def allow_access(self, local_path, share, access, error_on_exists=True):
"""Allow access to one or more vm instances."""
if access['access_type'] != 'ip':
raise exception.InvalidShareAccess(reason='Only ip access type '
'supported.')
if error_on_exists:
# check if present in export
out = re.search(
re.escape(local_path) + '[\s\n]*'
+ re.escape(access['access_to']), self._get_exports())
if out is not None:
access_type = access['access_type']
access_to = access['access_to']
raise exception.ShareAccessExists(access_type=access_type,
access=access_to)
export_opts = self.get_export_options(share, access, 'KNFS')
cmd = ['exportfs', '-o', export_opts,
':'.join([access['access_to'], local_path])]
try:
self._publish_access(*cmd)
except exception.ProcessExecutionError:
msg = _('Failed to allow access for share %s.') % share['name']
LOG.exception(msg)
raise exception.GPFSException(msg)
def allow_access(self, local_path, share, access_type, access):
"""Allow access to one or more vm instances."""
if access_type != 'ip':
raise exception.InvalidShareAccess('Only ip access type '
'supported.')
# check if present in export
try:
out, __ = self._execute('exportfs', run_as_root=True)
except exception.ProcessExecutionError as e:
msg = (_('Failed to check exports on the systems. '
' Error: %s.') % e)
LOG.error(msg)
raise exception.GPFSException(msg)
out = re.search(re.escape(local_path) + '[\s\n]*' + re.escape(access),
out)
if out is not None:
raise exception.ShareAccessExists(access_type=access_type,
access=access)
export_opts = self._get_export_options(share)
cmd = ['exportfs', '-o', export_opts,
':'.join([access, local_path])]
try:
self._publish_access(*cmd)
except exception.ProcessExecutionError as e:
msg = (_('Failed to allow access for share %(sharename)s. '
'Error: %(excmsg)s.') %
{'sharename': share['name'],
'excmsg': e})
LOG.error(msg)
raise exception.GPFSException(msg)
def allow_access(self, ctx, share, access_type, access_to):
"""Allow access to share."""
if not share['host']:
msg = _("Share host is None")
raise exception.InvalidShare(reason=msg)
if share['status'] not in ["available"]:
msg = _("Share status must be available")
raise exception.InvalidShare(reason=msg)
policy.check_policy(ctx, 'share', 'allow_access')
values = {
'share_id': share['id'],
'access_type': access_type,
'access_to': access_to
}
access = [
a for a in self.db.share_access_get_all_by_type_and_access(
ctx, share['id'], access_type, access_to)
if a['state'] != 'error'
]
if access:
raise exception.ShareAccessExists(access_type=access_type,
access=access_to)
access = self.db.share_access_create(ctx, values)
self.share_rpcapi.allow_access(ctx, share, access)
return access
def allow_access(self, context, share, share_name, access):
"""Allows access to the CIFS share for a given user."""
if access['access_type'] != 'user':
msg = _("Cluster Mode supports only 'user' type for share access"
" rules with CIFS protocol.")
raise exception.InvalidShareAccess(reason=msg)
user_name = access['access_to']
if access['access_level'] == constants.ACCESS_LEVEL_RW:
readonly = False
elif access['access_level'] == constants.ACCESS_LEVEL_RO:
readonly = True
else:
raise exception.InvalidShareAccessLevel(
level=access['access_level'])
target, share_name = self._get_export_location(share)
try:
self._client.add_cifs_share_access(share_name,
user_name,
readonly)
except netapp_api.NaApiError as e:
if e.code == netapp_api.EDUPLICATEENTRY:
# Duplicate entry, so use specific exception.
raise exception.ShareAccessExists(
access_type=access['access_type'], access=access)
raise e
def allow_access(self, server, share_name, access_type, access):
"""Add access for share."""
if access_type != 'ip':
reason = _('Only ip access type allowed.')
raise exception.InvalidShareAccess(reason=reason)
hosts = self._get_allow_hosts(server, share_name)
if access in hosts:
raise exception.ShareAccessExists(access_type=access_type,
access=access)
hosts.append(access)
self._set_allow_hosts(server, hosts, share_name)
def allow_access(self, local_path, share_name, access_type, access):
"""Add to allow hosts additional access rule."""
if access_type != 'ip':
reason = _('only ip access type allowed')
raise exception.InvalidShareAccess(reason=reason)
hosts = self._get_allow_hosts(share_name)
if access in hosts:
raise exception.ShareAccessExists(access_type=access_type,
access=access)
hosts.append(access)
self._set_allow_hosts(hosts, share_name)
def allow_access(self, server, share_name, access_type, access_level,
access_to):
"""Add access for share."""
if access_type != 'ip':
reason = _('Only ip access type allowed.')
raise exception.InvalidShareAccess(reason=reason)
if access_level != const.ACCESS_LEVEL_RW:
raise exception.InvalidShareAccessLevel(level=access_level)
hosts = self._get_allow_hosts(server, share_name)
if access_to in hosts:
raise exception.ShareAccessExists(access_type=access_type,
access=access_to)
hosts.append(access_to)
self._set_allow_hosts(server, hosts, share_name)
def allow_access(self, server, share_name, access_type, access_level,
access_to):
"""Add to allow hosts additional access rule."""
if access_type != 'user':
reason = _('Only user access type allowed.')
raise exception.InvalidShareAccess(reason=reason)
all_users = self._get_valid_users(server, share_name)
if access_to in all_users:
raise exception.ShareAccessExists(access_type=access_type,
access=access_to)
user_list = self._get_valid_users(server, share_name, access_level)
user_list.append(access_to)
self._set_valid_users(server, user_list, share_name, access_level)
def allow_access(self, local_path, share_name, access_type, access):
"""Allow access to the host."""
if access_type != 'ip':
reason = 'only ip access type allowed'
raise exception.InvalidShareAccess(reason)
parser = ConfigParser.ConfigParser()
parser.read(self.config)
hosts = parser.get(share_name, 'hosts allow')
if access in hosts.split():
raise exception.ShareAccessExists(access_type=access_type,
access=access)
hosts += ' %s' % (access, )
parser.set(share_name, 'hosts allow', hosts)
self._update_config(parser)
def test_allow_migration_access_exists(self):
access = {'access_to': 'fake_ip', 'access_type': 'fake_type'}
access_active = db_utils.create_access(share_id=self.share['id'],
access_to='fake_ip')
self.mock_object(
self.helper.api, 'allow_access',
mock.Mock(side_effect=[exception.ShareAccessExists('fake')]))
self.mock_object(self.helper.api, 'access_get_all',
mock.Mock(return_value=[access_active]))
result = self.helper.allow_migration_access(access)
self.assertEqual(access_active, result)
def allow_access(self, context, share, share_name, access):
"""Allows access to the CIFS share for a given user."""
if access['access_type'] != 'user':
msg = _("Cluster Mode supports only 'user' type for share access"
" rules with CIFS protocol.")
raise exception.NetAppException(msg)
target, share_name = self._get_export_location(share)
try:
self._client.add_cifs_share_access(share_name, access['access_to'])
except netapp_api.NaApiError as e:
if e.code == netapp_api.EDUPLICATEENTRY:
# Duplicate entry, so use specific exception.
raise exception.ShareAccessExists(
access_type=access['access_type'], access=access)
raise e
def allow_access(self, server, share_name, access_type, access):
"""Allow access to the host"""
local_path = os.path.join(self.configuration.share_mount_path,
share_name)
if access_type != 'ip':
reason = 'only ip access type allowed'
raise exception.InvalidShareAccess(reason)
# check if presents in export
out, _ = self._ssh_exec(server, ['sudo', 'exportfs'])
out = re.search(re.escape(local_path) + '[\s\n]*' + re.escape(access),
out)
if out is not None:
raise exception.ShareAccessExists(access_type=access_type,
access=access)
self._ssh_exec(server,
['sudo', 'exportfs', '-o', 'rw,no_subtree_check',
':'.join([access, local_path])])
def allow_access(self, local_path, share_name, access_type, access):
"""Allow access to the host"""
if access_type != 'ip':
reason = 'only ip access type allowed'
raise exception.InvalidShareAccess(reason)
# check if presents in export
out, _ = self._execute('exportfs', run_as_root=True)
out = re.search(
re.escape(local_path) + '[\s\n]*' + re.escape(access), out)
if out is not None:
raise exception.ShareAccessExists(access_type=access_type,
access=access)
self._execute('exportfs',
'-o',
'rw,no_subtree_check',
':'.join([access, local_path]),
run_as_root=True,
check_exit_code=True)
def allow_access(self, context, share, access):
"""Allows access to the CIFS share for a given user."""
if access['access_type'] != 'user':
msg = _("Cluster Mode supports only 'user' type for share access"
" rules with CIFS protocol.")
raise exception.NetAppException(msg)
target, share_name = self._get_export_location(share)
args = {
'permission': 'full_control',
'share': share_name,
'user-or-group': access['access_to'],
}
try:
self._client.send_request('cifs-share-access-control-create', args)
except naapi.NaApiError as e:
if e.code == "13130":
# duplicate entry
raise exception.ShareAccessExists(
access_type=access['access_type'], access=access)
raise e
def allow_access(self, server, share_name, access_type, access_level,
access_to):
"""Allow access to the host."""
local_path = os.path.join(self.configuration.share_mount_path,
share_name)
if access_type != 'ip':
msg = _('only ip access type allowed')
raise exception.InvalidShareAccess(reason=msg)
# check if presents in export
out, err = self._ssh_exec(server, ['sudo', 'exportfs'])
out = re.search(
re.escape(local_path) + '[\s\n]*' + re.escape(access_to), out)
if out is not None:
raise exception.ShareAccessExists(access_type=access_type,
access=access_to)
self._ssh_exec(server, [
'sudo', 'exportfs', '-o',
'%s,no_subtree_check' % access_level, ':'.join(
[access_to, local_path])
])
self._sync_nfs_temp_and_perm_files(server)
def allow_access(self,
ctx,
share,
access_type,
access_to,
access_level=None):
"""Allow access to share."""
policy.check_policy(ctx, 'share', 'allow_access')
share = self.db.share_get(ctx, share['id'])
if share['status'] != constants.STATUS_AVAILABLE:
msg = _("Share status must be %s") % constants.STATUS_AVAILABLE
raise exception.InvalidShare(reason=msg)
values = {
'share_id': share['id'],
'access_type': access_type,
'access_to': access_to,
'access_level': access_level,
}
for access in self.db.share_access_get_all_by_type_and_access(
ctx, share['id'], access_type, access_to):
if access['state'] != constants.STATUS_ERROR:
raise exception.ShareAccessExists(access_type=access_type,
access=access_to)
if access_level not in constants.ACCESS_LEVELS + (None, ):
msg = _("Invalid share access level: %s.") % access_level
raise exception.InvalidShareAccess(reason=msg)
access = self.db.share_access_create(ctx, values)
for share_instance in share.instances:
self.allow_access_to_instance(ctx, share_instance, access)
return {
'id': access['id'],
'share_id': access['share_id'],
'access_type': access['access_type'],
'access_to': access['access_to'],
'access_level': access['access_level'],
'state': access['state'],
}
def raise_share_access_exists(*args, **kwargs):
raise exception.ShareAccessExists(access_type='fake_access_type',
access='fake_access')
