Merge "change user access name limit from 32 to 255 characters"

manila/api/common.py

@@ -334,10 +334,10 @@ def validate_common_name(access):
 
 
 def validate_username(access):
-    valid_username_re = '[\w\.\-_\`;\'\{\}\[\]\\\\]{4,32}$'
+    valid_username_re = '[\w\.\-_\`;\'\{\}\[\]\\\\]{4,255}$'
     username = access
     if not re.match(valid_username_re, username):
-        exc_str = ('Invalid user or group name. Must be 4-32 characters '
+        exc_str = ('Invalid user or group name. Must be 4-255 characters '
                    'and consist of alphanumeric characters and '
                    'special characters ]{.-_\'`;}[\\')
         raise webob.exc.HTTPBadRequest(explanation=exc_str)

manila/tests/api/v1/test_shares.py

@@ -778,7 +778,7 @@ class ShareActionsTest(test.TestCase):
     @ddt.data(
         {'access_type': 'ip', 'access_to': '127.0.0.1'},
         {'access_type': 'user', 'access_to': '1' * 4},
-        {'access_type': 'user', 'access_to': '1' * 32},
+        {'access_type': 'user', 'access_to': '1' * 255},
         {'access_type': 'user', 'access_to': 'fake\\]{.-_\'`;}['},
         {'access_type': 'user', 'access_to': 'MYDOMAIN\\Administrator'},
         {'access_type': 'cert', 'access_to': 'x'},
@@ -812,7 +812,7 @@ class ShareActionsTest(test.TestCase):
         {'access_type': 'ip', 'access_to': '127.0.0.256'},
         {'access_type': 'user', 'access_to': '1'},
         {'access_type': 'user', 'access_to': '1' * 3},
-        {'access_type': 'user', 'access_to': '1' * 33},
+        {'access_type': 'user', 'access_to': '1' * 256},
         {'access_type': 'user', 'access_to': 'root^'},
         {'access_type': 'cert', 'access_to': ''},
         {'access_type': 'cert', 'access_to': ' '},

manila/tests/api/v2/test_shares.py

@@ -1771,7 +1771,7 @@ class ShareActionsTest(test.TestCase):
     @ddt.data(
         {'access_type': 'ip', 'access_to': '127.0.0.1'},
         {'access_type': 'user', 'access_to': '1' * 4},
-        {'access_type': 'user', 'access_to': '1' * 32},
+        {'access_type': 'user', 'access_to': '1' * 255},
         {'access_type': 'user', 'access_to': 'fake\\]{.-_\'`;}['},
         {'access_type': 'user', 'access_to': 'MYDOMAIN\\Administrator'},
         {'access_type': 'cert', 'access_to': 'x'},
@@ -1803,7 +1803,7 @@ class ShareActionsTest(test.TestCase):
         {'access_type': 'ip', 'access_to': '127.0.0.256'},
         {'access_type': 'user', 'access_to': '1'},
         {'access_type': 'user', 'access_to': '1' * 3},
-        {'access_type': 'user', 'access_to': '1' * 33},
+        {'access_type': 'user', 'access_to': '1' * 256},
         {'access_type': 'user', 'access_to': 'root^'},
         {'access_type': 'cert', 'access_to': ''},
         {'access_type': 'cert', 'access_to': ' '},

manila_tempest_tests/tests/api/test_rules_negative.py

@@ -229,7 +229,7 @@ class ShareUserRulesForNFSNegativeTest(base.BaseSharesTest):
     def test_create_access_rule_user_with_too_big_key(self, client_name):
         self.assertRaises(lib_exc.BadRequest,
                           getattr(self, client_name).create_access_rule,
-                          self.share["id"], "user", "a" * 33)
+                          self.share["id"], "user", "a" * 256)
 
     @tc.attr(base.TAG_NEGATIVE, base.TAG_API_WITH_BACKEND)
     @ddt.data('shares_client', 'shares_v2_client')

releasenotes/notes/bug-1674908-allow-user-access-fix-495b3e42bdc985ec.yaml

@@ -0,0 +1,5 @@
+---
+fixes:
+  - Changed user access name limit from 32 to 255 characters
+    since there are security services that allow user names
+    longer than 32 characters.