This patch fixes some issues with LDAP client configuration on
ONTAP SVMs. With ldap security service, users should be able to
configure a LDAP client that can be used for authentication and
name mapping. The name service switch order remains: ldap,files.
Issues fixed:
- The driver now identifies when user provide a Active Directory
domain or a Linux/Unix LDAP server IP and sets the correct schema.
- LDAP configuration parameter `servers` was replaced by `ldap-servers`
in ONTAP 9.2, and now accepts host names too.
- Fix DNS configuration for LDAP security service
- User can now specify base search DN for LDAP queries, which can be
mandatory for Unix/Linux servers, using the security service `ou`
parameter.
Closes-Bug: #1916534
Change-Id: Ieaa53abbe50e7b708e508c132dfc4bb36b71a4f5
Signed-off-by: Douglas Viroel <viroel@gmail.com>
This commit updates the policies for share type extra spec to understand scope
checking and account for a read-only role. This is part of a broader series of
changes across OpenStack to provide a consistent RBAC experience and improve
security.
Change-Id: Ib2f71bdbe22f092016df25a7118abf3337f8cb8d
This commit updates the policies for share snapshot instances to understand
scope checking and account for a read-only role. This is part of a broader
series of changes across OpenStack to provide a consistent RBAC experience and
improve security.
Change-Id: I6ec289e82d8f37ea7e832476345a3cac42662280
This feature allows admin to set share size limit for a project.
The defaults will either come from the default values
set in the quota configuration option or via manila.conf
if the user has configured default values for quotas there.
The quota_per_share_gigabytes defaults to -1["No Limit"] always
unless changed in manila.conf by admin.
Closes-Bug: #1811943
Change-Id: Ida126c8c419b8bf4d2a194f061a0809d52b47ab8
This commit updates the policies for share group type specs to understand scope
checking and account for a read-only role. This is part of a broader series of
changes across OpenStack to provide a consistent RBAC experience and improve
security.
Change-Id: Ie1b72459ae060693badb6fe864454836a4ff1300
This commit updates the policies for share network subnets to understand scope
checking and account for a read-only role. This is part of a broader series of
changes across OpenStack to provide a consistent RBAC experience and improve
security.
Change-Id: I2c90a40a7950be0463c3bc1bcf0b2d41cb6aeaa7
This commit updates the policies for share networks to understand scope
checking and account for a read-only role. This is part of a broader series of
changes across OpenStack to provide a consistent RBAC experience and improve
security.
Change-Id: Ie5e87c73e97d4a464ec91db8fba1c5d3e9abfff5
Add two new capabilities to manila. It is possible to set limits
to share server size and share instances in a share server by
setting `max_share_server_size` and `max_shares_per_share_server`
in a backend stanza.
Change-Id: I3170478d3aa2d09cb2adc32233dc57bc59029a56
Partially-Implements: bp new-share-server-limits
DocImpact
This commit updates the policies for
share group types to understand scope
checking and account for a read-only role.
This is part of a broader series of
changes across OpenStack to provide a
consistent RBAC experience and improve
security.
Also fix the HTTP method in the policy
doc for this API.
Change-Id: I8b95e1e70f74052e5bd4af1ba29842420bafd0b2
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
This commit updates the policies for share groups
to understand scope checking and account for a
read-only role. This is part of a broader series
of changes across OpenStack to provide a
consistent RBAC experience and improve security.
Change-Id: I71d63179131c5dbe75a2de7339fa4df70243e83f
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
This commit updates the policies for share instances to understand scope
checking and account for a read-only role. This is part of a broader series of
changes across OpenStack to provide a consistent RBAC experience and improve
security.
Change-Id: I1978fd95f5a9f798dd2d5a2ca011952515319746
This commit updates the policies for group snapshots to understand scope
checking and account for a read-only role. This is part of a broader series of
changes across OpenStack to provide a consistent RBAC experience and improve
security.
Change-Id: Id02cb45ecca32378a0a8b65589f21c64893d2c8e
This commit updates the policies for share types to understand scope checking
and account for a read-only role. This is part of a broader series of changes
across OpenStack to provide a consistent RBAC experience and improve security.
Change-Id: Id96bb3c7295dd2eae58a168fd5a265825c040a29
This commit updates the policies for share servers to understand scope checking
and account for a read-only role. This is part of a broader series of changes
across OpenStack to provide a consistent RBAC experience and improve security.
Change-Id: Ib6645980a84e911431862680161b48c4ff8ea494
This commit updates the policies for share snapshot instance export locations
to understand scope checking and account for a read-only role. This is part of
a broader series of changes across OpenStack to provide a consistent RBAC
experience and improve security.
Change-Id: I493f4e3bdca141b08ed8a6fbeb8b9d461e3d8118
This commit updates the policies for share snapshot locations to understand
scope checking and account for a read-only role. This is part of a broader
series of changes across OpenStack to provide a consistent RBAC experience and
improve security.
Change-Id: I6a7daaae66d103cf1435be275555777b51a251ab
This commit updates the policies for share replica locations to understand
scope checking and account for a read-only role. This is part of a broader
series of changes across OpenStack to provide a consistent RBAC experience and
improve security.
Change-Id: I2964f82844df47006e79c90d32f43174203f2aa6
This commit updates the policies for share instance export locations to
understand scope checking and account for a read-only role. This is part of a
broader series of changes across OpenStack to provide a consistent RBAC
experience and improve security.
Change-Id: I0cf9beed3c60fd790045580afa0c993c21e71d49
Allows set min/max share size that can be created in
extra_specs for each share_type.the share size will
be checked at API level as part of share create,
extend, shrink, migration_start. when manage share,
check it after get true size of share at manager layer.
new extra_specs keys are supported for set min/max
size of share.
'provisioning:max_share_size'
'provisioning:min_share_size'
Implements: blueprint share-size-limited-by-share-type
Change-Id: I5ce0fabf59bfca5ebaf0be5ffe9986e2b0480295
This commit updates the policies for share locations to understand scope
checking and account for a read-only role. This is part of a broader series of
changes across OpenStack to provide a consistent RBAC experience and improve
security.
Change-Id: Iaebbadea3ed153f19e7abb13d7d28ae3b6bb1fd9
This commit updates the policies for share
access rule metadata to understand scope
checking and account for a read-only role.
This is part of a broader series of
changes across OpenStack to provide a
consistent RBAC experience and improve
security.
Change-Id: Ie9fafd00f1a1888979fbce2a66af53613f8052c7
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
This commit updates the policies for share access rules to understand scope
checking and account for a read-only role. This is part of a broader series of
changes across OpenStack to provide a consistent RBAC experience and improve
security.
Change-Id: I12026c7874620abb076df979f0492f6d1b8563fd
This commit updates the policies for services to
understand scope checking and account for a
read-only role. This is part of a broader series
of changes across OpenStack to provide a
consistent RBAC experience and improve security.
Change-Id: I340f63874af5783099ed6b353be61a2909829343
This commit updates the policies for security services
to understand scope checking and account for a read-only
role. This is part of a broader series of changes across
OpenStack to provide a consistent RBAC experience and
improve security.
Change-Id: I399a61691dad3a80c289c9f3f99f3c48be07846f
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
There was a traceback being included in the
error message body. This is unhelpful to
end users.
The error message that included the traceback
was for this corner case where the RBAC policy
isn't aligned with the internal "context_is_admin"
policy - an unlikely combination of decisions
that a deployer would make - nevertheless,
this is an opportunity for us to fix this
code path.
Change-Id: I888d684acac2133425f986ec7cef5e4f5cdcc5b6
Closes-Bug: #1917520
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
Non privileged users of unrelated projects
must not be able to retrieve details of an
access rule. We can add a further check to
/share-access-rules APIs to validate that
the caller has access to the share that these
rules pertain to.
Change-Id: I0009a3d682ee5d9a946821c3f82dfd90faa886aa
Closes-Bug: #1917417
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
