Merge "Improve IPv6 documentation for access rules"

This commit is contained in:
Zuul 2020-09-10 17:44:36 +00:00 committed by Gerrit Code Review
commit 636f255546
2 changed files with 45 additions and 32 deletions

View File

@ -578,36 +578,45 @@ access_to:
description: |
The value that defines the access. The back end
grants or denies the access to it. A valid value is one of these
values: - ``ip``. Authenticates an instance through its IP
address. A valid format is ``XX.XX.XX.XX`` or
``XX.XX.XX.XX/XX``. For example ``0.0.0.0/0``. - ``cert``.
Authenticates an instance through a TLS certificate. Specify the
TLS identity as the IDENTKEY. A valid value is any string up to
64 characters long in the common name (CN) of the certificate.
The meaning of a string depends on its interpretation. -
``user``. Authenticates by a user or group name. A valid value is
an alphanumeric string that can contain some special characters
and is from 4 to 32 characters long.
values:
- ``ip``:
Authenticates a client through its IP address, that can be IPv4 or IPv6.
You may specify a single client IP address or a range of IP addresses in
CIDR notation. For example ``0.0.0.0/0`` for IPv4 or ``::/0`` for IPv6.
- ``cert``:
Authenticates an instance through a TLS certificate. Specify the TLS
identity as the IDENTKEY. A valid value is any string up to 64 characters
long in the common name (CN) of the certificate. The meaning of a string
depends on its interpretation.
- ``user``:
Authenticates by a user or group name. A valid value is an alphanumeric
string that can contain some special characters and is from 4 to 32
characters long.
in: body
required: true
type: string
access_type:
description: |
The access rule type. A valid value for the
share access rule type is one of the following values: - ``ip``.
Authenticates an instance through its IP address. A valid format
is ``XX.XX.XX.XX`` or ``XX.XX.XX.XX/XX``. For example
``0.0.0.0/0``. - ``cert``. Authenticates an instance through a
TLS certificate. Specify the TLS identity as the IDENTKEY. A
valid value is any string up to 64 characters long in the common
name (CN) of the certificate. The meaning of a string depends on
its interpretation. - ``user``. Authenticates by a user or
group name. A valid value is an alphanumeric string that can
contain some special characters and is from 4 to 32 characters
long.
in: body
required: true
type: string
description: |
The access rule type. A valid value for the share access rule type is one
of the following values:
- ``ip``:
Authenticates a client through its IP address, that can be IPv4 or IPv6.
You may specify a single client IP address or a range of IP addresses in
CIDR notation. For example ``0.0.0.0/0`` for IPv4 or ``::/0`` for IPv6.
- ``cert``:
Authenticates a client through a TLS certificate. Specify the TLS
identity as the IDENTKEY. A valid value is any string up to 64 characters
long in the common name (CN) of the certificate. The meaning of a string
depends on its interpretation.
- ``user``:
Authenticates by a user or group name. A valid value is an alphanumeric
string that can contain some special characters and is from 4 to 32
characters long.
action_id_body:
in: body
required: true

View File

@ -330,7 +330,11 @@ Allow read-write access
| metadata | {'key1': 'value1'} |
+--------------+--------------------------------------+
.. note::
.. note::
Since API version 2.38, access rules of type IP supports IPv6 addresses
and subnets in CIDR notation.
.. note::
Since API version 2.45, metadata can be added, removed and updated for
share access rules in a form of key=value pairs. Metadata can help you
identify and filter access rules.
@ -355,14 +359,14 @@ Allow read-only access
.. code-block:: console
$ manila access-allow myshare ip 20.0.0.0/24 --access-level ro
$ manila access-allow myshare ip fd31:7ee0:3de4:a41b::/64 --access-level ro
+--------------+--------------------------------------+
| Property | Value |
+--------------+--------------------------------------+
| id | 45b0a030-306a-4305-9e2a-36aeffb2d5b7 |
| share_id | 83b0772b-00ad-4e45-8fad-106b9d4f1719 |
| access_level | ro |
| access_to | 20.0.0.0/24 |
| access_to | fd31:7ee0:3de4:a41b::/64 |
| access_type | ip |
| state | queued_to_apply |
| access_key | None |
@ -376,12 +380,12 @@ Allow read-only access
.. code-block:: console
$ manila access-list myshare
+--------------------------------------+-------------+-------------+--------------+--------+------------+----------------------------+------------+
| id | access_type | access_to | access_level | state | access_key | created_at | updated_at |
+--------------------------------------+-------------+-------------+--------------+--------+------------+----------------------------+------------+
| 45b0a030-306a-4305-9e2a-36aeffb2d5b7 | ip | 20.0.0.0/24 | ro | active | None | 2020-08-07T05:28:35.000000 | None |
| e30bde96-9217-4f90-afdc-27c092af1c77 | ip | 10.0.0.0/24 | rw | active | None | 2020-08-07T05:27:27.000000 | None |
+--------------------------------------+-------------+-------------+--------------+--------+------------+----------------------------+------------+
+--------------------------------------+-------------+----------------------------+--------------+--------+------------+----------------------------+------------+
| id | access_type | access_to | access_level | state | access_key | created_at | updated_at |
+--------------------------------------+-------------+----------------------------+--------------+--------+------------+----------------------------+------------+
| 45b0a030-306a-4305-9e2a-36aeffb2d5b7 | ip | fd31:7ee0:3de4:a41b::/64 | ro | active | None | 2020-08-07T05:28:35.000000 | None |
| e30bde96-9217-4f90-afdc-27c092af1c77 | ip | 10.0.0.0/24 | rw | active | None | 2020-08-07T05:27:27.000000 | None |
+--------------------------------------+-------------+----------------------------+--------------+--------+------------+----------------------------+------------+
Another access rule is created.