[Testing WIP] Allow to update SS with defaultadsite

This is under testing, so if you want to push something remove this commit from tree. The defaultadsite will be part of AD security service and update of SS should consider it in different keys.
sapcc · Dec 1, 2022 · 047db96 · 047db96
1 parent ee5d991
commit 047db96
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 9 deletions.
diff --git a/manila/api/v1/security_service.py b/manila/api/v1/security_service.py
@@ -213,17 +213,12 @@ def create(self, req, body):
                          'types': ','.join(allowed_types)}))
         server = security_service_args.get('server', None)
         defaultadsite = security_service_args.get('defaultadsite', None)
-        if server and defaultadsite:
+        if (security_srv_type == 'active_directory' and server
+                and defaultadsite):
             raise exception.InvalidInput(
                 reason=(_("Can not create security service because both "
                           "server and default AD site is provided, Specify "
                           "either server or default AD site.")))
-        if security_srv_type == 'active_directory':
-            if not server and not defaultadsite:
-                raise exception.InvalidInput(
-                    reason=(_("Can not create security service because either "
-                              "server or default AD site is needed for Active "
-                              "directory service type.")))
         security_service_args['project_id'] = context.project_id
         security_service = db.security_service_create(
             context, security_service_args)

diff --git a/manila/share/drivers/netapp/dataontap/client/client_cmode.py b/manila/share/drivers/netapp/dataontap/client/client_cmode.py
@@ -1853,6 +1853,27 @@ def modify_active_directory_security_service(
             if new_security_service['server'] is not None:
                 self.set_preferred_dc(new_security_service)
 
+        if 'defaultadsite' in differring_keys:
+            if new_security_service['defaultadsite'] is not None:
+                cifs_server = self._get_cifs_server_name(vserver_name)
+                api_args = {
+                    'admin-username': new_security_service['user'],
+                    'admin-password': new_security_service['password'],
+                    'force-account-overwrite': 'true',
+                    'cifs-server': cifs_server,
+                    'default-site': new_security_service['defaultadsite']
+                }
+                try:
+                    LOG.debug("Trying to modify CIFS server with data: %s",
+                              api_args)
+                    self.send_request('cifs-server-modify', api_args)
+                except netapp_api.NaApiError as e:
+                    msg = _("Failed to modify CIFS server entry. %s")
+                    raise exception.NetAppException(msg % e.message)
+
+            # overwrite domain-discovery based upon new SS options
+            self.configure_cifs_options(new_security_service)
+
     @na_utils.trace
     def create_kerberos_realm(self, security_service):
         """Creates Kerberos realm on cluster."""
@@ -2165,7 +2186,7 @@ def configure_cifs_options(self, security_service):
         elif security_service.get('defaultadsite', None):
             api_args = {'mode': 'site'}
         else:
-            return
+            api_args = {'mode': 'all'}
 
         try:
             self.send_request(

diff --git a/manila/share/drivers/netapp/dataontap/cluster_mode/lib_multi_svm.py b/manila/share/drivers/netapp/dataontap/cluster_mode/lib_multi_svm.py
@@ -2028,7 +2028,8 @@ def _get_different_keys_for_equal_ss_type(self, current_sec_service,
                                               new_sec_service):
         different_keys = []
 
-        valid_keys = ['dns_ip', 'server', 'domain', 'user', 'password', 'ou']
+        valid_keys = ['dns_ip', 'server', 'domain', 'user', 'password',
+                      'ou', 'defaultadsite']
         for key, value in current_sec_service.items():
             if (current_sec_service[key] != new_sec_service[key]
                     and key in valid_keys):
@@ -2054,6 +2055,15 @@ def _is_security_service_valid(self, security_service):
                 LOG.error(msg)
                 return False
 
+        if ss_type == 'active_directory':
+            server = security_service.get('server')
+            defaultadsite = security_service.get('defaultadsite')
+            if server and defaultadsite:
+                msg = _("Active directory security service must not have "
+                        "both 'server' and 'defaultadsite' parameters.")
+                LOG.error(msg)
+                return False
+
         if not all([security_service[key] is not None
                     for key in mandatory_params[ss_type]]):
             msg = _("The security service %s does not have all the "