0b04d8d671
This patch adds support for automated creation of FPolicy policies and association to a share. The FPolicy configuration can be added using the extra-specs 'netapp:fpolicy_extensions_to_include', 'netapp:fpolicy_extensions_to_exclude' and 'netapp:fpolicy_file_operations'. Change-Id: I661de95bfb6f8e68b3a8c58663bb6055e9b809f6 Implements: bp netapp-fpolicy-support Signed-off-by: Douglas Viroel <viroel@gmail.com>
26 lines
1.1 KiB
YAML
26 lines
1.1 KiB
YAML
---
|
|
features:
|
|
- |
|
|
Added support for FPolicy on NetApp ONTAP driver. FPolicy allows creation
|
|
of file policies that specify file operation permissions according to
|
|
file type. This feature can be enabled using the following extra-specs:
|
|
|
|
- ``netapp:fpolicy_extensions_to_include``:
|
|
specifies file extensions to be included for screening. Values should be
|
|
provided as comma separated list.
|
|
- ``netapp:fpolicy_extensions_to_exclude``:
|
|
specifies file extensions to be excluded for screening. Values should be
|
|
provided as comma separated list.
|
|
- ``netapp:fpolicy_file_operations``:
|
|
specifies all file operations to be monitored. Values should be provided
|
|
as comma separated list.
|
|
|
|
FPolicy works for backends with and without share server management. When
|
|
using NetApp backends with SVM administrator accounts, make sure that the
|
|
assigned access-control role has access set to "all" for "vserver fpolicy"
|
|
directory.
|
|
|
|
This feature does not work with share replicas to avoid failures on replica
|
|
promotion, due to lack of FPolicy resources in the destination SVM.
|
|
|