'query': {
|
||||||
|
'volume-attributes': {
|
||||||
|
'volume-id-attributes': {
|
||||||
|
'name': volume_name,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
'attributes': {
|
||||||
|
'volume-attributes': {
|
||||||
|
'volume-security-attributes': {
|
||||||
|
'style': security_style,
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
result = self.send_request('volume-modify-iter', api_args)
|
||||||
|
failures = result.get_child_content('num-failed')
|
||||||
|
if failures and int(failures) > 0:
|
||||||
|
failure_list = result.get_child_by_name(
|
||||||
|
'failure-list') or netapp_api.NaElement('none')
|
||||||
|
errors = failure_list.get_children()
|
||||||
|
if errors:
|
||||||
|
raise netapp_api.NaApiError(
|
||||||
|
errors[0].get_child_content('error-code'),
|
||||||
|
errors[0].get_child_content('error-message'))
|
||||||
|
|
||||||
@na_utils.trace
|
@na_utils.trace
|
||||||
def set_volume_name(self, volume_name, new_volume_name):
|
def set_volume_name(self, volume_name, new_volume_name):
|
||||||
"""Set flexvol name."""
|
"""Set flexvol name."""
|
||||||
|
|
|
@ -35,6 +35,10 @@ class NetAppCmodeCIFSHelper(base.NetAppBaseHelper):
|
||||||
if clear_current_export_policy:
|
if clear_current_export_policy:
|
||||||
self._client.remove_cifs_share_access(share_name, 'Everyone')
|
self._client.remove_cifs_share_access(share_name, 'Everyone')
|
||||||
|
|
||||||
|
# Ensure 'ntfs' security style
|
||||||
|
self._client.set_volume_security_style(share_name,
|
||||||
|
security_style='ntfs')
|
||||||
|
|
||||||
# Return a callback that may be used for generating export paths
|
# Return a callback that may be used for generating export paths
|
||||||
# for this share.
|
# for this share.
|
||||||
return (lambda export_address, share_name=share_name:
|
return (lambda export_address, share_name=share_name:
|
||||||
|
|
|
@ -2821,6 +2821,49 @@ class NetAppClientCmodeTestCase(test.TestCase):
|
||||||
fake.SHARE_NAME,
|
fake.SHARE_NAME,
|
||||||
10)
|
10)
|
||||||
|
|
||||||
|
@ddt.data(None, 'ntfs')
|
||||||
|
def test_set_volume_security_style(self, security_style):
|
||||||
|
|
||||||
|
api_response = netapp_api.NaElement(fake.VOLUME_MODIFY_ITER_RESPONSE)
|
||||||
|
self.mock_object(self.client,
|
||||||
|
'send_request',
|
||||||
|
mock.Mock(return_value=api_response))
|
||||||
|
kwargs = {'security_style': security_style} if security_style else {}
|
||||||
|
|
||||||
|
self.client.set_volume_security_style(fake.SHARE_NAME, **kwargs)
|
||||||
|
|
||||||
|
volume_modify_iter_args = {
|
||||||
|
'query': {
|
||||||
|
'volume-attributes': {
|
||||||
|
'volume-id-attributes': {
|
||||||
|
'name': fake.SHARE_NAME
|
||||||
|
}
|
||||||
|
}
|
||||||
|
},
|
||||||
|
'attributes': {
|
||||||
|
'volume-attributes': {
|
||||||
|
'volume-security-attributes': {
|
||||||
|
'style': security_style or 'unix',
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
}
|
||||||
|
self.client.send_request.assert_called_once_with(
|
||||||
|
'volume-modify-iter', volume_modify_iter_args)
|
||||||
|
|
||||||
|
def test_set_volume_security_style_api_error(self):
|
||||||
|
|
||||||
|
api_response = netapp_api.NaElement(
|
||||||
|
fake.VOLUME_MODIFY_ITER_ERROR_RESPONSE)
|
||||||
|
self.mock_object(self.client,
|
||||||
|
'send_request',
|
||||||
|
mock.Mock(return_value=api_response))
|
||||||
|
|
||||||
|
self.assertRaises(netapp_api.NaApiError,
|
||||||
|
self.client.set_volume_security_style,
|
||||||
|
fake.SHARE_NAME,
|
||||||
|
'ntfs')
|
||||||
|
|
||||||
def test_volume_exists(self):
|
def test_volume_exists(self):
|
||||||
|
|
||||||
api_response = netapp_api.NaElement(fake.VOLUME_GET_NAME_RESPONSE)
|
api_response = netapp_api.NaElement(fake.VOLUME_GET_NAME_RESPONSE)
|
||||||
|
|
|
@ -55,6 +55,8 @@ class NetAppClusteredCIFSHelperTestCase(test.TestCase):
|
||||||
fake.SHARE_NAME)
|
fake.SHARE_NAME)
|
||||||
self.mock_client.remove_cifs_share_access.assert_called_once_with(
|
self.mock_client.remove_cifs_share_access.assert_called_once_with(
|
||||||
fake.SHARE_NAME, 'Everyone')
|
fake.SHARE_NAME, 'Everyone')
|
||||||
|
self.mock_client.set_volume_security_style.assert_called_once_with(
|
||||||
|
fake.SHARE_NAME, security_style='ntfs')
|
||||||
|
|
||||||
def test_delete_share(self):
|
def test_delete_share(self):
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,4 @@
|
||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- The NetApp ONTAP driver has been fixed to ensure the "security style" on
|
||||||
|
CIFS shares is always "ntfs".
|
Loading…
Reference in New Issue