Trove Policy Configuration¶
The following is an overview of all available policies in Aodh.
For a sample policy file refer to the policy.yaml or
run tox -egenpolicy in the repo folder and the new file will
be located in etc/trove/policy.yaml.sample
trove¶
admin- Default:
role:admin or is_admin:True
Must be an administrator.
admin_or_owner- Default:
rule:admin or project_id:%(tenant)s
Must be an administrator or owner of the object.
default- Default:
rule:admin_or_owner
Must be an administrator or owner of the object.
instance:create- Default:
rule:admin_or_owner- Operations:
POST
/v1.0/{account_id}/instances
Create a database instance.
instance:delete- Default:
rule:admin_or_owner- Operations:
DELETE
/v1.0/{account_id}/instances/{instance_id}
Delete a database instance.
instance:force_delete- Default:
rule:admin_or_owner- Operations:
DELETE
/v1.0/{account_id}/instances/{instance_id}
Forcibly delete a database instance.
instance:index- Default:
rule:admin_or_owner- Operations:
GET
/v1.0/{account_id}/instances
List database instances.
instance:detail- Default:
rule:admin_or_owner- Operations:
GET
/v1.0/{account_id}/instances/detail
List database instances with details.
instance:show- Default:
rule:admin_or_owner- Operations:
GET
/v1.0/{account_id}/instances/{instance_id}
Get details of a specific database instance.
instance:update- Default:
rule:admin_or_owner- Operations:
PUT
/v1.0/{account_id}/instances/{instance_id}POST
/v1.0/{account_id}/instances
Update a database instance to attach/detach configuration
instance:edit- Default:
rule:admin_or_owner- Operations:
PATCH
/v1.0/{account_id}/instances/{instance_id}
Updates the instance to set or unset one or more attributes.
instance:restart- Default:
rule:admin_or_owner- Operations:
POST
/v1.0/{account_id}/instances/{instance_id}/action (restart)
Restart a database instance.
instance:resize_volume- Default:
rule:admin_or_owner- Operations:
POST
/v1.0/{account_id}/instances/{instance_id}/action (resize)
Resize a database instance volume.
instance:resize_flavor- Default:
rule:admin_or_owner- Operations:
POST
/v1.0/{account_id}/instances/{instance_id}/action (resize)
Resize a database instance flavor.
instance:reset_status- Default:
rule:admin- Operations:
POST
/v1.0/{account_id}/instances/{instance_id}/action (reset_status)
Reset the status of a database instance to ERROR.
instance:promote_to_replica_source- Default:
rule:admin_or_owner- Operations:
POST
/v1.0/{account_id}/instances/{instance_id}/action (promote_to_replica_source)
Promote instance to replica source.
instance:eject_replica_source- Default:
rule:admin_or_owner- Operations:
POST
/v1.0/{account_id}/instances/{instance_id}/action (eject_replica_source)
Eject the replica source from its replica set.
instance:configuration- Default:
rule:admin_or_owner- Operations:
GET
/v1.0/{account_id}/instances/{instance_id}/configuration
Get the default configuration template applied to the instance.
instance:guest_log_list- Default:
rule:admin_or_owner- Operations:
GET
/v1.0/{account_id}/instances/{instance_id}/log
Get all informations about all logs of a database instance.
instance:backups- Default:
rule:admin_or_owner- Operations:
GET
/v1.0/{account_id}/instances/{instance_id}/backups
Get all backups of a database instance.
instance:module_list- Default:
rule:admin_or_owner- Operations:
GET
/v1.0/{account_id}/instances/{instance_id}/modules
Get informations about modules on a database instance.
instance:module_apply- Default:
rule:admin_or_owner- Operations:
POST
/v1.0/{account_id}/instances/{instance_id}/modulesPOST
/v1.0/{account_id}/instances
Apply modules to a database instance.
instance:module_remove- Default:
rule:admin_or_owner- Operations:
DELETE
/v1.0/{account_id}/instances/{instance_id}/modules/{module_id}
Remove a module from a database instance.
instance:extension:root:create- Default:
rule:admin_or_owner- Operations:
POST
/v1.0/{account_id}/instances/{instance_id}/root
Enable the root user of a database instance.
instance:extension:root:delete- Default:
rule:admin_or_owner- Operations:
DELETE
/v1.0/{account_id}/instances/{instance_id}/root
Disable the root user of a database instance.
instance:extension:root:index- Default:
rule:admin_or_owner- Operations:
GET
/v1.0/{account_id}/instances/{instance_id}/root
Show whether the root user of a database instance has been ever enabled.
cluster:extension:root:create- Default:
rule:admin_or_owner- Operations:
POST
/v1.0/{account_id}/clusters/{cluster}/root
Enable the root user of the instances in a cluster.
cluster:extension:root:delete- Default:
rule:admin_or_owner- Operations:
DELETE
/v1.0/{account_id}/clusters/{cluster}/root
Enable the root user of the instances in a cluster.
cluster:extension:root:index- Default:
rule:admin_or_owner- Operations:
GET
/v1.0/{account_id}/clusters/{cluster}/root
Disable the root of the instances in a cluster.
instance:extension:user:create- Default:
rule:admin_or_owner- Operations:
POST
/v1.0/{account_id}/instances/{instance_id}/usersPOST
/v1.0/{account_id}/instances
Create users for a database instance.
instance:extension:user:delete- Default:
rule:admin_or_owner- Operations:
DELETE
/v1.0/{account_id}/instances/{instance_id}/users/{user}
Delete a user from a database instance.
instance:extension:user:index- Default:
rule:admin_or_owner- Operations:
GET
/v1.0/{account_id}/instances/{instance_id}/users
Get all users of a database instance.
instance:extension:user:show- Default:
rule:admin_or_owner- Operations:
GET
/v1.0/{account_id}/instances/{instance_id}/users/{user}
Get the information of a single user of a database instance.
instance:extension:user:update- Default:
rule:admin_or_owner- Operations:
PUT
/v1.0/{account_id}/instances/{instance_id}/users/{user}
Update attributes for a user of a database instance.
instance:extension:user:update_all- Default:
rule:admin_or_owner- Operations:
PUT
/v1.0/{account_id}/instances/{instance_id}/users
Update the password for one or more users a database instance.
instance:extension:user_access:update- Default:
rule:admin_or_owner- Operations:
PUT
/v1.0/{account_id}/instances/{instance_id}/users/{user}/databases
Grant access for a user to one or more databases.
instance:extension:user_access:delete- Default:
rule:admin_or_owner- Operations:
DELETE
/v1.0/{account_id}/instances/{instance_id}/users/{user}/databases/{database}
Revoke access for a user to a databases.
instance:extension:user_access:index- Default:
rule:admin_or_owner- Operations:
GET
/v1.0/{account_id}/instances/{instance_id}/users/{user}/databases
Get permissions of a user
instance:extension:database:create- Default:
rule:admin_or_owner- Operations:
POST
/v1.0/{account_id}/instances/{instance_id}/databasesPOST
/v1.0/{account_id}/instances
Create a set of Schemas
instance:extension:database:delete- Default:
rule:admin_or_owner- Operations:
DELETE
/v1.0/{account_id}/instances/{instance_id}/databases/{database}
Delete a schema from a database.
instance:extension:database:index- Default:
rule:admin_or_owner- Operations:
GET
/v1.0/{account_id}/instances/{instance_id}/databases
List all schemas from a database.
instance:extension:database:show- Default:
rule:admin_or_owner- Operations:
GET
/v1.0/{account_id}/instances/{instance_id}/databases/{database}
Get informations of a schema(Currently Not Implemented).
cluster:create- Default:
rule:admin_or_owner- Operations:
POST
/v1.0/{account_id}/clusters
Create a cluster.
cluster:delete- Default:
rule:admin_or_owner- Operations:
DELETE
/v1.0/{account_id}/clusters/{cluster}
Delete a cluster.
cluster:force_delete- Default:
rule:admin_or_owner- Operations:
POST
/v1.0/{account_id}/clusters/{cluster} (reset-status)
Forcibly delete a cluster.
cluster:index- Default:
rule:admin_or_owner- Operations:
GET
/v1.0/{account_id}/clusters
List all clusters
cluster:show- Default:
rule:admin_or_owner- Operations:
GET
/v1.0/{account_id}/clusters/{cluster}
Get informations of a cluster.
cluster:show_instance- Default:
rule:admin_or_owner- Operations:
GET
/v1.0/{account_id}/clusters/{cluster}/instances/{instance}
Get informations of a instance in a cluster.
cluster:action- Default:
rule:admin_or_owner- Operations:
POST
/v1.0/{account_id}/clusters/{cluster}
Commit an action against a cluster
cluster:reset-status- Default:
rule:admin- Operations:
POST
/v1.0/{account_id}/clusters/{cluster} (reset-status)
Reset the status of a cluster to NONE.
backup:create- Default:
rule:admin_or_owner- Operations:
POST
/v1.0/{account_id}/backups
Create a backup of a database instance.
backup:delete- Default:
rule:admin_or_owner- Operations:
DELETE
/v1.0/{account_id}/backups/{backup}
Delete a backup of a database instance.
backup:index- Default:
rule:admin_or_owner- Operations:
GET
/v1.0/{account_id}/backups
List all backups.
backup:index:all_projects- Default:
role:admin- Operations:
GET
/v1.0/{account_id}/backups
List backups for all the projects.
backup:show- Default:
rule:admin_or_owner- Operations:
GET
/v1.0/{account_id}/backups/{backup}
Get informations of a backup.
backup_strategy:create- Default:
rule:admin_or_owner- Operations:
POST
/v1.0/{account_id}/backup_strategies
Create a backup strategy.
backup_strategy:index- Default:
rule:admin_or_owner- Operations:
GET
/v1.0/{account_id}/backup_strategies
List all backup strategies.
backup_strategy:delete- Default:
rule:admin_or_owner- Operations:
DELETE
/v1.0/{account_id}/backup_strategies
Delete backup strategies.
configuration:create- Default:
rule:admin_or_owner- Operations:
POST
/v1.0/{account_id}/configurations
Create a configuration group.
configuration:delete- Default:
rule:admin_or_owner- Operations:
DELETE
/v1.0/{account_id}/configurations/{config}
Delete a configuration group.
configuration:index- Default:
rule:admin_or_owner- Operations:
GET
/v1.0/{account_id}/configurations
List all configuration groups.
configuration:show- Default:
rule:admin_or_owner- Operations:
GET
/v1.0/{account_id}/configurations/{config}
Get informations of a configuration group.
configuration:instances- Default:
rule:admin_or_owner- Operations:
GET
/v1.0/{account_id}/configurations/{config}/instances
List all instances which a configuration group has be assigned to.
configuration:update- Default:
rule:admin_or_owner- Operations:
PUT
/v1.0/{account_id}/configurations/{config}
Update a configuration group(the configuration group will be replaced completely).
configuration:edit- Default:
rule:admin_or_owner- Operations:
PATCH
/v1.0/{account_id}/configurations/{config}
Patch a configuration group.
configuration-parameter:index- Default:
rule:admin_or_owner- Operations:
GET
/v1.0/{account_id}/datastores/{datastore}/versions/{version}/parameters
List all parameters bind to a datastore version.
configuration-parameter:show- Default:
rule:admin_or_owner- Operations:
GET
/v1.0/{account_id}/datastores/{datastore}/versions/{version}/parameters/{param}
Get a paramter of a datastore version.
configuration-parameter:index_by_version- Default:
rule:admin_or_owner- Operations:
GET
/v1.0/{account_id}/datastores/versions/{version}/paramters
List all paramters bind to a datastore version by the id of the version(datastore is not provided).
configuration-parameter:show_by_version- Default:
rule:admin_or_owner- Operations:
GET
/v1.0/{account_id}/datastores/versions/{version}/paramters/{param}
Get a paramter of a datastore version by it names and the id of the version(datastore is not provided).
datastore:index- Default:
<empty string>
- Operations:
GET
/v1.0/{account_id}/datastores
List all datastores.
datastore:show- Default:
<empty string>
- Operations:
GET
/v1.0/{account_id}/datastores/{datastore}
Get informations of a datastore.
datastore:delete- Default:
rule:admin- Operations:
DELETE
/v1.0/{account_id}/datastores/{datastore}
Delete a datastore.
datastore:version_show- Default:
<empty string>
- Operations:
GET
/v1.0/{account_id}/datastores/{datastore}/versions/{version}
Get a version of a datastore by the version id.
datastore:version_show_by_uuid- Default:
<empty string>
- Operations:
GET
/v1.0/{account_id}/datastores/versions/{version}
Get a version of a datastore by the version id(without providing the datastore id).
datastore:version_index- Default:
<empty string>
- Operations:
GET
/v1.0/{account_id}/datastores/{datastore}/versions
Get all versions of a datastore.
datastore:list_associated_flavors- Default:
<empty string>
- Operations:
GET
/v1.0/{account_id}/datastores/{datastore}/versions/{version}/flavors
List all flavors associated with a datastore version.
datastore:list_associated_volume_types- Default:
<empty string>
- Operations:
GET
/v1.0/{account_id}/datastores/{datastore}/versions/{version}/volume-types
List all volume-types associated with a datastore version.
flavor:index- Default:
<empty string>
- Operations:
GET
/v1.0/{account_id}/flavors
List all flavors.
flavor:show- Default:
<empty string>
- Operations:
GET
/v1.0/{account_id}/flavors/{flavor}
Get information of a flavor.
limits:index- Default:
rule:admin_or_owner- Operations:
GET
/v1.0/{account_id}/limits
List all absolute and rate limit informations.
module:create- Default:
rule:admin_or_owner- Operations:
POST
/v1.0/{account_id}/modules
Create a module.
module:delete- Default:
rule:admin_or_owner- Operations:
DELETE
/v1.0/{account_id}/modules/{module}
Delete a module.
module:index- Default:
rule:admin_or_owner- Operations:
GET
/v1.0/{account_id}/modules
List all modules.
module:show- Default:
rule:admin_or_owner- Operations:
GET
/v1.0/{account_id}/modules/{module}
Get informations of a module.
module:instances- Default:
rule:admin_or_owner- Operations:
GET
/v1.0/{account_id}/modules/{module}/instances
List all instances to which a module is applied.
module:update- Default:
rule:admin_or_owner- Operations:
PUT
/v1.0/{account_id}/modules/{module}
Update a module.
module:reapply- Default:
rule:admin_or_owner- Operations:
PUT
/v1.0/{account_id}/modules/{module}/instances
Reapply a module to all instances.
Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.