From a65c2b09746fe95d31c102d99c8e7674cddc82be Mon Sep 17 00:00:00 2001
From: Tom Barron <tpb@dyncloud.net>
Date: Tue, 30 Oct 2018 06:21:23 -0400
Subject: [PATCH] Fix ganesha for 0.0.0.0/0 access

Translate '0.0.0.0/0' to '0.0.0.0' when allowing IP
access with the ganesha driver since the ganesha back end
cannot handle the former expression and the latter has
the desired effect of allowing access to all IPs.

Closes-bug: #1800627

Change-Id: Ica698b6a70a128522c2c2de76a69e59207fd60ac
---
 manila/share/drivers/ganesha/__init__.py      |  4 ++++
 manila/share/drivers/ganesha/utils.py         | 13 ++++++++++++
 .../tests/share/drivers/ganesha/test_utils.py | 20 +++++++++++++++++++
 ...w-access-for-all-ips-09773a79dc76ad44.yaml |  6 ++++++
 4 files changed, 43 insertions(+)
 create mode 100644 releasenotes/notes/fix-ganesha-allow-access-for-all-ips-09773a79dc76ad44.yaml

diff --git a/manila/share/drivers/ganesha/__init__.py b/manila/share/drivers/ganesha/__init__.py
index 1b35db12c2..075d72adf2 100644
--- a/manila/share/drivers/ganesha/__init__.py
+++ b/manila/share/drivers/ganesha/__init__.py
@@ -129,6 +129,9 @@ class GaneshaNASHelper(NASHelperBase):
         """Allow access to the share."""
         if access['access_type'] != 'ip':
             raise exception.InvalidShareAccess('Only IP access type allowed')
+
+        access = ganesha_utils.fixup_access_rule(access)
+
         cf = {}
         accid = access['id']
         name = share['name']
@@ -240,6 +243,7 @@ class GaneshaNASHelper2(GaneshaNASHelper):
 
         wanted_rw_clients, wanted_ro_clients = [], []
         for rule in access_rules:
+            rule = ganesha_utils.fixup_access_rule(rule)
             if rule['access_level'] == 'rw':
                 wanted_rw_clients.append(rule['access_to'])
             elif rule['access_level'] == 'ro':
diff --git a/manila/share/drivers/ganesha/utils.py b/manila/share/drivers/ganesha/utils.py
index 9f26df82cf..6208a98aed 100644
--- a/manila/share/drivers/ganesha/utils.py
+++ b/manila/share/drivers/ganesha/utils.py
@@ -134,3 +134,16 @@ def validate_access_rule(supported_access_types, supported_access_levels,
          'details': "%(access_level)s"})
 
     return valid
+
+
+def fixup_access_rule(access_rule):
+    """Adjust access rule as required for ganesha to handle it properly.
+
+    :param access_rule: Access rules to be validated.
+    :return: access_rule
+    """
+    if access_rule['access_to'] == '0.0.0.0/0':
+        access_rule['access_to'] = '0.0.0.0'
+        LOG.debug("Set access_to field to '0.0.0.0' in ganesha back end.")
+
+    return access_rule
diff --git a/manila/tests/share/drivers/ganesha/test_utils.py b/manila/tests/share/drivers/ganesha/test_utils.py
index 2eacab2f94..2a28b13397 100644
--- a/manila/tests/share/drivers/ganesha/test_utils.py
+++ b/manila/tests/share/drivers/ganesha/test_utils.py
@@ -98,6 +98,26 @@ class GaneshaUtilsTests(test.TestCase):
         self.assertRaises(trouble, ganesha_utils.validate_access_rule,
                           ['ip'], ['ro'], fake_access(rule), abort=True)
 
+    @ddt.data({'rule': {'access_type': 'ip',
+                        'access_level': 'rw',
+                        'access_to': '10.10.10.12'},
+               'result': {'access_type': 'ip',
+                          'access_level': 'rw',
+                          'access_to': '10.10.10.12'},
+               },
+              {'rule': {'access_type': 'ip',
+                        'access_level': 'rw',
+                        'access_to': '0.0.0.0/0'},
+               'result': {'access_type': 'ip',
+                          'access_level': 'rw',
+                          'access_to': '0.0.0.0'},
+               },
+              )
+    @ddt.unpack
+    def test_fixup_access_rules(self, rule, result):
+
+        self.assertEqual(result, ganesha_utils.fixup_access_rule(rule))
+
 
 @ddt.ddt
 class SSHExecutorTestCase(test.TestCase):
diff --git a/releasenotes/notes/fix-ganesha-allow-access-for-all-ips-09773a79dc76ad44.yaml b/releasenotes/notes/fix-ganesha-allow-access-for-all-ips-09773a79dc76ad44.yaml
new file mode 100644
index 0000000000..def23f8ec0
--- /dev/null
+++ b/releasenotes/notes/fix-ganesha-allow-access-for-all-ips-09773a79dc76ad44.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Drivers using ganesha can now handle 'manila access-allow
+    <share-id> ip 0.0.0.0/0' as a way to allow access to the share
+    from all IPs.