Skip to content

Commit

Permalink
Add defaultadsite to security service
Browse files Browse the repository at this point in the history
Allows to configure optional field 'defaultadsite' which if provided
set domain controller discovery mode to 'site'

APIImpact
  • Loading branch information
kpawar-sap committed Aug 18, 2022
1 parent 3728d13 commit 650fa9c
Show file tree
Hide file tree
Showing 17 changed files with 107 additions and 4 deletions.
15 changes: 15 additions & 0 deletions api-ref/source/parameters.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2209,6 +2209,21 @@ scheduler_hints:
required: false
type: object
min_version: 2.65
security_service_defaultadsite:
description: |
The security service default AD site.
in: body
required: true
type: string
min_version: 2.65
security_service_defaultadsite_request:
description: |
The security service default AD site. An organizational unit
can be added to specify where the share ends up.
in: body
required: false
type: string
min_version: 2.65
security_service_dns_ip:
description: |
The DNS IP address that is used inside the project network.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
"security_service": {
"status": "new",
"domain": null,
"defaultadsite": null,
"ou": null,
"project_id": "16e1ab15c35a457e9c2b2aa189f544e1",
"name": "SecServ1",
Expand Down
1 change: 1 addition & 0 deletions api-ref/source/samples/security-service-show-response.json
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@
"security_service": {
"status": "new",
"domain": null,
"defaultadsite": null,
"ou": null,
"project_id": "16e1ab15c35a457e9c2b2aa189f544e1",
"name": "SecServ1",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
"status": "new",
"domain": null,
"ou": null,
"defaultadsite": null,
"project_id": "16e1ab15c35a457e9c2b2aa189f544e1",
"name": "SecServ1",
"created_at": "2015-09-07T12:19:10.000000",
Expand All @@ -21,6 +22,7 @@
"status": "new",
"domain": null,
"ou": null,
"defaultadsite": null,
"project_id": "16e1ab15c35a457e9c2b2aa189f544e1",
"name": "SecServ2",
"created_at": "2015-09-07T12:25:03.000000",
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
"status": "new",
"domain": null,
"ou": null,
"defaultadsite": null,
"project_id": "16e1ab15c35a457e9c2b2aa189f544e1",
"name": "SecServ1",
"created_at": "2015-09-07T12:19:10.000000",
Expand All @@ -23,6 +24,7 @@
"status": "new",
"domain": null,
"ou": null,
"defaultadsite": null,
"project_id": "16e1ab15c35a457e9c2b2aa189f544e1",
"name": "SecServ2",
"created_at": "2015-09-07T12:25:03.000000",
Expand Down
8 changes: 8 additions & 0 deletions api-ref/source/security-services.inc
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,8 @@ You can configure a security service with these options:

- The password for the user, if you specify a user name.

- A default AD site, optional (available starting with API version 2.65)

A security service resource can also be given a user defined name and
description.

Expand Down Expand Up @@ -125,6 +127,7 @@ Response parameters
- password: security_service_password
- domain: security_service_domain
- ou: security_service_ou
- defaultadsite: security_service_defaultadsite
- server: security_service_server
- updated_at: updated_at
- created_at: created_at
Expand Down Expand Up @@ -181,6 +184,7 @@ Response parameters
- password: security_service_password
- domain: security_service_domain
- ou: security_service_ou
- defaultadsite: security_service_defaultadsite
- server: security_service_server
- updated_at: updated_at
- created_at: created_at
Expand Down Expand Up @@ -227,6 +231,7 @@ Request
- password: security_service_password_request
- domain: security_service_domain_request
- ou: security_service_ou_request
- defaultadsite: security_service_defaultadsite_request
- server: security_service_server_request

Request example
Expand All @@ -251,6 +256,7 @@ Response parameters
- password: security_service_password
- domain: security_service_domain
- ou: security_service_ou
- defaultadsite: security_service_defaultadsite
- server: security_service_server
- updated_at: updated_at
- created_at: created_at
Expand Down Expand Up @@ -304,6 +310,7 @@ Request
- password: security_service_password_request
- domain: security_service_domain_request
- ou: security_service_ou_request
- defaultadsite: security_service_defaultadsite_request
- server: security_service_server_request

Request example
Expand All @@ -328,6 +335,7 @@ Response parameters
- password: security_service_password
- domain: security_service_domain
- ou: security_service_ou
- defaultadsite: security_service_defaultadsite
- server: security_service_server
- updated_at: updated_at
- created_at: created_at
Expand Down
1 change: 1 addition & 0 deletions manila/api/openstack/api_version_request.py
Original file line number Diff line number Diff line change
Expand Up @@ -172,6 +172,7 @@
'update_security_service', 'update_security_service_check' and
'add_security_service_check'.
* 2.65 - Added ability to set scheduler hints via the share create API.
Added default AD site option in security service.
"""

# The minimum and maximum versions of the API supported
Expand Down
7 changes: 7 additions & 0 deletions manila/api/v1/security_service.py
Original file line number Diff line number Diff line change
Expand Up @@ -209,6 +209,13 @@ def create(self, req, body):
"service. Valid types are %(types)s") %
{'type': security_srv_type,
'types': ','.join(allowed_types)}))
server = security_service_args.get('server')
defaultadsite = security_service_args.get('defaultadsite')
if server and defaultadsite:
raise exception.InvalidInput(
reason=(_("Can not create security service because both "
"server and default AD site is provided, Specify "
"either server or default AD site.")))
security_service_args['project_id'] = context.project_id
security_service = db.security_service_create(
context, security_service_args)
Expand Down
5 changes: 5 additions & 0 deletions manila/api/views/security_service.py
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ class ViewBuilder(common.ViewBuilder):
_collection_name = 'security_services'
_detail_version_modifiers = [
'add_ou_to_security_service',
'add_defaultadsite_to_security_service',
]

def summary_list(self, request, security_services):
Expand Down Expand Up @@ -64,6 +65,10 @@ def detail(self, request, security_service):
def add_ou_to_security_service(self, context, ss_dict, ss):
ss_dict['ou'] = ss.get('ou')

@common.ViewBuilder.versioned_method("2.65")
def add_defaultadsite_to_security_service(self, context, ss_dict, ss):
ss_dict['defaultadsite'] = ss.get('defaultadsite')

def _list_view(self, func, request, security_services):
"""Provide a view for a list of security services."""
security_services_list = [func(request, service)['security_service']
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,36 @@
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.

"""Add defaultadsite to security service
Revision ID: 636ecb8f3939
Revises: fbdfabcba377
Create Date: 2022-08-09 10:29:08.394103
"""

# revision identifiers, used by Alembic.
revision = '636ecb8f3939'
down_revision = 'fbdfabcba377'

from alembic import op
import sqlalchemy as sa


def upgrade():
op.add_column(
'security_services',
sa.Column('defaultadsite', sa.String(255), nullable=True))


def downgrade():
op.drop_column('security_services', 'defaultadsite')
1 change: 1 addition & 0 deletions manila/db/sqlalchemy/models.py
Original file line number Diff line number Diff line change
Expand Up @@ -938,6 +938,7 @@ class SecurityService(BASE, ManilaBase):
name = Column(String(255), nullable=True)
description = Column(String(255), nullable=True)
ou = Column(String(255), nullable=True)
defaultadsite = Column(String(255), nullable=True)


class ShareNetwork(BASE, ManilaBase):
Expand Down
11 changes: 7 additions & 4 deletions manila/share/drivers/netapp/dataontap/client/client_cmode.py
Original file line number Diff line number Diff line change
Expand Up @@ -1781,6 +1781,8 @@ def configure_active_directory(self, security_service, vserver_name):

if security_service['ou'] is not None:
api_args['organizational-unit'] = security_service['ou']
if security_service.get('defaultadsite', None):
api_args['default-site'] = security_service['defaultadsite']

for attempt in range(6):
try:
Expand Down Expand Up @@ -2129,12 +2131,13 @@ def configure_cifs_options(self, security_service):
# no raise to be non-blocking
LOG.warning(msg, e.message)

if not security_service['server']:
if security_service.get('server', None):
api_args = {'mode': 'none'}
elif security_service.get('defaultadsite', None):
api_args = {'mode': 'site'}
else:
return

api_args = {
'mode': 'none'
}
try:
self.send_request(
'cifs-domain-server-discovery-mode-modify',
Expand Down
2 changes: 2 additions & 0 deletions manila/share/manager.py
Original file line number Diff line number Diff line change
Expand Up @@ -3299,6 +3299,7 @@ def manage_share_server(self, context, share_server_id, identifier,
data = {
'name': security_service['name'],
'ou': security_service['ou'],
'defaultadsite': security_service['defaultadsite'],
'domain': security_service['domain'],
'server': security_service['server'],
'dns_ip': security_service['dns_ip'],
Expand Down Expand Up @@ -4206,6 +4207,7 @@ def _setup_server(self, context, share_server, metadata):
data = {
'name': security_service['name'],
'ou': security_service['ou'],
'defaultadsite': security_service['defaultadsite'],
'domain': security_service['domain'],
'server': security_service['server'],
'dns_ip': security_service['dns_ip'],
Expand Down
8 changes: 8 additions & 0 deletions manila/tests/api/v2/test_security_services.py
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,8 @@ def stub_security_service(self, version, id):
)
if self.is_microversion_ge(version, '2.44'):
ss_dict['ou'] = 'fake-ou'
if self.is_microversion_ge(version, '2.65'):
ss_dict['defaultadsite'] = 'fake-defaultadsite'

return ss_dict

Expand All @@ -53,6 +55,7 @@ class SecurityServicesAPITest(test.TestCase):
('2.0'),
('2.43'),
('2.44'),
('2.65'),
)
def test_index(self, version):
ss = [
Expand Down Expand Up @@ -85,3 +88,8 @@ def test_index(self, version):
self.assertIn('ou', ss_keys)
else:
self.assertNotIn('ou', ss_keys)

if self.is_microversion_ge(version, '2.65'):
self.assertIn('defaultadsite', ss_keys)
else:
self.assertNotIn('defaultadsite', ss_keys)
2 changes: 2 additions & 0 deletions manila/tests/db/sqlalchemy/test_api.py
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,7 @@
'dns_ip': 'fake dns',
'server': 'fake ldap server',
'domain': 'fake ldap domain',
'defaultadsite': 'fake ldap defaultadsite',
'ou': 'fake ldap ou',
'user': 'fake user',
'password': 'fake password',
Expand Down Expand Up @@ -2948,6 +2949,7 @@ def test_update(self):
'dns_ip': 'new dns',
'server': 'new ldap server',
'domain': 'new ldap domain',
'defaultadsite': 'new ldap defaultadsite',
'ou': 'new ldap ou',
'user': 'new user',
'password': 'new password',
Expand Down
2 changes: 2 additions & 0 deletions manila/tests/share/test_manager.py
Original file line number Diff line number Diff line change
Expand Up @@ -3517,6 +3517,7 @@ def test_setup_server(self):
network_info['security_services'].append({
'name': 'fake_name' + ss_type,
'ou': 'fake_ou' + ss_type,
'defaultadsite': 'fake_defaultadsite' + ss_type,
'domain': 'fake_domain' + ss_type,
'server': 'fake_server' + ss_type,
'dns_ip': 'fake_dns_ip' + ss_type,
Expand Down Expand Up @@ -6378,6 +6379,7 @@ def test_manage_share_server(self, admin_network_api, driver_return):
ss_data_from_db = {
'name': ss_from_db['name'],
'ou': ss_from_db['ou'],
'defaultadsite': ss_from_db['defaultadsite'],
'domain': ss_from_db['domain'],
'server': ss_from_db['server'],
'dns_ip': ss_from_db['dns_ip'],
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
features:
- |
Added 'defaultadsite' field to 'security_service' object to be able to
configure in default AD site. This option can not be used along-with
'server' field of 'security_service' and restrict the discovery mode
to 'site' i.e. only Domain Controller's in local site will be discovered.

0 comments on commit 650fa9c

Please sign in to comment.