Fix NFS helper root squashing in RW access level
Root squashing should be disabled in NFS helper when adding RW access rules to fix permission denied issues while different users are creating files and folders in the same share. Change-Id: I36d1cab62fcc1a2279454096f9d0ad65c96e7b9b Closes-bug: #1551422
This commit is contained in:
Rodrigo Barbieri
parent
83d7bc60f4
commit
93ddac3dea
@ -177,10 +177,13 @@ class NFSHelper(NASHelperBase):
|
||||
':'.join((host, local_path))])
|
||||
self._sync_nfs_temp_and_perm_files(server)
|
||||
for access in access_rules:
|
||||
rules_options = '%s,no_subtree_check'
|
||||
if access['access_level'] == const.ACCESS_LEVEL_RW:
|
||||
rules_options = ','.join((rules_options, 'no_root_squash'))
|
||||
self._ssh_exec(
|
||||
server,
|
||||
['sudo', 'exportfs', '-o',
|
||||
'%s,no_subtree_check' % access['access_level'],
|
||||
rules_options % access['access_level'],
|
||||
':'.join((access['access_to'], local_path))])
|
||||
self._sync_nfs_temp_and_perm_files(server)
|
||||
# Adding/Deleting specific rules
|
||||
@ -222,10 +225,14 @@ class NFSHelper(NASHelperBase):
|
||||
'name': share_name
|
||||
})
|
||||
else:
|
||||
rules_options = '%s,no_subtree_check'
|
||||
if access['access_level'] == const.ACCESS_LEVEL_RW:
|
||||
rules_options = ','.join((rules_options,
|
||||
'no_root_squash'))
|
||||
self._ssh_exec(
|
||||
server,
|
||||
['sudo', 'exportfs', '-o',
|
||||
'%s,no_subtree_check' % access['access_level'],
|
||||
rules_options % access['access_level'],
|
||||
':'.join((access['access_to'], local_path))])
|
||||
if add_rules:
|
||||
self._sync_nfs_temp_and_perm_files(server)
|
||||
|
||||
@ -89,6 +89,10 @@ class NFSHelperTestCase(test.TestCase):
|
||||
|
||||
@ddt.data(const.ACCESS_LEVEL_RW, const.ACCESS_LEVEL_RO)
|
||||
def test_update_access(self, access_level):
|
||||
expected_mount_options = '%s,no_subtree_check'
|
||||
if access_level == const.ACCESS_LEVEL_RW:
|
||||
expected_mount_options = ','.join((expected_mount_options,
|
||||
'no_root_squash'))
|
||||
self.mock_object(self._helper, '_sync_nfs_temp_and_perm_files')
|
||||
local_path = os.path.join(CONF.share_mount_path, self.share_name)
|
||||
exec_result = ' '.join([local_path, '2.2.2.3'])
|
||||
@ -113,7 +117,7 @@ class NFSHelperTestCase(test.TestCase):
|
||||
mock.call(self.server, ['sudo', 'exportfs', '-u',
|
||||
':'.join(['3.3.3.3', local_path])]),
|
||||
mock.call(self.server, ['sudo', 'exportfs', '-o',
|
||||
'%s,no_subtree_check' % access_level,
|
||||
expected_mount_options % access_level,
|
||||
':'.join(['2.2.2.2', local_path])]),
|
||||
])
|
||||
self._helper._sync_nfs_temp_and_perm_files.assert_has_calls([
|
||||
@ -152,6 +156,10 @@ class NFSHelperTestCase(test.TestCase):
|
||||
|
||||
@ddt.data(const.ACCESS_LEVEL_RW, const.ACCESS_LEVEL_RO)
|
||||
def test_update_access_recovery_mode(self, access_level):
|
||||
expected_mount_options = '%s,no_subtree_check'
|
||||
if access_level == const.ACCESS_LEVEL_RW:
|
||||
expected_mount_options = ','.join((expected_mount_options,
|
||||
'no_root_squash'))
|
||||
access_rules = [test_generic.get_fake_access_rule(
|
||||
'1.1.1.1', access_level), ]
|
||||
self.mock_object(self._helper, '_sync_nfs_temp_and_perm_files')
|
||||
@ -166,7 +174,7 @@ class NFSHelperTestCase(test.TestCase):
|
||||
':'.join([access_rules[0]['access_to'],
|
||||
local_path])]),
|
||||
mock.call(self.server, ['sudo', 'exportfs', '-o',
|
||||
'%s,no_subtree_check' % access_level,
|
||||
expected_mount_options % access_level,
|
||||
':'.join(['1.1.1.1', local_path])]),
|
||||
])
|
||||
self._helper._sync_nfs_temp_and_perm_files.assert_called_with(
|
||||
|
||||
Loading…
Reference in New Issue
Block a user