diff --git a/api-ref/source/appendix/api_permissions.rst b/api-ref/source/appendix/api_permissions.rst index a63deaa..54d0c3c 100644 --- a/api-ref/source/appendix/api_permissions.rst +++ b/api-ref/source/appendix/api_permissions.rst @@ -5,44 +5,44 @@ API Permissions =============== -+------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+----------------------+ -| **Module** | **API** | **Function** | **Permission** | -+------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+----------------------+ -| Cluster management | GET /api/v3/projects/{project_id}/clusters | Obtaining information about clusters in a specified project | cce:cluster:list | -+------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+----------------------+ -| | POST /api/v3/projects/{project_id}/clusters | Creating a cluster | cce:cluster:create | -+------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+----------------------+ -| | GET /api/v3/projects/{project_id}/clusters/{cluster_id} | Obtaining information about a specified cluster | cce:cluster:get | -+------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+----------------------+ -| | GET /api/v3/projects/{project_id}/clusters/{cluster_id}/clustercert | Obtaining the certificates of a cluster | | -+------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+----------------------+ -| | PUT /api/v3/projects/{project_id}/clusters/{cluster_id} | Updating information about a cluster | cce:cluster:update | -+------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+----------------------+ -| | DELETE /api/v3/projects/{project_id}/clusters/{cluster_id} | Deleting a cluster | cce:cluster:delete | -+------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+----------------------+ -| | GET /api/v3/projects/{project_id}/clusters/{cluster_id}/nodes | Obtaining information about all nodes in a cluster | cce:node:list | -+------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+----------------------+ -| | POST /api/v3/projects/{project_id}/clusters/{cluster_id}/nodes | Creating nodes for a cluster | cce:node:create | -+------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+----------------------+ -| | PUT /api/v3/projects/{project_id}/clusters/{cluster_id}/nodes/{node_id} | Updating information about a specified node | cce:node:update | -+------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+----------------------+ -| | GET /api/v3/projects/{project_id}/clusters/{cluster_id}/nodes/{node_id} | Obtaining information about a specified node | cce:node:get | -+------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+----------------------+ -| | DELETE /api/v3/projects/{project_id}/clusters/{cluster_id}/nodes/{node_id} | Deleting a node | cce:node:delete | -+------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+----------------------+ -| | GET /api/v3/projects/{project_id}/jobs/{job_id} | Obtaining information about a specified job | cce:job:get | -+------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+----------------------+ -| | GET /api/v3/projects/{project_id}/clusters/{cluster_id}/nodepools | Obtaining information about all node pools in a specified cluster | cce:nodepool:list | -+------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+----------------------+ -| Storage management | POST /api/v1/namespaces/{namespace}/cloudpersistentvolumeclaims | Creating a PersistentVolumeClaim | cce:storage:create | -+------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+----------------------+ -| | POST /api/v1/cloudpersistentvolumes | Creating a PersistentVolume | | -+------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+----------------------+ -| | DELETE /api/v1/namespaces/{namespace}/cloudpersistentvolumeclaims/{name} | Deleting a PersistentVolumeClaim | cce:storage:delete | -+------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+----------------------+ -| | DELETE /api/v1/cloudpersistentvolumes/{name} | Deleting a PersistentVolume | | -+------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+----------------------+ -| Kubernetes-native APIs | /api/``*`` | Operating Kubernetes resources | cce:kubernetes:``*`` | -+------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+----------------------+ -| | /apis/``*`` | | | -+------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+----------------------+ ++------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+--------------------+ +| **Module** | **API** | **Function** | **Permission** | ++------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+--------------------+ +| Cluster management | GET /api/v3/projects/{project_id}/clusters | Obtaining information about clusters in a specified project | cce:cluster:list | ++------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+--------------------+ +| | POST /api/v3/projects/{project_id}/clusters | Creating a cluster | cce:cluster:create | ++------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+--------------------+ +| | GET /api/v3/projects/{project_id}/clusters/{cluster_id} | Obtaining information about a specified cluster | cce:cluster:get | ++------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+--------------------+ +| | GET /api/v3/projects/{project_id}/clusters/{cluster_id}/clustercert | Obtaining the certificates of a cluster | | ++------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+--------------------+ +| | PUT /api/v3/projects/{project_id}/clusters/{cluster_id} | Updating information about a cluster | cce:cluster:update | ++------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+--------------------+ +| | DELETE /api/v3/projects/{project_id}/clusters/{cluster_id} | Deleting a cluster | cce:cluster:delete | ++------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+--------------------+ +| | GET /api/v3/projects/{project_id}/clusters/{cluster_id}/nodes | Obtaining information about all nodes in a cluster | cce:node:list | ++------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+--------------------+ +| | POST /api/v3/projects/{project_id}/clusters/{cluster_id}/nodes | Creating nodes for a cluster | cce:node:create | ++------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+--------------------+ +| | PUT /api/v3/projects/{project_id}/clusters/{cluster_id}/nodes/{node_id} | Updating information about a specified node | cce:node:update | ++------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+--------------------+ +| | GET /api/v3/projects/{project_id}/clusters/{cluster_id}/nodes/{node_id} | Obtaining information about a specified node | cce:node:get | ++------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+--------------------+ +| | DELETE /api/v3/projects/{project_id}/clusters/{cluster_id}/nodes/{node_id} | Deleting a node | cce:node:delete | ++------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+--------------------+ +| | GET /api/v3/projects/{project_id}/jobs/{job_id} | Obtaining information about a specified job | cce:job:get | ++------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+--------------------+ +| | GET /api/v3/projects/{project_id}/clusters/{cluster_id}/nodepools | Obtaining information about all node pools in a specified cluster | cce:nodepool:list | ++------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+--------------------+ +| Storage management | POST /api/v1/namespaces/{namespace}/cloudpersistentvolumeclaims | Creating a PersistentVolumeClaim | cce:storage:create | ++------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+--------------------+ +| | POST /api/v1/cloudpersistentvolumes | Creating a PersistentVolume | | ++------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+--------------------+ +| | DELETE /api/v1/namespaces/{namespace}/cloudpersistentvolumeclaims/{name} | Deleting a PersistentVolumeClaim | cce:storage:delete | ++------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+--------------------+ +| | DELETE /api/v1/cloudpersistentvolumes/{name} | Deleting a PersistentVolume | | ++------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+--------------------+ +| Kubernetes-native APIs | /api/\* | Operating Kubernetes resources | cce:kubernetes:\* | ++------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+--------------------+ +| | /apis/\* | | | ++------------------------+----------------------------------------------------------------------------+-------------------------------------------------------------------+--------------------+ diff --git a/api-ref/source/permissions_policies_and_supported_actions.rst b/api-ref/source/permissions_policies_and_supported_actions.rst index 77c78ea..f6a6cfd 100644 --- a/api-ref/source/permissions_policies_and_supported_actions.rst +++ b/api-ref/source/permissions_policies_and_supported_actions.rst @@ -30,96 +30,96 @@ Operations supported by a fine-grained policy are specific to APIs. The followin .. table:: **Table 1** CCE actions - +-------------------------------------------------+----------------------+------------------------+----------------------------------------------------------------------------+ - | Permissions | Actions | Authorization Scope | APIs | - +=================================================+======================+========================+============================================================================+ - | Listing clusters in a specified project | cce:cluster:list | Supported: | GET /api/v3/projects/{project_id}/clusters | - | | | | | - | | | - IAM projects | | - | | | - Enterprise projects | | - +-------------------------------------------------+----------------------+------------------------+----------------------------------------------------------------------------+ - | Obtaining information about a specified cluster | cce:cluster:get | Supported: | GET /api/v3/projects/{project_id}/clusters/{cluster_id} | - | | | | | - | | | - IAM projects | | - | | | - Enterprise projects | | - +-------------------------------------------------+----------------------+------------------------+----------------------------------------------------------------------------+ - | Creating a cluster | cce:cluster:create | Supported: | POST /api/v3/projects/{project_id}/clusters | - | | | | | - | | | - IAM projects | | - | | | - Enterprise projects | | - +-------------------------------------------------+----------------------+------------------------+----------------------------------------------------------------------------+ - | Updating information about a specified cluster | cce:cluster:update | Supported: | PUT /api/v3/projects/{project_id}/clusters/{cluster_id} | - | | | | | - | | | - IAM projects | | - | | | - Enterprise projects | | - +-------------------------------------------------+----------------------+------------------------+----------------------------------------------------------------------------+ - | Deleting a cluster | cce:cluster:delete | Supported: | DELETE /api/v3/projects/{project_id}/clusters/{cluster_id} | - | | | | | - | | | - IAM projects | | - | | | - Enterprise projects | | - +-------------------------------------------------+----------------------+------------------------+----------------------------------------------------------------------------+ - | Obtaining a cluster certificate | cce:cluster:get | Supported: | GET /api/v3/projects/{project_id}/clusters/{cluster_id}/clustercert | - | | | | | - | | | - IAM projects | | - | | | - Enterprise projects | | - +-------------------------------------------------+----------------------+------------------------+----------------------------------------------------------------------------+ - | Listing all nodes in a cluster | cce:node:list | Supported: | GET /api/v3/projects/{project_id}/clusters/{cluster_id}/nodes | - | | | | | - | | | - IAM projects | | - | | | - Enterprise projects | | - +-------------------------------------------------+----------------------+------------------------+----------------------------------------------------------------------------+ - | Obtaining information about a specified node | cce:node:get | Supported: | GET /api/v3/projects/{project_id}/clusters/{cluster_id}/nodes/{node_id} | - | | | | | - | | | - IAM projects | | - | | | - Enterprise projects | | - +-------------------------------------------------+----------------------+------------------------+----------------------------------------------------------------------------+ - | Creating a node | cce:node:create | Supported: | POST /api/v3/projects/{project_id}/clusters/{cluster_id}/nodes | - | | | | | - | | | - IAM projects | | - | | | - Enterprise projects | | - +-------------------------------------------------+----------------------+------------------------+----------------------------------------------------------------------------+ - | Updating information about a specified node | cce:node:update | Supported: | PUT /api/v3/projects/{project_id}/clusters/{cluster_id}/nodes/{node_id} | - | | | | | - | | | - IAM projects | | - | | | - Enterprise projects | | - +-------------------------------------------------+----------------------+------------------------+----------------------------------------------------------------------------+ - | Deleting a node | cce:node:delete | Supported: | DELETE /api/v3/projects/{project_id}/clusters/{cluster_id}/nodes/{node_id} | - | | | | | - | | | - IAM projects | | - | | | - Enterprise projects | | - +-------------------------------------------------+----------------------+------------------------+----------------------------------------------------------------------------+ - | Obtaining job progress | cce:job:get | Supported: | GET /api/v3/projects/{project_id}/jobs/{job_id} | - | | | | | - | | | - IAM projects | | - | | | - Enterprise projects | | - +-------------------------------------------------+----------------------+------------------------+----------------------------------------------------------------------------+ - | Listing all node pools in a specified cluster | cce:nodepool:list | Supported: | GET /api/v3/projects/{project_id}/clusters/{cluster_id}/nodepools | - | | | | | - | | | - IAM projects | | - | | | - Enterprise projects | | - +-------------------------------------------------+----------------------+------------------------+----------------------------------------------------------------------------+ - | Creating a PersistentVolumeClaim | cce:storage:create | Supported: | POST /api/v1/namespaces/{namespace}/cloudpersistentvolumeclaims | - | | | | | - | | | - IAM projects | | - | | | - Enterprise projects | | - +-------------------------------------------------+----------------------+------------------------+----------------------------------------------------------------------------+ - | Deleting a PersistentVolumeClaim | cce:storage:delete | Supported: | DELETE /api/v1/namespaces/{namespace}/cloudpersistentvolumeclaims/{name} | - | | | | | - | | | - IAM projects | | - | | | - Enterprise projects | | - +-------------------------------------------------+----------------------+------------------------+----------------------------------------------------------------------------+ - | Creating a PersistentVolume | cce:storage:create | Supported: | POST /api/v1/cloudpersistentvolumes | - | | | | | - | | | - IAM projects | | - | | | - Enterprise projects | | - +-------------------------------------------------+----------------------+------------------------+----------------------------------------------------------------------------+ - | Deleting a PersistentVolume | cce:storage:delete | Supported: | DELETE /api/v1/cloudpersistentvolumes/{name} | - | | | | | - | | | - IAM projects | | - | | | - Enterprise projects | | - +-------------------------------------------------+----------------------+------------------------+----------------------------------------------------------------------------+ - | Operating on Kubernetes resources | cce:kubernetes:``*`` | Supported: | - /api/``*`` | - | | | | - /apis/``*`` | - | | | - IAM projects | | - | | | - Enterprise projects | | - +-------------------------------------------------+----------------------+------------------------+----------------------------------------------------------------------------+ + +-------------------------------------------------+--------------------+------------------------+----------------------------------------------------------------------------+ + | Permissions | Actions | Authorization Scope | APIs | + +=================================================+====================+========================+============================================================================+ + | Listing clusters in a specified project | cce:cluster:list | Supported: | GET /api/v3/projects/{project_id}/clusters | + | | | | | + | | | - IAM projects | | + | | | - Enterprise projects | | + +-------------------------------------------------+--------------------+------------------------+----------------------------------------------------------------------------+ + | Obtaining information about a specified cluster | cce:cluster:get | Supported: | GET /api/v3/projects/{project_id}/clusters/{cluster_id} | + | | | | | + | | | - IAM projects | | + | | | - Enterprise projects | | + +-------------------------------------------------+--------------------+------------------------+----------------------------------------------------------------------------+ + | Creating a cluster | cce:cluster:create | Supported: | POST /api/v3/projects/{project_id}/clusters | + | | | | | + | | | - IAM projects | | + | | | - Enterprise projects | | + +-------------------------------------------------+--------------------+------------------------+----------------------------------------------------------------------------+ + | Updating information about a specified cluster | cce:cluster:update | Supported: | PUT /api/v3/projects/{project_id}/clusters/{cluster_id} | + | | | | | + | | | - IAM projects | | + | | | - Enterprise projects | | + +-------------------------------------------------+--------------------+------------------------+----------------------------------------------------------------------------+ + | Deleting a cluster | cce:cluster:delete | Supported: | DELETE /api/v3/projects/{project_id}/clusters/{cluster_id} | + | | | | | + | | | - IAM projects | | + | | | - Enterprise projects | | + +-------------------------------------------------+--------------------+------------------------+----------------------------------------------------------------------------+ + | Obtaining a cluster certificate | cce:cluster:get | Supported: | GET /api/v3/projects/{project_id}/clusters/{cluster_id}/clustercert | + | | | | | + | | | - IAM projects | | + | | | - Enterprise projects | | + +-------------------------------------------------+--------------------+------------------------+----------------------------------------------------------------------------+ + | Listing all nodes in a cluster | cce:node:list | Supported: | GET /api/v3/projects/{project_id}/clusters/{cluster_id}/nodes | + | | | | | + | | | - IAM projects | | + | | | - Enterprise projects | | + +-------------------------------------------------+--------------------+------------------------+----------------------------------------------------------------------------+ + | Obtaining information about a specified node | cce:node:get | Supported: | GET /api/v3/projects/{project_id}/clusters/{cluster_id}/nodes/{node_id} | + | | | | | + | | | - IAM projects | | + | | | - Enterprise projects | | + +-------------------------------------------------+--------------------+------------------------+----------------------------------------------------------------------------+ + | Creating a node | cce:node:create | Supported: | POST /api/v3/projects/{project_id}/clusters/{cluster_id}/nodes | + | | | | | + | | | - IAM projects | | + | | | - Enterprise projects | | + +-------------------------------------------------+--------------------+------------------------+----------------------------------------------------------------------------+ + | Updating information about a specified node | cce:node:update | Supported: | PUT /api/v3/projects/{project_id}/clusters/{cluster_id}/nodes/{node_id} | + | | | | | + | | | - IAM projects | | + | | | - Enterprise projects | | + +-------------------------------------------------+--------------------+------------------------+----------------------------------------------------------------------------+ + | Deleting a node | cce:node:delete | Supported: | DELETE /api/v3/projects/{project_id}/clusters/{cluster_id}/nodes/{node_id} | + | | | | | + | | | - IAM projects | | + | | | - Enterprise projects | | + +-------------------------------------------------+--------------------+------------------------+----------------------------------------------------------------------------+ + | Obtaining job progress | cce:job:get | Supported: | GET /api/v3/projects/{project_id}/jobs/{job_id} | + | | | | | + | | | - IAM projects | | + | | | - Enterprise projects | | + +-------------------------------------------------+--------------------+------------------------+----------------------------------------------------------------------------+ + | Listing all node pools in a specified cluster | cce:nodepool:list | Supported: | GET /api/v3/projects/{project_id}/clusters/{cluster_id}/nodepools | + | | | | | + | | | - IAM projects | | + | | | - Enterprise projects | | + +-------------------------------------------------+--------------------+------------------------+----------------------------------------------------------------------------+ + | Creating a PersistentVolumeClaim | cce:storage:create | Supported: | POST /api/v1/namespaces/{namespace}/cloudpersistentvolumeclaims | + | | | | | + | | | - IAM projects | | + | | | - Enterprise projects | | + +-------------------------------------------------+--------------------+------------------------+----------------------------------------------------------------------------+ + | Deleting a PersistentVolumeClaim | cce:storage:delete | Supported: | DELETE /api/v1/namespaces/{namespace}/cloudpersistentvolumeclaims/{name} | + | | | | | + | | | - IAM projects | | + | | | - Enterprise projects | | + +-------------------------------------------------+--------------------+------------------------+----------------------------------------------------------------------------+ + | Creating a PersistentVolume | cce:storage:create | Supported: | POST /api/v1/cloudpersistentvolumes | + | | | | | + | | | - IAM projects | | + | | | - Enterprise projects | | + +-------------------------------------------------+--------------------+------------------------+----------------------------------------------------------------------------+ + | Deleting a PersistentVolume | cce:storage:delete | Supported: | DELETE /api/v1/cloudpersistentvolumes/{name} | + | | | | | + | | | - IAM projects | | + | | | - Enterprise projects | | + +-------------------------------------------------+--------------------+------------------------+----------------------------------------------------------------------------+ + | Operating on Kubernetes resources | cce:kubernetes:\* | Supported: | - /api/\* | + | | | | - /apis/\* | + | | | - IAM projects | | + | | | - Enterprise projects | | + +-------------------------------------------------+--------------------+------------------------+----------------------------------------------------------------------------+