Access rules rules allow API will now take three additional
parameters:
- lock_visibility: when True, only services, administrators and
the same user will be able to see the content of ``access_to`` and
access_key.
- lock_deletion: when True, the access rule will be locked for
deletion. Only services, administrators or the user that placed
the lock will be able to drop the access rule.
- lock_reason: a reason for the lock. This parameter should only
be provided in the presence of at least one of the former
parameters.
In order to delete an access rule that is currently locked, the
requester will need to specify ``unrestrict=True`` in the request.
In case a service placed the restrictions, only the own service or
the system administrator will be able to release it.
This change also implements filters to the access list API. It is
now possible to filter access rules based on `access_to`,
`access_type`, `access_level` and `access_key`.
DocImpact
Change-Id: Iea422c9d6bc99a81cd88c5f4b7055d6a1cf97fdc
Add CRUD APIs for resource locks with support
for preventing deletion of shares (applies to
soft-deletions and unmanage operations as well).
Change-Id: I146bc09e4e8a39797e22458ff6860346e11e592e
Implements: bp/allow-locking-shares-against-deletion
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
Added support for display count info in share snapshot
list&detail APIs:
1. /v2/snapshots?with_count=True
2. /v2/snapshots/detail?with_count=True
New microversion added 2.79
Closes-bug: #2024556
Change-Id: I37d8ca9022e2ea2c107c6695e20e951d7950043a
These are issues that pre-commit identified. Address them now.
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Change-Id: I19f7d3689a000c41787b3fe15632564928bbf6a6
Further instructions have been added to the quota API reference,
mentioning what needs to be done in order to retrieve and modify
quotas for a given share type. The workflow is similar to the user
and the responses too, but one parameter must be different.
Change-Id: Ib613e6aabaa8707c6311ae30a02e7a68c90aba08
1. Change context as first argument to function.
2. Fix spelling mistake in version history
3. Add new host_admin RBAC policy which is applied in onlyHostFilter
since non-admin user as well needs to create share on specific host.
Change-Id: Id2c09ebab874ec983da7f26370932d46a0447801
Add the api reference to the feature merged in Antelope release cycle
2023.1 share network subnet metadata
Change-Id: I8143c2652dc9024e3fed5e1ea60b16c86de0a5f2
Closes-bug: #2008028
The default value for "is_public" parameter for share group type
creation should be True. However, it is set to `false`. Fix the
error in the documentation and sets the default value of `is_public`
to `true`.
Closes-bug: #1997743
Change-Id: Ia596ec0ffcf16414c6b4a5f0e1631e7a755af23a
user can create a transfer for a share. will return transfer id
and auth_key. another user can use transfer_id and auth_key to
accept this share. salt of transfer and auth_key compute crypt_hash
by sha1. then compare with crypt_hash in db.
APIImpact
DocImpact
Partially-Implements: blueprint transfer-share-between-project
Change-Id: I8facf9112a6b09e6b7aed9956c0a87fb5f1fc31f
Allows to configure optional field 'default_ad_site' from version 2.76.
Restrict to make sure either server or 'default_at_site' provided, but
not both.
APIImpact
Relates-bug: #1988146
Change-Id: I8e21e9170eace134a51efed84de1ccc58eb7eaaa
Currently netapp_snapmirror_quiesce_timeout is an option of replica
promote that can only be set by the operator. There are scenarios where
high timeout value set by operator does not fit well e.g. disaster
stroke and user want to do an unplanned failover fast. Added new
option 'quiesce_wait_time' to share replica promote API which allows
to use specified wait_time(in seconds) instead of config option.
Closes-bug: #2000171
Change-Id: Ib02063ee8b82f7374cd89f90e7f24a845c6c7cd7
Share replica create API does not allow to specify share network and
forces to use parent share's share network. This is problem for some
use-cases, e.g. migration from one share network to another share
network via replication is not possible. Fixed by allowing to pass
'share-network' option for share replica create API and make sure both
parent share-network and user provided share-network will have same
security service association.
Partial-Bug: #1925486
Change-Id: I9049dcd418fbb16d663ab8ed27b90c765fafc5d3
The override file now supports yaml format. While
JSON formatting is absolutely fine, the file suffix
".json" will confuse our tooling.
Change-Id: I01ce4ab3e879a8dbbc7377997f7e497f15c9b15e
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
1. Use share-groups instead of share_groups for share groups uri
2. Add the detail api doc description for share groups list
Change-Id: I898fd5f71440b91989dcab6f8d46f5d0a0e07993
1. Use group-specs instead of group_specs for share group type.
2. Use access instead of share_type_access for share group types.
Change-Id: Ie5ac1b927ca4a01269f1c255cee52bdf2ebf7c69
Share_replicas (which are internally share_instances with replica_state
not null) have "updated_at" in its view/API call. However same field is
missing in share-instance show command.
Closes-Bug: #1965122
Change-Id: Ia69f3615d82e0044e3e9f81556dc8355637ef146
openstackdocstheme's custom styling doesn't display (h1)
headings in the body of the API ref. To work-around this
problem, demote the section headers and increase
the display level of the toctree.
Change-Id: I18b6ab44b62c4f17d854e5d32b4aef546992c79a
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
Share network list API referece was missing some filter parametes.
Add the missing parameters so users can be aware of all the options
available to query share networks.
Closes-Bug: #1945711
Change-Id: I21b4f48d0c41f052aca1d7dcd0f1b640cfa3084a
Add support share Recycle Bin, the end user can soft delete
share to Recycle Bin, and can restore the share within 7 days,
otherwise the share will be deleted automatically.
DocImpact
APIImpact
Partially-Implements: blueprint manila-share-support-recycle-bin
Change-Id: Ic838eec5fea890be6513514053329b1d2d86b3ba
The OnlyHostFilter added for share creation can be extended to use in
share replica creation using scheduler-hints.
e.g. manila share-replica-create share_id \
--scheduler-hints "only_host=host@backend#pool"
OnlyHostFilter (https://review.opendev.org/c/openstack/manila/+/813293)
Depends-on: I603434cac246e2c0946672d3f0fe469ed5423fa4
Closes-Bug: #1950313
Change-Id: I2e6d8709fc02df16622bdc910127fa489835db38
The response code of share network creation operation is
mentioned 202 while it should be 200.
Closes-Bug: #1958072
Change-Id: I27c24c71a7c388033fbdf206c2d3e8004839d98a
The endpoint for /shares/{share_id}/instances was missing for the
share section.
This patch adds the section and update the existing one on
v2/shate_instances.
Closes-Bug: 1952673
Change-Id: Ie8412379c20528575d2e67485ce955bcf8c13eee
e.g. manila create NFS 1 --name Share1 --share-network net1 \
--scheduler_hint="only_host=host1@generic1#GENERIC1"
Since there is no way to create share server in manila, we can use a
workaround of creating first share on specific host
(e.g. host@backend#pool). This will then create the share server
automatically on that host and admin can use idle host when other
hosts are overloaded.
New microversion 2.67 introduced.
DocImpact
Closes-Bug: #1946462
Change-Id: I603434cac246e2c0946672d3f0fe469ed5423fa4
Add support for group_specs filter search in share group type list API.
Implements: blueprint support-group-spec-search-share-group-type-api
Change-Id: I10caed1d524614a74a75e8f856b0579ab11dc4b5
Updates the API reference to fit into the changes merged in the
add/update security service in share networks feature.
Change-Id: Id7dd45dc23c41c1ade28b042f87b216142b8a062
Fixing cast_rules_to_readonly type from string to boolean
for share instances and share replicas.
The API-REF had the wrong type for these fields.
Closes-Bug: #1948717
Change-Id: Ie8defe1fcb03bced9887ba1b41d5b062ba477924
Samples illustrate how to send POST requests to the
/v2/share-replicas/{replica_id}/action to initiate
share replica promotion and resync actions.
Change-Id: I6c4890909406668322e387466620d591f161a93a
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
This patch implements hard affinity and anti-affinity filter for
manila scheduler. Users can specify affinity/anti-affinity share
ids to the field "share.scheduler_hints.same_host" or
"share.scheduler_hints.different_host" in the request payload
when creating a manila share. The scheduler_hints are stored as
share metadata. The filter properties are populated from this
metadata during share migration and so filters will be applied
for share migration as well.
Both fields can be a single share UUID or multiple uuids
separated by comma. For example,
`{
"share": {
"scheduler_hints": {
"same_host": "share_uuid_1,share_uuid_2",
"different_host": "share_uuid_3"
}
}
}`
Implements: bp/affinity-antiaffinity-filter
Change-Id: Ic42d8a0c1d22e77ae64e0ca014607b28fd336467
Co-authored-by: Maurice Escher <maurice.escher@sap.com>
The key for access rule metadata in the API
request or response is just "metadata".
The "access_key" in /share-access-rules
endpoint responses doesn't need to specify
a min-version since its present in all API
versions that the endpoint itself is supported
with.
TrivialFix
Change-Id: I66ac3804f22d70ad673eb7185e5e7eb08843c811
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>