Rename 'sid' to 'user' in access rules and sec services

Rename 'sid' (secure identifier) to 'user' for better understanding by user.
Changed parts:
- db entities
- db migration
- share access rule type
- security services
- tempest tests

Change-Id: I527064508f13bd4dc658746970c2606098199c1c

contrib/tempest/tempest/api/share/base.py

@@ -398,7 +398,7 @@ class BaseSharesTest(test.BaseTestCase):
             "dns_ip": data_utils.rand_name("ss-dns_ip"),
             "server": data_utils.rand_name("ss-server"),
             "domain": data_utils.rand_name("ss-domain"),
-            "sid": data_utils.rand_name("ss-sid"),
+            "user": data_utils.rand_name("ss-user"),
             "password": data_utils.rand_name("ss-password"),
         }
         return data

contrib/tempest/tempest/api/share/test_rules.py

@@ -79,25 +79,25 @@ class ShareIpRulesForCIFSTest(ShareIpRulesForNFSTest):
     protocol = "cifs"
 
 
-class ShareSidRulesForNFSTest(base.BaseSharesTest):
+class ShareUserRulesForNFSTest(base.BaseSharesTest):
     protocol = "nfs"
 
     @classmethod
     @test.safe_setup
     def setUpClass(cls):
-        super(ShareSidRulesForNFSTest, cls).setUpClass()
+        super(ShareUserRulesForNFSTest, cls).setUpClass()
         if (cls.protocol not in CONF.share.enable_protocols or
-            cls.protocol not in CONF.share.enable_sid_rules_for_protocols):
-            msg = "SID rule tests for %s protocol are disabled" % cls.protocol
+            cls.protocol not in CONF.share.enable_user_rules_for_protocols):
+            msg = "USER rule tests for %s protocol are disabled" % cls.protocol
             raise cls.skipException(msg)
         __, cls.share = cls.create_share(cls.protocol)
 
     @test.attr(type=["gate", ])
-    def test_create_delete_sid_rule(self):
+    def test_create_delete_user_rule(self):
 
         # test data
-        access_type = "sid"
-        access_to = CONF.share.username_for_sid_rules
+        access_type = "user"
+        access_to = CONF.share.username_for_user_rules
 
         # create rule
         resp, rule = self.shares_client.create_access_rule(self.share["id"],
@@ -113,7 +113,7 @@ class ShareSidRulesForNFSTest(base.BaseSharesTest):
         self.assertIn(int(resp["status"]), test.HTTP_SUCCESS)
 
 
-class ShareSidRulesForCIFSTest(ShareSidRulesForNFSTest):
+class ShareUserRulesForCIFSTest(ShareUserRulesForNFSTest):
     protocol = "cifs"
 
 
@@ -125,7 +125,7 @@ class ShareRulesTest(base.BaseSharesTest):
         super(ShareRulesTest, cls).setUpClass()
         if not (any(p in CONF.share.enable_ip_rules_for_protocols
                     for p in cls.protocols) or
-                any(p in CONF.share.enable_sid_rules_for_protocols
+                any(p in CONF.share.enable_user_rules_for_protocols
                     for p in cls.protocols)):
             cls.message = "Rule tests are disabled"
             raise cls.skipException(cls.message)
@@ -140,10 +140,10 @@ class ShareRulesTest(base.BaseSharesTest):
             self.access_type = "ip"
             self.access_to = "8.8.8.8"
             protocol = CONF.share.enable_ip_rules_for_protocols[0]
-        elif CONF.share.enable_sid_rules_for_protocols:
-            self.access_type = "sid"
-            self.access_to = CONF.share.username_for_sid_rules
-            protocol = CONF.share.enable_sid_rules_for_protocols[0]
+        elif CONF.share.enable_user_rules_for_protocols:
+            self.access_type = "user"
+            self.access_to = CONF.share.username_for_user_rules
+            protocol = CONF.share.enable_user_rules_for_protocols[0]
         else:
             raise self.skipException(self.message)
         self.shares_client.protocol = protocol

contrib/tempest/tempest/api/share/test_rules_negative.py

@@ -110,16 +110,16 @@ class ShareIpRulesForCIFSNegativeTest(ShareIpRulesForNFSNegativeTest):
     protocol = "cifs"
 
 
-class ShareSidRulesForNFSNegativeTest(base.BaseSharesTest):
+class ShareUserRulesForNFSNegativeTest(base.BaseSharesTest):
     protocol = "nfs"
 
     @classmethod
     @test.safe_setup
     def setUpClass(cls):
-        super(ShareSidRulesForNFSNegativeTest, cls).setUpClass()
+        super(ShareUserRulesForNFSNegativeTest, cls).setUpClass()
         if not (cls.protocol in CONF.share.enable_protocols and
-                cls.protocol in CONF.share.enable_sid_rules_for_protocols):
-            msg = "SID rule tests for %s protocol are disabled" % cls.protocol
+                cls.protocol in CONF.share.enable_user_rules_for_protocols):
+            msg = "USER rule tests for %s protocol are disabled" % cls.protocol
             raise cls.skipException(msg)
         # create share
         __, cls.share = cls.create_share(cls.protocol)
@@ -127,55 +127,55 @@ class ShareSidRulesForNFSNegativeTest(base.BaseSharesTest):
         __, cls.snap = cls.create_snapshot_wait_for_active(cls.share["id"])
 
     @test.attr(type=["negative", "gate", ])
-    def test_create_access_rule_sid_with_wrong_input_2(self):
+    def test_create_access_rule_user_with_wrong_input_2(self):
         self.assertRaises(exceptions.BadRequest,
                           self.shares_client.create_access_rule,
-                          self.share["id"], "sid",
+                          self.share["id"], "user",
                           "try+")
 
     @test.attr(type=["negative", "gate", ])
-    def test_create_access_rule_sid_with_empty_key(self):
+    def test_create_access_rule_user_with_empty_key(self):
         self.assertRaises(exceptions.BadRequest,
                           self.shares_client.create_access_rule,
-                          self.share["id"], "sid", "")
+                          self.share["id"], "user", "")
 
     @test.attr(type=["negative", "gate", ])
-    def test_create_access_rule_sid_with_too_little_key(self):
+    def test_create_access_rule_user_with_too_little_key(self):
         self.assertRaises(exceptions.BadRequest,
                           self.shares_client.create_access_rule,
-                          self.share["id"], "sid", "abc")
+                          self.share["id"], "user", "abc")
 
     @test.attr(type=["negative", "gate", ])
-    def test_create_access_rule_sid_with_too_big_key(self):
+    def test_create_access_rule_user_with_too_big_key(self):
         self.assertRaises(exceptions.BadRequest,
                           self.shares_client.create_access_rule,
-                          self.share["id"], "sid", "a" * 33)
+                          self.share["id"], "user", "a" * 33)
 
     @test.attr(type=["negative", "gate", ])
-    def test_create_access_rule_sid_with_wrong_input_1(self):
+    def test_create_access_rule_user_with_wrong_input_1(self):
         self.assertRaises(exceptions.BadRequest,
                           self.shares_client.create_access_rule,
-                          self.share["id"], "sid",
+                          self.share["id"], "user",
                           "try+")
 
     @test.attr(type=["negative", "gate", ])
-    def test_create_access_rule_sid_to_snapshot(self):
+    def test_create_access_rule_user_to_snapshot(self):
         self.assertRaises(exceptions.NotFound,
                           self.shares_client.create_access_rule,
                           self.snap["id"],
-                          access_type="sid",
+                          access_type="user",
                           access_to="fakeuser")
 
     @test.attr(type=["negative", "gate", ])
-    def test_create_access_rule_sid_with_wrong_share_id(self):
+    def test_create_access_rule_user_with_wrong_share_id(self):
         self.assertRaises(exceptions.NotFound,
                           self.shares_client.create_access_rule,
                           "wrong_share_id",
-                          access_type="sid",
+                          access_type="user",
                           access_to="fakeuser")
 
 
-class ShareSidRulesForCIFSNegativeTest(ShareSidRulesForNFSNegativeTest):
+class ShareUserRulesForCIFSNegativeTest(ShareUserRulesForNFSNegativeTest):
     protocol = "cifs"
 
 
@@ -188,7 +188,7 @@ class ShareRulesNegativeTest(base.BaseSharesTest):
         super(ShareRulesNegativeTest, cls).setUpClass()
         if not (any(p in CONF.share.enable_ip_rules_for_protocols
                     for p in cls.protocols) or
-                any(p in CONF.share.enable_sid_rules_for_protocols
+                any(p in CONF.share.enable_user_rules_for_protocols
                     for p in cls.protocols)):
             cls.message = "Rule tests are disabled"
             raise cls.skipException(cls.message)

contrib/tempest/tempest/api/share/test_security_services.py

@@ -88,7 +88,7 @@ class SecurityServicesTest(base.BaseSharesTest):
         # verify keys
         keys = [
             "name", "id", "status", "description",
-            "domain", "server", "dns_ip", "sid", "password", "type",
+            "domain", "server", "dns_ip", "user", "password", "type",
             "created_at", "updated_at", "project_id",
         ]
         [self.assertIn(key, s_s.keys()) for s_s in listed for key in keys]

contrib/tempest/tempest/config_share.py

@@ -52,13 +52,13 @@ ShareGroup = [
                 default=["nfs", "cifs", ],
                 help="Selection of protocols, that should "
                      "be covered with ip rule tests"),
-    cfg.ListOpt("enable_sid_rules_for_protocols",
+    cfg.ListOpt("enable_user_rules_for_protocols",
                 default=[],
                 help="Selection of protocols, that should "
-                     "be covered with sid rule tests"),
-    cfg.StrOpt("username_for_sid_rules",
+                     "be covered with user rule tests"),
+    cfg.StrOpt("username_for_user_rules",
                default="Administrator",
-               help="Username, that will be used in sid tests."),
+               help="Username, that will be used in user tests."),
     cfg.StrOpt("storage_protocol",
                default="NFS_CIFS",
                help="Backend protocol to target when creating volume types."),

contrib/tempest/tempest/services/share/json/shares_client.py

@@ -417,7 +417,7 @@ class SharesClient(rest_client.RestClient):
 
     def create_security_service(self, ss_type="ldap", **kwargs):
         # ss_type: ldap, kerberos, active_directory
-        # kwargs: name, description, dns_ip, server, domain, sid, password
+        # kwargs: name, description, dns_ip, server, domain, user, password
         post_body = {"type": ss_type}
         post_body.update(kwargs)
         body = json.dumps({"security_service": post_body})
@@ -426,7 +426,7 @@ class SharesClient(rest_client.RestClient):
 
     def update_security_service(self, ss_id, **kwargs):
         # ss_id - id of security-service entity
-        # kwargs: dns_ip, server, domain, sid, password, name, description
+        # kwargs: dns_ip, server, domain, user, password, name, description
         # for 'active' status can be changed
         # only 'name' and 'description' fields
         body = json.dumps({"security_service": kwargs})

manila/api/contrib/share_actions.py

@@ -113,10 +113,10 @@ class ShareActionsController(wsgi.Controller):
         access_to = body['os-allow_access']['access_to']
         if access_type == 'ip':
             self._validate_ip_range(access_to)
-        elif access_type == 'sid':
+        elif access_type == 'user':
             self._validate_username(access_to)
         else:
-            exc_str = "Only 'ip' or 'sid' access types are supported"
+            exc_str = _("Only 'ip' or 'user' access types are supported.")
             raise webob.exc.HTTPBadRequest(explanation=exc_str)
         try:
             access = self.share_api.allow_access(

manila/api/v1/security_service.py

@@ -35,7 +35,7 @@ LOG = logging.getLogger(__name__)
 
 
 def make_security_service(elem):
-    attrs = ['id', 'name', 'description', 'type', 'server', 'domain', 'sid',
+    attrs = ['id', 'name', 'description', 'type', 'server', 'domain', 'user',
              'password', 'dns_ip', 'status', 'updated_at', 'created_at']
     for attr in attrs:
         elem.set(attr)

manila/api/views/security_service.py

@@ -55,7 +55,7 @@ class ViewBuilder(common.ViewBuilder):
                 'dns_ip': security_service.get('dns_ip'),
                 'server': security_service.get('server'),
                 'domain': security_service.get('domain'),
-                'sid': security_service.get('sid'),
+                'user': security_service.get('user'),
                 'password': security_service.get('password'),
                 'type': security_service.get('type'),
                 'project_id': security_service.get('project_id'),

manila/db/sqlalchemy/migrate_repo/versions/001_manila_init.py

@@ -275,7 +275,7 @@ def upgrade(migrate_engine):
         Column('dns_ip', String(length=64), nullable=True),
         Column('server', String(length=255), nullable=True),
         Column('domain', String(length=255), nullable=True),
-        Column('sid', String(length=255), nullable=True),
+        Column('user', String(length=255), nullable=True),
         Column('password', String(length=255), nullable=True),
         Column('name', String(length=255), nullable=True),
         Column('description', String(length=255), nullable=True),

manila/db/sqlalchemy/models.py

@@ -330,7 +330,7 @@ class SecurityService(BASE, ManilaBase):
     dns_ip = Column(String(64), nullable=True)
     server = Column(String(255), nullable=True)
     domain = Column(String(255), nullable=True)
-    sid = Column(String(255), nullable=True)
+    user = Column(String(255), nullable=True)
     password = Column(String(255), nullable=True)
     name = Column(String(255), nullable=True)
     description = Column(String(255), nullable=True)

manila/locale/manila.pot

@@ -1796,7 +1796,7 @@ msgid "7mode driver supports only 'ip' type"
 msgstr ""
 
 #: manila/share/drivers/netapp/driver.py:588
-msgid "NetApp only supports \"sid\" access type for CIFS."
+msgid "NetApp only supports \"user\" access type for CIFS."
 msgstr ""
 
 #: manila/share/drivers/netapp/driver.py:605

manila/share/drivers/netapp/cluster_mode.py

@@ -396,22 +396,25 @@ class NetAppClusteredShareDriver(driver.NetAppShareDriver):
             LOG.error(msg)
             raise Exception(msg)
         for lif_name in lifs:
-            args = {'admin-password': data['password'],
-                    'admin-user-name': data['sid'],
-                    'interface-name': lif_name,
-                    'is-kerberos-enabled': 'true',
-                    'service-principal-name': spn
-                    }
+            args = {
+                'admin-password': data['password'],
+                'admin-user-name': data['user'],
+                'interface-name': lif_name,
+                'is-kerberos-enabled': 'true',
+                'service-principal-name': spn
+            }
         vserver_client.send_request('kerberos-config-modify', args)
 
     def _configure_active_directory(self, data, vserver_client):
         """Configures AD on vserver."""
         self._configure_dns(data, vserver_client)
-        args = {'admin-username': data['sid'],
-                'admin-password': data['password'],
-                'force-account-overwrite': 'true',
-                'cifs-server': data['server'],
-                'domain': data['domain']}
+        args = {
+            'admin-username': data['user'],
+            'admin-password': data['password'],
+            'force-account-overwrite': 'true',
+            'cifs-server': data['server'],
+            'domain': data['domain'],
+        }
         try:
             vserver_client.send_request('cifs-server-create', args)
         except naapi.NaApiError as e:
@@ -713,8 +716,10 @@ class NetAppClusteredShareDriver(driver.NetAppShareDriver):
         if security_services:
             for service in security_services:
                 if service['type'] == 'active_directory':
-                    args = {'admin-password': service['password'],
-                            'admin-username': service['sid']}
+                    args = {
+                        'admin-password': service['password'],
+                        'admin-username': service['user'],
+                    }
                     try:
                         vserver_client.send_request('cifs-server-delete',
                                                     args)
@@ -746,8 +751,8 @@ class NetAppClusteredNFSHelper(driver.NetAppNFSHelper):
         export_location = ':'.join([export_ip, export_pathname])
         return export_location
 
-    def allow_access_by_sid(self, share, sid):
-        user, _x, group = sid.partition(':')
+    def allow_access_by_user(self, share, user):
+        user, _x, group = user.partition(':')
         args = {
             'attributes': {
                 'volume-attributes': {
@@ -769,7 +774,7 @@ class NetAppClusteredNFSHelper(driver.NetAppNFSHelper):
         }
         self._client.send_request('volume-modify-iter', args)
 
-    def deny_access_by_sid(self, share, sid):
+    def deny_access_by_user(self, share, user):
         args = {
             'attributes': {
                 'volume-security-attributes': {

manila/share/drivers/netapp/driver.py

@@ -589,8 +589,8 @@ class NetAppCIFSHelper(NetAppNASHelperBase):
 
     def allow_access(self, context, share, access):
         """Allows access to a given CIFS storage for IPs in access."""
-        if access['access_type'] != 'sid':
-            msg = _('NetApp only supports "sid" access type for CIFS.')
+        if access['access_type'] != 'user':
+            msg = _('NetApp only supports "user" access type for CIFS.')
             raise exception.NetAppException(msg)
 
         user = access['access_to']

manila/tests/api/contrib/test_share_actions.py

@@ -96,14 +96,17 @@ class ShareActionsTest(test.TestCase):
         self.assertRaises(webob.exc.HTTPBadRequest,
                           self.controller._allow_access, req, id, body)
 
-        body = {"os-allow_access": {"access_type": 'sid',
-                                    "access_to": '1'}}
+        body = {"os-allow_access": {"access_type": 'user', "access_to": '1'}}
         req = fakes.HTTPRequest.blank('/v1/tenant1/shares/%s/action' % id)
         self.assertRaises(webob.exc.HTTPBadRequest,
                           self.controller._allow_access, req, id, body)
 
-        body = {"os-allow_access": {"access_type": 'sid',
-                "access_to": '1' * 33}}
+        body = {
+            "os-allow_access": {
+                "access_type": 'user',
+                "access_to": '1' * 33,
+            }
+        }
         req = fakes.HTTPRequest.blank('/v1/tenant1/shares/%s/action' % id)
         self.assertRaises(webob.exc.HTTPBadRequest,
                           self.controller._allow_access, req, id, body)

manila/tests/api/v1/test_security_service.py

@@ -40,7 +40,7 @@ class ShareApiTest(test.TestCase):
             "dns_ip": "1.1.1.1",
             "server": "fake-server",
             "domain": "fake-domain",
-            "sid": "fake-sid",
+            "user": "fake-user",
             "password": "fake-password",
             "status": "new",
             "project_id": "fake",

manila/tests/netapp/test_7mode_drv.py

@@ -288,8 +288,7 @@ class NetAppCIFSHelperTestCase(test.TestCase):
             'cifs-share-delete', mock.ANY)
 
     def test_allow_access(self):
-        access = {'access_to': 'user',
-                  'access_type': 'sid'}
+        access = {'access_to': 'user', 'access_type': 'user', }
         self.helper.allow_access(self._context, self.share, access)
         self.helper._client.send_request.assert_called_once_with(
             'cifs-share-ace-set', mock.ANY)

manila/tests/netapp/test_cmode_drv.py

@@ -63,7 +63,7 @@ class NetAppClusteredDrvTestCase(test.TestCase):
         self.security_service = {'id': 'fake_id',
                                  'domain': 'FAKE',
                                  'server': 'fake_server',
-                                 'sid': 'fake_sid',
+                                 'user': 'fake_user',
                                  'password': 'fake_password'}
         self.share_server = {
             'backend_details': {
@@ -200,7 +200,7 @@ class NetAppClusteredDrvTestCase(test.TestCase):
         self.driver._vserver_exists = mock.Mock(return_value=True)
         self._vserver_client.send_request = mock.Mock(return_value=el)
         security_services = [
-            {'sid': 'admin',
+            {'user': 'admin',
              'password': 'pass',
              'type': 'active_directory'}
         ]
@@ -347,7 +347,7 @@ class NetAppClusteredDrvTestCase(test.TestCase):
                          'realm': 'FAKE'}
         spn = 'nfs/fake-vserver.FAKE@FAKE'
         kerberos_modify_args = {'admin-password': 'fake_password',
-                                'admin-user-name': 'fake_sid',
+                                'admin-user-name': 'fake_user',
                                 'interface-name': 'fake_lif',
                                 'is-kerberos-enabled': 'true',
                                 'service-principal-name': spn
@@ -365,11 +365,13 @@ class NetAppClusteredDrvTestCase(test.TestCase):
         self.driver._configure_dns = mock.Mock()
         self.driver._configure_active_directory(self.security_service,
                                                 self._vserver_client)
-        args = {'admin-username': 'fake_sid',
-                'admin-password': 'fake_password',
-                'force-account-overwrite': 'true',
-                'cifs-server': 'fake_server',
-                'domain': 'FAKE'}
+        args = {
+            'admin-username': 'fake_user',
+            'admin-password': 'fake_password',
+            'force-account-overwrite': 'true',
+            'cifs-server': 'fake_server',
+            'domain': 'FAKE',
+        }
         self._vserver_client.send_request.assert_called_with(
             'cifs-server-create', args)
 

manila/tests/network/test_security_service_db.py

@@ -22,17 +22,19 @@ from manila import exception
 from manila import test
 
 
-security_service_dict = {'id': 'fake id',
-                         'project_id': 'fake project',
-                         'type': 'ldap',
-                         'dns_ip': 'fake dns',
-                         'server': 'fake ldap server',
-                         'domain': 'fake ldap domain',
-                         'sid': 'fake sid',
-                         "password": "fake password",
-                         'name': 'whatever',
-                         'description': 'nevermind',
-                         'status': constants.STATUS_NEW}
+security_service_dict = {
+    'id': 'fake id',
+    'project_id': 'fake project',
+    'type': 'ldap',
+    'dns_ip': 'fake dns',
+    'server': 'fake ldap server',
+    'domain': 'fake ldap domain',
+    'user': 'fake user',
+    'password': 'fake password',
+    'name': 'whatever',
+    'description': 'nevermind',
+    'status': constants.STATUS_NEW,
+}
 
 
 class SecurityServiceDBTest(test.TestCase):
@@ -91,14 +93,16 @@ class SecurityServiceDBTest(test.TestCase):
                           security_service_dict['id'])
 
     def test_update(self):
-        update_dict = {'dns_ip': 'new dns',
-                       'server': 'new ldap server',
-                       'domain': 'new ldap domain',
-                       'sid': 'new sid',
-                       'password': 'new password',
-                       'name': 'new whatever',
-                       'description': 'new nevermind',
-                       'status': constants.STATUS_ERROR}
+        update_dict = {
+            'dns_ip': 'new dns',
+            'server': 'new ldap server',
+            'domain': 'new ldap domain',
+            'user': 'new user',
+            'password': 'new password',
+            'name': 'new whatever',
+            'description': 'new nevermind',
+            'status': constants.STATUS_ERROR,
+        }
 
         db_api.security_service_create(self.fake_context,
                                        security_service_dict)