Tenancy bug fixes

[pdhamdhere]

Fixed following issues;

• Creating volume with default size fails for tenant VM.
• If VM doesn't have access VM Home datastore then docker volume ls fails with list vmdk: VolumeDriver.List: No mount privilege error. Fixes Tenancy: Better error message for docker commands #686
• If VM doesn't have access to VM Home datastore but have access to nonVMDatastore, user still can't create volumes on nonVMDatastore. Fixes Multitenancy - Unable to create a volume on a datastore which is not default #703
• Removed auth checks for get/list command.
• "--remove-volume: true" replaced with "—remove-volume"
• "--remove-volume" if specified was deleting all volumes but was not deleting tenant directory.
• Print human readable default values Fixes Admin CLI tenant help should print default values #683 Fixes Improve the format of "tenant access ls" output #682
• tenant rm <T_Name> changed to tenant rm --name=<T_Name> Fixes Tenancy: Tenant rm command needs updates #688 Tenant cli improvement #675

Testing Done:

• docker volume create -d vmdk --name=vol1 from tenant VM.
• Grant access to nonVMDatastore. Do not grant access to VM Home datastore.
  • docker volume ls succeeds
  • docker volume create -d vmdk --name=vol2@nonVMDatastore succeeds
• For sanity checking, confirmed docker run with and without mount privilege.
• Print human readable default values;

vmdkops_admin tenant access ls --name=T2
Datastore     Create_volume  Delete_volume  Mount_volume  Max_volume_size  Total_size  
------------  -------------  -------------  ------------  ---------------  ----------  
ssdDatastore  True           True           False         2.00TB           Unset       

#668 Unit test should take into account updated behavior in this change.

[lipingxue]

Why do we need to call auth.get_tenant here. I think later auth.authorize will call this function inernally?

[pdhamdhere]

With this PR we skip authorization checks for list and get command. However, we do need tenantName to list volumes and thus call to get_tenant

[lipingxue]

If we hit error when deleting one volume, I think we should continue to delete other volumes. We should return error after go through all volumes.

[pdhamdhere]

Good point. Will fix this.

[lipingxue]

LGTM after fix the minor change I mentioned.

[lipingxue]

It should be 'tenant rm --name tenant1..." since "name" is not a positional argument.

[pdhamdhere]

Yes, looks like I forgot to save file before commit. Will push an update.

[msterin]

a couple of format comments below. bad hour to review the content :-)

[msterin]

I guess our attempt to follow docker volume command backfired. In docker, it is volume create --name=volname but volume rm name. @kernetime was also commenting on this. So I guess it is confusing. But if we do it consistent and deviate from docker volume command, I'd prefer 'tenant create ' and 'tenant rm '

[pdhamdhere]

Do you mean

vmdkops_admin tenant create T1
vmdkops_admin tenant rm T1

Or

vmdkops_admin tenant create --name=T1
vmdkops_admin tenant rm --name=T1

Most of tenant commands accept tenant name in the form of "--name=T1" for e.g. vmdkops_admin tenant access ls --name=T1 So, I changed rm to accept "--name=T1"

[msterin]

makes sense

[kerneltime]

From a usability stand point

vmdkops_admin tenant create T1
vmdkops_admin tenant rm T1

is a lot nicer, since all the operations are done on a per tenant basis maybe we should change all

vmdkops_admin tenant T1 access add --rights all

[pdhamdhere]

@kerneltime If we decide to change, let's make it in separate PR.

[msterin]

@kerneltime - vmdkops_admin tenant T1 access add --rights all is not trivial with argparse package. @andrewjstone - can you check if the above is true :-) ?

I suggest leaving it as is

[andrewjstone]

I'm not really sure what is being asked about here. The way we do choice parsing is by comma seperated values with no spaces. It should be feasible to have --rights all since it's a single value. See here

[msterin]

this is not Python v3 compatible. Please use function print("msg"), not language construct print msg

[pdhamdhere]

Done. Looks like all "print" in this file are incompatible with Python 3. I don't want to pollute change so only changed newly added print @ L862.

[msterin]

it's OK. I will change others in one pass for P3 move (using 2x3 tool). I just want to avoid new ones popping up

[govint]

Ok, PR #479 did handle 3.5 compat.

[msterin]

Yes, but it deviated from the working state (on print, and on list iterators, and probably more) so another pass is required. And. more importantly, we need a CI with 6/5, and pylint as a part of the build. And coverage.py in test runs. So for now I will re-fix on Py3 (or you can do it if you feel like it) and work with @kernetime to add pylinit to the build

[govint]

I do remember fixing this file to be Python 3.x compliant. If adding new
code then can we make it compliant?

On Mon, Nov 7, 2016 at 4:43 AM, Prashant Dhamdhere <notifications@github.com

wrote:

@pdhamdhere commented on this pull request.

In esx_service/cli/vmdkops_admin.py
#706:

@@ -857,8 +859,8 @@ def tenant_rm(args):
# If args "remove_volumes" is not specified in CLI
# args.remove_volumes will be None
if args.remove_volumes:

•    if args.remove_volumes == 'True':
  

•        remove_volumes = True
  

•    print "All Volumes will be removed"
  

Done. Looks like all "print" in this file are incompatible with Python 3.
I don't want to pollute change so only changed newly added print @ L862.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#706, or mute the
thread
https://github.com/notifications/unsubscribe-auth/APHseBixQjoASdJaH5NXRa0BA0lhK0ysks5q7l8ugaJpZM4KqIUN
.

[govint]

won't this authorize for Get also (called below)

[pdhamdhere]

No, Removed CMD_LIST & CMD_GET from check_privileges_for_command.

[msterin]

@govint - we do not have pylint in the build and no Py3 in CI test bed, so the py3 compatibility can rot. I will add pylint and @kerneltime - can we add py3 (latest ESX GA) to the CI ?

[govint]

Can admin CLI sanity tests be added for the create and ls use cases.

[msterin]

LGTM with 2 conditionals :-)

1. CI pass
2. Please add an issue for relevant Unit Tests - @lipingxue already has some unit tests on the list, they should also cover this PR