From 74e1fe4761b3bc4efb9a60d1b2887766c9ce43a9 Mon Sep 17 00:00:00 2001 From: Goutham Pacha Ravi Date: Wed, 4 May 2022 13:41:54 +0530 Subject: [PATCH] [Native CephFS] Don't fail to deny missing rules In rare scenarios, an access rule known to manila may be missing from CephFS. The driver shouldn't raise an exception when this happens. Change-Id: Iaeb84f1d9f4c04c23f470ad777d7d6cf2455f543 Closes-Bug: #1971530 Signed-off-by: Goutham Pacha Ravi --- manila/share/drivers/cephfs/driver.py | 11 ++++++- .../tests/share/drivers/cephfs/test_driver.py | 31 +++++++++++++++++++ ...s-native-deny-access-facf37fa7053c30d.yaml | 6 ++++ 3 files changed, 47 insertions(+), 1 deletion(-) create mode 100644 releasenotes/notes/bug-1971530-fix-cephfs-native-deny-access-facf37fa7053c30d.yaml diff --git a/manila/share/drivers/cephfs/driver.py b/manila/share/drivers/cephfs/driver.py index 92f6625088..4de11c2e6c 100644 --- a/manila/share/drivers/cephfs/driver.py +++ b/manila/share/drivers/cephfs/driver.py @@ -846,7 +846,16 @@ class NativeProtocolHelper(ganesha.NASHelperBase): if share["share_group_id"] is not None: argdict.update({"group_name": share["share_group_id"]}) - rados_command(self.rados_client, "fs subvolume deauthorize", argdict) + try: + rados_command(self.rados_client, + "fs subvolume deauthorize", + argdict) + except exception.ShareBackendException as e: + if "doesn't exist" in e.msg.lower(): + LOG.warning(f"%{access['access_to']} did not have access to " + f"share {share['id']}.") + return + raise e rados_command(self.rados_client, "fs subvolume evict", argdict) def update_access(self, context, share, access_rules, add_rules, diff --git a/manila/tests/share/drivers/cephfs/test_driver.py b/manila/tests/share/drivers/cephfs/test_driver.py index 5b7f21259e..89dee79070 100644 --- a/manila/tests/share/drivers/cephfs/test_driver.py +++ b/manila/tests/share/drivers/cephfs/test_driver.py @@ -706,6 +706,37 @@ class NativeProtocolHelperTestCase(test.TestCase): self.assertEqual(2, driver.rados_command.call_count) + def test_deny_access_missing_access_rule(self): + access_deny_prefix = "fs subvolume deauthorize" + + exception_msg = ( + f"json_command failed - prefix=fs subvolume deauthorize, " + f"argdict='vol_name': {self._native_protocol_helper.volname}, " + f"'sub_name': '{self._share['id']}', 'auth_id': 'alice', " + f"'format': 'json' - exception message: [errno -2] " + f"auth ID: alice doesn't exist.") + + driver.rados_command.side_effect = exception.ShareBackendException( + msg=exception_msg) + + access_deny_dict = { + "vol_name": self._native_protocol_helper.volname, + "sub_name": self._share["id"], + "auth_id": "alice", + } + + self._native_protocol_helper._deny_access(self._context, self._share, { + 'access_level': 'rw', + 'access_type': 'cephx', + 'access_to': 'alice' + }) + + driver.rados_command.assert_called_once_with( + self._native_protocol_helper.rados_client, + access_deny_prefix, access_deny_dict) + + self.assertEqual(1, driver.rados_command.call_count) + def test_update_access_add_rm(self): alice = { 'id': 'instance_mapping_id1', diff --git a/releasenotes/notes/bug-1971530-fix-cephfs-native-deny-access-facf37fa7053c30d.yaml b/releasenotes/notes/bug-1971530-fix-cephfs-native-deny-access-facf37fa7053c30d.yaml new file mode 100644 index 0000000000..4468f1dc2f --- /dev/null +++ b/releasenotes/notes/bug-1971530-fix-cephfs-native-deny-access-facf37fa7053c30d.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + The CephFS driver no longer fails to delete access rules that were never + applied or were missing from the back end storage. See `LP #1971530 + `_ for more details.