Commit Graph

577 Commits

Author SHA1 Message Date
Zuul 4dc5f6b730 Merge "Fix the link to get the next share replica" 2024-03-20 17:46:58 +00:00
Zuul 18ffa38116 Merge "Change admin metadata config option name" 2024-03-13 22:27:21 +00:00
Zuul bd3b074aa5 Merge "Forbid resetting state of active replicas" 2024-03-13 14:08:49 +00:00
Okeke Christian c8236141f8 Fix the link to get the next share replica
The url to get the next share replica is broken when performing
pagination. The new API uses underscore to represent resource.
This fix resolves the broken link for share replicas by using alias.

Closes-bug: #2023754
Change-Id: I31e32c0bcfb60b53121da9a96df3b44ad2b3ac67
2024-03-13 11:45:11 +01:00
Zuul d4fb4319f5 Merge "refactoring: modify function parameters and annotations to match" 2024-03-13 04:47:12 +00:00
Youngjun 8806fbe1c2 refactoring: modify function parameters and annotations to match
- the parameter description in the parameter and annotation did not match, so this was fixed.

Change-Id: I1557b74b5a2d0b81f68aa15149490bb178a5a716
Signed-off-by: Youngjun <yj.yoo@okestro.com>
2024-03-13 09:53:04 +09:00
Zuul 012c256bab Merge "Share backups enhancement" 2024-03-12 21:51:06 +00:00
Zuul 99722dbea8 Merge "Add doc for service disable reason" 2024-03-12 18:53:00 +00:00
agireesh 6909a7c213 Share backups enhancement
Added new column named 'backup_type' in 'share_backups' table
and changes the share common api libs to support the dhss_true
configuration for share backup creation

Partially-implements: bp/share-backup
Change-Id: Ifb88ec096674ea8bc010c1c3f6dea1b51be3beaa
2024-03-12 15:56:38 +05:30
haixin 37f1564c67 Add doc for service disable reason
Change-Id: Ie2774a16323cf03a741583165fc7079cc8ca096d
2024-03-11 08:56:43 +08:00
Gray Lutalo b7a1b5b2cf Forbid resetting state of active replicas
In a replication setup, users encountered a critical
issue where they unintentionally reset the replica_state
of an active replica while attempting to resolve errors
on a non-active replica. This led to a situation with no
active replica, causing data loss. Users expected
server-side validation to prevent such actions.

This commit implements the necessary validation in the
codebase to ensure that the reset_replica_state action
cannot be applied to active replicas, addressing the
reported issue and improving data integrity in
replication setups.

Co-Authored-By: Solly <solobarine@gmail.com>
Closes-Bug: #2015328
Change-Id: I629669476e585a834673b8c8b49ad4b0270b877f
2024-03-09 07:40:42 +01:00
silvacarloss 987352d6cb Change admin metadata config option name
This change is a follow-up to a change that merged recently [1].
We are changing the name of the config option to make it similar
to the policy we have defined for updating some metadata that
should only be manipulated by administrators.

[1] https://review.opendev.org/c/openstack/manila/+/909175

Related-Bug: #2050010
Change-Id: I9a8a27f1181b92291f2d4ad5fd9d4483e2dacc50
2024-03-08 20:36:35 +00:00
jayaanand.borra@netapp.com ea1ac5f448 Human readable export location core implementation
Export locations are usually too difficult to memo
rize.Currently, there is no way to determine the
export location before the share is created, so
users wait until the share creation request gets
completed, and then they check the export
locations to mount the share. The generated
export locations are often not human readable
 and it is hard to memorize and control them.

Implements: bp/human-readable-export-locations
Change-Id: I72ac7e24ddd4330d76cafd5e7f78bac2b0174883
2024-03-07 17:20:30 -05:00
Zuul 7b685d9dda Merge "Add a new config option to specify admin metadata" 2024-02-29 17:06:48 +00:00
Zuul 618576ff31 Merge "Add disabled reason field to service." 2024-02-28 21:27:48 +00:00
haixin 12ef157c3b Add disabled reason field to service.
update micversion to 2.83
user can set disabled reason for service.

Closes-Bug: #2037700

Change-Id: I3d7c46945366ac9e1d305c2f6de2233859259bf7
2024-02-27 14:27:37 +08:00
silvacarloss 3429717601 Add a new config option to specify admin metadata
- A new config option named ``admin_metadata_keys`` was introduced
and we expect it to be set in the DEFAULT section of the manila
configuration file. It is expected that administrators will provide
a list of metadata keys that can only be updated by administrators
through this configuration option.

- Drivers will be able to set metadata while creating shares
through the `get_optional_share_creation_data` driver interface.

Closes-Bug: #2050010
Change-Id: I6412710c7db89747d23033e1a5a6be9de5886b0b
2024-02-22 14:31:44 -03:00
Takashi Kajinami b488f42332 Bump hacking
hacking 3.1.x is too old.

Change-Id: Ic5131276ac1d1a1a959d0a5b16398ae12fae0c18
2024-01-27 23:57:00 +09:00
melakualehegn b24ef91f2c Change status and error handling for /shares API
This change modifies the status and error handling
logic of the /shares API when it fails to handle
the specified share_type in the request. The updated
logic ensures that appropriate responses are
generated to handle this scenario effectively.

Closes-Bug: #1944478

Change-Id: I8d4b30daae2fe8c88c30d93d402bf2e5a558f804
2023-10-27 15:26:40 +03:00
Zuul 504d0a10c6 Merge "[Doc] Annotate max api microversion in Bobcat" 2023-10-18 21:45:25 +00:00
Goutham Pacha Ravi ad29f8a065 Fix policy check in metadata APIs
When a user doesn't have access to a non-public
resource, the appropriate response is HTTP 404,
not HTTP 403.

Change-Id: I62afec521c5cdfdd67ab83da40e69e6a2688c737
Closes-Bug: #2004230
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
2023-10-16 18:11:46 +00:00
Goutham Pacha Ravi 2da876749e [Doc] Annotate max api microversion in Bobcat
Also fix a mis-formatted microversion underline.

Change-Id: Iaebb5381139da25cd71d793b8b5bf73101a5aeb1
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
2023-10-06 12:59:20 -07:00
Zuul 0d08682a8f Merge "db: Rename 'share_export_location_*' to 'export_location_*'" 2023-10-05 19:14:08 +00:00
Zuul d0182bf9e4 Merge "db: Rename 'share_instances_*' to 'share_instance_*'" 2023-10-04 17:17:03 +00:00
Zuul 398722be59 Merge "[RBAC] Enforce check for share updates" 2023-09-28 20:56:32 +00:00
Zuul c247ed50fc Merge "Fix share network delete procedure" 2023-09-28 14:41:22 +00:00
Stephen Finucane 8b148ebd41 db: Rename 'share_export_location_*' to 'export_location_*'
This better aligns with 'export_location_metadata_*' APIs. The plural
'export_locations_get*' APIs are renamed to 'export_location_get_all*'.

Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Change-Id: I14f2b834e7ac2d8be86f9d7e381706cadbb79eb8
2023-09-27 16:31:07 +01:00
Stephen Finucane 204215722e db: Rename 'share_instances_*' to 'share_instance_*'
Rename a number of APIs to use singular, rather than plural, like every
other API uses:

- share_instances_status_update ->
    share_instance_status_update
- share_instances_get_all ->
    share_instance_get_all
- share_instances_get_all_by_host ->
    share_instance_get_all_by_host
- share_instances_get_all_by_share_network ->
    share_instance_get_all_by_share_network
- share_instances_get_all_by_share_server ->
    share_instance_get_all_by_share_server
- share_instances_get_all_by_share ->
    share_instance_get_all_by_share
- share_instances_get_all_by_share_group_id ->
    share_instance_get_all_by_share_group_id

Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Change-Id: Ic48fe0d1631a6e1a8ee9a50741cc1b31c9187c37
2023-09-27 16:20:17 +01:00
Goutham Pacha Ravi 55edb00cc1 [RBAC] Enforce check for share updates
When a user has access to the APIs to reset status,
task state or replica state but doesn't have access to
the share, they must be prevented from performing
those actions. This enforcement allows granular control
of these actions and the resources themselves.

Change-Id: Ic3be777b238a467d1b7bd1daa6aa088dedb095b0
Closes-Bug: #1955627
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
2023-09-25 16:58:59 -07:00
BubaVV 42e66d9f38 Fix share network delete procedure
Currently, delete of share network leaves security service associations
behind it. DB purge job can't process them because they are constrained
to soft-deleted networks. Proposed patch fixes both formation of
orphaned associations and seamless purging of them.

Closes-Bug: #2029366
Change-Id: I9593dd6e89b2d290d3919c92d209132e1cec84f0
2023-09-24 01:21:28 +03:00
Goutham Pacha Ravi 190876809f [rbac] Pull up policy checks on share/snapshot APIs
RBAC enforcement in manila happens in stages:
1) Does user have access to the API
2) Does user have access to the resource
3) Is user permitted to perform the API action on the resource

If (1) fails, user gets a HTTP 403, if (2) fails,
they get a HTTP 404; if (3) fails, they get a HTTP 403.

More often than not, (2) prevents "existence" detection
of resources that don't belong to the user; except in
case of "public" resources (e.g.: shares can be "public").

In some share API methods, policy checks for (1) are
happening after a bunch of processing. This leads to
some inconsistency.

Fix these occurrences to ensure a consistent user
experience.

Change-Id: I5b1f1ce517efed000f17b1e0901e183a1913ba9f
Related-Bug: #2004230
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
2023-09-21 19:23:57 -07:00
Zuul 65f1bb8f08 Merge "Validate provider_location while managing snapshot" 2023-09-14 20:35:55 +00:00
Zuul 011ed92ef0 Merge "Follow-up access rules restrictions change" 2023-08-29 02:32:42 +00:00
Zuul da95114610 Merge "Update Share backup APIs and add api ref" 2023-08-28 21:48:33 +00:00
silvacarloss 51cc6d40de Follow-up access rules restrictions change
Address comments in the change that introduced APIs for locking
access rules visibility and deletion.

Change-Id: Idd08b211a0672bd479d005aff21aaf5c35089746
2023-08-28 09:51:57 -03:00
Kiran Pawar 3a2d220f8a Update Share backup APIs and add api ref
- Follow up change to fix suggestions from earlier pull request i.e.
  https://review.opendev.org/c/openstack/manila/+/343980 .
- Add API-ref docs
- Rename column availability_zone to availability_zone_id in
  share_backups table.

Implement: blueprint share-backup
Closes-bug: #2031311
Change-Id: Ice01ab7892b1eb52b3202f2c79957977f73f3aca
2023-08-25 13:15:05 +00:00
silvacarloss 0f82690ddd Allow restricting access rules fields and deletion
Access rules rules allow API will now take three additional
parameters:

- lock_visibility: when True, only services, administrators and
  the same user will be able to see the content of ``access_to`` and
  access_key.

- lock_deletion: when True, the access rule will be locked for
  deletion. Only services, administrators or the user that placed
  the lock will be able to drop the access rule.

- lock_reason: a reason for the lock. This parameter should only
  be provided in the presence of at least one of the former
  parameters.

In order to delete an access rule that is currently locked, the
requester will need to specify ``unrestrict=True`` in the request.

In case a service placed the restrictions, only the own service or
the system administrator will be able to release it.

This change also implements filters to the access list API. It is
now possible to filter access rules based on `access_to`,
`access_type`, `access_level` and `access_key`.

DocImpact

Change-Id: Iea422c9d6bc99a81cd88c5f4b7055d6a1cf97fdc
2023-08-24 14:53:06 -03:00
Goutham Pacha Ravi f641577d8a Resource Locks: Support for share deletion lock
Add CRUD APIs for resource locks with support
for preventing deletion of shares (applies to
soft-deletions and unmanage operations as well).

Change-Id: I146bc09e4e8a39797e22458ff6860346e11e592e
Implements: bp/allow-locking-shares-against-deletion
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
2023-08-18 10:47:25 -07:00
Goutham Pacha Ravi f6725f7c14 Validate provider_location while managing snapshot
Change-Id: Iec2ceb8a4d8519e5ed716e771dc17388ab5d4d7f
Closes-Bug: #2031048
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
2023-08-10 15:28:31 -07:00
zhongjun 0b99fdaa9a Implement share backup
Add share backup feature in Data Copy Service and
Share Service. It will allow the user to create, restore
and delete backups as well as listing backups and showing
the details of a specific backup.

APIImpact
DOCImpact

Change-Id: I7d10cf47864cd21932315375d84dc728ff738f23
Implement: blueprint share-backup
2023-08-10 11:11:42 +00:00
Zuul 2318b27f40 Merge "Fix error message from share server API" 2023-08-03 11:32:41 +00:00
Kiran Pawar c88aac595b [API] Validate display name/description length
In case of snapshot create/update, if display name or  description is
above max limit (fields created in db with limit 255), manila
internally throws DB exception. But the error reported to user is not
meaningful.
Fix by validating name/description length should not cross max limit.

Closes-bug: #2023964
Change-Id: I6b1a274da3692700650f84736877c0ae98d46c81
2023-08-01 08:22:32 +00:00
Felipe Rodrigues 456b90898f Fix error message from share server API
Fixing share server api error message when share network
does not exist.

Closes-bug: #2025649
Change-Id: I19a2f7dbb2375b2d3a281efa673da986f29aa9d6
2023-07-31 09:31:38 -03:00
Kiran Pawar 0e7812657b Add count info in 'snapshot list' API
Added support for display count info in share snapshot
list&detail APIs:

1. /v2/snapshots?with_count=True
2. /v2/snapshots/detail?with_count=True

New microversion added 2.79

Closes-bug: #2024556
Change-Id: I37d8ca9022e2ea2c107c6695e20e951d7950043a
2023-07-25 08:33:15 +00:00
Goutham Pacha Ravi 4351805302 [Doc] Annotate max api microversion in Antelope
Change-Id: Icc37b55bf17063eb3796d2934c35e53cd34011b2
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
2023-06-24 00:31:11 +00:00
Kiran Pawar 8eb38ac41a onlyHostFilter: Fix follow-up suggestions.
1. Change context as first argument to function.
2. Fix spelling mistake in version history
3. Add new host_admin RBAC policy which is applied in onlyHostFilter
since non-admin user as well needs to create share on specific host.

Change-Id: Id2c09ebab874ec983da7f26370932d46a0447801
2023-05-23 07:08:11 +00:00
Kiran Pawar 98be6376b2 Add 'state' column in 'services' table.
When manila services are stopped or restarted via stop(), the DB
entries are not deleted, they are destroyed only in kill() method. In
cluster deployments, where multiple instances of manila services are
deployed via PODs, unique hostname is derived from node name. However
if pods are deployed again and launched on new hosts/nodes, the old
entries of manila service remains as it is.
Fix it by adding 'state' column in 'services' table and introducing
per service cleanup function. On service stop, state is changed to
'stopped' and cleanup function will delete 'stopped' services unless
they are 'up' again before cleanup periodic interval.

Closes-bug: #1990839
Change-Id: I8b71c4c27ff8fcb25616a95a5ed8362a7f4ffc61
2023-02-23 11:12:00 +00:00
Zuul 793c5c362e Merge "Fix Manila API error message" 2023-02-23 06:59:10 +00:00
Zuul cf86b23896 Merge "Metadata for Share Network Subnet Resource" 2023-02-21 01:45:59 +00:00
Zuul 214dc4fb73 Merge "Prevent failure on get quiesce_wait_time" 2023-02-18 16:35:33 +00:00