diff --git a/manila/share/drivers/ganesha/__init__.py b/manila/share/drivers/ganesha/__init__.py index 1b35db12c2..075d72adf2 100644 --- a/manila/share/drivers/ganesha/__init__.py +++ b/manila/share/drivers/ganesha/__init__.py @@ -129,6 +129,9 @@ class GaneshaNASHelper(NASHelperBase): """Allow access to the share.""" if access['access_type'] != 'ip': raise exception.InvalidShareAccess('Only IP access type allowed') + + access = ganesha_utils.fixup_access_rule(access) + cf = {} accid = access['id'] name = share['name'] @@ -240,6 +243,7 @@ class GaneshaNASHelper2(GaneshaNASHelper): wanted_rw_clients, wanted_ro_clients = [], [] for rule in access_rules: + rule = ganesha_utils.fixup_access_rule(rule) if rule['access_level'] == 'rw': wanted_rw_clients.append(rule['access_to']) elif rule['access_level'] == 'ro': diff --git a/manila/share/drivers/ganesha/utils.py b/manila/share/drivers/ganesha/utils.py index 9f26df82cf..6208a98aed 100644 --- a/manila/share/drivers/ganesha/utils.py +++ b/manila/share/drivers/ganesha/utils.py @@ -134,3 +134,16 @@ def validate_access_rule(supported_access_types, supported_access_levels, 'details': "%(access_level)s"}) return valid + + +def fixup_access_rule(access_rule): + """Adjust access rule as required for ganesha to handle it properly. + + :param access_rule: Access rules to be validated. + :return: access_rule + """ + if access_rule['access_to'] == '0.0.0.0/0': + access_rule['access_to'] = '0.0.0.0' + LOG.debug("Set access_to field to '0.0.0.0' in ganesha back end.") + + return access_rule diff --git a/manila/tests/share/drivers/ganesha/test_utils.py b/manila/tests/share/drivers/ganesha/test_utils.py index 2eacab2f94..2a28b13397 100644 --- a/manila/tests/share/drivers/ganesha/test_utils.py +++ b/manila/tests/share/drivers/ganesha/test_utils.py @@ -98,6 +98,26 @@ class GaneshaUtilsTests(test.TestCase): self.assertRaises(trouble, ganesha_utils.validate_access_rule, ['ip'], ['ro'], fake_access(rule), abort=True) + @ddt.data({'rule': {'access_type': 'ip', + 'access_level': 'rw', + 'access_to': '10.10.10.12'}, + 'result': {'access_type': 'ip', + 'access_level': 'rw', + 'access_to': '10.10.10.12'}, + }, + {'rule': {'access_type': 'ip', + 'access_level': 'rw', + 'access_to': '0.0.0.0/0'}, + 'result': {'access_type': 'ip', + 'access_level': 'rw', + 'access_to': '0.0.0.0'}, + }, + ) + @ddt.unpack + def test_fixup_access_rules(self, rule, result): + + self.assertEqual(result, ganesha_utils.fixup_access_rule(rule)) + @ddt.ddt class SSHExecutorTestCase(test.TestCase): diff --git a/releasenotes/notes/fix-ganesha-allow-access-for-all-ips-09773a79dc76ad44.yaml b/releasenotes/notes/fix-ganesha-allow-access-for-all-ips-09773a79dc76ad44.yaml new file mode 100644 index 0000000000..def23f8ec0 --- /dev/null +++ b/releasenotes/notes/fix-ganesha-allow-access-for-all-ips-09773a79dc76ad44.yaml @@ -0,0 +1,6 @@ +--- +fixes: + - | + Drivers using ganesha can now handle 'manila access-allow + ip 0.0.0.0/0' as a way to allow access to the share + from all IPs.