From 56a6b39aa045d15f96fbd3afc62ebc77e24b3740 Mon Sep 17 00:00:00 2001
From: Douglas Viroel <viroel@gmail.com>
Date: Thu, 6 Aug 2020 17:57:24 -0300
Subject: [PATCH] Improve IPv6 documentation for access rules
This patch improves the access rules API documentation
to include IPv6 information that was missing.
It includes a note on user guide and changes an access list
example to IPv6.
Change-Id: I5a9ff4e3c8a70cb0b14caa39f5f17740b17b719a
Closes-Bug: #1705045
Signed-off-by: Douglas Viroel <viroel@gmail.com>
---
api-ref/source/parameters.yaml | 55 ++++++++++++--------
doc/source/user/create-and-manage-shares.rst | 22 ++++----
2 files changed, 45 insertions(+), 32 deletions(-)
diff --git a/api-ref/source/parameters.yaml b/api-ref/source/parameters.yaml
index 3a7bcaf25d..9d0e0f937e 100644
--- a/api-ref/source/parameters.yaml
+++ b/api-ref/source/parameters.yaml
@@ -578,36 +578,45 @@ access_to:
description: |
The value that defines the access. The back end
grants or denies the access to it. A valid value is one of these
- values: - ``ip``. Authenticates an instance through its IP
- address. A valid format is ``XX.XX.XX.XX`` or
- ``XX.XX.XX.XX/XX``. For example ``0.0.0.0/0``. - ``cert``.
- Authenticates an instance through a TLS certificate. Specify the
- TLS identity as the IDENTKEY. A valid value is any string up to
- 64 characters long in the common name (CN) of the certificate.
- The meaning of a string depends on its interpretation. -
- ``user``. Authenticates by a user or group name. A valid value is
- an alphanumeric string that can contain some special characters
- and is from 4 to 32 characters long.
+ values:
+
+ - ``ip``:
+ Authenticates a client through its IP address, that can be IPv4 or IPv6.
+ You may specify a single client IP address or a range of IP addresses in
+ CIDR notation. For example ``0.0.0.0/0`` for IPv4 or ``::/0`` for IPv6.
+ - ``cert``:
+ Authenticates an instance through a TLS certificate. Specify the TLS
+ identity as the IDENTKEY. A valid value is any string up to 64 characters
+ long in the common name (CN) of the certificate. The meaning of a string
+ depends on its interpretation.
+ - ``user``:
+ Authenticates by a user or group name. A valid value is an alphanumeric
+ string that can contain some special characters and is from 4 to 32
+ characters long.
in: body
required: true
type: string
access_type:
- description: |
- The access rule type. A valid value for the
- share access rule type is one of the following values: - ``ip``.
- Authenticates an instance through its IP address. A valid format
- is ``XX.XX.XX.XX`` or ``XX.XX.XX.XX/XX``. For example
- ``0.0.0.0/0``. - ``cert``. Authenticates an instance through a
- TLS certificate. Specify the TLS identity as the IDENTKEY. A
- valid value is any string up to 64 characters long in the common
- name (CN) of the certificate. The meaning of a string depends on
- its interpretation. - ``user``. Authenticates by a user or
- group name. A valid value is an alphanumeric string that can
- contain some special characters and is from 4 to 32 characters
- long.
in: body
required: true
type: string
+ description: |
+ The access rule type. A valid value for the share access rule type is one
+ of the following values:
+
+ - ``ip``:
+ Authenticates a client through its IP address, that can be IPv4 or IPv6.
+ You may specify a single client IP address or a range of IP addresses in
+ CIDR notation. For example ``0.0.0.0/0`` for IPv4 or ``::/0`` for IPv6.
+ - ``cert``:
+ Authenticates a client through a TLS certificate. Specify the TLS
+ identity as the IDENTKEY. A valid value is any string up to 64 characters
+ long in the common name (CN) of the certificate. The meaning of a string
+ depends on its interpretation.
+ - ``user``:
+ Authenticates by a user or group name. A valid value is an alphanumeric
+ string that can contain some special characters and is from 4 to 32
+ characters long.
action_id_body:
in: body
required: true
diff --git a/doc/source/user/create-and-manage-shares.rst b/doc/source/user/create-and-manage-shares.rst
index 991324fe39..2d0e7688f1 100644
--- a/doc/source/user/create-and-manage-shares.rst
+++ b/doc/source/user/create-and-manage-shares.rst
@@ -330,7 +330,11 @@ Allow read-write access
| metadata | {'key1': 'value1'} |
+--------------+--------------------------------------+
- .. note::
+ .. note::
+ Since API version 2.38, access rules of type IP supports IPv6 addresses
+ and subnets in CIDR notation.
+
+ .. note::
Since API version 2.45, metadata can be added, removed and updated for
share access rules in a form of key=value pairs. Metadata can help you
identify and filter access rules.
@@ -355,14 +359,14 @@ Allow read-only access
.. code-block:: console
- $ manila access-allow myshare ip 20.0.0.0/24 --access-level ro
+ $ manila access-allow myshare ip fd31:7ee0:3de4:a41b::/64 --access-level ro
+--------------+--------------------------------------+
| Property | Value |
+--------------+--------------------------------------+
| id | 45b0a030-306a-4305-9e2a-36aeffb2d5b7 |
| share_id | 83b0772b-00ad-4e45-8fad-106b9d4f1719 |
| access_level | ro |
- | access_to | 20.0.0.0/24 |
+ | access_to | fd31:7ee0:3de4:a41b::/64 |
| access_type | ip |
| state | queued_to_apply |
| access_key | None |
@@ -376,12 +380,12 @@ Allow read-only access
.. code-block:: console
$ manila access-list myshare
- +--------------------------------------+-------------+-------------+--------------+--------+------------+----------------------------+------------+
- | id | access_type | access_to | access_level | state | access_key | created_at | updated_at |
- +--------------------------------------+-------------+-------------+--------------+--------+------------+----------------------------+------------+
- | 45b0a030-306a-4305-9e2a-36aeffb2d5b7 | ip | 20.0.0.0/24 | ro | active | None | 2020-08-07T05:28:35.000000 | None |
- | e30bde96-9217-4f90-afdc-27c092af1c77 | ip | 10.0.0.0/24 | rw | active | None | 2020-08-07T05:27:27.000000 | None |
- +--------------------------------------+-------------+-------------+--------------+--------+------------+----------------------------+------------+
+ +--------------------------------------+-------------+----------------------------+--------------+--------+------------+----------------------------+------------+
+ | id | access_type | access_to | access_level | state | access_key | created_at | updated_at |
+ +--------------------------------------+-------------+----------------------------+--------------+--------+------------+----------------------------+------------+
+ | 45b0a030-306a-4305-9e2a-36aeffb2d5b7 | ip | fd31:7ee0:3de4:a41b::/64 | ro | active | None | 2020-08-07T05:28:35.000000 | None |
+ | e30bde96-9217-4f90-afdc-27c092af1c77 | ip | 10.0.0.0/24 | rw | active | None | 2020-08-07T05:27:27.000000 | None |
+ +--------------------------------------+-------------+----------------------------+--------------+--------+------------+----------------------------+------------+
Another access rule is created.