mgr/smb: add a new hosts_access field to the Share resource

This access list can be used to allow or deny access to hosts by
IP address or network (IP/prefixlen-style). It partially borrows
from the previous work to do ip address binds.
The structure would look something like the following:
```
  hosts_access:
    - address: 192.168.7.200
      access: allow
    - address: 192.168.7.202
      access: allow
    - network: 10.10.220.0/24
      access: allow
```
or
```
  hosts_access:
    - access: deny
      network: 10.10.220.0/24
``

Signed-off-by: John Mulligan <jmulligan@redhat.com>

diff --git a/src/pybind/mgr/smb/resources.py b/src/pybind/mgr/smb/resources.py
index 4fe7ad6b4d6888e8b77f6dd55218c5c96aee7c4d..c43655b6cb874c390f9f455495f09304138a6829 100644 (file)
--- a/src/pybind/mgr/smb/resources.py
+++ b/src/pybind/mgr/smb/resources.py
@@ -13,12 +13,14 @@ from ceph.deployment.service_spec import (
     SMBClusterPublicIPSpec,
     SpecValidationError,
 )
+from ceph.smb.network import to_network
 from object_format import ErrorResponseBase
 
 from . import resourcelib, validation
 from .enums import (
     AuthMode,
     CephFSStorageProvider,
+    HostAccess,
     Intent,
     JoinSourceType,
     LoginAccess,
@@ -189,6 +191,30 @@ class LoginAccessEntry(_RBase):
         validation.check_access_name(self.name)
 
 
+@resourcelib.component()
+class HostAccessEntry(_RBase):
+    access: HostAccess
+    address: str = ''
+    network: str = ''
+
+    def validate(self) -> None:
+        # to_network raises ValueError if values are invalid
+        to_network(network=self.network, address=self.address)
+
+    @property
+    def normalized_value(self) -> str:
+        if self.address:
+            return self.address
+        # normalize network string
+        return str(to_network(network=self.network))
+
+    @resourcelib.customize
+    def _customize_resource(rc: resourcelib.Resource) -> resourcelib.Resource:
+        rc.address.quiet = True
+        rc.network.quiet = True
+        return rc
+
+
 @resourcelib.resource('ceph.smb.share')
 class RemovedShare(_RBase):
     """Represents a share that has / will be removed."""
@@ -229,6 +255,7 @@ class Share(_RBase):
     custom_smb_share_options: Optional[Dict[str, str]] = None
     login_control: Optional[List[LoginAccessEntry]] = None
     restrict_access: bool = False
+    hosts_access: Optional[List[HostAccessEntry]] = None
 
     def __post_init__(self) -> None:
         # if name is not given explicitly, take it from the share_id