Merge pull request #61 from huangpeng5/suyan_420

support DPC level two
Huawei · Apr 19, 2024 · 7faffdb · 7faffdb
2 parents 75f547e + 2967b31
commit 7faffdb
Show file tree

Hide file tree

Showing 9 changed files with 317 additions and 215 deletions.
diff --git a/Manila/file_driver_dir/huawei/oceanstorPacific/connection.py b/Manila/file_driver_dir/huawei/oceanstorPacific/connection.py
@@ -62,34 +62,34 @@ def update_share_stats(self, data):
 
     def create_share(self, context, share, share_server):
         """创建共享，同时返回挂载路径信息"""
-        location = driver_api.OperateShare(self.helper, share).create_share(self.root, self.free_pool)
+        location = driver_api.OperateShare(self.helper, share, self.root).create_share(self.free_pool)
         return location
 
     def delete_share(self, context, share, share_server):
         """删除共享"""
-        driver_api.OperateShare(self.helper, share).delete_share()
+        driver_api.OperateShare(self.helper, share, self.root).delete_share()
 
     def ensure_share(self, share, share_server):
         """检查共享状态，同时返回挂载路径信息"""
-        location = driver_api.OperateShare(self.helper, share).ensure_share()
+        location = driver_api.OperateShare(self.helper, share, self.root).ensure_share()
         return location
 
     def extend_share(self, share, new_size, share_server):
         """扩容共享"""
-        driver_api.OperateShare(self.helper, share).change_share(new_size, 'extend')
+        driver_api.OperateShare(self.helper, share, self.root).change_share(new_size, 'extend')
 
     def shrink_share(self, share, new_size, share_server):
         """缩容共享"""
-        driver_api.OperateShare(self.helper, share).change_share(new_size, 'shrink')
+        driver_api.OperateShare(self.helper, share, self.root).change_share(new_size, 'shrink')
 
     def allow_access(self, share, access, share_server):
         """在共享上添加一条鉴权信息"""
-        driver_api.ChangeAccess(self.helper, share).allow_access(access)
+        driver_api.ChangeAccess(self.helper, share, self.root).allow_access(access)
 
     def deny_access(self, share, access, share_server):
         """在共享上删除一条鉴权信息"""
-        driver_api.ChangeAccess(self.helper, share).deny_access(access)
+        driver_api.ChangeAccess(self.helper, share, self.root).deny_access(access)
 
     def update_access(self, share, access_rules, add_rules, delete_rules, share_server):
         """更新共享的鉴权信息，主要用于批量添加/删除鉴权信息"""
-        driver_api.ChangeAccess(self.helper, share).update_access(access_rules, add_rules, delete_rules)
+        driver_api.ChangeAccess(self.helper, share, self.root).update_access(access_rules, add_rules, delete_rules)
diff --git a/Manila/file_driver_dir/huawei/oceanstorPacific/customization_connection.py b/Manila/file_driver_dir/huawei/oceanstorPacific/customization_connection.py
@@ -34,12 +34,12 @@ def __init__(self, root):
 
     def create_share(self, context, share, share_server):
         """苏研qos为定制的参数，所以此处重写qos相关解析方法"""
-        location = driver_api.CustomizationOperate(self.helper, share).create_share(self.root, self.free_pool)
+        location = driver_api.CustomizationOperate(self.helper, share, self.root).create_share(self.free_pool)
         return location
 
     def delete_share(self, context, share, share_server):
         """删除share接口，苏研配置单独的一个账户用于创建ip"""
-        driver_api.CustomizationOperate(self.helper, share).set_root(self.root).delete_share()
+        driver_api.CustomizationOperate(self.helper, share, self.root).delete_share()
 
     def allow_access(self, share, access, share_server):
         """在共享上添加一条鉴权信息，苏研配置单独的一个账户用于创建ip"""
@@ -78,7 +78,7 @@ def get_share_usage(self, share, share_usages):
                        “used_space”： 已使用容量
                        }
         """
-        share_capacity = driver_api.CustomizationOperate(self.helper, share).get_share_usage(share_usages)
+        share_capacity = driver_api.CustomizationOperate(self.helper, share, self.root).get_share_usage(share_usages)
         return share_capacity
 
     def update_qos(self, share, qos_specs):
@@ -92,7 +92,7 @@ def update_qos(self, share, qos_specs):
             }
         :return: None
         """
-        driver_api.CustomizationOperate(self.helper, share).update_qos(qos_specs, self.root)
+        driver_api.CustomizationOperate(self.helper, share, self.root).update_qos(qos_specs)
 
     def parse_cmcc_qos_options(self, share):
         """
@@ -104,20 +104,20 @@ def parse_cmcc_qos_options(self, share):
              “total_iops_sec”： 总IOPS，
             }
         """
-        share_qos_info = driver_api.CustomizationOperate(self.helper, share).parse_cmcc_qos_options()
+        share_qos_info = driver_api.CustomizationOperate(self.helper, share, self.root).parse_cmcc_qos_options()
         return share_qos_info
 
     def ensure_share(self, share, share_server):
         """
         校验shre的状态，苏研定制接口下二级目录获取namespace的方式有变化
         """
-        location = driver_api.CustomizationOperate(self.helper, share).ensure_share()
+        location = driver_api.CustomizationOperate(self.helper, share, self.root).ensure_share()
         return location
 
     def extend_share(self, share, new_size, share_server):
         """苏研定制需求需要对二级目录实现扩容，因此重新此方法"""
-        driver_api.CustomizationOperate(self.helper, share).change_share(new_size, 'extend')
+        driver_api.CustomizationOperate(self.helper, share, self.root).change_share(new_size, 'extend')
 
     def shrink_share(self, share, new_size, share_server):
         """苏研定制需求需要对二级目录实现缩容，因此重新此方法"""
-        driver_api.CustomizationOperate(self.helper, share).change_share(new_size, 'shrink')
+        driver_api.CustomizationOperate(self.helper, share, self.root).change_share(new_size, 'shrink')
diff --git a/Manila/file_driver_dir/huawei/oceanstorPacific/driver_api/base_share_property.py b/Manila/file_driver_dir/huawei/oceanstorPacific/driver_api/base_share_property.py
@@ -0,0 +1,89 @@
+# coding=utf-8
+# Copyright (c) 2024 Huawei Technologies Co., Ltd.
+# All Rights Reserved.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License"); you may
+#    not use this file except in compliance with the License. You may obtain
+#    a copy of the License at
+#
+#         http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#    License for the specific language governing permissions and limitations
+#    under the License.
+
+import netaddr
+from oslo_log import log
+from manila import exception
+from manila.share import share_types
+from manila.i18n import _
+
+LOG = log.getLogger(__name__)
+
+
+class BaseShareProperty(object):
+    def __init__(self, helper, share=None, root=None):
+        self.helper = helper
+        self.share = share
+        self.root = root
+        self.account_id = None
+        self.account_name = None
+        self.share_proto = self._get_share_proto()
+
+    @staticmethod
+    def standard_ipaddr(access):
+        """
+        When the added client permission is an IP address,
+        standardize it. Otherwise, do not process it.
+        """
+        try:
+            format_ip = netaddr.IPAddress(access)
+            access_to = str(format_ip.format(dialect=netaddr.ipv6_compact))
+            return access_to
+        except Exception:
+            return access
+
+    @staticmethod
+    def is_ipv4_address(ip_address):
+        try:
+            if netaddr.IPAddress(ip_address).version == 4:
+                return True
+            return False
+        except Exception:
+            return False
+
+    def _get_account_name(self):
+        LOG.info("Get account name from xml.")
+        if self.root is None:
+            err_msg = _("Can not get account name from config.")
+            LOG.error(err_msg)
+            raise exception.InvalidShare(reason=err_msg)
+        account_name = self.root.findtext('Filesystem/AccountName').strip()
+        if not account_name:
+            err_msg = "Can not get account_name from xml, please check."
+            LOG.error(err_msg)
+            raise exception.InvalidShare(reason=err_msg)
+        return account_name
+
+    def _get_account_id(self):
+        self.account_name = self._get_account_name()
+        result = self.helper.query_account_by_name(self.account_name)
+        self.account_id = result.get('id')
+
+    def _get_share_proto(self):
+        share_proto = []
+        if self.share is None:
+            return share_proto
+
+        type_id = self.share.get('share_type_id')
+        extra_specs = share_types.get_share_type_extra_specs(type_id)
+        tmp_share_proto = extra_specs.get('share_proto', '').split('&')
+
+        if 'DPC' in tmp_share_proto:
+            share_proto.append('DPC')
+            return share_proto
+
+        return self.share.get('share_proto', '').split('&')
+
diff --git a/Manila/file_driver_dir/huawei/oceanstorPacific/driver_api/change_access.py b/Manila/file_driver_dir/huawei/oceanstorPacific/driver_api/change_access.py
@@ -14,26 +14,22 @@
 #    License for the specific language governing permissions and limitations
 #    under the License.
 
-import netaddr
 from oslo_log import log
 
 from manila import exception
 from manila.common import constants as common_constants
 from manila.i18n import _
 
+from .base_share_property import BaseShareProperty
 
 LOG = log.getLogger(__name__)
 
 
-class ChangeAccess(object):
-    def __init__(self, helper, share):
-        self.helper = helper
-        self.share = share
-
-        self.account_id = None
+class ChangeAccess(BaseShareProperty):
+    def __init__(self, helper, share, root):
+        super(ChangeAccess, self).__init__(helper, share=share, root=root)
         self.namespace_name = None
         self.namespace_id = None
-        self.share_proto = self.share.get('share_proto', '').split('&')
         self.share_path = None
         self.export_locations = None  # share路径信息
         self.nfs_share_id = None
@@ -55,13 +51,8 @@ def deny_access(self, access):
         self._get_account_and_namespace_information()
         self._classify_rules([access], 'deny')
 
-    def _find_account_id(self):
-        account_name = self.share.get('project_id')
-        result = self.helper.query_account_by_name(account_name)
-        self.account_id = result.get('id')
-
     def _get_account_and_namespace_information(self):
-        self._find_account_id()
+        self._get_account_id()
         self._get_export_location_info()
         self._get_share_related_info()
         self._query_and_set_share_info()
@@ -139,50 +130,92 @@ def _deal_access_for_cifs(self, action):
                     LOG.info(_("The access_to {0} does not exist").format(access_to))
 
     def _deal_access_for_dpc(self, action):
-
         if action == 'allow':
             LOG.info(_("Will be add dpc access.(nums: {0})".format(len(self.dpc_rules))))
         if action == 'deny':
             LOG.info(_("Will be delete dpc access.(nums: {0})".format(len(self.dpc_rules))))
 
         for index in range(0, len(self.dpc_rules), 200):
-            dpc_ips = ""
+            dpc_ips = []
             for access in self.dpc_rules[index:index + 200]:
                 access_to = self.standard_ipaddr(access.get('access_to'))
-
-                if not dpc_ips:
-                    dpc_ips += access_to
-                else:
-                    dpc_ips += ',' + access_to
+                if action == "deny" and not self.is_ipv4_address(access_to):
+                    LOG.warning('DPC authentication now is not support IPV6 address, '
+                                'skip it , ipaddress is %s', access_to)
+                    continue
+                dpc_ips.append(access_to)
 
             if action == "allow":
-                self.helper.allow_access_for_dpc(self.namespace_name, dpc_ips)
-            elif action == "deny":
-                self.helper.deny_access_for_dpc(self.namespace_name, dpc_ips)
+                self.helper.allow_access_for_dpc(self.namespace_name, ','.join(dpc_ips))
+            elif dpc_ips:
+                self.helper.deny_access_for_dpc(self.namespace_name, ','.join(dpc_ips))
 
-    def _clear_access(self):
-        """Remove all access rules of the share"""
+    def _sync_access(self, access_rules):
+        """Sync all access rules of the share between storage and platform"""
         if 'NFS' in self.share_proto:
             result = self.helper.query_nfs_share_clients_information(self.nfs_share_id, self.account_id)
-            for data in result:
-                self.helper.deny_access_for_nfs(data.get('id'), self.account_id)
-        if self.share_proto == 'CIFS':
+            deny_rules, allow_rules, change_rules = self._get_need_update_access(
+                result, access_rules, 'access_name', 'access_value')
+            for deny_rule in deny_rules:
+                self.helper.deny_access_for_nfs(deny_rule.get('client_id'), self.account_id)
+            for allow_rule in allow_rules:
+                self.helper.allow_access_for_nfs(
+                    self.nfs_share_id, allow_rule.get('access_to'),
+                    allow_rule.get('access_level'), self.account_id)
+            for change_rule in change_rules:
+                self.helper.change_access_for_nfs(
+                    change_rule.get('client_id'),
+                    change_rule.get('access_value'), self.account_id)
+        if 'CIFS' in self.share_proto:
             result = self.helper.query_cifs_share_user_information(self.cifs_share_id, self.account_id)
-            for data in result:
-                self.helper.deny_access_for_cifs(data.get('id'), self.account_id)
-
-    @staticmethod
-    def standard_ipaddr(access):
-        """
-        When the added client permission is an IP address,
-        standardize it. Otherwise, do not process it.
-        """
-        try:
-            format_ip = netaddr.IPAddress(access)
-            access_to = str(format_ip.format(dialect=netaddr.ipv6_compact))
-            return access_to
-        except Exception:
-            return access
+            deny_rules, allow_rules, change_rules = self._get_need_update_access(
+                result, access_rules, 'name', 'permission')
+            for deny_rule in deny_rules:
+                self.helper.deny_access_for_cifs(deny_rule.get('client_id'), self.account_id)
+            for allow_rule in allow_rules:
+                self.helper.allow_access_for_cifs(
+                    self.cifs_share_id, allow_rule.get('access_to'),
+                    allow_rule.get('access_level'), self.account_id)
+            for change_rule in change_rules:
+                self.helper.change_access_for_cifs(
+                    change_rule.get('client_id'),
+                    change_rule.get('access_value'), self.account_id)
+        if 'DPC' in self.share_proto:
+            self.helper.deny_access_for_dpc(self.namespace_name, '*')
+            self._classify_rules(access_rules, 'allow')
+
+    def _get_need_update_access(self, storage_access_list, access_rules, access_param,
+                                permission_param):
+        """get all need deny access rules/allow access rules/change access rules"""
+        need_remove_access_info = {}
+        need_add_access_info = {}
+        need_change_access_info = {}
+        for data in storage_access_list:
+            access_name = self.standard_ipaddr(data.get(access_param))
+            need_remove_access_info[access_name] = {
+                'access_to': access_name,
+                'access_level': data.get(permission_param),
+                'client_id': data.get('id')
+            }
+        for rule in access_rules:
+            access_to = self.standard_ipaddr(rule.get('access_to'))
+            access_level = 0 if rule.get('access_level') == 'ro' else 1
+            access_info = need_remove_access_info.get(access_to)
+            if not access_info:
+                need_add_access_info[access_to] = {
+                    'access_to': access_to,
+                    'access_level': rule.get('access_level')
+                }
+            elif access_info.get('access_level') != access_level:
+                need_change_access_info['access_to'] = {
+                    'client_id': access_info.get('client_id'),
+                    'access_value': rule.get('access_level'),
+                }
+                need_remove_access_info.pop(access_to)
+            else:
+                need_remove_access_info.pop(access_to)
+
+        return need_remove_access_info, need_add_access_info, need_change_access_info
 
     def _get_export_location_info(self):
         """校验share是否包含path信息，有则初始化"""
@@ -234,5 +267,4 @@ def _update_access_for_share(self, access_rules, add_rules, delete_rules):
         if delete_rules:
             self._classify_rules(delete_rules, 'deny')
         if not (add_rules or delete_rules):
-            self._clear_access()
-            self._classify_rules(access_rules, 'allow')
+            self._sync_access(access_rules)
diff --git a/Manila/file_driver_dir/huawei/oceanstorPacific/driver_api/check_update_storage.py b/Manila/file_driver_dir/huawei/oceanstorPacific/driver_api/check_update_storage.py
@@ -19,16 +19,15 @@
 from manila import exception
 from manila.i18n import _
 
+from .base_share_property import BaseShareProperty
 from ..helper import constants
 
 LOG = log.getLogger(__name__)
 
 
-class CheckUpdateStorage(object):
+class CheckUpdateStorage(BaseShareProperty):
     def __init__(self, helper, root):
-        self.helper = helper
-        self.root = root
-
+        super(CheckUpdateStorage, self).__init__(helper, root=root)
         self.pools_free = {}
         self.free_pool = None