Merge "Fix ganesha for 0.0.0.0/0 access"
This commit is contained in:
commit
61159cb80b
manila
releasenotes/notes
@ -129,6 +129,9 @@ class GaneshaNASHelper(NASHelperBase):
|
|||||||
"""Allow access to the share."""
|
"""Allow access to the share."""
|
||||||
if access['access_type'] != 'ip':
|
if access['access_type'] != 'ip':
|
||||||
raise exception.InvalidShareAccess('Only IP access type allowed')
|
raise exception.InvalidShareAccess('Only IP access type allowed')
|
||||||
|
|
||||||
|
access = ganesha_utils.fixup_access_rule(access)
|
||||||
|
|
||||||
cf = {}
|
cf = {}
|
||||||
accid = access['id']
|
accid = access['id']
|
||||||
name = share['name']
|
name = share['name']
|
||||||
@ -240,6 +243,7 @@ class GaneshaNASHelper2(GaneshaNASHelper):
|
|||||||
|
|
||||||
wanted_rw_clients, wanted_ro_clients = [], []
|
wanted_rw_clients, wanted_ro_clients = [], []
|
||||||
for rule in access_rules:
|
for rule in access_rules:
|
||||||
|
rule = ganesha_utils.fixup_access_rule(rule)
|
||||||
if rule['access_level'] == 'rw':
|
if rule['access_level'] == 'rw':
|
||||||
wanted_rw_clients.append(rule['access_to'])
|
wanted_rw_clients.append(rule['access_to'])
|
||||||
elif rule['access_level'] == 'ro':
|
elif rule['access_level'] == 'ro':
|
||||||
|
@ -134,3 +134,16 @@ def validate_access_rule(supported_access_types, supported_access_levels,
|
|||||||
'details': "%(access_level)s"})
|
'details': "%(access_level)s"})
|
||||||
|
|
||||||
return valid
|
return valid
|
||||||
|
|
||||||
|
|
||||||
|
def fixup_access_rule(access_rule):
|
||||||
|
"""Adjust access rule as required for ganesha to handle it properly.
|
||||||
|
|
||||||
|
:param access_rule: Access rules to be validated.
|
||||||
|
:return: access_rule
|
||||||
|
"""
|
||||||
|
if access_rule['access_to'] == '0.0.0.0/0':
|
||||||
|
access_rule['access_to'] = '0.0.0.0'
|
||||||
|
LOG.debug("Set access_to field to '0.0.0.0' in ganesha back end.")
|
||||||
|
|
||||||
|
return access_rule
|
||||||
|
@ -98,6 +98,26 @@ class GaneshaUtilsTests(test.TestCase):
|
|||||||
self.assertRaises(trouble, ganesha_utils.validate_access_rule,
|
self.assertRaises(trouble, ganesha_utils.validate_access_rule,
|
||||||
['ip'], ['ro'], fake_access(rule), abort=True)
|
['ip'], ['ro'], fake_access(rule), abort=True)
|
||||||
|
|
||||||
|
@ddt.data({'rule': {'access_type': 'ip',
|
||||||
|
'access_level': 'rw',
|
||||||
|
'access_to': '10.10.10.12'},
|
||||||
|
'result': {'access_type': 'ip',
|
||||||
|
'access_level': 'rw',
|
||||||
|
'access_to': '10.10.10.12'},
|
||||||
|
},
|
||||||
|
{'rule': {'access_type': 'ip',
|
||||||
|
'access_level': 'rw',
|
||||||
|
'access_to': '0.0.0.0/0'},
|
||||||
|
'result': {'access_type': 'ip',
|
||||||
|
'access_level': 'rw',
|
||||||
|
'access_to': '0.0.0.0'},
|
||||||
|
},
|
||||||
|
)
|
||||||
|
@ddt.unpack
|
||||||
|
def test_fixup_access_rules(self, rule, result):
|
||||||
|
|
||||||
|
self.assertEqual(result, ganesha_utils.fixup_access_rule(rule))
|
||||||
|
|
||||||
|
|
||||||
@ddt.ddt
|
@ddt.ddt
|
||||||
class SSHExecutorTestCase(test.TestCase):
|
class SSHExecutorTestCase(test.TestCase):
|
||||||
|
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
Drivers using ganesha can now handle 'manila access-allow
|
||||||
|
<share-id> ip 0.0.0.0/0' as a way to allow access to the share
|
||||||
|
from all IPs.
|
Loading…
x
Reference in New Issue
Block a user