Browse Source

Merge "NetApp cDOT: Fix security style for CIFS shares" into driverfixes/newton

Zuul 9 months ago
parent
commit
cc54b3f1e4

+ 30
- 0
manila/share/drivers/netapp/dataontap/client/client_cmode.py View File

@@ -1408,6 +1408,36 @@ class NetAppCmodeClient(client_base.NetAppBaseClient):
1408 1408
                     errors[0].get_child_content('error-code'),
1409 1409
                     errors[0].get_child_content('error-message'))
1410 1410
 
1411
+    @na_utils.trace
1412
+    def set_volume_security_style(self, volume_name, security_style='unix'):
1413
+        """Set volume security style"""
1414
+        api_args = {
1415
+            'query': {
1416
+                'volume-attributes': {
1417
+                    'volume-id-attributes': {
1418
+                        'name': volume_name,
1419
+                    },
1420
+                },
1421
+            },
1422
+            'attributes': {
1423
+                'volume-attributes': {
1424
+                    'volume-security-attributes': {
1425
+                        'style': security_style,
1426
+                    },
1427
+                },
1428
+            },
1429
+        }
1430
+        result = self.send_request('volume-modify-iter', api_args)
1431
+        failures = result.get_child_content('num-failed')
1432
+        if failures and int(failures) > 0:
1433
+            failure_list = result.get_child_by_name(
1434
+                'failure-list') or netapp_api.NaElement('none')
1435
+            errors = failure_list.get_children()
1436
+            if errors:
1437
+                raise netapp_api.NaApiError(
1438
+                    errors[0].get_child_content('error-code'),
1439
+                    errors[0].get_child_content('error-message'))
1440
+
1411 1441
     @na_utils.trace
1412 1442
     def set_volume_name(self, volume_name, new_volume_name):
1413 1443
         """Set flexvol name."""

+ 4
- 0
manila/share/drivers/netapp/dataontap/protocols/cifs_cmode.py View File

@@ -33,6 +33,10 @@ class NetAppCmodeCIFSHelper(base.NetAppBaseHelper):
33 33
         self._client.create_cifs_share(share_name)
34 34
         self._client.remove_cifs_share_access(share_name, 'Everyone')
35 35
 
36
+        # Ensure 'ntfs' security style
37
+        self._client.set_volume_security_style(share_name,
38
+                                               security_style='ntfs')
39
+
36 40
         # Return a callback that may be used for generating export paths
37 41
         # for this share.
38 42
         return (lambda export_address, share_name=share_name:

+ 43
- 0
manila/tests/share/drivers/netapp/dataontap/client/test_client_cmode.py View File

@@ -2648,6 +2648,49 @@ class NetAppClientCmodeTestCase(test.TestCase):
2648 2648
                           fake.SHARE_NAME,
2649 2649
                           10)
2650 2650
 
2651
+    @ddt.data(None, 'ntfs')
2652
+    def test_set_volume_security_style(self, security_style):
2653
+
2654
+        api_response = netapp_api.NaElement(fake.VOLUME_MODIFY_ITER_RESPONSE)
2655
+        self.mock_object(self.client,
2656
+                         'send_request',
2657
+                         mock.Mock(return_value=api_response))
2658
+        kwargs = {'security_style': security_style} if security_style else {}
2659
+
2660
+        self.client.set_volume_security_style(fake.SHARE_NAME, **kwargs)
2661
+
2662
+        volume_modify_iter_args = {
2663
+            'query': {
2664
+                'volume-attributes': {
2665
+                    'volume-id-attributes': {
2666
+                        'name': fake.SHARE_NAME
2667
+                    }
2668
+                }
2669
+            },
2670
+            'attributes': {
2671
+                'volume-attributes': {
2672
+                    'volume-security-attributes': {
2673
+                        'style': security_style or 'unix',
2674
+                    },
2675
+                },
2676
+            },
2677
+        }
2678
+        self.client.send_request.assert_called_once_with(
2679
+            'volume-modify-iter', volume_modify_iter_args)
2680
+
2681
+    def test_set_volume_security_style_api_error(self):
2682
+
2683
+        api_response = netapp_api.NaElement(
2684
+            fake.VOLUME_MODIFY_ITER_ERROR_RESPONSE)
2685
+        self.mock_object(self.client,
2686
+                         'send_request',
2687
+                         mock.Mock(return_value=api_response))
2688
+
2689
+        self.assertRaises(netapp_api.NaApiError,
2690
+                          self.client.set_volume_security_style,
2691
+                          fake.SHARE_NAME,
2692
+                          'ntfs')
2693
+
2651 2694
     def test_volume_exists(self):
2652 2695
 
2653 2696
         api_response = netapp_api.NaElement(fake.VOLUME_GET_NAME_RESPONSE)

+ 2
- 0
manila/tests/share/drivers/netapp/dataontap/protocols/test_cifs_cmode.py View File

@@ -55,6 +55,8 @@ class NetAppClusteredCIFSHelperTestCase(test.TestCase):
55 55
             fake.SHARE_NAME)
56 56
         self.mock_client.remove_cifs_share_access.assert_called_once_with(
57 57
             fake.SHARE_NAME, 'Everyone')
58
+        self.mock_client.set_volume_security_style.assert_called_once_with(
59
+            fake.SHARE_NAME, security_style='ntfs')
58 60
 
59 61
     def test_delete_share(self):
60 62
 

+ 4
- 0
releasenotes/notes/bug-1696000-netapp-fix-security-style-on-cifs-shares-cbdd557a27d11961.yaml View File

@@ -0,0 +1,4 @@
1
+---
2
+fixes:
3
+  - The NetApp ONTAP driver has been fixed to ensure the "security style" on
4
+    CIFS shares is always "ntfs".

Loading…
Cancel
Save