Adding a File System Access Rule
Function
This API is used to add a file system access rule.
- This API is an asynchronous API. If the returned status code is 200, the API request is successfully delivered and received. Later, you can refer to Querying File System Access Rules to check whether the access rule is added successfully.
URI
- POST /v2/{project_id}/shares/{share_id}/action?vpc_ip_base_acl={vpc_ip_base_acl}
- Parameter description
Parameter
Mandatory
Type
Description
share_id
Yes
String
Specifies the ID of the shared file system.
project_id
Yes
String
Specifies the project ID of the operator. For how to obtain the project ID, see Obtaining a Project ID.
vpc_ip_base_acl
No
String
Specifies the identifier used with IP address-based authorization. Currently, only enable is available, which indicates that an access rule used with IP address-based authorization will be created.
NOTICE:To ensure compatibility, if this parameter is left blank or set to a value other than enable, you can still use this API to create an access rule used with IP address-based authorization. However, this method of creation has been discarded and will not be maintained in the future.
Request Header
The operation message header is the same as that of a common request. For details, see Table 3.
Request
- Parameter description
Parameter
Mandatory
Type
Description
os-allow_access
Yes
Object
Specifies the os-allow_access objects.
- Description of field os-allow_access
Parameter
Mandatory
Type
Description
access_level
No
String
Specifies the access level of the file system. Possible values are ro (read-only) and rw (read-write). The default value is rw (read-write).
access_type
Yes
String
Specifies the storage access method.
- If the NFS protocol is used, specify cert.
- If multiple protocols are used, specify cert.
Note
- Value user indicates storage access using username.
- Value cert indicates storage access using VPC ID and IP address.
- Example request (IP address-based authorization)
POST /v2/{project_id}/shares/{share_id}/action?vpc_ip_base_acl=enable
Adding a file system access rule (value of the rule parameter 0560a527-0e77-40a6-aa3b-110beecad368#127.0.0.1#1#all_squash,root_squash):
{ "allow_access": { "access_to": "0560a527-0e77-40a6-aa3b-110beecad368#127.0.0.1#1#all_squash,root_squash", "access_type": "cert", "access_level": "rw" } }
When creating the share access rule for an IP address-based authorization scenario.
1. The X-Openstack-Manila-Api-Version parameter must be specified for the request header, and the value of X-Openstack-Manila-Api-Version must be from 2.28 to 2.42.
2. The vpc_ip_base_acl parameter must be added in the request URL and the value of vpc_ip_base_acl must be set to enable. To ensure compatibility, if this parameter is left blank or set to a value other than enable, you can still use this API to create an access rule used with IP address-based authorization. However, this method of creation has been discarded and will not be maintained in the future.
Response
- Parameter description
Parameter
Type
Description
access
Object
Specifies the access objects. If the access rule is not updated, this value is null.
- Description of the access field
Parameter
Type
Description
share_id
String
Specifies the ID of the shared file system to which the access rule is added.
access_type
String
Specifies the type of the access rule.
access_to
String
Specifies the object that the backend grants or denies access.
access_level
String
Specifies the level of the access rule.
id
String
Specifies the ID of the access rule.
state
String
Specifies the status of the access rule. If the API version is earlier than 2.28, the status of the access rule is new, active, or error. In versions from 2.28 to 2.42, the status of the access rule is queued_to_apply, applying, active, error, queued_to_deny, or denying.
Status Codes
- Normal
- Abnormal
Status Code
Description
400 Bad Request
The server failed to process the request.
401 Unauthorized
You must enter a username and the password to access the requested page.
403 Forbidden
Access to the requested page is forbidden.
404 Not Found
The requested page was not found.
405 Method Not Allowed
You are not allowed to use the method specified in the request.
406 Not Acceptable
The response generated by the server could not be accepted by the client.
407 Proxy Authentication Required
You must use the proxy server for authentication. Then the request can be processed.
408 Request Timeout
The request timed out.
409 Conflict
The request could not be processed due to a conflict.
500 Internal Server Error
Failed to complete the request because of an internal service error.
501 Not Implemented
Failed to complete the request because the server does not support the requested function.
502 Bad Gateway
Failed to complete the request because the request is invalid.
503 Service Unavailable
Failed to complete the request because the service is unavailable.
504 Gateway Timeout
A gateway timeout error occurred.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot