def _allow_access(self, req, id, body, enable_ceph=False,
allow_on_error_status=False, enable_ipv6=False):
"""Add share access rule."""
context = req.environ['manila.context']
access_data = body.get('allow_access', body.get('os-allow_access'))
share = self.share_api.get(context, id)
if (not allow_on_error_status and
self._any_instance_has_errored_rules(share)):
msg = _("Access rules cannot be added while the share or any of "
"its replicas or migration copies has its "
"access_rules_status set to %(instance_rules_status)s. "
"Deny any rules in %(rule_state)s state and try "
"again.") % {
'instance_rules_status': constants.SHARE_INSTANCE_RULES_ERROR,
'rule_state': constants.ACCESS_STATE_ERROR,
}
raise webob.exc.HTTPBadRequest(explanation=msg)
access_type = access_data['access_type']
access_to = access_data['access_to']
common.validate_access(access_type=access_type,
access_to=access_to,
enable_ceph=enable_ceph,
enable_ipv6=enable_ipv6)
try:
access = self.share_api.allow_access(
context, share, access_type, access_to,
access_data.get('access_level'))
except exception.ShareAccessExists as e:
raise webob.exc.HTTPBadRequest(explanation=e.msg)
return self._access_view_builder.view(req, access)
def _allow(self, req, id, body, enable_ipv6=False):
context = req.environ['manila.context']
if not (body and self.is_valid_body(body, 'allow_access')):
msg = _("Access data not found in request body.")
raise exc.HTTPBadRequest(explanation=msg)
access_data = body.get('allow_access')
required_parameters = ('access_type', 'access_to')
self._validate_parameters(access_data, required_parameters,
fix_response=True)
access_type = access_data['access_type']
access_to = access_data['access_to']
common.validate_access(access_type=access_type,
access_to=access_to,
enable_ipv6=enable_ipv6)
snapshot = self.share_api.get_snapshot(context, id)
self._check_mount_snapshot_support(context, snapshot)
try:
access = self.share_api.snapshot_allow_access(
context, snapshot, access_type, access_to)
except exception.ShareSnapshotAccessExists as e:
raise webob.exc.HTTPBadRequest(explanation=e.msg)
return self._view_builder.detail_access(req, access)
def _allow(self, req, id, body):
context = req.environ['manila.context']
if not (body and self.is_valid_body(body, 'allow_access')):
msg = _("Access data not found in request body.")
raise exc.HTTPBadRequest(explanation=msg)
access_data = body.get('allow_access')
required_parameters = ('access_type', 'access_to')
self._validate_parameters(access_data,
required_parameters,
fix_response=True)
access_type = access_data['access_type']
access_to = access_data['access_to']
common.validate_access(access_type=access_type, access_to=access_to)
snapshot = self.share_api.get_snapshot(context, id)
self._check_mount_snapshot_support(context, snapshot)
try:
access = self.share_api.snapshot_allow_access(
context, snapshot, access_type, access_to)
except exception.ShareSnapshotAccessExists as e:
raise webob.exc.HTTPBadRequest(explanation=e.msg)
return self._view_builder.detail_access(req, access)
def _allow_access(self, req, id, body, enable_ceph=False,
allow_on_error_status=False, enable_ipv6=False,
enable_metadata=False):
"""Add share access rule."""
context = req.environ['manila.context']
access_data = body.get('allow_access', body.get('os-allow_access'))
if not enable_metadata:
access_data.pop('metadata', None)
share = self.share_api.get(context, id)
if (not allow_on_error_status and
self._any_instance_has_errored_rules(share)):
msg = _("Access rules cannot be added while the share or any of "
"its replicas or migration copies has its "
"access_rules_status set to %(instance_rules_status)s. "
"Deny any rules in %(rule_state)s state and try "
"again.") % {
'instance_rules_status': constants.SHARE_INSTANCE_RULES_ERROR,
'rule_state': constants.ACCESS_STATE_ERROR,
}
raise webob.exc.HTTPBadRequest(explanation=msg)
access_type = access_data['access_type']
access_to = access_data['access_to']
common.validate_access(access_type=access_type,
access_to=access_to,
enable_ceph=enable_ceph,
enable_ipv6=enable_ipv6)
try:
access = self.share_api.allow_access(
context, share, access_type, access_to,
access_data.get('access_level'), access_data.get('metadata'))
except exception.ShareAccessExists as e:
raise webob.exc.HTTPBadRequest(explanation=e.msg)
except exception.InvalidMetadata as error:
raise exc.HTTPBadRequest(explanation=error.msg)
except exception.InvalidMetadataSize as error:
raise exc.HTTPBadRequest(explanation=error.msg)
return self._access_view_builder.view(req, access)
def test_validate_access(self, access_type, access_to, ceph, enable_ipv6):
common.validate_access(access_type=access_type, access_to=access_to,
enable_ceph=ceph, enable_ipv6=enable_ipv6)
def test_validate_access(self, access_type, access_to, ceph):
common.validate_access(access_type=access_type,
access_to=access_to,
enable_ceph=ceph)
