Merge "[Native CephFS] Don't fail to deny missing rules"

This commit is contained in:
Zuul 2022-05-12 13:20:55 +00:00 committed by Gerrit Code Review
commit d91f059677
3 changed files with 47 additions and 1 deletions

View File

@ -846,7 +846,16 @@ class NativeProtocolHelper(ganesha.NASHelperBase):
if share["share_group_id"] is not None:
argdict.update({"group_name": share["share_group_id"]})
rados_command(self.rados_client, "fs subvolume deauthorize", argdict)
try:
rados_command(self.rados_client,
"fs subvolume deauthorize",
argdict)
except exception.ShareBackendException as e:
if "doesn't exist" in e.msg.lower():
LOG.warning(f"%{access['access_to']} did not have access to "
f"share {share['id']}.")
return
raise e
rados_command(self.rados_client, "fs subvolume evict", argdict)
def update_access(self, context, share, access_rules, add_rules,

View File

@ -706,6 +706,37 @@ class NativeProtocolHelperTestCase(test.TestCase):
self.assertEqual(2, driver.rados_command.call_count)
def test_deny_access_missing_access_rule(self):
access_deny_prefix = "fs subvolume deauthorize"
exception_msg = (
f"json_command failed - prefix=fs subvolume deauthorize, "
f"argdict='vol_name': {self._native_protocol_helper.volname}, "
f"'sub_name': '{self._share['id']}', 'auth_id': 'alice', "
f"'format': 'json' - exception message: [errno -2] "
f"auth ID: alice doesn't exist.")
driver.rados_command.side_effect = exception.ShareBackendException(
msg=exception_msg)
access_deny_dict = {
"vol_name": self._native_protocol_helper.volname,
"sub_name": self._share["id"],
"auth_id": "alice",
}
self._native_protocol_helper._deny_access(self._context, self._share, {
'access_level': 'rw',
'access_type': 'cephx',
'access_to': 'alice'
})
driver.rados_command.assert_called_once_with(
self._native_protocol_helper.rados_client,
access_deny_prefix, access_deny_dict)
self.assertEqual(1, driver.rados_command.call_count)
def test_update_access_add_rm(self):
alice = {
'id': 'instance_mapping_id1',

View File

@ -0,0 +1,6 @@
---
fixes:
- |
The CephFS driver no longer fails to delete access rules that were never
applied or were missing from the back end storage. See `LP #1971530
<https://launchpad.net/bugs/1971530>`_ for more details.