openstack/manila
Code Issues Proposed changes

PowerMax and VNX Manila - Read only policy is not working correctly

Browse Source 
Fix to ensure that hosts that are given access to a share i.e read only,
will always precede '-0.0.0.0/0.0.0.0' in Access host.  Any host after
this string will be denied access.

Change-Id: I813191abc592703d6aa7ea55c5be81d1a6089f39
Closes-Bug: #1845147
This commit is contained in:
Helen Walsh 2019-10-29 14:59:35 +00:00
parent de89e12489
commit 75127d82dc
7 changed files with 33 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
manila/share/drivers/dell_emc/plugins/powermax/connection.py
View File

@ -38,8 +38,10 @@ from manila import utils
1.0.0 - Initial version 1.0.0 - Initial version
2.0.0 - Implement IPv6 support 2.0.0 - Implement IPv6 support
3.0.0 - Rebranding to PowerMax 3.0.0 - Rebranding to PowerMax
3.1.0 - Access Host details prevents a read-only share mounts
(bug #1845147)
""" """
VERSION = "3.0.0" VERSION = "3.1.0"
LOG = log.getLogger(__name__) LOG = log.getLogger(__name__)

10
manila/share/drivers/dell_emc/plugins/powermax/object_manager.py
View File

@ -2031,12 +2031,14 @@ class NFSShare(StorageObject):
if access_hosts is None: if access_hosts is None:
access_hosts = set() access_hosts = set()
try:
access_hosts.remove('-0.0.0.0/0.0.0.0')
except(ValueError, KeyError):
pass
if '-0.0.0.0/0.0.0.0' not in access_hosts: access_str = ('access=%(access)s' % {'access': ':'.join(
access_hosts.add('-0.0.0.0/0.0.0.0') list(access_hosts) + ['-0.0.0.0/0.0.0.0'])})
access_str = ('access=%(access)s'
% {'access': ':'.join(access_hosts)})
if root_hosts: if root_hosts:
access_str += (',root=%(root)s' % {'root': ':'.join(root_hosts)}) access_str += (',root=%(root)s' % {'root': ':'.join(root_hosts)})
if rw_hosts: if rw_hosts:

3
manila/share/drivers/dell_emc/plugins/vnx/connection.py
View File

@ -39,8 +39,9 @@ from manila import utils
3.0.0 - Bumped the version for Ocata 3.0.0 - Bumped the version for Ocata
4.0.0 - Bumped the version for Pike 4.0.0 - Bumped the version for Pike
5.0.0 - Bumped the version for Queens 5.0.0 - Bumped the version for Queens
9.0.0 - Bumped the version for Ussuri
""" """
VERSION = "5.0.0" VERSION = "9.0.0"
LOG = log.getLogger(__name__) LOG = log.getLogger(__name__)

10
manila/share/drivers/dell_emc/plugins/vnx/object_manager.py
View File

@ -2029,12 +2029,14 @@ class NFSShare(StorageObject):
if access_hosts is None: if access_hosts is None:
access_hosts = set() access_hosts = set()
try:
access_hosts.remove('-0.0.0.0/0.0.0.0')
except (ValueError, KeyError):
pass
if '-0.0.0.0/0.0.0.0' not in access_hosts: access_str = ('access=%(access)s' % {'access': ':'.join(
access_hosts.add('-0.0.0.0/0.0.0.0') list(access_hosts) + ['-0.0.0.0/0.0.0.0'])})
access_str = ('access=%(access)s'
% {'access': ':'.join(access_hosts)})
if root_hosts: if root_hosts:
access_str += (',root=%(root)s' % {'root': ':'.join(root_hosts)}) access_str += (',root=%(root)s' % {'root': ':'.join(root_hosts)})
if rw_hosts: if rw_hosts:

8
manila/tests/share/drivers/dell_emc/common/enas/fakes.py
View File

@ -1477,7 +1477,7 @@ class NFSShareTestData(StorageObjectTestData):
if rw_hosts and ro_hosts: if rw_hosts and ro_hosts:
return ( return (
'%(mover_name)s :\nexport "%(path)s" ' '%(mover_name)s :\nexport "%(path)s" '
'access=-0.0.0.0/0.0.0.0:%(host)s root=%(host)s ' 'access=%(host)s:-0.0.0.0/0.0.0.0 root=%(host)s '
'rw=%(rw_host)s ro=%(ro_host)s\n' 'rw=%(rw_host)s ro=%(ro_host)s\n'
% {'mover_name': self.vdm_name, % {'mover_name': self.vdm_name,
'path': self.path, 'path': self.path,
@ -1488,7 +1488,7 @@ class NFSShareTestData(StorageObjectTestData):
elif rw_hosts: elif rw_hosts:
return ( return (
'%(mover_name)s :\nexport "%(path)s" ' '%(mover_name)s :\nexport "%(path)s" '
'access=-0.0.0.0/0.0.0.0:%(host)s root=%(host)s ' 'access=%(host)s:-0.0.0.0/0.0.0.0 root=%(host)s '
'rw=%(rw_host)s\n' 'rw=%(rw_host)s\n'
% {'mover_name': self.vdm_name, % {'mover_name': self.vdm_name,
'host': ":".join(rw_hosts), 'host': ":".join(rw_hosts),
@ -1498,7 +1498,7 @@ class NFSShareTestData(StorageObjectTestData):
elif ro_hosts: elif ro_hosts:
return ( return (
'%(mover_name)s :\nexport "%(path)s" ' '%(mover_name)s :\nexport "%(path)s" '
'access=-0.0.0.0/0.0.0.0:%(host)s root=%(host)s ' 'access=%(host)s:-0.0.0.0/0.0.0.0 root=%(host)s '
'ro=%(ro_host)s\n' 'ro=%(ro_host)s\n'
% {'mover_name': self.vdm_name, % {'mover_name': self.vdm_name,
'host': ":".join(ro_hosts), 'host': ":".join(ro_hosts),
@ -1540,7 +1540,7 @@ class NFSShareTestData(StorageObjectTestData):
ro_hosts = [utils.convert_ipv6_format_if_needed(ip_addr) for ip_addr in ro_hosts = [utils.convert_ipv6_format_if_needed(ip_addr) for ip_addr in
ro_hosts] ro_hosts]
access_str = ("access=-0.0.0.0/0.0.0.0:%(access_hosts)s," access_str = ("access=%(access_hosts)s:-0.0.0.0/0.0.0.0,"
"root=%(root_hosts)s,rw=%(rw_hosts)s,ro=%(ro_hosts)s" % "root=%(root_hosts)s,rw=%(rw_hosts)s,ro=%(ro_hosts)s" %
{'rw_hosts': ":".join(rw_hosts), {'rw_hosts': ":".join(rw_hosts),
'ro_hosts': ":".join(ro_hosts), 'ro_hosts': ":".join(ro_hosts),

6
releasenotes/notes/bug-1845147-powermax-read-only-policy-585c29c5ff020007.yaml Normal file
View File

@ -0,0 +1,6 @@
---
fixes:
- |
Manila PowerMax fix ensuring that hosts that are given access to a share
i.e read only, will always precede '-0.0.0.0/0.0.0.0'. Any host after
this string will be denied access.

6
releasenotes/notes/bug-1845147-vnx-read-only-policy-75b0f414ea5ef471.yaml Normal file
View File

@ -0,0 +1,6 @@
---
fixes:
- |
Manila VNX fix ensuring that hosts that are given access to a share
i.e read only, will always precede '-0.0.0.0/0.0.0.0'. Any host after
this string will be denied access.