openstack
/
manila
Code Issues Proposed changes

change user access name limit from 32 to 255 characters 

Currently, The user access name is limited to 32 characters in manila API service,
but actually the user access name is longer than 32 characters. so we need
to change user access name limit from 32 to 255 characters

APIImpact

Closes-bug: 1674908
Change-Id: I68d8afabcd3fef57e472b4067ea8949e0aa8f53a
This commit is contained in:
zhongjun 2017-03-22 16:42:06 +08:00
parent 3cc7fa6485
commit 5887f25883
5 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
manila/api/common.py
View File

@ -334,10 +334,10 @@ def validate_common_name(access):
def validate_username(access):
valid_username_re = '[\w\.\-_\`;\'\{\}\[\]\\\\]{4,32}$'
valid_username_re = '[\w\.\-_\`;\'\{\}\[\]\\\\]{4,255}$'
username = access
if not re.match(valid_username_re, username):
exc_str = ('Invalid user or group name. Must be 4-32 characters '
exc_str = ('Invalid user or group name. Must be 4-255 characters '
'and consist of alphanumeric characters and '
'special characters ]{.-_\'`;}[\\')
raise webob.exc.HTTPBadRequest(explanation=exc_str)

4
manila/tests/api/v1/test_shares.py
View File

@ -778,7 +778,7 @@ class ShareActionsTest(test.TestCase):
@ddt.data(
{'access_type': 'ip', 'access_to': '127.0.0.1'},
{'access_type': 'user', 'access_to': '1' * 4},
{'access_type': 'user', 'access_to': '1' * 32},
{'access_type': 'user', 'access_to': '1' * 255},
{'access_type': 'user', 'access_to': 'fake\\]{.-_\'`;}['},
{'access_type': 'user', 'access_to': 'MYDOMAIN\\Administrator'},
{'access_type': 'cert', 'access_to': 'x'},
@ -812,7 +812,7 @@ class ShareActionsTest(test.TestCase):
{'access_type': 'ip', 'access_to': '127.0.0.256'},
{'access_type': 'user', 'access_to': '1'},
{'access_type': 'user', 'access_to': '1' * 3},
{'access_type': 'user', 'access_to': '1' * 33},
{'access_type': 'user', 'access_to': '1' * 256},
{'access_type': 'user', 'access_to': 'root^'},
{'access_type': 'cert', 'access_to': ''},
{'access_type': 'cert', 'access_to': ' '},

4
manila/tests/api/v2/test_shares.py
View File

@ -1771,7 +1771,7 @@ class ShareActionsTest(test.TestCase):
@ddt.data(
{'access_type': 'ip', 'access_to': '127.0.0.1'},
{'access_type': 'user', 'access_to': '1' * 4},
{'access_type': 'user', 'access_to': '1' * 32},
{'access_type': 'user', 'access_to': '1' * 255},
{'access_type': 'user', 'access_to': 'fake\\]{.-_\'`;}['},
{'access_type': 'user', 'access_to': 'MYDOMAIN\\Administrator'},
{'access_type': 'cert', 'access_to': 'x'},
@ -1803,7 +1803,7 @@ class ShareActionsTest(test.TestCase):
{'access_type': 'ip', 'access_to': '127.0.0.256'},
{'access_type': 'user', 'access_to': '1'},
{'access_type': 'user', 'access_to': '1' * 3},
{'access_type': 'user', 'access_to': '1' * 33},
{'access_type': 'user', 'access_to': '1' * 256},
{'access_type': 'user', 'access_to': 'root^'},
{'access_type': 'cert', 'access_to': ''},
{'access_type': 'cert', 'access_to': ' '},

2
manila_tempest_tests/tests/api/test_rules_negative.py
View File

@ -229,7 +229,7 @@ class ShareUserRulesForNFSNegativeTest(base.BaseSharesTest):
def test_create_access_rule_user_with_too_big_key(self, client_name):
self.assertRaises(lib_exc.BadRequest,
getattr(self, client_name).create_access_rule,
self.share["id"], "user", "a" * 33)
self.share["id"], "user", "a" * 256)
@tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
@ddt.data('shares_client', 'shares_v2_client')

5
releasenotes/notes/bug-1674908-allow-user-access-fix-495b3e42bdc985ec.yaml Normal file
View File

@ -0,0 +1,5 @@
---
fixes:
- Changed user access name limit from 32 to 255 characters
since there are security services that allow user names
longer than 32 characters.