The url to get the next share replica is broken when performing
pagination. The new API uses underscore to represent resource.
This fix resolves the broken link for share replicas by using alias.
Closes-bug: #2023754
Change-Id: I31e32c0bcfb60b53121da9a96df3b44ad2b3ac67
- the parameter description in the parameter and annotation did not match, so this was fixed.
Change-Id: I1557b74b5a2d0b81f68aa15149490bb178a5a716
Signed-off-by: Youngjun <yj.yoo@okestro.com>
Added new column named 'backup_type' in 'share_backups' table
and changes the share common api libs to support the dhss_true
configuration for share backup creation
Partially-implements: bp/share-backup
Change-Id: Ifb88ec096674ea8bc010c1c3f6dea1b51be3beaa
In a replication setup, users encountered a critical
issue where they unintentionally reset the replica_state
of an active replica while attempting to resolve errors
on a non-active replica. This led to a situation with no
active replica, causing data loss. Users expected
server-side validation to prevent such actions.
This commit implements the necessary validation in the
codebase to ensure that the reset_replica_state action
cannot be applied to active replicas, addressing the
reported issue and improving data integrity in
replication setups.
Co-Authored-By: Solly <solobarine@gmail.com>
Closes-Bug: #2015328
Change-Id: I629669476e585a834673b8c8b49ad4b0270b877f
This change is a follow-up to a change that merged recently [1].
We are changing the name of the config option to make it similar
to the policy we have defined for updating some metadata that
should only be manipulated by administrators.
[1] https://review.opendev.org/c/openstack/manila/+/909175
Related-Bug: #2050010
Change-Id: I9a8a27f1181b92291f2d4ad5fd9d4483e2dacc50
Export locations are usually too difficult to memo
rize.Currently, there is no way to determine the
export location before the share is created, so
users wait until the share creation request gets
completed, and then they check the export
locations to mount the share. The generated
export locations are often not human readable
and it is hard to memorize and control them.
Implements: bp/human-readable-export-locations
Change-Id: I72ac7e24ddd4330d76cafd5e7f78bac2b0174883
- A new config option named ``admin_metadata_keys`` was introduced
and we expect it to be set in the DEFAULT section of the manila
configuration file. It is expected that administrators will provide
a list of metadata keys that can only be updated by administrators
through this configuration option.
- Drivers will be able to set metadata while creating shares
through the `get_optional_share_creation_data` driver interface.
Closes-Bug: #2050010
Change-Id: I6412710c7db89747d23033e1a5a6be9de5886b0b
This change modifies the status and error handling
logic of the /shares API when it fails to handle
the specified share_type in the request. The updated
logic ensures that appropriate responses are
generated to handle this scenario effectively.
Closes-Bug: #1944478
Change-Id: I8d4b30daae2fe8c88c30d93d402bf2e5a558f804
When a user doesn't have access to a non-public
resource, the appropriate response is HTTP 404,
not HTTP 403.
Change-Id: I62afec521c5cdfdd67ab83da40e69e6a2688c737
Closes-Bug: #2004230
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
Also fix a mis-formatted microversion underline.
Change-Id: Iaebb5381139da25cd71d793b8b5bf73101a5aeb1
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
This better aligns with 'export_location_metadata_*' APIs. The plural
'export_locations_get*' APIs are renamed to 'export_location_get_all*'.
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Change-Id: I14f2b834e7ac2d8be86f9d7e381706cadbb79eb8
Rename a number of APIs to use singular, rather than plural, like every
other API uses:
- share_instances_status_update ->
share_instance_status_update
- share_instances_get_all ->
share_instance_get_all
- share_instances_get_all_by_host ->
share_instance_get_all_by_host
- share_instances_get_all_by_share_network ->
share_instance_get_all_by_share_network
- share_instances_get_all_by_share_server ->
share_instance_get_all_by_share_server
- share_instances_get_all_by_share ->
share_instance_get_all_by_share
- share_instances_get_all_by_share_group_id ->
share_instance_get_all_by_share_group_id
Signed-off-by: Stephen Finucane <stephenfin@redhat.com>
Change-Id: Ic48fe0d1631a6e1a8ee9a50741cc1b31c9187c37
When a user has access to the APIs to reset status,
task state or replica state but doesn't have access to
the share, they must be prevented from performing
those actions. This enforcement allows granular control
of these actions and the resources themselves.
Change-Id: Ic3be777b238a467d1b7bd1daa6aa088dedb095b0
Closes-Bug: #1955627
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
Currently, delete of share network leaves security service associations
behind it. DB purge job can't process them because they are constrained
to soft-deleted networks. Proposed patch fixes both formation of
orphaned associations and seamless purging of them.
Closes-Bug: #2029366
Change-Id: I9593dd6e89b2d290d3919c92d209132e1cec84f0
RBAC enforcement in manila happens in stages:
1) Does user have access to the API
2) Does user have access to the resource
3) Is user permitted to perform the API action on the resource
If (1) fails, user gets a HTTP 403, if (2) fails,
they get a HTTP 404; if (3) fails, they get a HTTP 403.
More often than not, (2) prevents "existence" detection
of resources that don't belong to the user; except in
case of "public" resources (e.g.: shares can be "public").
In some share API methods, policy checks for (1) are
happening after a bunch of processing. This leads to
some inconsistency.
Fix these occurrences to ensure a consistent user
experience.
Change-Id: I5b1f1ce517efed000f17b1e0901e183a1913ba9f
Related-Bug: #2004230
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
Address comments in the change that introduced APIs for locking
access rules visibility and deletion.
Change-Id: Idd08b211a0672bd479d005aff21aaf5c35089746
Access rules rules allow API will now take three additional
parameters:
- lock_visibility: when True, only services, administrators and
the same user will be able to see the content of ``access_to`` and
access_key.
- lock_deletion: when True, the access rule will be locked for
deletion. Only services, administrators or the user that placed
the lock will be able to drop the access rule.
- lock_reason: a reason for the lock. This parameter should only
be provided in the presence of at least one of the former
parameters.
In order to delete an access rule that is currently locked, the
requester will need to specify ``unrestrict=True`` in the request.
In case a service placed the restrictions, only the own service or
the system administrator will be able to release it.
This change also implements filters to the access list API. It is
now possible to filter access rules based on `access_to`,
`access_type`, `access_level` and `access_key`.
DocImpact
Change-Id: Iea422c9d6bc99a81cd88c5f4b7055d6a1cf97fdc
Add CRUD APIs for resource locks with support
for preventing deletion of shares (applies to
soft-deletions and unmanage operations as well).
Change-Id: I146bc09e4e8a39797e22458ff6860346e11e592e
Implements: bp/allow-locking-shares-against-deletion
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
Add share backup feature in Data Copy Service and
Share Service. It will allow the user to create, restore
and delete backups as well as listing backups and showing
the details of a specific backup.
APIImpact
DOCImpact
Change-Id: I7d10cf47864cd21932315375d84dc728ff738f23
Implement: blueprint share-backup
In case of snapshot create/update, if display name or description is
above max limit (fields created in db with limit 255), manila
internally throws DB exception. But the error reported to user is not
meaningful.
Fix by validating name/description length should not cross max limit.
Closes-bug: #2023964
Change-Id: I6b1a274da3692700650f84736877c0ae98d46c81
Added support for display count info in share snapshot
list&detail APIs:
1. /v2/snapshots?with_count=True
2. /v2/snapshots/detail?with_count=True
New microversion added 2.79
Closes-bug: #2024556
Change-Id: I37d8ca9022e2ea2c107c6695e20e951d7950043a
1. Change context as first argument to function.
2. Fix spelling mistake in version history
3. Add new host_admin RBAC policy which is applied in onlyHostFilter
since non-admin user as well needs to create share on specific host.
Change-Id: Id2c09ebab874ec983da7f26370932d46a0447801
When manila services are stopped or restarted via stop(), the DB
entries are not deleted, they are destroyed only in kill() method. In
cluster deployments, where multiple instances of manila services are
deployed via PODs, unique hostname is derived from node name. However
if pods are deployed again and launched on new hosts/nodes, the old
entries of manila service remains as it is.
Fix it by adding 'state' column in 'services' table and introducing
per service cleanup function. On service stop, state is changed to
'stopped' and cleanup function will delete 'stopped' services unless
they are 'up' again before cleanup periodic interval.
Closes-bug: #1990839
Change-Id: I8b71c4c27ff8fcb25616a95a5ed8362a7f4ffc61