openstack/manila
Code Issues Proposed changes

Rename 'sid' to 'user' in access rules and sec services

Browse Source 
Rename 'sid' (secure identifier) to 'user' for better understanding by user.
Changed parts:
- db entities
- db migration
- share access rule type
- security services
- tempest tests

Change-Id: I527064508f13bd4dc658746970c2606098199c1c
This commit is contained in:
Valeriy Ponomaryov 2014-08-06 11:27:06 -04:00
parent 76160f66b0
commit 1de1a187d5
19 changed files with 113 additions and 100 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
contrib/tempest/tempest/api/share/base.py
View File

@ -398,7 +398,7 @@ class BaseSharesTest(test.BaseTestCase):
"dns_ip": data_utils.rand_name("ss-dns_ip"), "dns_ip": data_utils.rand_name("ss-dns_ip"),
"server": data_utils.rand_name("ss-server"), "server": data_utils.rand_name("ss-server"),
"domain": data_utils.rand_name("ss-domain"), "domain": data_utils.rand_name("ss-domain"),
"sid": data_utils.rand_name("ss-sid"), "user": data_utils.rand_name("ss-user"),
"password": data_utils.rand_name("ss-password"), "password": data_utils.rand_name("ss-password"),
} }
return data return data

26
contrib/tempest/tempest/api/share/test_rules.py
View File

@ -79,25 +79,25 @@ class ShareIpRulesForCIFSTest(ShareIpRulesForNFSTest):
protocol = "cifs" protocol = "cifs"
class ShareSidRulesForNFSTest(base.BaseSharesTest): class ShareUserRulesForNFSTest(base.BaseSharesTest):
protocol = "nfs" protocol = "nfs"
@classmethod @classmethod
@test.safe_setup @test.safe_setup
def setUpClass(cls): def setUpClass(cls):
super(ShareSidRulesForNFSTest, cls).setUpClass() super(ShareUserRulesForNFSTest, cls).setUpClass()
if (cls.protocol not in CONF.share.enable_protocols or if (cls.protocol not in CONF.share.enable_protocols or
cls.protocol not in CONF.share.enable_sid_rules_for_protocols): cls.protocol not in CONF.share.enable_user_rules_for_protocols):
msg = "SID rule tests for %s protocol are disabled" % cls.protocol msg = "USER rule tests for %s protocol are disabled" % cls.protocol
raise cls.skipException(msg) raise cls.skipException(msg)
__, cls.share = cls.create_share(cls.protocol) __, cls.share = cls.create_share(cls.protocol)
@test.attr(type=["gate", ]) @test.attr(type=["gate", ])
def test_create_delete_sid_rule(self): def test_create_delete_user_rule(self):
# test data # test data
access_type = "sid" access_type = "user"
access_to = CONF.share.username_for_sid_rules access_to = CONF.share.username_for_user_rules
# create rule # create rule
resp, rule = self.shares_client.create_access_rule(self.share["id"], resp, rule = self.shares_client.create_access_rule(self.share["id"],
@ -113,7 +113,7 @@ class ShareSidRulesForNFSTest(base.BaseSharesTest):
self.assertIn(int(resp["status"]), test.HTTP_SUCCESS) self.assertIn(int(resp["status"]), test.HTTP_SUCCESS)
class ShareSidRulesForCIFSTest(ShareSidRulesForNFSTest): class ShareUserRulesForCIFSTest(ShareUserRulesForNFSTest):
protocol = "cifs" protocol = "cifs"
@ -125,7 +125,7 @@ class ShareRulesTest(base.BaseSharesTest):
super(ShareRulesTest, cls).setUpClass() super(ShareRulesTest, cls).setUpClass()
if not (any(p in CONF.share.enable_ip_rules_for_protocols if not (any(p in CONF.share.enable_ip_rules_for_protocols
for p in cls.protocols) or for p in cls.protocols) or
any(p in CONF.share.enable_sid_rules_for_protocols any(p in CONF.share.enable_user_rules_for_protocols
for p in cls.protocols)): for p in cls.protocols)):
cls.message = "Rule tests are disabled" cls.message = "Rule tests are disabled"
raise cls.skipException(cls.message) raise cls.skipException(cls.message)
@ -140,10 +140,10 @@ class ShareRulesTest(base.BaseSharesTest):
self.access_type = "ip" self.access_type = "ip"
self.access_to = "8.8.8.8" self.access_to = "8.8.8.8"
protocol = CONF.share.enable_ip_rules_for_protocols[0] protocol = CONF.share.enable_ip_rules_for_protocols[0]
elif CONF.share.enable_sid_rules_for_protocols: elif CONF.share.enable_user_rules_for_protocols:
self.access_type = "sid" self.access_type = "user"
self.access_to = CONF.share.username_for_sid_rules self.access_to = CONF.share.username_for_user_rules
protocol = CONF.share.enable_sid_rules_for_protocols[0] protocol = CONF.share.enable_user_rules_for_protocols[0]
else: else:
raise self.skipException(self.message) raise self.skipException(self.message)
self.shares_client.protocol = protocol self.shares_client.protocol = protocol

40
contrib/tempest/tempest/api/share/test_rules_negative.py
View File

@ -110,16 +110,16 @@ class ShareIpRulesForCIFSNegativeTest(ShareIpRulesForNFSNegativeTest):
protocol = "cifs" protocol = "cifs"
class ShareSidRulesForNFSNegativeTest(base.BaseSharesTest): class ShareUserRulesForNFSNegativeTest(base.BaseSharesTest):
protocol = "nfs" protocol = "nfs"
@classmethod @classmethod
@test.safe_setup @test.safe_setup
def setUpClass(cls): def setUpClass(cls):
super(ShareSidRulesForNFSNegativeTest, cls).setUpClass() super(ShareUserRulesForNFSNegativeTest, cls).setUpClass()
if not (cls.protocol in CONF.share.enable_protocols and if not (cls.protocol in CONF.share.enable_protocols and
cls.protocol in CONF.share.enable_sid_rules_for_protocols): cls.protocol in CONF.share.enable_user_rules_for_protocols):
msg = "SID rule tests for %s protocol are disabled" % cls.protocol msg = "USER rule tests for %s protocol are disabled" % cls.protocol
raise cls.skipException(msg) raise cls.skipException(msg)
# create share # create share
__, cls.share = cls.create_share(cls.protocol) __, cls.share = cls.create_share(cls.protocol)
@ -127,55 +127,55 @@ class ShareSidRulesForNFSNegativeTest(base.BaseSharesTest):
__, cls.snap = cls.create_snapshot_wait_for_active(cls.share["id"]) __, cls.snap = cls.create_snapshot_wait_for_active(cls.share["id"])
@test.attr(type=["negative", "gate", ]) @test.attr(type=["negative", "gate", ])
def test_create_access_rule_sid_with_wrong_input_2(self): def test_create_access_rule_user_with_wrong_input_2(self):
self.assertRaises(exceptions.BadRequest, self.assertRaises(exceptions.BadRequest,
self.shares_client.create_access_rule, self.shares_client.create_access_rule,
self.share["id"], "sid", self.share["id"], "user",
"try+") "try+")
@test.attr(type=["negative", "gate", ]) @test.attr(type=["negative", "gate", ])
def test_create_access_rule_sid_with_empty_key(self): def test_create_access_rule_user_with_empty_key(self):
self.assertRaises(exceptions.BadRequest, self.assertRaises(exceptions.BadRequest,
self.shares_client.create_access_rule, self.shares_client.create_access_rule,
self.share["id"], "sid", "") self.share["id"], "user", "")
@test.attr(type=["negative", "gate", ]) @test.attr(type=["negative", "gate", ])
def test_create_access_rule_sid_with_too_little_key(self): def test_create_access_rule_user_with_too_little_key(self):
self.assertRaises(exceptions.BadRequest, self.assertRaises(exceptions.BadRequest,
self.shares_client.create_access_rule, self.shares_client.create_access_rule,
self.share["id"], "sid", "abc") self.share["id"], "user", "abc")
@test.attr(type=["negative", "gate", ]) @test.attr(type=["negative", "gate", ])
def test_create_access_rule_sid_with_too_big_key(self): def test_create_access_rule_user_with_too_big_key(self):
self.assertRaises(exceptions.BadRequest, self.assertRaises(exceptions.BadRequest,
self.shares_client.create_access_rule, self.shares_client.create_access_rule,
self.share["id"], "sid", "a" * 33) self.share["id"], "user", "a" * 33)
@test.attr(type=["negative", "gate", ]) @test.attr(type=["negative", "gate", ])
def test_create_access_rule_sid_with_wrong_input_1(self): def test_create_access_rule_user_with_wrong_input_1(self):
self.assertRaises(exceptions.BadRequest, self.assertRaises(exceptions.BadRequest,
self.shares_client.create_access_rule, self.shares_client.create_access_rule,
self.share["id"], "sid", self.share["id"], "user",
"try+") "try+")
@test.attr(type=["negative", "gate", ]) @test.attr(type=["negative", "gate", ])
def test_create_access_rule_sid_to_snapshot(self): def test_create_access_rule_user_to_snapshot(self):
self.assertRaises(exceptions.NotFound, self.assertRaises(exceptions.NotFound,
self.shares_client.create_access_rule, self.shares_client.create_access_rule,
self.snap["id"], self.snap["id"],
access_type="sid", access_type="user",
access_to="fakeuser") access_to="fakeuser")
@test.attr(type=["negative", "gate", ]) @test.attr(type=["negative", "gate", ])
def test_create_access_rule_sid_with_wrong_share_id(self): def test_create_access_rule_user_with_wrong_share_id(self):
self.assertRaises(exceptions.NotFound, self.assertRaises(exceptions.NotFound,
self.shares_client.create_access_rule, self.shares_client.create_access_rule,
"wrong_share_id", "wrong_share_id",
access_type="sid", access_type="user",
access_to="fakeuser") access_to="fakeuser")
class ShareSidRulesForCIFSNegativeTest(ShareSidRulesForNFSNegativeTest): class ShareUserRulesForCIFSNegativeTest(ShareUserRulesForNFSNegativeTest):
protocol = "cifs" protocol = "cifs"
@ -188,7 +188,7 @@ class ShareRulesNegativeTest(base.BaseSharesTest):
super(ShareRulesNegativeTest, cls).setUpClass() super(ShareRulesNegativeTest, cls).setUpClass()
if not (any(p in CONF.share.enable_ip_rules_for_protocols if not (any(p in CONF.share.enable_ip_rules_for_protocols
for p in cls.protocols) or for p in cls.protocols) or
any(p in CONF.share.enable_sid_rules_for_protocols any(p in CONF.share.enable_user_rules_for_protocols
for p in cls.protocols)): for p in cls.protocols)):
cls.message = "Rule tests are disabled" cls.message = "Rule tests are disabled"
raise cls.skipException(cls.message) raise cls.skipException(cls.message)

2
contrib/tempest/tempest/api/share/test_security_services.py
View File

@ -88,7 +88,7 @@ class SecurityServicesTest(base.BaseSharesTest):
# verify keys # verify keys
keys = [ keys = [
"name", "id", "status", "description", "name", "id", "status", "description",
"domain", "server", "dns_ip", "sid", "password", "type", "domain", "server", "dns_ip", "user", "password", "type",
"created_at", "updated_at", "project_id", "created_at", "updated_at", "project_id",
] ]
[self.assertIn(key, s_s.keys()) for s_s in listed for key in keys] [self.assertIn(key, s_s.keys()) for s_s in listed for key in keys]

8
contrib/tempest/tempest/config_share.py
View File

@ -52,13 +52,13 @@ ShareGroup = [
default=["nfs", "cifs", ], default=["nfs", "cifs", ],
help="Selection of protocols, that should " help="Selection of protocols, that should "
"be covered with ip rule tests"), "be covered with ip rule tests"),
cfg.ListOpt("enable_sid_rules_for_protocols", cfg.ListOpt("enable_user_rules_for_protocols",
default=[], default=[],
help="Selection of protocols, that should " help="Selection of protocols, that should "
"be covered with sid rule tests"), "be covered with user rule tests"),
cfg.StrOpt("username_for_sid_rules", cfg.StrOpt("username_for_user_rules",
default="Administrator", default="Administrator",
help="Username, that will be used in sid tests."), help="Username, that will be used in user tests."),
cfg.StrOpt("storage_protocol", cfg.StrOpt("storage_protocol",
default="NFS_CIFS", default="NFS_CIFS",
help="Backend protocol to target when creating volume types."), help="Backend protocol to target when creating volume types."),

4
contrib/tempest/tempest/services/share/json/shares_client.py
View File

@ -417,7 +417,7 @@ class SharesClient(rest_client.RestClient):
def create_security_service(self, ss_type="ldap", **kwargs): def create_security_service(self, ss_type="ldap", **kwargs):
# ss_type: ldap, kerberos, active_directory # ss_type: ldap, kerberos, active_directory
# kwargs: name, description, dns_ip, server, domain, sid, password # kwargs: name, description, dns_ip, server, domain, user, password
post_body = {"type": ss_type} post_body = {"type": ss_type}
post_body.update(kwargs) post_body.update(kwargs)
body = json.dumps({"security_service": post_body}) body = json.dumps({"security_service": post_body})
@ -426,7 +426,7 @@ class SharesClient(rest_client.RestClient):
def update_security_service(self, ss_id, **kwargs): def update_security_service(self, ss_id, **kwargs):
# ss_id - id of security-service entity # ss_id - id of security-service entity
# kwargs: dns_ip, server, domain, sid, password, name, description # kwargs: dns_ip, server, domain, user, password, name, description
# for 'active' status can be changed # for 'active' status can be changed
# only 'name' and 'description' fields # only 'name' and 'description' fields
body = json.dumps({"security_service": kwargs}) body = json.dumps({"security_service": kwargs})

4
manila/api/contrib/share_actions.py
View File

@ -113,10 +113,10 @@ class ShareActionsController(wsgi.Controller):
access_to = body['os-allow_access']['access_to'] access_to = body['os-allow_access']['access_to']
if access_type == 'ip': if access_type == 'ip':
self._validate_ip_range(access_to) self._validate_ip_range(access_to)
elif access_type == 'sid': elif access_type == 'user':
self._validate_username(access_to) self._validate_username(access_to)
else: else:
exc_str = "Only 'ip' or 'sid' access types are supported" exc_str = _("Only 'ip' or 'user' access types are supported.")
raise webob.exc.HTTPBadRequest(explanation=exc_str) raise webob.exc.HTTPBadRequest(explanation=exc_str)
try: try:
access = self.share_api.allow_access( access = self.share_api.allow_access(

2
manila/api/v1/security_service.py
View File

@ -35,7 +35,7 @@ LOG = logging.getLogger(__name__)
def make_security_service(elem): def make_security_service(elem):
attrs = ['id', 'name', 'description', 'type', 'server', 'domain', 'sid', attrs = ['id', 'name', 'description', 'type', 'server', 'domain', 'user',
'password', 'dns_ip', 'status', 'updated_at', 'created_at'] 'password', 'dns_ip', 'status', 'updated_at', 'created_at']
for attr in attrs: for attr in attrs:
elem.set(attr) elem.set(attr)

2
manila/api/views/security_service.py
View File

@ -55,7 +55,7 @@ class ViewBuilder(common.ViewBuilder):
'dns_ip': security_service.get('dns_ip'), 'dns_ip': security_service.get('dns_ip'),
'server': security_service.get('server'), 'server': security_service.get('server'),
'domain': security_service.get('domain'), 'domain': security_service.get('domain'),
'sid': security_service.get('sid'), 'user': security_service.get('user'),
'password': security_service.get('password'), 'password': security_service.get('password'),
'type': security_service.get('type'), 'type': security_service.get('type'),
'project_id': security_service.get('project_id'), 'project_id': security_service.get('project_id'),

2
manila/db/sqlalchemy/migrate_repo/versions/001_manila_init.py
View File

@ -275,7 +275,7 @@ def upgrade(migrate_engine):
Column('dns_ip', String(length=64), nullable=True), Column('dns_ip', String(length=64), nullable=True),
Column('server', String(length=255), nullable=True), Column('server', String(length=255), nullable=True),
Column('domain', String(length=255), nullable=True), Column('domain', String(length=255), nullable=True),
Column('sid', String(length=255), nullable=True), Column('user', String(length=255), nullable=True),
Column('password', String(length=255), nullable=True), Column('password', String(length=255), nullable=True),
Column('name', String(length=255), nullable=True), Column('name', String(length=255), nullable=True),
Column('description', String(length=255), nullable=True), Column('description', String(length=255), nullable=True),

2
manila/db/sqlalchemy/models.py
View File

@ -330,7 +330,7 @@ class SecurityService(BASE, ManilaBase):
dns_ip = Column(String(64), nullable=True) dns_ip = Column(String(64), nullable=True)
server = Column(String(255), nullable=True) server = Column(String(255), nullable=True)
domain = Column(String(255), nullable=True) domain = Column(String(255), nullable=True)
sid = Column(String(255), nullable=True) user = Column(String(255), nullable=True)
password = Column(String(255), nullable=True) password = Column(String(255), nullable=True)
name = Column(String(255), nullable=True) name = Column(String(255), nullable=True)
description = Column(String(255), nullable=True) description = Column(String(255), nullable=True)

2
manila/locale/manila.pot
View File

@ -1796,7 +1796,7 @@ msgid "7mode driver supports only 'ip' type"
msgstr "" msgstr ""
#: manila/share/drivers/netapp/driver.py:588 #: manila/share/drivers/netapp/driver.py:588
msgid "NetApp only supports \"sid\" access type for CIFS." msgid "NetApp only supports \"user\" access type for CIFS."
msgstr "" msgstr ""
#: manila/share/drivers/netapp/driver.py:605 #: manila/share/drivers/netapp/driver.py:605

23
manila/share/drivers/netapp/cluster_mode.py
View File

@ -396,8 +396,9 @@ class NetAppClusteredShareDriver(driver.NetAppShareDriver):
LOG.error(msg) LOG.error(msg)
raise Exception(msg) raise Exception(msg)
for lif_name in lifs: for lif_name in lifs:
args = {'admin-password': data['password'], args = {
'admin-user-name': data['sid'], 'admin-password': data['password'],
'admin-user-name': data['user'],
'interface-name': lif_name, 'interface-name': lif_name,
'is-kerberos-enabled': 'true', 'is-kerberos-enabled': 'true',
'service-principal-name': spn 'service-principal-name': spn
@ -407,11 +408,13 @@ class NetAppClusteredShareDriver(driver.NetAppShareDriver):
def _configure_active_directory(self, data, vserver_client): def _configure_active_directory(self, data, vserver_client):
"""Configures AD on vserver.""" """Configures AD on vserver."""
self._configure_dns(data, vserver_client) self._configure_dns(data, vserver_client)
args = {'admin-username': data['sid'], args = {
'admin-username': data['user'],
'admin-password': data['password'], 'admin-password': data['password'],
'force-account-overwrite': 'true', 'force-account-overwrite': 'true',
'cifs-server': data['server'], 'cifs-server': data['server'],
'domain': data['domain']} 'domain': data['domain'],
}
try: try:
vserver_client.send_request('cifs-server-create', args) vserver_client.send_request('cifs-server-create', args)
except naapi.NaApiError as e: except naapi.NaApiError as e:
@ -713,8 +716,10 @@ class NetAppClusteredShareDriver(driver.NetAppShareDriver):
if security_services: if security_services:
for service in security_services: for service in security_services:
if service['type'] == 'active_directory': if service['type'] == 'active_directory':
args = {'admin-password': service['password'], args = {
'admin-username': service['sid']} 'admin-password': service['password'],
'admin-username': service['user'],
}
try: try:
vserver_client.send_request('cifs-server-delete', vserver_client.send_request('cifs-server-delete',
args) args)
@ -746,8 +751,8 @@ class NetAppClusteredNFSHelper(driver.NetAppNFSHelper):
export_location = ':'.join([export_ip, export_pathname]) export_location = ':'.join([export_ip, export_pathname])
return export_location return export_location
def allow_access_by_sid(self, share, sid): def allow_access_by_user(self, share, user):
user, _x, group = sid.partition(':') user, _x, group = user.partition(':')
args = { args = {
'attributes': { 'attributes': {
'volume-attributes': { 'volume-attributes': {
@ -769,7 +774,7 @@ class NetAppClusteredNFSHelper(driver.NetAppNFSHelper):
} }
self._client.send_request('volume-modify-iter', args) self._client.send_request('volume-modify-iter', args)
def deny_access_by_sid(self, share, sid): def deny_access_by_user(self, share, user):
args = { args = {
'attributes': { 'attributes': {
'volume-security-attributes': { 'volume-security-attributes': {

4
manila/share/drivers/netapp/driver.py
View File

@ -589,8 +589,8 @@ class NetAppCIFSHelper(NetAppNASHelperBase):
def allow_access(self, context, share, access): def allow_access(self, context, share, access):
"""Allows access to a given CIFS storage for IPs in access.""" """Allows access to a given CIFS storage for IPs in access."""
if access['access_type'] != 'sid': if access['access_type'] != 'user':
msg = _('NetApp only supports "sid" access type for CIFS.') msg = _('NetApp only supports "user" access type for CIFS.')
raise exception.NetAppException(msg) raise exception.NetAppException(msg)
user = access['access_to'] user = access['access_to']

11
manila/tests/api/contrib/test_share_actions.py
View File

@ -96,14 +96,17 @@ class ShareActionsTest(test.TestCase):
self.assertRaises(webob.exc.HTTPBadRequest, self.assertRaises(webob.exc.HTTPBadRequest,
self.controller._allow_access, req, id, body) self.controller._allow_access, req, id, body)
body = {"os-allow_access": {"access_type": 'sid', body = {"os-allow_access": {"access_type": 'user', "access_to": '1'}}
"access_to": '1'}}
req = fakes.HTTPRequest.blank('/v1/tenant1/shares/%s/action' % id) req = fakes.HTTPRequest.blank('/v1/tenant1/shares/%s/action' % id)
self.assertRaises(webob.exc.HTTPBadRequest, self.assertRaises(webob.exc.HTTPBadRequest,
self.controller._allow_access, req, id, body) self.controller._allow_access, req, id, body)
body = {"os-allow_access": {"access_type": 'sid', body = {
"access_to": '1' * 33}} "os-allow_access": {
"access_type": 'user',
"access_to": '1' * 33,
}
}
req = fakes.HTTPRequest.blank('/v1/tenant1/shares/%s/action' % id) req = fakes.HTTPRequest.blank('/v1/tenant1/shares/%s/action' % id)
self.assertRaises(webob.exc.HTTPBadRequest, self.assertRaises(webob.exc.HTTPBadRequest,
self.controller._allow_access, req, id, body) self.controller._allow_access, req, id, body)

2
manila/tests/api/v1/test_security_service.py
View File

@ -40,7 +40,7 @@ class ShareApiTest(test.TestCase):
"dns_ip": "1.1.1.1", "dns_ip": "1.1.1.1",
"server": "fake-server", "server": "fake-server",
"domain": "fake-domain", "domain": "fake-domain",
"sid": "fake-sid", "user": "fake-user",
"password": "fake-password", "password": "fake-password",
"status": "new", "status": "new",
"project_id": "fake", "project_id": "fake",

3
manila/tests/netapp/test_7mode_drv.py
View File

@ -288,8 +288,7 @@ class NetAppCIFSHelperTestCase(test.TestCase):
'cifs-share-delete', mock.ANY) 'cifs-share-delete', mock.ANY)
def test_allow_access(self): def test_allow_access(self):
access = {'access_to': 'user', access = {'access_to': 'user', 'access_type': 'user', }
'access_type': 'sid'}
self.helper.allow_access(self._context, self.share, access) self.helper.allow_access(self._context, self.share, access)
self.helper._client.send_request.assert_called_once_with( self.helper._client.send_request.assert_called_once_with(
'cifs-share-ace-set', mock.ANY) 'cifs-share-ace-set', mock.ANY)

12
manila/tests/netapp/test_cmode_drv.py
View File

@ -63,7 +63,7 @@ class NetAppClusteredDrvTestCase(test.TestCase):
self.security_service = {'id': 'fake_id', self.security_service = {'id': 'fake_id',
'domain': 'FAKE', 'domain': 'FAKE',
'server': 'fake_server', 'server': 'fake_server',
'sid': 'fake_sid', 'user': 'fake_user',
'password': 'fake_password'} 'password': 'fake_password'}
self.share_server = { self.share_server = {
'backend_details': { 'backend_details': {
@ -200,7 +200,7 @@ class NetAppClusteredDrvTestCase(test.TestCase):
self.driver._vserver_exists = mock.Mock(return_value=True) self.driver._vserver_exists = mock.Mock(return_value=True)
self._vserver_client.send_request = mock.Mock(return_value=el) self._vserver_client.send_request = mock.Mock(return_value=el)
security_services = [ security_services = [
{'sid': 'admin', {'user': 'admin',
'password': 'pass', 'password': 'pass',
'type': 'active_directory'} 'type': 'active_directory'}
] ]
@ -347,7 +347,7 @@ class NetAppClusteredDrvTestCase(test.TestCase):
'realm': 'FAKE'} 'realm': 'FAKE'}
spn = 'nfs/fake-vserver.FAKE@FAKE' spn = 'nfs/fake-vserver.FAKE@FAKE'
kerberos_modify_args = {'admin-password': 'fake_password', kerberos_modify_args = {'admin-password': 'fake_password',
'admin-user-name': 'fake_sid', 'admin-user-name': 'fake_user',
'interface-name': 'fake_lif', 'interface-name': 'fake_lif',
'is-kerberos-enabled': 'true', 'is-kerberos-enabled': 'true',
'service-principal-name': spn 'service-principal-name': spn
@ -365,11 +365,13 @@ class NetAppClusteredDrvTestCase(test.TestCase):
self.driver._configure_dns = mock.Mock() self.driver._configure_dns = mock.Mock()
self.driver._configure_active_directory(self.security_service, self.driver._configure_active_directory(self.security_service,
self._vserver_client) self._vserver_client)
args = {'admin-username': 'fake_sid', args = {
'admin-username': 'fake_user',
'admin-password': 'fake_password', 'admin-password': 'fake_password',
'force-account-overwrite': 'true', 'force-account-overwrite': 'true',
'cifs-server': 'fake_server', 'cifs-server': 'fake_server',
'domain': 'FAKE'} 'domain': 'FAKE',
}
self._vserver_client.send_request.assert_called_with( self._vserver_client.send_request.assert_called_with(
'cifs-server-create', args) 'cifs-server-create', args)

18
manila/tests/network/test_security_service_db.py
View File

@ -22,17 +22,19 @@ from manila import exception
from manila import test from manila import test
security_service_dict = {'id': 'fake id', security_service_dict = {
'id': 'fake id',
'project_id': 'fake project', 'project_id': 'fake project',
'type': 'ldap', 'type': 'ldap',
'dns_ip': 'fake dns', 'dns_ip': 'fake dns',
'server': 'fake ldap server', 'server': 'fake ldap server',
'domain': 'fake ldap domain', 'domain': 'fake ldap domain',
'sid': 'fake sid', 'user': 'fake user',
"password": "fake password", 'password': 'fake password',
'name': 'whatever', 'name': 'whatever',
'description': 'nevermind', 'description': 'nevermind',
'status': constants.STATUS_NEW} 'status': constants.STATUS_NEW,
}
class SecurityServiceDBTest(test.TestCase): class SecurityServiceDBTest(test.TestCase):
@ -91,14 +93,16 @@ class SecurityServiceDBTest(test.TestCase):
security_service_dict['id']) security_service_dict['id'])
def test_update(self): def test_update(self):
update_dict = {'dns_ip': 'new dns', update_dict = {
'dns_ip': 'new dns',
'server': 'new ldap server', 'server': 'new ldap server',
'domain': 'new ldap domain', 'domain': 'new ldap domain',
'sid': 'new sid', 'user': 'new user',
'password': 'new password', 'password': 'new password',
'name': 'new whatever', 'name': 'new whatever',
'description': 'new nevermind', 'description': 'new nevermind',
'status': constants.STATUS_ERROR} 'status': constants.STATUS_ERROR,
}
db_api.security_service_create(self.fake_context, db_api.security_service_create(self.fake_context,
security_service_dict) security_service_dict)