Trove Policy Configuration¶
The following is an overview of all available policies in Aodh.
For a sample policy file refer to the policy.yaml or
run tox -egenpolicy
in the repo folder and the new file will
be located in etc/trove/policy.yaml.sample
trove¶
admin
- Default
role:admin or is_admin:True
Must be an administrator.
admin_or_owner
- Default
rule:admin or tenant:%(tenant)s
Must be an administrator or owner of the object.
default
- Default
rule:admin_or_owner
Must be an administrator or owner of the object.
instance:create
- Default
rule:admin_or_owner
- Operations
POST
/v1.0/{account_id}/instances
Create a database instance.
instance:delete
- Default
rule:admin_or_owner
- Operations
DELETE
/v1.0/{account_id}/instances/{instance_id}
Delete a database instance.
instance:force_delete
- Default
rule:admin_or_owner
- Operations
DELETE
/v1.0/{account_id}/instances/{instance_id}
Forcibly delete a database instance.
instance:index
- Default
rule:admin_or_owner
- Operations
GET
/v1.0/{account_id}/instances
List database instances.
instance:detail
- Default
rule:admin_or_owner
- Operations
GET
/v1.0/{account_id}/instances/detail
List database instances with details.
instance:show
- Default
rule:admin_or_owner
- Operations
GET
/v1.0/{account_id}/instances/{instance_id}
Get details of a specific database instance.
instance:update
- Default
rule:admin_or_owner
- Operations
PUT
/v1.0/{account_id}/instances/{instance_id}
POST
/v1.0/{account_id}/instances
Update a database instance to attach/detach configuration
instance:edit
- Default
rule:admin_or_owner
- Operations
PATCH
/v1.0/{account_id}/instances/{instance_id}
Updates the instance to set or unset one or more attributes.
instance:restart
- Default
rule:admin_or_owner
- Operations
POST
/v1.0/{account_id}/instances/{instance_id}/action (restart)
Restart a database instance.
instance:resize_volume
- Default
rule:admin_or_owner
- Operations
POST
/v1.0/{account_id}/instances/{instance_id}/action (resize)
Resize a database instance volume.
instance:resize_flavor
- Default
rule:admin_or_owner
- Operations
POST
/v1.0/{account_id}/instances/{instance_id}/action (resize)
Resize a database instance flavor.
instance:reset_status
- Default
rule:admin
- Operations
POST
/v1.0/{account_id}/instances/{instance_id}/action (reset_status)
Reset the status of a database instance to ERROR.
instance:promote_to_replica_source
- Default
rule:admin_or_owner
- Operations
POST
/v1.0/{account_id}/instances/{instance_id}/action (promote_to_replica_source)
Promote instance to replica source.
instance:eject_replica_source
- Default
rule:admin_or_owner
- Operations
POST
/v1.0/{account_id}/instances/{instance_id}/action (eject_replica_source)
Eject the replica source from its replica set.
instance:configuration
- Default
rule:admin_or_owner
- Operations
GET
/v1.0/{account_id}/instances/{instance_id}/configuration
Get the default configuration template applied to the instance.
instance:guest_log_list
- Default
rule:admin_or_owner
- Operations
GET
/v1.0/{account_id}/instances/{instance_id}/log
Get all informations about all logs of a database instance.
instance:backups
- Default
rule:admin_or_owner
- Operations
GET
/v1.0/{account_id}/instances/{instance_id}/backups
Get all backups of a database instance.
instance:module_list
- Default
rule:admin_or_owner
- Operations
GET
/v1.0/{account_id}/instances/{instance_id}/modules
Get informations about modules on a database instance.
instance:module_apply
- Default
rule:admin_or_owner
- Operations
POST
/v1.0/{account_id}/instances/{instance_id}/modules
POST
/v1.0/{account_id}/instances
Apply modules to a database instance.
instance:module_remove
- Default
rule:admin_or_owner
- Operations
DELETE
/v1.0/{account_id}/instances/{instance_id}/modules/{module_id}
Remove a module from a database instance.
instance:extension:root:create
- Default
rule:admin_or_owner
- Operations
POST
/v1.0/{account_id}/instances/{instance_id}/root
Enable the root user of a database instance.
instance:extension:root:delete
- Default
rule:admin_or_owner
- Operations
DELETE
/v1.0/{account_id}/instances/{instance_id}/root
Disable the root user of a database instance.
instance:extension:root:index
- Default
rule:admin_or_owner
- Operations
GET
/v1.0/{account_id}/instances/{instance_id}/root
Show whether the root user of a database instance has been ever enabled.
cluster:extension:root:create
- Default
rule:admin_or_owner
- Operations
POST
/v1.0/{account_id}/clusters/{cluster}/root
Enable the root user of the instances in a cluster.
cluster:extension:root:delete
- Default
rule:admin_or_owner
- Operations
DELETE
/v1.0/{account_id}/clusters/{cluster}/root
Enable the root user of the instances in a cluster.
cluster:extension:root:index
- Default
rule:admin_or_owner
- Operations
GET
/v1.0/{account_id}/clusters/{cluster}/root
Disable the root of the instances in a cluster.
instance:extension:user:create
- Default
rule:admin_or_owner
- Operations
POST
/v1.0/{account_id}/instances/{instance_id}/users
POST
/v1.0/{account_id}/instances
Create users for a database instance.
instance:extension:user:delete
- Default
rule:admin_or_owner
- Operations
DELETE
/v1.0/{account_id}/instances/{instance_id}/users/{user}
Delete a user from a database instance.
instance:extension:user:index
- Default
rule:admin_or_owner
- Operations
GET
/v1.0/{account_id}/instances/{instance_id}/users
Get all users of a database instance.
instance:extension:user:show
- Default
rule:admin_or_owner
- Operations
GET
/v1.0/{account_id}/instances/{instance_id}/users/{user}
Get the information of a single user of a database instance.
instance:extension:user:update
- Default
rule:admin_or_owner
- Operations
PUT
/v1.0/{account_id}/instances/{instance_id}/users/{user}
Update attributes for a user of a database instance.
instance:extension:user:update_all
- Default
rule:admin_or_owner
- Operations
PUT
/v1.0/{account_id}/instances/{instance_id}/users
Update the password for one or more users a database instance.
instance:extension:user_access:update
- Default
rule:admin_or_owner
- Operations
PUT
/v1.0/{account_id}/instances/{instance_id}/users/{user}/databases
Grant access for a user to one or more databases.
instance:extension:user_access:delete
- Default
rule:admin_or_owner
- Operations
DELETE
/v1.0/{account_id}/instances/{instance_id}/users/{user}/databases/{database}
Revoke access for a user to a databases.
instance:extension:user_access:index
- Default
rule:admin_or_owner
- Operations
GET
/v1.0/{account_id}/instances/{instance_id}/users/{user}/databases
Get permissions of a user
instance:extension:database:create
- Default
rule:admin_or_owner
- Operations
POST
/v1.0/{account_id}/instances/{instance_id}/databases
POST
/v1.0/{account_id}/instances
Create a set of Schemas
instance:extension:database:delete
- Default
rule:admin_or_owner
- Operations
DELETE
/v1.0/{account_id}/instances/{instance_id}/databases/{database}
Delete a schema from a database.
instance:extension:database:index
- Default
rule:admin_or_owner
- Operations
GET
/v1.0/{account_id}/instances/{instance_id}/databases
List all schemas from a database.
instance:extension:database:show
- Default
rule:admin_or_owner
- Operations
GET
/v1.0/{account_id}/instances/{instance_id}/databases/{database}
Get informations of a schema(Currently Not Implemented).
cluster:create
- Default
rule:admin_or_owner
- Operations
POST
/v1.0/{account_id}/clusters
Create a cluster.
cluster:delete
- Default
rule:admin_or_owner
- Operations
DELETE
/v1.0/{account_id}/clusters/{cluster}
Delete a cluster.
cluster:force_delete
- Default
rule:admin_or_owner
- Operations
POST
/v1.0/{account_id}/clusters/{cluster} (reset-status)
Forcibly delete a cluster.
cluster:index
- Default
rule:admin_or_owner
- Operations
GET
/v1.0/{account_id}/clusters
List all clusters
cluster:show
- Default
rule:admin_or_owner
- Operations
GET
/v1.0/{account_id}/clusters/{cluster}
Get informations of a cluster.
cluster:show_instance
- Default
rule:admin_or_owner
- Operations
GET
/v1.0/{account_id}/clusters/{cluster}/instances/{instance}
Get informations of a instance in a cluster.
cluster:action
- Default
rule:admin_or_owner
- Operations
POST
/v1.0/{account_id}/clusters/{cluster}
Commit an action against a cluster
cluster:reset-status
- Default
rule:admin
- Operations
POST
/v1.0/{account_id}/clusters/{cluster} (reset-status)
Reset the status of a cluster to NONE.
backup:create
- Default
rule:admin_or_owner
- Operations
POST
/v1.0/{account_id}/backups
Create a backup of a database instance.
backup:delete
- Default
rule:admin_or_owner
- Operations
DELETE
/v1.0/{account_id}/backups/{backup}
Delete a backup of a database instance.
backup:index
- Default
rule:admin_or_owner
- Operations
GET
/v1.0/{account_id}/backups
List all backups.
backup:index:all_projects
- Default
role:admin
- Operations
GET
/v1.0/{account_id}/backups
List backups for all the projects.
backup:show
- Default
rule:admin_or_owner
- Operations
GET
/v1.0/{account_id}/backups/{backup}
Get informations of a backup.
backup_strategy:create
- Default
rule:admin_or_owner
- Operations
POST
/v1.0/{account_id}/backup_strategies
Create a backup strategy.
backup_strategy:index
- Default
rule:admin_or_owner
- Operations
GET
/v1.0/{account_id}/backup_strategies
List all backup strategies.
backup_strategy:delete
- Default
rule:admin_or_owner
- Operations
DELETE
/v1.0/{account_id}/backup_strategies
Delete backup strategies.
configuration:create
- Default
rule:admin_or_owner
- Operations
POST
/v1.0/{account_id}/configurations
Create a configuration group.
configuration:delete
- Default
rule:admin_or_owner
- Operations
DELETE
/v1.0/{account_id}/configurations/{config}
Delete a configuration group.
configuration:index
- Default
rule:admin_or_owner
- Operations
GET
/v1.0/{account_id}/configurations
List all configuration groups.
configuration:show
- Default
rule:admin_or_owner
- Operations
GET
/v1.0/{account_id}/configurations/{config}
Get informations of a configuration group.
configuration:instances
- Default
rule:admin_or_owner
- Operations
GET
/v1.0/{account_id}/configurations/{config}/instances
List all instances which a configuration group has be assigned to.
configuration:update
- Default
rule:admin_or_owner
- Operations
PUT
/v1.0/{account_id}/configurations/{config}
Update a configuration group(the configuration group will be replaced completely).
configuration:edit
- Default
rule:admin_or_owner
- Operations
PATCH
/v1.0/{account_id}/configurations/{config}
Patch a configuration group.
configuration-parameter:index
- Default
rule:admin_or_owner
- Operations
GET
/v1.0/{account_id}/datastores/{datastore}/versions/{version}/parameters
List all parameters bind to a datastore version.
configuration-parameter:show
- Default
rule:admin_or_owner
- Operations
GET
/v1.0/{account_id}/datastores/{datastore}/versions/{version}/parameters/{param}
Get a paramter of a datastore version.
configuration-parameter:index_by_version
- Default
rule:admin_or_owner
- Operations
GET
/v1.0/{account_id}/datastores/versions/{version}/paramters
List all paramters bind to a datastore version by the id of the version(datastore is not provided).
configuration-parameter:show_by_version
- Default
rule:admin_or_owner
- Operations
GET
/v1.0/{account_id}/datastores/versions/{version}/paramters/{param}
Get a paramter of a datastore version by it names and the id of the version(datastore is not provided).
datastore:index
- Default
<empty string>
- Operations
GET
/v1.0/{account_id}/datastores
List all datastores.
datastore:show
- Default
<empty string>
- Operations
GET
/v1.0/{account_id}/datastores/{datastore}
Get informations of a datastore.
datastore:delete
- Default
rule:admin
- Operations
DELETE
/v1.0/{account_id}/datastores/{datastore}
Delete a datastore.
datastore:version_show
- Default
<empty string>
- Operations
GET
/v1.0/{account_id}/datastores/{datastore}/versions/{version}
Get a version of a datastore by the version id.
datastore:version_show_by_uuid
- Default
<empty string>
- Operations
GET
/v1.0/{account_id}/datastores/versions/{version}
Get a version of a datastore by the version id(without providing the datastore id).
datastore:version_index
- Default
<empty string>
- Operations
GET
/v1.0/{account_id}/datastores/{datastore}/versions
Get all versions of a datastore.
datastore:list_associated_flavors
- Default
<empty string>
- Operations
GET
/v1.0/{account_id}/datastores/{datastore}/versions/{version}/flavors
List all flavors associated with a datastore version.
datastore:list_associated_volume_types
- Default
<empty string>
- Operations
GET
/v1.0/{account_id}/datastores/{datastore}/versions/{version}/volume-types
List all volume-types associated with a datastore version.
flavor:index
- Default
<empty string>
- Operations
GET
/v1.0/{account_id}/flavors
List all flavors.
flavor:show
- Default
<empty string>
- Operations
GET
/v1.0/{account_id}/flavors/{flavor}
Get information of a flavor.
limits:index
- Default
rule:admin_or_owner
- Operations
GET
/v1.0/{account_id}/limits
List all absolute and rate limit informations.
module:create
- Default
rule:admin_or_owner
- Operations
POST
/v1.0/{account_id}/modules
Create a module.
module:delete
- Default
rule:admin_or_owner
- Operations
DELETE
/v1.0/{account_id}/modules/{module}
Delete a module.
module:index
- Default
rule:admin_or_owner
- Operations
GET
/v1.0/{account_id}/modules
List all modules.
module:show
- Default
rule:admin_or_owner
- Operations
GET
/v1.0/{account_id}/modules/{module}
Get informations of a module.
module:instances
- Default
rule:admin_or_owner
- Operations
GET
/v1.0/{account_id}/modules/{module}/instances
List all instances to which a module is applied.
module:update
- Default
rule:admin_or_owner
- Operations
PUT
/v1.0/{account_id}/modules/{module}
Update a module.
module:reapply
- Default
rule:admin_or_owner
- Operations
PUT
/v1.0/{account_id}/modules/{module}/instances
Reapply a module to all instances.