Merge "Fix ganesha for 0.0.0.0/0 access"

2018-11-29 23:11:42 +00:00 · 2018-11-29 23:11:42 +00:00 · 61159cb80b
commit 61159cb80b
parent 0e82af6c51 a65c2b0974
4 changed files with 43 additions and 0 deletions
--- a/manila/share/drivers/ganesha/init.py
+++ b/manila/share/drivers/ganesha/init.py
@ -129,6 +129,9 @@ class GaneshaNASHelper(NASHelperBase):
        """Allow access to the share."""
        if access['access_type'] != 'ip':
            raise exception.InvalidShareAccess('Only IP access type allowed')
+
+        access = ganesha_utils.fixup_access_rule(access)
+
        cf = {}
        accid = access['id']
        name = share['name']
@ -240,6 +243,7 @@ class GaneshaNASHelper2(GaneshaNASHelper):

        wanted_rw_clients, wanted_ro_clients = [], []
        for rule in access_rules:
+            rule = ganesha_utils.fixup_access_rule(rule)
            if rule['access_level'] == 'rw':
                wanted_rw_clients.append(rule['access_to'])
            elif rule['access_level'] == 'ro':
--- a/manila/share/drivers/ganesha/utils.py
+++ b/manila/share/drivers/ganesha/utils.py
@ -134,3 +134,16 @@ def validate_access_rule(supported_access_types, supported_access_levels,
         'details': "%(access_level)s"})

    return valid
+
+
+def fixup_access_rule(access_rule):
+    """Adjust access rule as required for ganesha to handle it properly.
+
+    :param access_rule: Access rules to be validated.
+    :return: access_rule
+    """
+    if access_rule['access_to'] == '0.0.0.0/0':
+        access_rule['access_to'] = '0.0.0.0'
+        LOG.debug("Set access_to field to '0.0.0.0' in ganesha back end.")
+
+    return access_rule
--- a/manila/tests/share/drivers/ganesha/test_utils.py
+++ b/manila/tests/share/drivers/ganesha/test_utils.py
@ -98,6 +98,26 @@ class GaneshaUtilsTests(test.TestCase):
        self.assertRaises(trouble, ganesha_utils.validate_access_rule,
                          ['ip'], ['ro'], fake_access(rule), abort=True)

+    @ddt.data({'rule': {'access_type': 'ip',
+                        'access_level': 'rw',
+                        'access_to': '10.10.10.12'},
+               'result': {'access_type': 'ip',
+                          'access_level': 'rw',
+                          'access_to': '10.10.10.12'},
+               },
+              {'rule': {'access_type': 'ip',
+                        'access_level': 'rw',
+                        'access_to': '0.0.0.0/0'},
+               'result': {'access_type': 'ip',
+                          'access_level': 'rw',
+                          'access_to': '0.0.0.0'},
+               },
+              )
+    @ddt.unpack
+    def test_fixup_access_rules(self, rule, result):
+
+        self.assertEqual(result, ganesha_utils.fixup_access_rule(rule))
+

@ddt.ddt
 class SSHExecutorTestCase(test.TestCase):
--- a/releasenotes/notes/fix-ganesha-allow-access-for-all-ips-09773a79dc76ad44.yaml
+++ b/releasenotes/notes/fix-ganesha-allow-access-for-all-ips-09773a79dc76ad44.yaml
@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Drivers using ganesha can now handle 'manila access-allow
+    <share-id> ip 0.0.0.0/0' as a way to allow access to the share
+    from all IPs.