openstack/manila
Code Issues Proposed changes
785016eb74
manila/releasenotes/notes/bug-1626249-reintroduce-per-share-instance-access-rule-state-7c08a91373b21557.yaml
Goutham Pacha Ravi 64a73b1419 Refactor Access Rules APIs 
- Pull up policy check to beginning of the APIs.
- Avoid making access rules changes when one or
  more instances of the share are in an invalid state.
- Add back the per rule share instance access status.
  This restoration provides better visibility for which
  rules were applied successfully.
- Remove 'updating' and 'updating_multiple' as valid
  states for the share instance access rules status.
- Deprecate the access rule state 'new' in favor of
  'queued_to_apply' and the share instance access rules
  status 'out_of_sync' in favor of 'syncing'.

In a new API micro-version:
- Allow access rule changes irrespective of the share's
   access_rules_status.
- Expose new access rule states and share's
  access_rules_status values.

Access rules for each share instance now transition
from 'queued_to_apply' to 'applying' to 'active' or 'error';
and from 'active', 'queued_to_apply', 'applying' or 'error'
to 'queued_to_deny' to 'denying' to 'deleted'.

APIImpact
DocImpact

Partially-implements: bp fix-and-improve-access-rules
Co-Authored-By: Mike Rooney <rooneym@netapp.com>
Change-Id: Ic25e63215b5ba723cbc8cab7c51789c698e76f28
2017-01-19 15:02:58 -05:00

25 lines
1.3 KiB
YAML
Raw Blame History

---
features:
- New micro-states ('applying', 'denying'), appear in the 'state' field
of access rules list API. These transitional states signify the state of
an access rule while its application or denial is being processed
asynchronously.
- Access rules can be added regardless of the 'access_rules_status'
of the share or any of its replicas.
fixes:
- Fixed a bug with the share manager losing access rule updates when
multiple access rules are added to a given share simultaneously.
- Instead of all existing access rules transitioning to 'error' state
when some error occurs while applying or denying access rules to a given
share, only the rules that were in transitional statuses ('applying',
'denying') during an update will transition to 'error' state. This
change is expected to aid in identifying any 'bad' rules that require a
resolution by the user.
- Share action APIs dealing with allowing and denying access to shares now
perform the policy check for authorization to invoke those APIs as a
preliminary step.
- As before, when a share is replicated (or being migrated), all replicas
(or migration instances) of the share must be in a valid state in order
to allow or deny access to the share (where such actions are otherwise
allowed). The check enforcing this in the API is fixed.
View Git Blame Copy Permalink