Rename 'sid' to 'user' in access rules and sec services

Rename 'sid' (secure identifier) to 'user' for better understanding by user. Changed parts: - db entities - db migration - share access rule type - security services - tempest tests Change-Id: I527064508f13bd4dc658746970c2606098199c1c
2014-08-06 11:27:06 -04:00 · 2014-08-06 11:27:06 -04:00 · 1de1a187d5
commit 1de1a187d5
parent 76160f66b0
19 changed files with 113 additions and 100 deletions
--- a/contrib/tempest/tempest/api/share/base.py
+++ b/contrib/tempest/tempest/api/share/base.py
@ -398,7 +398,7 @@ class BaseSharesTest(test.BaseTestCase):
            "dns_ip": data_utils.rand_name("ss-dns_ip"),
            "server": data_utils.rand_name("ss-server"),
            "domain": data_utils.rand_name("ss-domain"),
-            "sid": data_utils.rand_name("ss-sid"),
+            "user": data_utils.rand_name("ss-user"),
            "password": data_utils.rand_name("ss-password"),
        }
        return data
--- a/contrib/tempest/tempest/api/share/test_rules.py
+++ b/contrib/tempest/tempest/api/share/test_rules.py
@ -79,25 +79,25 @@ class ShareIpRulesForCIFSTest(ShareIpRulesForNFSTest):
    protocol = "cifs"


-class ShareSidRulesForNFSTest(base.BaseSharesTest):
+class ShareUserRulesForNFSTest(base.BaseSharesTest):
    protocol = "nfs"

    @classmethod
    @test.safe_setup
    def setUpClass(cls):
-        super(ShareSidRulesForNFSTest, cls).setUpClass()
+        super(ShareUserRulesForNFSTest, cls).setUpClass()
        if (cls.protocol not in CONF.share.enable_protocols or
-            cls.protocol not in CONF.share.enable_sid_rules_for_protocols):
-            msg = "SID rule tests for %s protocol are disabled" % cls.protocol
+            cls.protocol not in CONF.share.enable_user_rules_for_protocols):
+            msg = "USER rule tests for %s protocol are disabled" % cls.protocol
            raise cls.skipException(msg)
        __, cls.share = cls.create_share(cls.protocol)

    @test.attr(type=["gate", ])
-    def test_create_delete_sid_rule(self):
+    def test_create_delete_user_rule(self):

        # test data
-        access_type = "sid"
-        access_to = CONF.share.username_for_sid_rules
+        access_type = "user"
+        access_to = CONF.share.username_for_user_rules

        # create rule
        resp, rule = self.shares_client.create_access_rule(self.share["id"],
@ -113,7 +113,7 @@ class ShareSidRulesForNFSTest(base.BaseSharesTest):
        self.assertIn(int(resp["status"]), test.HTTP_SUCCESS)


-class ShareSidRulesForCIFSTest(ShareSidRulesForNFSTest):
+class ShareUserRulesForCIFSTest(ShareUserRulesForNFSTest):
    protocol = "cifs"


@ -125,7 +125,7 @@ class ShareRulesTest(base.BaseSharesTest):
        super(ShareRulesTest, cls).setUpClass()
        if not (any(p in CONF.share.enable_ip_rules_for_protocols
                    for p in cls.protocols) or
-                any(p in CONF.share.enable_sid_rules_for_protocols
+                any(p in CONF.share.enable_user_rules_for_protocols
                    for p in cls.protocols)):
            cls.message = "Rule tests are disabled"
            raise cls.skipException(cls.message)
@ -140,10 +140,10 @@ class ShareRulesTest(base.BaseSharesTest):
            self.access_type = "ip"
            self.access_to = "8.8.8.8"
            protocol = CONF.share.enable_ip_rules_for_protocols[0]
-        elif CONF.share.enable_sid_rules_for_protocols:
-            self.access_type = "sid"
-            self.access_to = CONF.share.username_for_sid_rules
-            protocol = CONF.share.enable_sid_rules_for_protocols[0]
+        elif CONF.share.enable_user_rules_for_protocols:
+            self.access_type = "user"
+            self.access_to = CONF.share.username_for_user_rules
+            protocol = CONF.share.enable_user_rules_for_protocols[0]
        else:
            raise self.skipException(self.message)
        self.shares_client.protocol = protocol
--- a/contrib/tempest/tempest/api/share/test_rules_negative.py
+++ b/contrib/tempest/tempest/api/share/test_rules_negative.py
@ -110,16 +110,16 @@ class ShareIpRulesForCIFSNegativeTest(ShareIpRulesForNFSNegativeTest):
    protocol = "cifs"


-class ShareSidRulesForNFSNegativeTest(base.BaseSharesTest):
+class ShareUserRulesForNFSNegativeTest(base.BaseSharesTest):
    protocol = "nfs"

    @classmethod
    @test.safe_setup
    def setUpClass(cls):
-        super(ShareSidRulesForNFSNegativeTest, cls).setUpClass()
+        super(ShareUserRulesForNFSNegativeTest, cls).setUpClass()
        if not (cls.protocol in CONF.share.enable_protocols and
-                cls.protocol in CONF.share.enable_sid_rules_for_protocols):
-            msg = "SID rule tests for %s protocol are disabled" % cls.protocol
+                cls.protocol in CONF.share.enable_user_rules_for_protocols):
+            msg = "USER rule tests for %s protocol are disabled" % cls.protocol
            raise cls.skipException(msg)
        # create share
        __, cls.share = cls.create_share(cls.protocol)
@ -127,55 +127,55 @@ class ShareSidRulesForNFSNegativeTest(base.BaseSharesTest):
        __, cls.snap = cls.create_snapshot_wait_for_active(cls.share["id"])

    @test.attr(type=["negative", "gate", ])
-    def test_create_access_rule_sid_with_wrong_input_2(self):
+    def test_create_access_rule_user_with_wrong_input_2(self):
        self.assertRaises(exceptions.BadRequest,
                          self.shares_client.create_access_rule,
-                          self.share["id"], "sid",
+                          self.share["id"], "user",
                          "try+")

    @test.attr(type=["negative", "gate", ])
-    def test_create_access_rule_sid_with_empty_key(self):
+    def test_create_access_rule_user_with_empty_key(self):
        self.assertRaises(exceptions.BadRequest,
                          self.shares_client.create_access_rule,
-                          self.share["id"], "sid", "")
+                          self.share["id"], "user", "")

    @test.attr(type=["negative", "gate", ])
-    def test_create_access_rule_sid_with_too_little_key(self):
+    def test_create_access_rule_user_with_too_little_key(self):
        self.assertRaises(exceptions.BadRequest,
                          self.shares_client.create_access_rule,
-                          self.share["id"], "sid", "abc")
+                          self.share["id"], "user", "abc")

    @test.attr(type=["negative", "gate", ])
-    def test_create_access_rule_sid_with_too_big_key(self):
+    def test_create_access_rule_user_with_too_big_key(self):
        self.assertRaises(exceptions.BadRequest,
                          self.shares_client.create_access_rule,
-                          self.share["id"], "sid", "a" * 33)
+                          self.share["id"], "user", "a" * 33)

    @test.attr(type=["negative", "gate", ])
-    def test_create_access_rule_sid_with_wrong_input_1(self):
+    def test_create_access_rule_user_with_wrong_input_1(self):
        self.assertRaises(exceptions.BadRequest,
                          self.shares_client.create_access_rule,
-                          self.share["id"], "sid",
+                          self.share["id"], "user",
                          "try+")

    @test.attr(type=["negative", "gate", ])
-    def test_create_access_rule_sid_to_snapshot(self):
+    def test_create_access_rule_user_to_snapshot(self):
        self.assertRaises(exceptions.NotFound,
                          self.shares_client.create_access_rule,
                          self.snap["id"],
-                          access_type="sid",
+                          access_type="user",
                          access_to="fakeuser")

    @test.attr(type=["negative", "gate", ])
-    def test_create_access_rule_sid_with_wrong_share_id(self):
+    def test_create_access_rule_user_with_wrong_share_id(self):
        self.assertRaises(exceptions.NotFound,
                          self.shares_client.create_access_rule,
                          "wrong_share_id",
-                          access_type="sid",
+                          access_type="user",
                          access_to="fakeuser")


-class ShareSidRulesForCIFSNegativeTest(ShareSidRulesForNFSNegativeTest):
+class ShareUserRulesForCIFSNegativeTest(ShareUserRulesForNFSNegativeTest):
    protocol = "cifs"


@ -188,7 +188,7 @@ class ShareRulesNegativeTest(base.BaseSharesTest):
        super(ShareRulesNegativeTest, cls).setUpClass()
        if not (any(p in CONF.share.enable_ip_rules_for_protocols
                    for p in cls.protocols) or
-                any(p in CONF.share.enable_sid_rules_for_protocols
+                any(p in CONF.share.enable_user_rules_for_protocols
                    for p in cls.protocols)):
            cls.message = "Rule tests are disabled"
            raise cls.skipException(cls.message)
--- a/contrib/tempest/tempest/api/share/test_security_services.py
+++ b/contrib/tempest/tempest/api/share/test_security_services.py
@ -88,7 +88,7 @@ class SecurityServicesTest(base.BaseSharesTest):
        # verify keys
        keys = [
            "name", "id", "status", "description",
-            "domain", "server", "dns_ip", "sid", "password", "type",
+            "domain", "server", "dns_ip", "user", "password", "type",
            "created_at", "updated_at", "project_id",
        ]
        [self.assertIn(key, s_s.keys()) for s_s in listed for key in keys]
--- a/contrib/tempest/tempest/config_share.py
+++ b/contrib/tempest/tempest/config_share.py
@ -52,13 +52,13 @@ ShareGroup = [
                default=["nfs", "cifs", ],
                help="Selection of protocols, that should "
                     "be covered with ip rule tests"),
-    cfg.ListOpt("enable_sid_rules_for_protocols",
+    cfg.ListOpt("enable_user_rules_for_protocols",
                default=[],
                help="Selection of protocols, that should "
-                     "be covered with sid rule tests"),
-    cfg.StrOpt("username_for_sid_rules",
+                     "be covered with user rule tests"),
+    cfg.StrOpt("username_for_user_rules",
               default="Administrator",
-               help="Username, that will be used in sid tests."),
+               help="Username, that will be used in user tests."),
    cfg.StrOpt("storage_protocol",
               default="NFS_CIFS",
               help="Backend protocol to target when creating volume types."),
--- a/contrib/tempest/tempest/services/share/json/shares_client.py
+++ b/contrib/tempest/tempest/services/share/json/shares_client.py
@ -417,7 +417,7 @@ class SharesClient(rest_client.RestClient):

    def create_security_service(self, ss_type="ldap", **kwargs):
        # ss_type: ldap, kerberos, active_directory
-        # kwargs: name, description, dns_ip, server, domain, sid, password
+        # kwargs: name, description, dns_ip, server, domain, user, password
        post_body = {"type": ss_type}
        post_body.update(kwargs)
        body = json.dumps({"security_service": post_body})
@ -426,7 +426,7 @@ class SharesClient(rest_client.RestClient):

    def update_security_service(self, ss_id, **kwargs):
        # ss_id - id of security-service entity
-        # kwargs: dns_ip, server, domain, sid, password, name, description
+        # kwargs: dns_ip, server, domain, user, password, name, description
        # for 'active' status can be changed
        # only 'name' and 'description' fields
        body = json.dumps({"security_service": kwargs})
--- a/manila/api/contrib/share_actions.py
+++ b/manila/api/contrib/share_actions.py
@ -113,10 +113,10 @@ class ShareActionsController(wsgi.Controller):
        access_to = body['os-allow_access']['access_to']
        if access_type == 'ip':
            self._validate_ip_range(access_to)
-        elif access_type == 'sid':
+        elif access_type == 'user':
            self._validate_username(access_to)
        else:
-            exc_str = "Only 'ip' or 'sid' access types are supported"
+            exc_str = _("Only 'ip' or 'user' access types are supported.")
            raise webob.exc.HTTPBadRequest(explanation=exc_str)
        try:
            access = self.share_api.allow_access(
--- a/manila/api/v1/security_service.py
+++ b/manila/api/v1/security_service.py
@ -35,7 +35,7 @@ LOG = logging.getLogger(__name__)


 def make_security_service(elem):
-    attrs = ['id', 'name', 'description', 'type', 'server', 'domain', 'sid',
+    attrs = ['id', 'name', 'description', 'type', 'server', 'domain', 'user',
             'password', 'dns_ip', 'status', 'updated_at', 'created_at']
    for attr in attrs:
        elem.set(attr)
--- a/manila/api/views/security_service.py
+++ b/manila/api/views/security_service.py
@ -55,7 +55,7 @@ class ViewBuilder(common.ViewBuilder):
                'dns_ip': security_service.get('dns_ip'),
                'server': security_service.get('server'),
                'domain': security_service.get('domain'),
-                'sid': security_service.get('sid'),
+                'user': security_service.get('user'),
                'password': security_service.get('password'),
                'type': security_service.get('type'),
                'project_id': security_service.get('project_id'),
--- a/manila/db/sqlalchemy/migrate_repo/versions/001_manila_init.py
+++ b/manila/db/sqlalchemy/migrate_repo/versions/001_manila_init.py
@ -275,7 +275,7 @@ def upgrade(migrate_engine):
        Column('dns_ip', String(length=64), nullable=True),
        Column('server', String(length=255), nullable=True),
        Column('domain', String(length=255), nullable=True),
-        Column('sid', String(length=255), nullable=True),
+        Column('user', String(length=255), nullable=True),
        Column('password', String(length=255), nullable=True),
        Column('name', String(length=255), nullable=True),
        Column('description', String(length=255), nullable=True),
--- a/manila/db/sqlalchemy/models.py
+++ b/manila/db/sqlalchemy/models.py
@ -330,7 +330,7 @@ class SecurityService(BASE, ManilaBase):
    dns_ip = Column(String(64), nullable=True)
    server = Column(String(255), nullable=True)
    domain = Column(String(255), nullable=True)
-    sid = Column(String(255), nullable=True)
+    user = Column(String(255), nullable=True)
    password = Column(String(255), nullable=True)
    name = Column(String(255), nullable=True)
    description = Column(String(255), nullable=True)
--- a/manila/locale/manila.pot
+++ b/manila/locale/manila.pot
@ -1796,7 +1796,7 @@ msgid "7mode driver supports only 'ip' type"
 msgstr ""

 #: manila/share/drivers/netapp/driver.py:588
-msgid "NetApp only supports \"sid\" access type for CIFS."
+msgid "NetApp only supports \"user\" access type for CIFS."
 msgstr ""

 #: manila/share/drivers/netapp/driver.py:605
--- a/manila/share/drivers/netapp/cluster_mode.py
+++ b/manila/share/drivers/netapp/cluster_mode.py
@ -396,8 +396,9 @@ class NetAppClusteredShareDriver(driver.NetAppShareDriver):
            LOG.error(msg)
            raise Exception(msg)
        for lif_name in lifs:
-            args = {'admin-password': data['password'],
-                    'admin-user-name': data['sid'],
+            args = {
+                'admin-password': data['password'],
+                'admin-user-name': data['user'],
                'interface-name': lif_name,
                'is-kerberos-enabled': 'true',
                'service-principal-name': spn
@ -407,11 +408,13 @@ class NetAppClusteredShareDriver(driver.NetAppShareDriver):
    def _configure_active_directory(self, data, vserver_client):
        """Configures AD on vserver."""
        self._configure_dns(data, vserver_client)
-        args = {'admin-username': data['sid'],
+        args = {
+            'admin-username': data['user'],
            'admin-password': data['password'],
            'force-account-overwrite': 'true',
            'cifs-server': data['server'],
-                'domain': data['domain']}
+            'domain': data['domain'],
+        }
        try:
            vserver_client.send_request('cifs-server-create', args)
        except naapi.NaApiError as e:
@ -713,8 +716,10 @@ class NetAppClusteredShareDriver(driver.NetAppShareDriver):
        if security_services:
            for service in security_services:
                if service['type'] == 'active_directory':
-                    args = {'admin-password': service['password'],
-                            'admin-username': service['sid']}
+                    args = {
+                        'admin-password': service['password'],
+                        'admin-username': service['user'],
+                    }
                    try:
                        vserver_client.send_request('cifs-server-delete',
                                                    args)
@ -746,8 +751,8 @@ class NetAppClusteredNFSHelper(driver.NetAppNFSHelper):
        export_location = ':'.join([export_ip, export_pathname])
        return export_location

-    def allow_access_by_sid(self, share, sid):
-        user, _x, group = sid.partition(':')
+    def allow_access_by_user(self, share, user):
+        user, _x, group = user.partition(':')
        args = {
            'attributes': {
                'volume-attributes': {
@ -769,7 +774,7 @@ class NetAppClusteredNFSHelper(driver.NetAppNFSHelper):
        }
        self._client.send_request('volume-modify-iter', args)

-    def deny_access_by_sid(self, share, sid):
+    def deny_access_by_user(self, share, user):
        args = {
            'attributes': {
                'volume-security-attributes': {
--- a/manila/share/drivers/netapp/driver.py
+++ b/manila/share/drivers/netapp/driver.py
@ -589,8 +589,8 @@ class NetAppCIFSHelper(NetAppNASHelperBase):

    def allow_access(self, context, share, access):
        """Allows access to a given CIFS storage for IPs in access."""
-        if access['access_type'] != 'sid':
-            msg = _('NetApp only supports "sid" access type for CIFS.')
+        if access['access_type'] != 'user':
+            msg = _('NetApp only supports "user" access type for CIFS.')
            raise exception.NetAppException(msg)

        user = access['access_to']
--- a/manila/tests/api/contrib/test_share_actions.py
+++ b/manila/tests/api/contrib/test_share_actions.py
@ -96,14 +96,17 @@ class ShareActionsTest(test.TestCase):
        self.assertRaises(webob.exc.HTTPBadRequest,
                          self.controller._allow_access, req, id, body)

-        body = {"os-allow_access": {"access_type": 'sid',
-                                    "access_to": '1'}}
+        body = {"os-allow_access": {"access_type": 'user', "access_to": '1'}}
        req = fakes.HTTPRequest.blank('/v1/tenant1/shares/%s/action' % id)
        self.assertRaises(webob.exc.HTTPBadRequest,
                          self.controller._allow_access, req, id, body)

-        body = {"os-allow_access": {"access_type": 'sid',
-                "access_to": '1' * 33}}
+        body = {
+            "os-allow_access": {
+                "access_type": 'user',
+                "access_to": '1' * 33,
+            }
+        }
        req = fakes.HTTPRequest.blank('/v1/tenant1/shares/%s/action' % id)
        self.assertRaises(webob.exc.HTTPBadRequest,
                          self.controller._allow_access, req, id, body)
--- a/manila/tests/api/v1/test_security_service.py
+++ b/manila/tests/api/v1/test_security_service.py
@ -40,7 +40,7 @@ class ShareApiTest(test.TestCase):
            "dns_ip": "1.1.1.1",
            "server": "fake-server",
            "domain": "fake-domain",
-            "sid": "fake-sid",
+            "user": "fake-user",
            "password": "fake-password",
            "status": "new",
            "project_id": "fake",
--- a/manila/tests/netapp/test_7mode_drv.py
+++ b/manila/tests/netapp/test_7mode_drv.py
@ -288,8 +288,7 @@ class NetAppCIFSHelperTestCase(test.TestCase):
            'cifs-share-delete', mock.ANY)

    def test_allow_access(self):
-        access = {'access_to': 'user',
-                  'access_type': 'sid'}
+        access = {'access_to': 'user', 'access_type': 'user', }
        self.helper.allow_access(self._context, self.share, access)
        self.helper._client.send_request.assert_called_once_with(
            'cifs-share-ace-set', mock.ANY)
--- a/manila/tests/netapp/test_cmode_drv.py
+++ b/manila/tests/netapp/test_cmode_drv.py
@ -63,7 +63,7 @@ class NetAppClusteredDrvTestCase(test.TestCase):
        self.security_service = {'id': 'fake_id',
                                 'domain': 'FAKE',
                                 'server': 'fake_server',
-                                 'sid': 'fake_sid',
+                                 'user': 'fake_user',
                                 'password': 'fake_password'}
        self.share_server = {
            'backend_details': {
@ -200,7 +200,7 @@ class NetAppClusteredDrvTestCase(test.TestCase):
        self.driver._vserver_exists = mock.Mock(return_value=True)
        self._vserver_client.send_request = mock.Mock(return_value=el)
        security_services = [
-            {'sid': 'admin',
+            {'user': 'admin',
             'password': 'pass',
             'type': 'active_directory'}
        ]
@ -347,7 +347,7 @@ class NetAppClusteredDrvTestCase(test.TestCase):
                         'realm': 'FAKE'}
        spn = 'nfs/fake-vserver.FAKE@FAKE'
        kerberos_modify_args = {'admin-password': 'fake_password',
-                                'admin-user-name': 'fake_sid',
+                                'admin-user-name': 'fake_user',
                                'interface-name': 'fake_lif',
                                'is-kerberos-enabled': 'true',
                                'service-principal-name': spn
@ -365,11 +365,13 @@ class NetAppClusteredDrvTestCase(test.TestCase):
        self.driver._configure_dns = mock.Mock()
        self.driver._configure_active_directory(self.security_service,
                                                self._vserver_client)
-        args = {'admin-username': 'fake_sid',
+        args = {
+            'admin-username': 'fake_user',
            'admin-password': 'fake_password',
            'force-account-overwrite': 'true',
            'cifs-server': 'fake_server',
-                'domain': 'FAKE'}
+            'domain': 'FAKE',
+        }
        self._vserver_client.send_request.assert_called_with(
            'cifs-server-create', args)

--- a/manila/tests/network/test_security_service_db.py
+++ b/manila/tests/network/test_security_service_db.py
@ -22,17 +22,19 @@ from manila import exception
 from manila import test


-security_service_dict = {'id': 'fake id',
+security_service_dict = {
+    'id': 'fake id',
    'project_id': 'fake project',
    'type': 'ldap',
    'dns_ip': 'fake dns',
    'server': 'fake ldap server',
    'domain': 'fake ldap domain',
-                         'sid': 'fake sid',
-                         "password": "fake password",
+    'user': 'fake user',
+    'password': 'fake password',
    'name': 'whatever',
    'description': 'nevermind',
-                         'status': constants.STATUS_NEW}
+    'status': constants.STATUS_NEW,
+}


 class SecurityServiceDBTest(test.TestCase):
@ -91,14 +93,16 @@ class SecurityServiceDBTest(test.TestCase):
                          security_service_dict['id'])

    def test_update(self):
-        update_dict = {'dns_ip': 'new dns',
+        update_dict = {
+            'dns_ip': 'new dns',
            'server': 'new ldap server',
            'domain': 'new ldap domain',
-                       'sid': 'new sid',
+            'user': 'new user',
            'password': 'new password',
            'name': 'new whatever',
            'description': 'new nevermind',
-                       'status': constants.STATUS_ERROR}
+            'status': constants.STATUS_ERROR,
+        }

        db_api.security_service_create(self.fake_context,
                                       security_service_dict)