Trove Policy Configuration

The following is an overview of all available policies in Aodh.

For a sample policy file refer to the policy.yaml or run tox -egenpolicy in the repo folder and the new file will be located in etc/trove/policy.yaml.sample

trove

admin
Default

role:admin or is_admin:True

Must be an administrator.

admin_or_owner
Default

rule:admin or tenant:%(tenant)s

Must be an administrator or owner of the object.

default
Default

rule:admin_or_owner

Must be an administrator or owner of the object.

instance:create
Default

rule:admin_or_owner

Operations
  • POST /v1.0/{account_id}/instances

Create a database instance.

instance:delete
Default

rule:admin_or_owner

Operations
  • DELETE /v1.0/{account_id}/instances/{instance_id}

Delete a database instance.

instance:force_delete
Default

rule:admin_or_owner

Operations
  • DELETE /v1.0/{account_id}/instances/{instance_id}

Forcibly delete a database instance.

instance:index
Default

rule:admin_or_owner

Operations
  • GET /v1.0/{account_id}/instances

List database instances.

instance:detail
Default

rule:admin_or_owner

Operations
  • GET /v1.0/{account_id}/instances/detail

List database instances with details.

instance:show
Default

rule:admin_or_owner

Operations
  • GET /v1.0/{account_id}/instances/{instance_id}

Get details of a specific database instance.

instance:update
Default

rule:admin_or_owner

Operations
  • PUT /v1.0/{account_id}/instances/{instance_id}

  • POST /v1.0/{account_id}/instances

Update a database instance to attach/detach configuration

instance:edit
Default

rule:admin_or_owner

Operations
  • PATCH /v1.0/{account_id}/instances/{instance_id}

Updates the instance to set or unset one or more attributes.

instance:restart
Default

rule:admin_or_owner

Operations
  • POST /v1.0/{account_id}/instances/{instance_id}/action (restart)

Restart a database instance.

instance:resize_volume
Default

rule:admin_or_owner

Operations
  • POST /v1.0/{account_id}/instances/{instance_id}/action (resize)

Resize a database instance volume.

instance:resize_flavor
Default

rule:admin_or_owner

Operations
  • POST /v1.0/{account_id}/instances/{instance_id}/action (resize)

Resize a database instance flavor.

instance:reset_status
Default

rule:admin

Operations
  • POST /v1.0/{account_id}/instances/{instance_id}/action (reset_status)

Reset the status of a database instance to ERROR.

instance:promote_to_replica_source
Default

rule:admin_or_owner

Operations
  • POST /v1.0/{account_id}/instances/{instance_id}/action (promote_to_replica_source)

Promote instance to replica source.

instance:eject_replica_source
Default

rule:admin_or_owner

Operations
  • POST /v1.0/{account_id}/instances/{instance_id}/action (eject_replica_source)

Eject the replica source from its replica set.

instance:configuration
Default

rule:admin_or_owner

Operations
  • GET /v1.0/{account_id}/instances/{instance_id}/configuration

Get the default configuration template applied to the instance.

instance:guest_log_list
Default

rule:admin_or_owner

Operations
  • GET /v1.0/{account_id}/instances/{instance_id}/log

Get all informations about all logs of a database instance.

instance:backups
Default

rule:admin_or_owner

Operations
  • GET /v1.0/{account_id}/instances/{instance_id}/backups

Get all backups of a database instance.

instance:module_list
Default

rule:admin_or_owner

Operations
  • GET /v1.0/{account_id}/instances/{instance_id}/modules

Get informations about modules on a database instance.

instance:module_apply
Default

rule:admin_or_owner

Operations
  • POST /v1.0/{account_id}/instances/{instance_id}/modules

  • POST /v1.0/{account_id}/instances

Apply modules to a database instance.

instance:module_remove
Default

rule:admin_or_owner

Operations
  • DELETE /v1.0/{account_id}/instances/{instance_id}/modules/{module_id}

Remove a module from a database instance.

instance:extension:root:create
Default

rule:admin_or_owner

Operations
  • POST /v1.0/{account_id}/instances/{instance_id}/root

Enable the root user of a database instance.

instance:extension:root:delete
Default

rule:admin_or_owner

Operations
  • DELETE /v1.0/{account_id}/instances/{instance_id}/root

Disable the root user of a database instance.

instance:extension:root:index
Default

rule:admin_or_owner

Operations
  • GET /v1.0/{account_id}/instances/{instance_id}/root

Show whether the root user of a database instance has been ever enabled.

cluster:extension:root:create
Default

rule:admin_or_owner

Operations
  • POST /v1.0/{account_id}/clusters/{cluster}/root

Enable the root user of the instances in a cluster.

cluster:extension:root:delete
Default

rule:admin_or_owner

Operations
  • DELETE /v1.0/{account_id}/clusters/{cluster}/root

Enable the root user of the instances in a cluster.

cluster:extension:root:index
Default

rule:admin_or_owner

Operations
  • GET /v1.0/{account_id}/clusters/{cluster}/root

Disable the root of the instances in a cluster.

instance:extension:user:create
Default

rule:admin_or_owner

Operations
  • POST /v1.0/{account_id}/instances/{instance_id}/users

  • POST /v1.0/{account_id}/instances

Create users for a database instance.

instance:extension:user:delete
Default

rule:admin_or_owner

Operations
  • DELETE /v1.0/{account_id}/instances/{instance_id}/users/{user}

Delete a user from a database instance.

instance:extension:user:index
Default

rule:admin_or_owner

Operations
  • GET /v1.0/{account_id}/instances/{instance_id}/users

Get all users of a database instance.

instance:extension:user:show
Default

rule:admin_or_owner

Operations
  • GET /v1.0/{account_id}/instances/{instance_id}/users/{user}

Get the information of a single user of a database instance.

instance:extension:user:update
Default

rule:admin_or_owner

Operations
  • PUT /v1.0/{account_id}/instances/{instance_id}/users/{user}

Update attributes for a user of a database instance.

instance:extension:user:update_all
Default

rule:admin_or_owner

Operations
  • PUT /v1.0/{account_id}/instances/{instance_id}/users

Update the password for one or more users a database instance.

instance:extension:user_access:update
Default

rule:admin_or_owner

Operations
  • PUT /v1.0/{account_id}/instances/{instance_id}/users/{user}/databases

Grant access for a user to one or more databases.

instance:extension:user_access:delete
Default

rule:admin_or_owner

Operations
  • DELETE /v1.0/{account_id}/instances/{instance_id}/users/{user}/databases/{database}

Revoke access for a user to a databases.

instance:extension:user_access:index
Default

rule:admin_or_owner

Operations
  • GET /v1.0/{account_id}/instances/{instance_id}/users/{user}/databases

Get permissions of a user

instance:extension:database:create
Default

rule:admin_or_owner

Operations
  • POST /v1.0/{account_id}/instances/{instance_id}/databases

  • POST /v1.0/{account_id}/instances

Create a set of Schemas

instance:extension:database:delete
Default

rule:admin_or_owner

Operations
  • DELETE /v1.0/{account_id}/instances/{instance_id}/databases/{database}

Delete a schema from a database.

instance:extension:database:index
Default

rule:admin_or_owner

Operations
  • GET /v1.0/{account_id}/instances/{instance_id}/databases

List all schemas from a database.

instance:extension:database:show
Default

rule:admin_or_owner

Operations
  • GET /v1.0/{account_id}/instances/{instance_id}/databases/{database}

Get informations of a schema(Currently Not Implemented).

cluster:create
Default

rule:admin_or_owner

Operations
  • POST /v1.0/{account_id}/clusters

Create a cluster.

cluster:delete
Default

rule:admin_or_owner

Operations
  • DELETE /v1.0/{account_id}/clusters/{cluster}

Delete a cluster.

cluster:force_delete
Default

rule:admin_or_owner

Operations
  • POST /v1.0/{account_id}/clusters/{cluster} (reset-status)

Forcibly delete a cluster.

cluster:index
Default

rule:admin_or_owner

Operations
  • GET /v1.0/{account_id}/clusters

List all clusters

cluster:show
Default

rule:admin_or_owner

Operations
  • GET /v1.0/{account_id}/clusters/{cluster}

Get informations of a cluster.

cluster:show_instance
Default

rule:admin_or_owner

Operations
  • GET /v1.0/{account_id}/clusters/{cluster}/instances/{instance}

Get informations of a instance in a cluster.

cluster:action
Default

rule:admin_or_owner

Operations
  • POST /v1.0/{account_id}/clusters/{cluster}

Commit an action against a cluster

cluster:reset-status
Default

rule:admin

Operations
  • POST /v1.0/{account_id}/clusters/{cluster} (reset-status)

Reset the status of a cluster to NONE.

backup:create
Default

rule:admin_or_owner

Operations
  • POST /v1.0/{account_id}/backups

Create a backup of a database instance.

backup:delete
Default

rule:admin_or_owner

Operations
  • DELETE /v1.0/{account_id}/backups/{backup}

Delete a backup of a database instance.

backup:index
Default

rule:admin_or_owner

Operations
  • GET /v1.0/{account_id}/backups

List all backups.

backup:index:all_projects
Default

role:admin

Operations
  • GET /v1.0/{account_id}/backups

List backups for all the projects.

backup:show
Default

rule:admin_or_owner

Operations
  • GET /v1.0/{account_id}/backups/{backup}

Get informations of a backup.

backup_strategy:create
Default

rule:admin_or_owner

Operations
  • POST /v1.0/{account_id}/backup_strategies

Create a backup strategy.

backup_strategy:index
Default

rule:admin_or_owner

Operations
  • GET /v1.0/{account_id}/backup_strategies

List all backup strategies.

backup_strategy:delete
Default

rule:admin_or_owner

Operations
  • DELETE /v1.0/{account_id}/backup_strategies

Delete backup strategies.

configuration:create
Default

rule:admin_or_owner

Operations
  • POST /v1.0/{account_id}/configurations

Create a configuration group.

configuration:delete
Default

rule:admin_or_owner

Operations
  • DELETE /v1.0/{account_id}/configurations/{config}

Delete a configuration group.

configuration:index
Default

rule:admin_or_owner

Operations
  • GET /v1.0/{account_id}/configurations

List all configuration groups.

configuration:show
Default

rule:admin_or_owner

Operations
  • GET /v1.0/{account_id}/configurations/{config}

Get informations of a configuration group.

configuration:instances
Default

rule:admin_or_owner

Operations
  • GET /v1.0/{account_id}/configurations/{config}/instances

List all instances which a configuration group has be assigned to.

configuration:update
Default

rule:admin_or_owner

Operations
  • PUT /v1.0/{account_id}/configurations/{config}

Update a configuration group(the configuration group will be replaced completely).

configuration:edit
Default

rule:admin_or_owner

Operations
  • PATCH /v1.0/{account_id}/configurations/{config}

Patch a configuration group.

configuration-parameter:index
Default

rule:admin_or_owner

Operations
  • GET /v1.0/{account_id}/datastores/{datastore}/versions/{version}/parameters

List all parameters bind to a datastore version.

configuration-parameter:show
Default

rule:admin_or_owner

Operations
  • GET /v1.0/{account_id}/datastores/{datastore}/versions/{version}/parameters/{param}

Get a paramter of a datastore version.

configuration-parameter:index_by_version
Default

rule:admin_or_owner

Operations
  • GET /v1.0/{account_id}/datastores/versions/{version}/paramters

List all paramters bind to a datastore version by the id of the version(datastore is not provided).

configuration-parameter:show_by_version
Default

rule:admin_or_owner

Operations
  • GET /v1.0/{account_id}/datastores/versions/{version}/paramters/{param}

Get a paramter of a datastore version by it names and the id of the version(datastore is not provided).

datastore:index
Default

<empty string>

Operations
  • GET /v1.0/{account_id}/datastores

List all datastores.

datastore:show
Default

<empty string>

Operations
  • GET /v1.0/{account_id}/datastores/{datastore}

Get informations of a datastore.

datastore:delete
Default

rule:admin

Operations
  • DELETE /v1.0/{account_id}/datastores/{datastore}

Delete a datastore.

datastore:version_show
Default

<empty string>

Operations
  • GET /v1.0/{account_id}/datastores/{datastore}/versions/{version}

Get a version of a datastore by the version id.

datastore:version_show_by_uuid
Default

<empty string>

Operations
  • GET /v1.0/{account_id}/datastores/versions/{version}

Get a version of a datastore by the version id(without providing the datastore id).

datastore:version_index
Default

<empty string>

Operations
  • GET /v1.0/{account_id}/datastores/{datastore}/versions

Get all versions of a datastore.

datastore:list_associated_flavors
Default

<empty string>

Operations
  • GET /v1.0/{account_id}/datastores/{datastore}/versions/{version}/flavors

List all flavors associated with a datastore version.

datastore:list_associated_volume_types
Default

<empty string>

Operations
  • GET /v1.0/{account_id}/datastores/{datastore}/versions/{version}/volume-types

List all volume-types associated with a datastore version.

flavor:index
Default

<empty string>

Operations
  • GET /v1.0/{account_id}/flavors

List all flavors.

flavor:show
Default

<empty string>

Operations
  • GET /v1.0/{account_id}/flavors/{flavor}

Get information of a flavor.

limits:index
Default

rule:admin_or_owner

Operations
  • GET /v1.0/{account_id}/limits

List all absolute and rate limit informations.

module:create
Default

rule:admin_or_owner

Operations
  • POST /v1.0/{account_id}/modules

Create a module.

module:delete
Default

rule:admin_or_owner

Operations
  • DELETE /v1.0/{account_id}/modules/{module}

Delete a module.

module:index
Default

rule:admin_or_owner

Operations
  • GET /v1.0/{account_id}/modules

List all modules.

module:show
Default

rule:admin_or_owner

Operations
  • GET /v1.0/{account_id}/modules/{module}

Get informations of a module.

module:instances
Default

rule:admin_or_owner

Operations
  • GET /v1.0/{account_id}/modules/{module}/instances

List all instances to which a module is applied.

module:update
Default

rule:admin_or_owner

Operations
  • PUT /v1.0/{account_id}/modules/{module}

Update a module.

module:reapply
Default

rule:admin_or_owner

Operations
  • PUT /v1.0/{account_id}/modules/{module}/instances

Reapply a module to all instances.