PowerMax and VNX Manila - Read only policy is not working correctly

Fix to ensure that hosts that are given access to a share i.e read only, will always precede '-0.0.0.0/0.0.0.0' in Access host. Any host after this string will be denied access. Change-Id: I813191abc592703d6aa7ea55c5be81d1a6089f39 Closes-Bug: #1845147
2019-10-29 14:59:35 +00:00 · 2019-10-29 14:59:35 +00:00 · 75127d82dc
parent de89e12489
commit 75127d82dc
7 changed files with 33 additions and 14 deletions
--- a/manila/share/drivers/dell_emc/plugins/powermax/connection.py
+++ b/manila/share/drivers/dell_emc/plugins/powermax/connection.py
@ -38,8 +38,10 @@ from manila import utils
    1.0.0 - Initial version
    2.0.0 - Implement IPv6 support
    3.0.0 - Rebranding to PowerMax
+    3.1.0 - Access Host details prevents a read-only share mounts
+            (bug #1845147)
 """
-VERSION = "3.0.0"
+VERSION = "3.1.0"

 LOG = log.getLogger(__name__)

--- a/manila/share/drivers/dell_emc/plugins/powermax/object_manager.py
+++ b/manila/share/drivers/dell_emc/plugins/powermax/object_manager.py
@ -2031,12 +2031,14 @@ class NFSShare(StorageObject):

        if access_hosts is None:
            access_hosts = set()
+        try:
+            access_hosts.remove('-0.0.0.0/0.0.0.0')
+        except(ValueError, KeyError):
+            pass

-        if '-0.0.0.0/0.0.0.0' not in access_hosts:
-            access_hosts.add('-0.0.0.0/0.0.0.0')
+        access_str = ('access=%(access)s' % {'access': ':'.join(
+            list(access_hosts) + ['-0.0.0.0/0.0.0.0'])})

-        access_str = ('access=%(access)s'
-                      % {'access': ':'.join(access_hosts)})
        if root_hosts:
            access_str += (',root=%(root)s' % {'root': ':'.join(root_hosts)})
        if rw_hosts:
--- a/manila/share/drivers/dell_emc/plugins/vnx/connection.py
+++ b/manila/share/drivers/dell_emc/plugins/vnx/connection.py
@ -39,8 +39,9 @@ from manila import utils
    3.0.0 - Bumped the version for Ocata
    4.0.0 - Bumped the version for Pike
    5.0.0 - Bumped the version for Queens
+    9.0.0 - Bumped the version for Ussuri
 """
-VERSION = "5.0.0"
+VERSION = "9.0.0"

 LOG = log.getLogger(__name__)

--- a/manila/share/drivers/dell_emc/plugins/vnx/object_manager.py
+++ b/manila/share/drivers/dell_emc/plugins/vnx/object_manager.py
@ -2029,12 +2029,14 @@ class NFSShare(StorageObject):

        if access_hosts is None:
            access_hosts = set()
+        try:
+            access_hosts.remove('-0.0.0.0/0.0.0.0')
+        except (ValueError, KeyError):
+            pass

-        if '-0.0.0.0/0.0.0.0' not in access_hosts:
-            access_hosts.add('-0.0.0.0/0.0.0.0')
+        access_str = ('access=%(access)s' % {'access': ':'.join(
+            list(access_hosts) + ['-0.0.0.0/0.0.0.0'])})

-        access_str = ('access=%(access)s'
-                      % {'access': ':'.join(access_hosts)})
        if root_hosts:
            access_str += (',root=%(root)s' % {'root': ':'.join(root_hosts)})
        if rw_hosts:
--- a/manila/tests/share/drivers/dell_emc/common/enas/fakes.py
+++ b/manila/tests/share/drivers/dell_emc/common/enas/fakes.py
@ -1477,7 +1477,7 @@ class NFSShareTestData(StorageObjectTestData):
        if rw_hosts and ro_hosts:
            return (
                '%(mover_name)s :\nexport "%(path)s" '
-                'access=-0.0.0.0/0.0.0.0:%(host)s root=%(host)s '
+                'access=%(host)s:-0.0.0.0/0.0.0.0 root=%(host)s '
                'rw=%(rw_host)s ro=%(ro_host)s\n'
                % {'mover_name': self.vdm_name,
                   'path': self.path,
@ -1488,7 +1488,7 @@ class NFSShareTestData(StorageObjectTestData):
        elif rw_hosts:
            return (
                '%(mover_name)s :\nexport "%(path)s" '
-                'access=-0.0.0.0/0.0.0.0:%(host)s root=%(host)s '
+                'access=%(host)s:-0.0.0.0/0.0.0.0 root=%(host)s '
                'rw=%(rw_host)s\n'
                % {'mover_name': self.vdm_name,
                   'host': ":".join(rw_hosts),
@ -1498,7 +1498,7 @@ class NFSShareTestData(StorageObjectTestData):
        elif ro_hosts:
            return (
                '%(mover_name)s :\nexport "%(path)s" '
-                'access=-0.0.0.0/0.0.0.0:%(host)s root=%(host)s '
+                'access=%(host)s:-0.0.0.0/0.0.0.0 root=%(host)s '
                'ro=%(ro_host)s\n'
                % {'mover_name': self.vdm_name,
                   'host': ":".join(ro_hosts),
@ -1540,7 +1540,7 @@ class NFSShareTestData(StorageObjectTestData):
        ro_hosts = [utils.convert_ipv6_format_if_needed(ip_addr) for ip_addr in
                    ro_hosts]

-        access_str = ("access=-0.0.0.0/0.0.0.0:%(access_hosts)s,"
+        access_str = ("access=%(access_hosts)s:-0.0.0.0/0.0.0.0,"
                      "root=%(root_hosts)s,rw=%(rw_hosts)s,ro=%(ro_hosts)s" %
                      {'rw_hosts': ":".join(rw_hosts),
                       'ro_hosts': ":".join(ro_hosts),
--- a/releasenotes/notes/bug-1845147-powermax-read-only-policy-585c29c5ff020007.yaml
+++ b/releasenotes/notes/bug-1845147-powermax-read-only-policy-585c29c5ff020007.yaml
@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Manila PowerMax fix ensuring that hosts that are given access to a share
+    i.e read only, will always precede '-0.0.0.0/0.0.0.0'.  Any host after
+    this string will be denied access.
--- a/releasenotes/notes/bug-1845147-vnx-read-only-policy-75b0f414ea5ef471.yaml
+++ b/releasenotes/notes/bug-1845147-vnx-read-only-policy-75b0f414ea5ef471.yaml
@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Manila VNX fix ensuring that hosts that are given access to a share
+    i.e read only, will always precede '-0.0.0.0/0.0.0.0'.  Any host after
+    this string will be denied access.