Rename a number of APIs to use singular, rather than plural, like every
other API uses:
- share_instances_status_update ->
share_instance_status_update
- share_instances_get_all ->
share_instance_get_all
- share_instances_get_all_by_host ->
share_instance_get_all_by_host
- share_instances_get_all_by_share_network ->
share_instance_get_all_by_share_network
- share_instances_get_all_by_share_server ->
share_instance_get_all_by_share_server
- share_instances_get_all_by_share ->
share_instance_get_all_by_share
- share_instances_get_all_by_share_group_id ->
share_instance_get_all_by_share_group_id
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Change-Id: Ic48fe0d1631a6e1a8ee9a50741cc1b31c9187c37
This is an internal change in the share manager's
"ensure_driver_resources" method, and isn't invoked
by any code path yet. The idea is to allow drivers
to opt into running "update_access" on shares that
they are ensuring.
Only drivers that implement "ensure_shares" can
take advantage of this feature.
Change-Id: Ieb7b0dedd98dc02b593078d08d4c0bdf4a1af2bf
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
This is a follow up patch for [1] which removes some unused model
properties and add more unit tests to increase coverage.
[1] https://review.opendev.org/c/openstack/manila/+/774728
Change-Id: I10af132203cb07cea62839014925c7e4c99499e4
Signed-off-by: Douglas Viroel <viroel@gmail.com>
Fix pylint E103 warning raised by usage of
self.__class__ to refer to the derived class
in super() methods.
self.__class__ is a reasonable first argument
to super() in any method of a class, as long
as the method is not going to be invoked in
derived classes.
Python3 removes this ambiguity by not requiring
arguments for the super() method.
[1] https://docs.pylint.org/en/1.6.0/features.html#id33
Change-Id: I6071b6cfd8cff2be3853d739f71b94da990cda97
Python 3 is more strict in ordering container elements and raises errors
when attempted to order unorderable types like dicts.
So, fix such places and replace them with proper things.
Ref: https://review.openstack.org/#/c/210252/
Change-Id: I47f2e61d0721ec2759427dd0be0e22c15b21e1a6
Partially-Implements: bp py3-compatibility
We cannot deny ipv6 access rules because we remove the ipv6
access rules from global delete rules, not just remove the
ipv6 access rules from driver update_access interface parameters.
So the ipv6 access rules cannot be deleted in db.
Now, changed to only remove the ipv6 access rules
from the driver update_access interface parameters(add_rules,
delete_rules, access_rules_to_be_on_share).
Closes-bug: 1707066
Depends-On: Ifea1799e1d2e3963fec7e90ce3f9cb47b9f02f4f
Change-Id: Idd0014d898d5468922625e62f9e649926dc04e35
Please read spec for design detail [1].
Support IPv6 in IP drivers, networks and share
type extra specs.
Co-Authored-By: TommyLikeHu(tommylikehu@gmail.com)
Co-Authored-By: Ben Swartzlander <ben@swartzlander.org>
[1] f7202a6cfe32a057f752a4e393f848f8a0211c36
DocImpact
Partial-Implements: blueprint support-ipv6-access
Change-Id: I96d3389262e9829b8b4344870cdf5c76abd22828
- Add Database migration to introduce the column on the
share instances model.
- Set the field to True if creating read-only secondary
replicas, unset while promoting them.
- Set the field to True if drivers don't support writable access
to migrating shares, or if using host assisted migration.
Unset if migration fails, or is canceled.
- Expose the field via share-instances and share-replicas
APIs to administrators.
Supporting read only-access rules is part of the minimum
driver requirements in manila.
APIImpact
DocImpact
Implements: bp fix-and-improve-access-rules
Co-Authored-By: Rodrigo Barbieri <rodrigo.barbieri@fit-tecnologia.org.br>
Change-Id: Ie8425f36f02cbcede0aaa9f3fe1f5f3cf23df8b8
- Pull up policy check to beginning of the APIs.
- Avoid making access rules changes when one or
more instances of the share are in an invalid state.
- Add back the per rule share instance access status.
This restoration provides better visibility for which
rules were applied successfully.
- Remove 'updating' and 'updating_multiple' as valid
states for the share instance access rules status.
- Deprecate the access rule state 'new' in favor of
'queued_to_apply' and the share instance access rules
status 'out_of_sync' in favor of 'syncing'.
In a new API micro-version:
- Allow access rule changes irrespective of the share's
access_rules_status.
- Expose new access rule states and share's
access_rules_status values.
Access rules for each share instance now transition
from 'queued_to_apply' to 'applying' to 'active' or 'error';
and from 'active', 'queued_to_apply', 'applying' or 'error'
to 'queued_to_deny' to 'denying' to 'deleted'.
APIImpact
DocImpact
Partially-implements: bp fix-and-improve-access-rules
Co-Authored-By: Mike Rooney <rooneym@netapp.com>
Change-Id: Ic25e63215b5ba723cbc8cab7c51789c698e76f28
For drivers that implement update_access always through recovery
mode, access rules previously set to read-only were being reset
to read-write when the Data Service was adding/removing its access
rule.
Fixed it by integrating the logic that casts DB rules to read-only
into access helper class.
Change-Id: Ife35dcdb99dffa2f266b5c2f6a68fe163da7edd3
Closes-bug: #1626523
For backends with internal authentication system,
e.g. Ceph, that return ``access_key`` (credential) for
client identities that are granted share access:
* Retrieve ``access_key`` as return value of driver's
update_access()
* Store ``access_key`` in ShareAccessMapping model
* Expose it in access_list API
APIImpact
DocImpact
Partially implements bp auth-access-keys
Co-Authored-By: John Spray <jspray@redhat.com>
Change-Id: I486064f117cf3001dba7735ca92a7d89aee3ce5b
In mitaka, update_access merged with a known concurrency issue.
This concurrency has been randomly failing in our CIs. This change
adds a lock mechanism to prevent that, while rules are being removed
by a thread, a parallel thread adds back or handle the same rules
that are being removed.
Also, a late mitaka update_access patch [1] broke share migration access
rules consistency, thus leaving stale access rule data on share server
that hosted the share prior to its migration. This patch addresses this
by preventing the refresh mechanism from adding back rules
that are removed.
[1] I0f863cbae4d8af0660114161deda7bf7aa60d71d
Change-Id: Ief3b15eefc0fc325a2a5418fc7ac2724c315cc21
Co-Authored-By: Rodrigo Barbieri <rodrigo.barbieri2010@gmail.com>
Co-Authored-By: Goutham Pacha Ravi <gouthamr@netapp.com>
Closes-Bug: #1566815
Closes-Bug: #1609414
... by preserving the error state of the share
instance's ``access_rules_status``.
Closes-Bug: #1605203
Change-Id: Ib0b01ee4b52e6c05d36484bdf3faa1b4db4b849a
With the new update_access interface, concurrent requests to allow
access might get lost when the driver takes a long time to process
the new rules. This patch fixes this issue by verifying for the
existence of new unprocessed rules at the end of the update_access
method.
APIImpact
access_allow action on shares with access_rules_status 'out_of_sync'
was previously disallowed with HTTPBadRequest. Now, the action is
disallowed only for shares with access_rules_status set to 'error'.
Change-Id: I0f863cbae4d8af0660114161deda7bf7aa60d71d
Closes-bug: #1550295
- Add update_access() method to driver interface
- Move all code related to access operations to ShareInstanceAccess
class
- Statuses from individual access rules are now mapped to
share_instance's access_rules_status
- Add 'access_rules_status' field to share instance, which indicates
current status of applying access rules
APIImpact
Co-Authored-By: Rodrigo Barbieri <rodrigo.barbieri@fit-tecnologia.org.br>
Co-Authored-By: Tiago Pasqualini da Silva <tiago.pasqualini@gmail.com>
Implements: bp new-share-access-driver-interface
Change-Id: Iff1ec2e3176a46e9f6bd383b38ffc5d838aa8bb8