Skip to content

Commit 3f3de6e

Browse files
alloydsaalloydsa
authored
Changes to support Ontap Nas import
1 parent 593b074 commit 3f3de6e

4 files changed

Lines changed: 181 additions & 4 deletions

File tree

storage_drivers/ontap/ontap_common.go

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4344,8 +4344,13 @@ func ConstructOntapNASVolumeAccessPath(
43444344
"~snapshot", volConfig.CloneSourceSnapshot)
43454345
}
43464346
} else {
4347-
// If the user does not specify an SMB Share, Trident creates it with the same name as the flexvol volume name.
4348-
completeVolumePath = smbSharePath + volumeName
4347+
if volConfig.SecureSMBEnabled && volConfig.ImportOriginalName != "" {
4348+
// For Secure SMB, Trident creates new share with the internalName of the volume.
4349+
completeVolumePath = smbSharePath + "/" + volConfig.InternalName
4350+
} else {
4351+
// If the user does not specify an SMB Share, Trident creates it with the same name as the flexvol volume name.
4352+
completeVolumePath = smbSharePath + volumeName
4353+
}
43494354
}
43504355
}
43514356
// Replace unix styled path separator, if exists

storage_drivers/ontap/ontap_common_test.go

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2492,6 +2492,33 @@ func TestConstructOntapNASVolumeAccessPath_ROCloneSecureSMBEnabled(t *testing.T)
24922492
}
24932493
}
24942494

2495+
func TestConstructOntapNASVolumeAccessPath_ImportSecureSMBEnabled(t *testing.T) {
2496+
ctx := context.Background()
2497+
2498+
volConfig := &storage.VolumeConfig{
2499+
InternalName: "vol",
2500+
ImportOriginalName: "testVolImport",
2501+
SecureSMBEnabled: true,
2502+
}
2503+
2504+
tests := []struct {
2505+
smbShare string
2506+
volName string
2507+
protocol string
2508+
expectedPath string
2509+
}{
2510+
{"test_share", "/vol", "smb", "\\vol"},
2511+
{"", "/vol", "smb", "\\vol"},
2512+
}
2513+
2514+
for _, test := range tests {
2515+
t.Run(test.smbShare, func(t *testing.T) {
2516+
result := ConstructOntapNASVolumeAccessPath(ctx, test.smbShare, test.volName, volConfig, test.protocol)
2517+
assert.Equal(t, test.expectedPath, result, "the constructed Ontap-NAS volume access path is incorrect")
2518+
})
2519+
}
2520+
}
2521+
24952522
func TestConstructOntapNASFlexGroupSMBVolumePath(t *testing.T) {
24962523
ctx := context.Background()
24972524

storage_drivers/ontap/ontap_nas.go

Lines changed: 22 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -801,10 +801,30 @@ func (d *NASStorageDriver) Import(
801801
}
802802
}
803803

804-
// TODO: enable secure SMB share for imported volumes
804+
// Disable Secure SMB if the volume to be imported is not managed by Trident
805+
if volConfig.ImportNotManaged {
806+
volConfig.SecureSMBEnabled = false
807+
}
808+
805809
if d.Config.NASType == sa.SMB {
810+
// Update the import volume config with the admin user details from the Trident backend
811+
adAdminUser := d.Config.ADAdminUser
812+
if adAdminUser != "" {
813+
if _, exists := volConfig.SMBShareACL[adAdminUser]; !exists {
814+
volConfig.SMBShareACL[adAdminUser] = ADAdminUserPermission
815+
}
816+
}
817+
818+
shareName := originalName
819+
sharePath := "/" + originalName
820+
806821
if flexvol.JunctionPath != "" {
807-
if err := d.EnsureSMBShare(ctx, originalName, "/"+originalName, volConfig.SMBShareACL, false); err != nil {
822+
// If secure SMB is enabled, create a new share with the internal name
823+
if volConfig.SecureSMBEnabled {
824+
shareName = volConfig.InternalName
825+
}
826+
if err := d.EnsureSMBShare(ctx, shareName, sharePath,
827+
volConfig.SMBShareACL, volConfig.SecureSMBEnabled); err != nil {
808828
return err
809829
}
810830
}

storage_drivers/ontap/ontap_nas_test.go

Lines changed: 125 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5067,6 +5067,66 @@ func TestOntapNasStorageDriverVolumeImport_SMBShareCreateFail(t *testing.T) {
50675067
assert.Error(t, result)
50685068
}
50695069

5070+
func TestOntapNasStorageDriverVolumeImportNotManaged_SecureSMBEnabled(t *testing.T) {
5071+
mockAPI, driver := newMockOntapNASDriver(t)
5072+
driver.Config.NASType = sa.SMB
5073+
volConfig := &storage.VolumeConfig{
5074+
Size: "1g",
5075+
Encryption: "false",
5076+
InternalName: "vol2",
5077+
PeerVolumeHandle: "fakesvm:vol1",
5078+
ImportNotManaged: true,
5079+
UnixPermissions: DefaultUnixPermissions,
5080+
SMBShareACL: map[string]string{"user": "full_control"},
5081+
SecureSMBEnabled: true,
5082+
}
5083+
flexVol := &api.Volume{
5084+
Name: "flexvol",
5085+
Comment: "flexvol",
5086+
JunctionPath: "/vol1",
5087+
Size: "1",
5088+
}
5089+
5090+
mockAPI.EXPECT().SVMName().AnyTimes().Return("SVM1")
5091+
mockAPI.EXPECT().VolumeInfo(ctx, "vol1").Return(flexVol, nil)
5092+
mockAPI.EXPECT().SMBShareExists(ctx, "vol1").Return(false, nil)
5093+
mockAPI.EXPECT().SMBShareCreate(ctx, "vol1", flexVol.JunctionPath).Return(nil)
5094+
result := driver.Import(ctx, volConfig, "vol1")
5095+
assert.NoError(t, result)
5096+
}
5097+
5098+
func TestOntapNasStorageDriverVolumeImport_SecureSMBEnabled(t *testing.T) {
5099+
mockAPI, driver := newMockOntapNASDriver(t)
5100+
driver.Config.NASType = sa.SMB
5101+
volConfig := &storage.VolumeConfig{
5102+
Size: "1g",
5103+
Encryption: "false",
5104+
InternalName: "vol2",
5105+
PeerVolumeHandle: "fakesvm:vol1",
5106+
ImportNotManaged: false,
5107+
UnixPermissions: DefaultUnixPermissions,
5108+
SMBShareACL: map[string]string{"user": "full_control"},
5109+
SecureSMBEnabled: true,
5110+
}
5111+
flexVol := &api.Volume{
5112+
Name: "flexvol",
5113+
Comment: "flexvol",
5114+
JunctionPath: "/vol1",
5115+
Size: "1",
5116+
}
5117+
5118+
mockAPI.EXPECT().SVMName().AnyTimes().Return("SVM1")
5119+
mockAPI.EXPECT().VolumeInfo(ctx, "vol1").Return(flexVol, nil)
5120+
mockAPI.EXPECT().VolumeRename(ctx, "vol1", "vol2").Return(nil)
5121+
mockAPI.EXPECT().VolumeModifyUnixPermissions(ctx, "vol2", "vol1", DefaultUnixPermissions).Return(nil)
5122+
mockAPI.EXPECT().SMBShareExists(ctx, volConfig.InternalName).Return(false, nil)
5123+
mockAPI.EXPECT().SMBShareCreate(ctx, volConfig.InternalName, flexVol.JunctionPath).Return(nil)
5124+
mockAPI.EXPECT().SMBShareAccessControlCreate(ctx, volConfig.InternalName, volConfig.SMBShareACL).Return(nil)
5125+
mockAPI.EXPECT().SMBShareAccessControlDelete(ctx, volConfig.InternalName, smbShareDeleteACL).Return(nil)
5126+
result := driver.Import(ctx, volConfig, "vol1")
5127+
assert.NoError(t, result)
5128+
}
5129+
50705130
func TestOntapNasStorageDriverVolumeImport_NameTemplateInvalidLabel(t *testing.T) {
50715131
mockAPI, driver := newMockOntapNASDriver(t)
50725132

@@ -5188,6 +5248,71 @@ func TestOntapNasStorageDriverVolumeImport_NameTemplate(t *testing.T) {
51885248
assert.NoError(t, result)
51895249
}
51905250

5251+
func TestOntapNasStorageDriverVolumeImport_SecureSMBAccessControlCreatefail(t *testing.T) {
5252+
mockAPI, driver := newMockOntapNASDriver(t)
5253+
driver.Config.NASType = sa.SMB
5254+
volConfig := &storage.VolumeConfig{
5255+
Size: "1g",
5256+
Encryption: "false",
5257+
InternalName: "vol2",
5258+
PeerVolumeHandle: "fakesvm:vol1",
5259+
ImportNotManaged: false,
5260+
UnixPermissions: DefaultUnixPermissions,
5261+
SMBShareACL: map[string]string{"usr": "full_control"},
5262+
SecureSMBEnabled: true,
5263+
}
5264+
flexVol := &api.Volume{
5265+
Name: "flexvol",
5266+
Comment: "flexvol",
5267+
JunctionPath: "/vol1",
5268+
Size: "1",
5269+
}
5270+
5271+
mockAPI.EXPECT().SVMName().AnyTimes().Return("SVM1")
5272+
mockAPI.EXPECT().VolumeInfo(ctx, "vol1").Return(flexVol, nil)
5273+
mockAPI.EXPECT().VolumeRename(ctx, "vol1", "vol2").Return(nil)
5274+
mockAPI.EXPECT().VolumeModifyUnixPermissions(ctx, "vol2", "vol1", DefaultUnixPermissions).Return(nil)
5275+
mockAPI.EXPECT().SMBShareExists(ctx, volConfig.InternalName).Return(false, nil)
5276+
mockAPI.EXPECT().SMBShareCreate(ctx, volConfig.InternalName, flexVol.JunctionPath).Return(nil)
5277+
mockAPI.EXPECT().SMBShareAccessControlCreate(ctx, volConfig.InternalName,
5278+
volConfig.SMBShareACL).Return(fmt.Errorf("cannot create SMB Share Access Control rule"))
5279+
result := driver.Import(ctx, volConfig, "vol1")
5280+
assert.Error(t, result)
5281+
}
5282+
5283+
func TestOntapNasStorageDriverVolumeImport_SecureSMBAccessControlDeletefail(t *testing.T) {
5284+
mockAPI, driver := newMockOntapNASDriver(t)
5285+
driver.Config.NASType = sa.SMB
5286+
volConfig := &storage.VolumeConfig{
5287+
Size: "1g",
5288+
Encryption: "false",
5289+
InternalName: "vol2",
5290+
PeerVolumeHandle: "fakesvm:vol1",
5291+
ImportNotManaged: false,
5292+
UnixPermissions: DefaultUnixPermissions,
5293+
SMBShareACL: map[string]string{"user": "full_control"},
5294+
SecureSMBEnabled: true,
5295+
}
5296+
flexVol := &api.Volume{
5297+
Name: "flexvol",
5298+
Comment: "flexvol",
5299+
JunctionPath: "/vol1",
5300+
Size: "1",
5301+
}
5302+
5303+
mockAPI.EXPECT().SVMName().AnyTimes().Return("SVM1")
5304+
mockAPI.EXPECT().VolumeInfo(ctx, "vol1").Return(flexVol, nil)
5305+
mockAPI.EXPECT().VolumeRename(ctx, "vol1", "vol2").Return(nil)
5306+
mockAPI.EXPECT().VolumeModifyUnixPermissions(ctx, "vol2", "vol1", DefaultUnixPermissions).Return(nil)
5307+
mockAPI.EXPECT().SMBShareExists(ctx, volConfig.InternalName).Return(false, nil)
5308+
mockAPI.EXPECT().SMBShareCreate(ctx, volConfig.InternalName, flexVol.JunctionPath).Return(nil)
5309+
mockAPI.EXPECT().SMBShareAccessControlCreate(ctx, volConfig.InternalName, volConfig.SMBShareACL).Return(nil)
5310+
mockAPI.EXPECT().SMBShareAccessControlDelete(ctx, volConfig.InternalName,
5311+
smbShareDeleteACL).Return(fmt.Errorf("cannot delete SMB Share Access Control rule"))
5312+
result := driver.Import(ctx, volConfig, "vol1")
5313+
assert.Error(t, result)
5314+
}
5315+
51915316
func TestOntapNasStorageDriverVolumeImport_NameTemplateLabelLengthExceeding(t *testing.T) {
51925317
mockAPI, driver := newMockOntapNASDriver(t)
51935318

0 commit comments

Comments
 (0)