f641577d8a
Add CRUD APIs for resource locks with support for preventing deletion of shares (applies to soft-deletions and unmanage operations as well). Change-Id: I146bc09e4e8a39797e22458ff6860346e11e592e Implements: bp/allow-locking-shares-against-deletion Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
326 lines
7.5 KiB
ReStructuredText
326 lines
7.5 KiB
ReStructuredText
.. -*- rst -*-
|
|
|
|
Resource Locks (since API v2.81)
|
|
================================
|
|
|
|
Create, list, update and delete locks on user actions on resources.
|
|
|
|
|
|
Create a resource lock
|
|
~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
.. rest_method:: POST /v2/resource-locks
|
|
|
|
.. versionadded:: 2.81
|
|
|
|
Lock a specific action on a given resource.
|
|
|
|
Not all resources are supported, and not actions on supported resources can
|
|
be prevented with this mechanism. A lock can only be removed or manipulated
|
|
by the user that created it, or by a more privileged user. The cloud
|
|
administrator can use a ``policy.yaml`` file to tweak permissions on who
|
|
can manipulate and delete locks created by other users.
|
|
|
|
Response codes
|
|
--------------
|
|
|
|
.. rest_status_code:: success status.yaml
|
|
|
|
- 200
|
|
|
|
.. rest_status_code:: error status.yaml
|
|
|
|
- 400
|
|
- 401
|
|
- 403
|
|
- 404
|
|
- 409
|
|
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- service_token: service_token_locks
|
|
- resource_lock: resource_lock_object
|
|
- resource_id: resource_lock_resource_id
|
|
- resource_type: resource_lock_resource_type
|
|
- resource_action: resource_lock_resource_action_create_optional
|
|
- lock_reason: resource_lock_lock_reason_optional
|
|
|
|
Request Example
|
|
---------------
|
|
|
|
.. literalinclude:: ./samples/resource-lock-create-request.json
|
|
:language: javascript
|
|
|
|
|
|
Response Parameters
|
|
-------------------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- resource_lock: resource_lock_object
|
|
- id: resource_lock_id
|
|
- user_id: resource_lock_user_id
|
|
- project_id: resource_lock_project_id
|
|
- lock_context: resource_lock_lock_context
|
|
- resource_type: resource_lock_resource_type
|
|
- resource_id: resource_lock_resource_id
|
|
- resource_action: resource_lock_resource_action
|
|
- lock_reason: resource_lock_lock_reason
|
|
- created_at: created_at
|
|
- updated_at: updated_at
|
|
- links: links
|
|
|
|
Response Example
|
|
----------------
|
|
|
|
.. literalinclude:: ./samples/resource-lock-create-response.json
|
|
:language: javascript
|
|
|
|
|
|
List resource locks
|
|
~~~~~~~~~~~~~~~~~~~
|
|
|
|
.. rest_method:: GET /v2/resource-locks
|
|
|
|
.. versionadded:: 2.81
|
|
|
|
Retrieve resource locks with filters
|
|
|
|
Response codes
|
|
--------------
|
|
|
|
.. rest_status_code:: success status.yaml
|
|
|
|
- 200
|
|
|
|
.. rest_status_code:: error status.yaml
|
|
|
|
- 401
|
|
- 403
|
|
- 404
|
|
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- service_token: service_token_locks
|
|
- id: resource_lock_id_query
|
|
- resource_id: resource_lock_resource_id_query
|
|
- resource_action: resource_lock_resource_action_query
|
|
- resource_type: resource_lock_resource_type_query
|
|
- user_id: resource_lock_user_id_query
|
|
- project_id: resource_lock_project_id_query
|
|
- all_projects: resource_lock_all_projects_query
|
|
- lock_context: resource_lock_lock_context_query
|
|
- created_since: created_since_query
|
|
- created_before: created_before_query
|
|
- lock_reason: resource_lock_lock_reason_query
|
|
- lock_reason~: resource_lock_lock_reason_inexact_query
|
|
- sort_key: sort_key_resource_locks
|
|
- sort_dir: sort_dir
|
|
- offset: offset
|
|
- with_count: with_count_query_without_min_version
|
|
|
|
|
|
Response Parameters
|
|
-------------------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- resource_locks: resource_locks_object
|
|
- id: resource_lock_id
|
|
- user_id: resource_lock_user_id
|
|
- project_id: resource_lock_project_id
|
|
- lock_context: resource_lock_lock_context
|
|
- resource_type: resource_lock_resource_type
|
|
- resource_id: resource_lock_resource_id
|
|
- resource_action: resource_lock_resource_action
|
|
- lock_reason: resource_lock_lock_reason
|
|
- created_at: created_at
|
|
- updated_at: updated_at
|
|
- links: links
|
|
- count: count_without_min_version
|
|
|
|
Response Example
|
|
----------------
|
|
|
|
.. literalinclude:: ./samples/resource-lock-get-all-response.json
|
|
:language: javascript
|
|
|
|
|
|
Get a resource lock
|
|
~~~~~~~~~~~~~~~~~~~
|
|
|
|
.. rest_method:: GET /v2/resource-locks/{resource-lock-id}
|
|
|
|
.. versionadded:: 2.81
|
|
|
|
Retrieve a specific resource lock
|
|
|
|
By default, resource locks can be viewed by all users within a project that
|
|
owns the locks. The cloud administrator can use a ``policy.yaml`` file to tweak
|
|
this behavior.
|
|
|
|
Response codes
|
|
--------------
|
|
|
|
.. rest_status_code:: success status.yaml
|
|
|
|
- 200
|
|
|
|
.. rest_status_code:: error status.yaml
|
|
|
|
- 401
|
|
- 403
|
|
- 404
|
|
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- service_token: service_token_locks
|
|
- resource_id: resource_lock_id_path
|
|
|
|
|
|
Response Parameters
|
|
-------------------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- resource_lock: resource_lock_object
|
|
- id: resource_lock_id
|
|
- user_id: resource_lock_user_id
|
|
- project_id: resource_lock_project_id
|
|
- lock_context: resource_lock_lock_context
|
|
- resource_type: resource_lock_resource_type
|
|
- resource_id: resource_lock_resource_id
|
|
- resource_action: resource_lock_resource_action
|
|
- lock_reason: resource_lock_lock_reason
|
|
- created_at: created_at
|
|
- updated_at: updated_at
|
|
- links: links
|
|
|
|
Response Example
|
|
----------------
|
|
|
|
.. literalinclude:: ./samples/resource-lock-get-response.json
|
|
:language: javascript
|
|
|
|
|
|
Update a resource lock
|
|
~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
.. rest_method:: PUT /v2/resource-locks/{resource-lock-id}
|
|
|
|
.. versionadded:: 2.81
|
|
|
|
Update a specific resource lock
|
|
|
|
By default, resource locks can be updated by the user that created the lock
|
|
unless the ``lock_context`` is set to ``admin`` or ``service``. A user with
|
|
``service`` role is required to manipulate locks that have a ``lock_context``
|
|
set to ``service``. Users with ``admin`` role can manipulate all locks.
|
|
Administrators can use ``policy.yaml`` to tweak this behavior.
|
|
|
|
Response codes
|
|
--------------
|
|
|
|
.. rest_status_code:: success status.yaml
|
|
|
|
- 200
|
|
|
|
.. rest_status_code:: error status.yaml
|
|
|
|
- 401
|
|
- 403
|
|
- 404
|
|
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- service_token: service_token_locks
|
|
- resource_id: resource_lock_id_path
|
|
- resource_lock: resource_lock_object
|
|
- resource_action: resource_lock_resource_action_optional
|
|
- lock_reason: resource_lock_lock_reason_optional
|
|
|
|
Request Example
|
|
----------------
|
|
|
|
.. literalinclude:: ./samples/resource-lock-update-request.json
|
|
:language: javascript
|
|
|
|
Response Parameters
|
|
-------------------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- resource_lock: resource_lock_object
|
|
- id: resource_lock_id
|
|
- user_id: resource_lock_user_id
|
|
- project_id: resource_lock_project_id
|
|
- lock_context: resource_lock_lock_context
|
|
- resource_type: resource_lock_resource_type
|
|
- resource_id: resource_lock_resource_id
|
|
- resource_action: resource_lock_resource_action
|
|
- lock_reason: resource_lock_lock_reason
|
|
- created_at: created_at
|
|
- updated_at: updated_at
|
|
- links: links
|
|
|
|
Response Example
|
|
----------------
|
|
|
|
.. literalinclude:: ./samples/resource-lock-update-response.json
|
|
:language: javascript
|
|
|
|
|
|
Delete a resource lock
|
|
~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
.. rest_method:: DELETE /v2/resource-locks/{resource-lock-id}
|
|
|
|
.. versionadded:: 2.81
|
|
|
|
Delete a specific resource lock
|
|
|
|
By default, resource locks can be deleted by the user that created the lock
|
|
unless the ``lock_context`` is set to ``admin`` or ``service``. A user with
|
|
``service`` role is required to delete locks that have a ``lock_context``
|
|
set to ``service``. Users with ``admin`` role can delete any lock.
|
|
Administrators can use ``policy.yaml`` to tweak this behavior.
|
|
|
|
This request provides no response body.
|
|
|
|
Response codes
|
|
--------------
|
|
|
|
.. rest_status_code:: success status.yaml
|
|
|
|
- 204
|
|
|
|
.. rest_status_code:: error status.yaml
|
|
|
|
- 401
|
|
- 403
|
|
- 404
|
|
|
|
Request
|
|
-------
|
|
|
|
.. rest_parameters:: parameters.yaml
|
|
|
|
- service_token: service_token_locks
|
|
- resource_id: resource_lock_id_path
|