Пример #1
0
    def _allow_access(self, base_path, share, access):
        """Allow access to the share."""
        ganesha_utils.validate_access_rule(self.supported_access_types,
                                           self.supported_access_levels,
                                           access,
                                           abort=True)

        access = ganesha_utils.fixup_access_rule(access)

        cf = {}
        accid = access['id']
        name = share['name']
        export_name = "%s--%s" % (name, accid)
        ganesha_utils.patch(
            cf, self.export_template, {
                'EXPORT': {
                    'Export_Id': self.ganesha.get_export_id(),
                    'Path': os.path.join(base_path, name),
                    'Pseudo': os.path.join(base_path, export_name),
                    'Tag': accid,
                    'CLIENT': {
                        'Clients': access['access_to']
                    },
                    'FSAL': self._fsal_hook(base_path, share, access)
                }
            })
        self.ganesha.add_export(export_name, cf)
Пример #2
0
    def _allow_access(self, base_path, share, access):
        """Allow access to the share."""
        ganesha_utils.validate_access_rule(
            self.supported_access_types, self.supported_access_levels,
            access, abort=True)

        access = ganesha_utils.fixup_access_rule(access)

        cf = {}
        accid = access['id']
        name = share['name']
        export_name = "%s--%s" % (name, accid)
        ganesha_utils.patch(cf, self.export_template, {
            'EXPORT': {
                'Export_Id': self.ganesha.get_export_id(),
                'Path': os.path.join(base_path, name),
                'Pseudo': os.path.join(base_path, export_name),
                'Tag': accid,
                'CLIENT': {
                    'Clients': access['access_to']
                },
                'FSAL': self._fsal_hook(base_path, share, access)
            }
        })
        self.ganesha.add_export(export_name, cf)
Пример #3
0
    def test_get_valid_access_rules(self, rule, kwargs):
        supported = ['ip', 'ro']

        ret = ganesha_utils.validate_access_rule(
            *([[a] for a in supported] + [fake_access(rule)]), **kwargs)

        self.assertEqual([rule['access_' + k]
                          for k in ['type', 'level']] == supported, ret)
Пример #4
0
    def test_get_valid_access_rules(self, rule, kwargs):
        supported = ['ip', 'ro']

        ret = ganesha_utils.validate_access_rule(
            *([[a] for a in supported] + [fake_access(rule)]), **kwargs)

        self.assertEqual(
            [rule['access_' + k] for k in ['type', 'level']] == supported, ret)
Пример #5
0
 def validator(rule):
     return ganesha_utils.validate_access_rule(
         self.supported_access_types, self.supported_access_levels, rule, abort
     )
Пример #6
0
    def update_access(self,
                      context,
                      share,
                      access_rules,
                      add_rules,
                      delete_rules,
                      share_server=None):
        """Update access rules of share.

        Creates an export per share. Modifies access rules of shares by
        dynamically updating exports via DBUS.
        """

        confdict = {}
        existing_access_rules = []
        rule_state_map = {}

        if self.ganesha.check_export_exists(share['name']):
            confdict = self.ganesha._read_export(share['name'])
            existing_access_rules = confdict["EXPORT"]["CLIENT"]
            if not isinstance(existing_access_rules, list):
                existing_access_rules = [existing_access_rules]
        else:
            if not access_rules:
                LOG.warning(
                    "Trying to remove export file '%s' but it's "
                    "already gone", self.ganesha._getpath(share['name']))
                return

        wanted_rw_clients, wanted_ro_clients = [], []
        for rule in access_rules:

            try:
                ganesha_utils.validate_access_rule(
                    self.supported_access_types, self.supported_access_levels,
                    rule, True)
            except (exception.InvalidShareAccess,
                    exception.InvalidShareAccessLevel):
                rule_state_map[rule['id']] = {'state': 'error'}
                continue

            rule = ganesha_utils.fixup_access_rule(rule)
            if rule['access_level'] == 'rw':
                wanted_rw_clients.append(rule['access_to'])
            elif rule['access_level'] == 'ro':
                wanted_ro_clients.append(rule['access_to'])

        if access_rules:
            # Add or Update export.
            clients = []
            if wanted_ro_clients:
                clients.append({
                    'Access_Type': 'ro',
                    'Clients': ','.join(wanted_ro_clients)
                })
            if wanted_rw_clients:
                clients.append({
                    'Access_Type': 'rw',
                    'Clients': ','.join(wanted_rw_clients)
                })

            if clients:  # Empty list if no rules passed validation
                if existing_access_rules:
                    # Update existing export.
                    ganesha_utils.patch(confdict,
                                        {'EXPORT': {
                                            'CLIENT': clients
                                        }})
                    self.ganesha.update_export(share['name'], confdict)
                else:
                    # Add new export.
                    ganesha_utils.patch(
                        confdict, self.export_template, {
                            'EXPORT': {
                                'Export_Id': self.ganesha.get_export_id(),
                                'Path': self._get_export_path(share),
                                'Pseudo': self._get_export_pseudo_path(share),
                                'Tag': share['name'],
                                'CLIENT': clients,
                                'FSAL': self._fsal_hook(None, share, None)
                            }
                        })
                    self.ganesha.add_export(share['name'], confdict)
        else:
            # No clients have access to the share. Remove export.
            self.ganesha.remove_export(share['name'])
            self._cleanup_fsal_hook(None, share, None)
        return rule_state_map
Пример #7
0
 def validator(rule):
     return ganesha_utils.validate_access_rule(
         self.supported_access_types, self.supported_access_levels,
         rule, abort)
Пример #8
0
    def update_access(self, context, share, access_rules, add_rules,
                      delete_rules, share_server=None):
        """Update access rules of share.

        Creates an export per share. Modifies access rules of shares by
        dynamically updating exports via DBUS.
        """

        confdict = {}
        existing_access_rules = []
        rule_state_map = {}

        if self.ganesha.check_export_exists(share['name']):
            confdict = self.ganesha._read_export(share['name'])
            existing_access_rules = confdict["EXPORT"]["CLIENT"]
            if not isinstance(existing_access_rules, list):
                existing_access_rules = [existing_access_rules]
        else:
            if not access_rules:
                LOG.warning("Trying to remove export file '%s' but it's "
                            "already gone",
                            self.ganesha._getpath(share['name']))
                return

        wanted_rw_clients, wanted_ro_clients = [], []
        for rule in access_rules:

            try:
                ganesha_utils.validate_access_rule(
                    self.supported_access_types, self.supported_access_levels,
                    rule, True)
            except (exception.InvalidShareAccess,
                    exception.InvalidShareAccessLevel):
                rule_state_map[rule['id']] = {'state': 'error'}
                continue

            rule = ganesha_utils.fixup_access_rule(rule)
            if rule['access_level'] == 'rw':
                wanted_rw_clients.append(rule['access_to'])
            elif rule['access_level'] == 'ro':
                wanted_ro_clients.append(rule['access_to'])

        if access_rules:
            # Add or Update export.
            clients = []
            if wanted_ro_clients:
                clients.append({
                    'Access_Type': 'ro',
                    'Clients': ','.join(wanted_ro_clients)
                })
            if wanted_rw_clients:
                clients.append({
                    'Access_Type': 'rw',
                    'Clients': ','.join(wanted_rw_clients)
                })

            if clients:  # Empty list if no rules passed validation
                if existing_access_rules:
                    # Update existing export.
                    ganesha_utils.patch(confdict, {
                        'EXPORT': {
                            'CLIENT': clients
                        }
                    })
                    self.ganesha.update_export(share['name'], confdict)
                else:
                    # Add new export.
                    ganesha_utils.patch(confdict, self.export_template, {
                        'EXPORT': {
                            'Export_Id': self.ganesha.get_export_id(),
                            'Path': self._get_export_path(share),
                            'Pseudo': self._get_export_pseudo_path(share),
                            'Tag': share['name'],
                            'CLIENT': clients,
                            'FSAL': self._fsal_hook(None, share, None)
                        }
                    })
                    self.ganesha.add_export(share['name'], confdict)
        else:
            # No clients have access to the share. Remove export.
            self.ganesha.remove_export(share['name'])
            self._cleanup_fsal_hook(None, share, None)
        return rule_state_map