def allow_access(self, local_path, share, access, error_on_exists=True): """Allow access to one or more vm instances.""" if access['access_type'] != 'ip': raise exception.InvalidShareAccess(reason='Only ip access type ' 'supported.') if error_on_exists: # check if present in export out = re.search( re.escape(local_path) + '[\s\n]*' + re.escape(access['access_to']), self._get_exports()) if out is not None: access_type = access['access_type'] access_to = access['access_to'] raise exception.ShareAccessExists(access_type=access_type, access=access_to) export_opts = self.get_export_options(share, access, 'KNFS') cmd = ['exportfs', '-o', export_opts, ':'.join([access['access_to'], local_path])] try: self._publish_access(*cmd) except exception.ProcessExecutionError: msg = _('Failed to allow access for share %s.') % share['name'] LOG.exception(msg) raise exception.GPFSException(msg)
def allow_access(self, local_path, share, access_type, access): """Allow access to one or more vm instances.""" if access_type != 'ip': raise exception.InvalidShareAccess('Only ip access type ' 'supported.') # check if present in export try: out, __ = self._execute('exportfs', run_as_root=True) except exception.ProcessExecutionError as e: msg = (_('Failed to check exports on the systems. ' ' Error: %s.') % e) LOG.error(msg) raise exception.GPFSException(msg) out = re.search(re.escape(local_path) + '[\s\n]*' + re.escape(access), out) if out is not None: raise exception.ShareAccessExists(access_type=access_type, access=access) export_opts = self._get_export_options(share) cmd = ['exportfs', '-o', export_opts, ':'.join([access, local_path])] try: self._publish_access(*cmd) except exception.ProcessExecutionError as e: msg = (_('Failed to allow access for share %(sharename)s. ' 'Error: %(excmsg)s.') % {'sharename': share['name'], 'excmsg': e}) LOG.error(msg) raise exception.GPFSException(msg)
def allow_access(self, ctx, share, access_type, access_to): """Allow access to share.""" if not share['host']: msg = _("Share host is None") raise exception.InvalidShare(reason=msg) if share['status'] not in ["available"]: msg = _("Share status must be available") raise exception.InvalidShare(reason=msg) policy.check_policy(ctx, 'share', 'allow_access') values = { 'share_id': share['id'], 'access_type': access_type, 'access_to': access_to } access = [ a for a in self.db.share_access_get_all_by_type_and_access( ctx, share['id'], access_type, access_to) if a['state'] != 'error' ] if access: raise exception.ShareAccessExists(access_type=access_type, access=access_to) access = self.db.share_access_create(ctx, values) self.share_rpcapi.allow_access(ctx, share, access) return access
def allow_access(self, context, share, share_name, access): """Allows access to the CIFS share for a given user.""" if access['access_type'] != 'user': msg = _("Cluster Mode supports only 'user' type for share access" " rules with CIFS protocol.") raise exception.InvalidShareAccess(reason=msg) user_name = access['access_to'] if access['access_level'] == constants.ACCESS_LEVEL_RW: readonly = False elif access['access_level'] == constants.ACCESS_LEVEL_RO: readonly = True else: raise exception.InvalidShareAccessLevel( level=access['access_level']) target, share_name = self._get_export_location(share) try: self._client.add_cifs_share_access(share_name, user_name, readonly) except netapp_api.NaApiError as e: if e.code == netapp_api.EDUPLICATEENTRY: # Duplicate entry, so use specific exception. raise exception.ShareAccessExists( access_type=access['access_type'], access=access) raise e
def allow_access(self, server, share_name, access_type, access): """Add access for share.""" if access_type != 'ip': reason = _('Only ip access type allowed.') raise exception.InvalidShareAccess(reason=reason) hosts = self._get_allow_hosts(server, share_name) if access in hosts: raise exception.ShareAccessExists(access_type=access_type, access=access) hosts.append(access) self._set_allow_hosts(server, hosts, share_name)
def allow_access(self, local_path, share_name, access_type, access): """Add to allow hosts additional access rule.""" if access_type != 'ip': reason = _('only ip access type allowed') raise exception.InvalidShareAccess(reason=reason) hosts = self._get_allow_hosts(share_name) if access in hosts: raise exception.ShareAccessExists(access_type=access_type, access=access) hosts.append(access) self._set_allow_hosts(hosts, share_name)
def allow_access(self, server, share_name, access_type, access_level, access_to): """Add access for share.""" if access_type != 'ip': reason = _('Only ip access type allowed.') raise exception.InvalidShareAccess(reason=reason) if access_level != const.ACCESS_LEVEL_RW: raise exception.InvalidShareAccessLevel(level=access_level) hosts = self._get_allow_hosts(server, share_name) if access_to in hosts: raise exception.ShareAccessExists(access_type=access_type, access=access_to) hosts.append(access_to) self._set_allow_hosts(server, hosts, share_name)
def allow_access(self, server, share_name, access_type, access_level, access_to): """Add to allow hosts additional access rule.""" if access_type != 'user': reason = _('Only user access type allowed.') raise exception.InvalidShareAccess(reason=reason) all_users = self._get_valid_users(server, share_name) if access_to in all_users: raise exception.ShareAccessExists(access_type=access_type, access=access_to) user_list = self._get_valid_users(server, share_name, access_level) user_list.append(access_to) self._set_valid_users(server, user_list, share_name, access_level)
def allow_access(self, local_path, share_name, access_type, access): """Allow access to the host.""" if access_type != 'ip': reason = 'only ip access type allowed' raise exception.InvalidShareAccess(reason) parser = ConfigParser.ConfigParser() parser.read(self.config) hosts = parser.get(share_name, 'hosts allow') if access in hosts.split(): raise exception.ShareAccessExists(access_type=access_type, access=access) hosts += ' %s' % (access, ) parser.set(share_name, 'hosts allow', hosts) self._update_config(parser)
def test_allow_migration_access_exists(self): access = {'access_to': 'fake_ip', 'access_type': 'fake_type'} access_active = db_utils.create_access(share_id=self.share['id'], access_to='fake_ip') self.mock_object( self.helper.api, 'allow_access', mock.Mock(side_effect=[exception.ShareAccessExists('fake')])) self.mock_object(self.helper.api, 'access_get_all', mock.Mock(return_value=[access_active])) result = self.helper.allow_migration_access(access) self.assertEqual(access_active, result)
def allow_access(self, context, share, share_name, access): """Allows access to the CIFS share for a given user.""" if access['access_type'] != 'user': msg = _("Cluster Mode supports only 'user' type for share access" " rules with CIFS protocol.") raise exception.NetAppException(msg) target, share_name = self._get_export_location(share) try: self._client.add_cifs_share_access(share_name, access['access_to']) except netapp_api.NaApiError as e: if e.code == netapp_api.EDUPLICATEENTRY: # Duplicate entry, so use specific exception. raise exception.ShareAccessExists( access_type=access['access_type'], access=access) raise e
def allow_access(self, server, share_name, access_type, access): """Allow access to the host""" local_path = os.path.join(self.configuration.share_mount_path, share_name) if access_type != 'ip': reason = 'only ip access type allowed' raise exception.InvalidShareAccess(reason) # check if presents in export out, _ = self._ssh_exec(server, ['sudo', 'exportfs']) out = re.search(re.escape(local_path) + '[\s\n]*' + re.escape(access), out) if out is not None: raise exception.ShareAccessExists(access_type=access_type, access=access) self._ssh_exec(server, ['sudo', 'exportfs', '-o', 'rw,no_subtree_check', ':'.join([access, local_path])])
def allow_access(self, local_path, share_name, access_type, access): """Allow access to the host""" if access_type != 'ip': reason = 'only ip access type allowed' raise exception.InvalidShareAccess(reason) # check if presents in export out, _ = self._execute('exportfs', run_as_root=True) out = re.search( re.escape(local_path) + '[\s\n]*' + re.escape(access), out) if out is not None: raise exception.ShareAccessExists(access_type=access_type, access=access) self._execute('exportfs', '-o', 'rw,no_subtree_check', ':'.join([access, local_path]), run_as_root=True, check_exit_code=True)
def allow_access(self, context, share, access): """Allows access to the CIFS share for a given user.""" if access['access_type'] != 'user': msg = _("Cluster Mode supports only 'user' type for share access" " rules with CIFS protocol.") raise exception.NetAppException(msg) target, share_name = self._get_export_location(share) args = { 'permission': 'full_control', 'share': share_name, 'user-or-group': access['access_to'], } try: self._client.send_request('cifs-share-access-control-create', args) except naapi.NaApiError as e: if e.code == "13130": # duplicate entry raise exception.ShareAccessExists( access_type=access['access_type'], access=access) raise e
def allow_access(self, server, share_name, access_type, access_level, access_to): """Allow access to the host.""" local_path = os.path.join(self.configuration.share_mount_path, share_name) if access_type != 'ip': msg = _('only ip access type allowed') raise exception.InvalidShareAccess(reason=msg) # check if presents in export out, err = self._ssh_exec(server, ['sudo', 'exportfs']) out = re.search( re.escape(local_path) + '[\s\n]*' + re.escape(access_to), out) if out is not None: raise exception.ShareAccessExists(access_type=access_type, access=access_to) self._ssh_exec(server, [ 'sudo', 'exportfs', '-o', '%s,no_subtree_check' % access_level, ':'.join( [access_to, local_path]) ]) self._sync_nfs_temp_and_perm_files(server)
def allow_access(self, ctx, share, access_type, access_to, access_level=None): """Allow access to share.""" policy.check_policy(ctx, 'share', 'allow_access') share = self.db.share_get(ctx, share['id']) if share['status'] != constants.STATUS_AVAILABLE: msg = _("Share status must be %s") % constants.STATUS_AVAILABLE raise exception.InvalidShare(reason=msg) values = { 'share_id': share['id'], 'access_type': access_type, 'access_to': access_to, 'access_level': access_level, } for access in self.db.share_access_get_all_by_type_and_access( ctx, share['id'], access_type, access_to): if access['state'] != constants.STATUS_ERROR: raise exception.ShareAccessExists(access_type=access_type, access=access_to) if access_level not in constants.ACCESS_LEVELS + (None, ): msg = _("Invalid share access level: %s.") % access_level raise exception.InvalidShareAccess(reason=msg) access = self.db.share_access_create(ctx, values) for share_instance in share.instances: self.allow_access_to_instance(ctx, share_instance, access) return { 'id': access['id'], 'share_id': access['share_id'], 'access_type': access['access_type'], 'access_to': access['access_to'], 'access_level': access['access_level'], 'state': access['state'], }
def raise_share_access_exists(*args, **kwargs): raise exception.ShareAccessExists(access_type='fake_access_type', access='fake_access')