From e5e3b10656fa4f533e0499917757618573e2595f Mon Sep 17 00:00:00 2001 From: silvacarloss Date: Wed, 20 Mar 2024 17:43:33 -0300 Subject: [PATCH] [doc] Admin only modifiable metadata Updates to the administrator and configuration metadata to address the new configuration option, which allows administrators to specify metadata items that should not be updated by less privileged users. Signed-off-by: silvacarloss Partial-Bug: #2057707 Change-Id: If8d51d50630f0581d588e07c3c086442b451c360 --- doc/source/admin/shared-file-systems-crud-share.rst | 7 +++++++ doc/source/configuration/tables/manila-common.inc | 2 ++ 2 files changed, 9 insertions(+) diff --git a/doc/source/admin/shared-file-systems-crud-share.rst b/doc/source/admin/shared-file-systems-crud-share.rst index b15cf26172..fa893cefec 100644 --- a/doc/source/admin/shared-file-systems-crud-share.rst +++ b/doc/source/admin/shared-file-systems-crud-share.rst @@ -501,6 +501,13 @@ You can update the metadata: You also can unset the metadata using **manila metadata unset **. +.. note:: + In case you want to prevent certain metadata key-values to be manipulated by + less privileged users, you can provide a list of such keys through the admin + only metadata configuration option listed in the + :ref:`additional configuration options page `. + + Reset share state ----------------- diff --git a/doc/source/configuration/tables/manila-common.inc b/doc/source/configuration/tables/manila-common.inc index 5b6686d47e..c13019caf4 100644 --- a/doc/source/configuration/tables/manila-common.inc +++ b/doc/source/configuration/tables/manila-common.inc @@ -126,3 +126,5 @@ - (List) Check the presence of a file based on a port to determine if an application is running on a port. Expects a "port:path" list of strings. Used by DisableByFilesPortsHealthcheck plugin. * - ``path`` = ``/healthcheck`` - (String) DEPRECATED: The path to respond to healtcheck requests on. + * - ``admin_only_metadata`` = ``__affinity_same_host,__affinity_different_host`` + - (List) The affinity keys are default to ensure backwards compatibility. Update the list with metadata items that should only be manipulated by people allowed by the "update_admin_only_metadata" policy.