diff --git a/generator/permissions.go b/generator/permissions.go index eee3740..caf45fe 100644 --- a/generator/permissions.go +++ b/generator/permissions.go @@ -3,7 +3,10 @@ package main import ( + "bytes" + "fmt" "os" + "slices" "gopkg.in/yaml.v3" ) @@ -11,15 +14,63 @@ import ( // readPermissions reads PermissionsFile // Returns map[OperationID][]Permission func readPermissions(cfg *envConfig) (map[string][]string, error) { - b, err := os.ReadFile(cfg.PermissionsFile) + var config map[string][]string + err := readYamlFile(cfg.ConfigFile, &config) if err != nil { return nil, err } var permissions map[string][]string - err = yaml.Unmarshal(b, &permissions) + err = readYamlFile(cfg.PermissionsFile, &permissions) if err != nil { return nil, err } + + operationIDs := make(map[string]bool) + for _, list := range config { + for _, k := range list { + operationIDs[k] = true + } + } + + for k, v := range permissions { + if !operationIDs[k] { + delete(permissions, k) + continue + } + + slices.Sort(v) + permissions[k] = v + if len(v) == 0 { + delete(permissions, k) + } + } + + // Write permissions back to file + // Removes all unknown permissions not listed in the config file + var buffer bytes.Buffer + encoder := yaml.NewEncoder(&buffer) + encoder.SetIndent(yamlTabSize) + err = encoder.Encode(&permissions) + if err != nil { + return nil, err + } + err = os.WriteFile(cfg.PermissionsFile, buffer.Bytes(), writeMode) + if err != nil { + return nil, err + } + return permissions, nil } + +func readYamlFile(path string, out any) error { + b, err := os.ReadFile(path) + if err != nil { + return err + } + err = yaml.Unmarshal(b, out) + if err != nil { + return fmt.Errorf("error parsing yaml file %q: %v", path, err) + } + return nil +} diff --git a/go.mod b/go.mod index 36999eb..af1d4b7 100644 --- a/go.mod +++ b/go.mod @@ -22,6 +22,8 @@ require ( github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/samber/lo v1.52.0 // indirect github.com/stretchr/objx v0.5.2 // indirect golang.org/x/sys v0.21.0 // indirect + golang.org/x/text v0.22.0 // indirect ) diff --git a/go.sum b/go.sum index 8002328..4abd98d 100644 --- a/go.sum +++ b/go.sum @@ -35,6 +35,8 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0= github.com/rs/zerolog v1.34.0 h1:k43nTLIwcTVQAncfCw4KZ2VY6ukYoZaBPNOE8txlOeY= github.com/rs/zerolog v1.34.0/go.mod h1:bJsvje4Z08ROH4Nhs5iH600c3IkWhwp44iRc54W6wYQ= +github.com/samber/lo v1.52.0 h1:Rvi+3BFHES3A8meP33VPAxiBZX/Aws5RxrschYGjomw= +github.com/samber/lo v1.52.0/go.mod h1:4+MXEGsJzbKGaUEQFKBq2xtfuznW9oz/WrgyzMzRoM0= github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= @@ -46,6 +48,8 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM= +golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= diff --git a/handler/account/account.go b/handler/account/account.go index 0984680..6184e8c 100644 --- a/handler/account/account.go +++ b/handler/account/account.go @@ -19,7 +19,6 @@ type Handler interface { // AccountBillingGroupList list account billing groups // GET /v1/account/{account_id}/billing-group // https://api.aiven.io/doc/#tag/Account/operation/AccountBillingGroupList - // Required roles or permissions: role:organization:admin AccountBillingGroupList(ctx context.Context, accountId string) ([]AccountBillingGroupOut, error) // AccountCreate create a new account diff --git a/handler/accountauthentication/accountauthentication.go b/handler/accountauthentication/accountauthentication.go index 1d4132e..54a45da 100644 --- a/handler/accountauthentication/accountauthentication.go +++ b/handler/accountauthentication/accountauthentication.go @@ -14,26 +14,31 @@ type Handler interface { // AccountAuthenticationMethodCreate create a new authentication method // POST /v1/account/{account_id}/authentication // https://api.aiven.io/doc/#tag/Account/operation/AccountAuthenticationMethodCreate + // Required roles or permissions: role:organization:admin AccountAuthenticationMethodCreate(ctx context.Context, accountId string, in *AccountAuthenticationMethodCreateIn) (*AccountAuthenticationMethodCreateOut, error) // AccountAuthenticationMethodDelete delete authentication method // DELETE /v1/account/{account_id}/authentication/{account_authentication_method_id} // https://api.aiven.io/doc/#tag/Account/operation/AccountAuthenticationMethodDelete + // Required roles or permissions: role:organization:admin AccountAuthenticationMethodDelete(ctx context.Context, accountId string, accountAuthenticationMethodId string) error // AccountAuthenticationMethodGet get details of a single authentication method // GET /v1/account/{account_id}/authentication/{account_authentication_method_id} // https://api.aiven.io/doc/#tag/Account/operation/AccountAuthenticationMethodGet + // Required roles or permissions: role:organization:admin AccountAuthenticationMethodGet(ctx context.Context, accountId string, accountAuthenticationMethodId string) (*AccountAuthenticationMethodGetOut, error) // AccountAuthenticationMethodUpdate update authentication method // PUT /v1/account/{account_id}/authentication/{account_authentication_method_id} // https://api.aiven.io/doc/#tag/Account/operation/AccountAuthenticationMethodUpdate + // Required roles or permissions: role:organization:admin AccountAuthenticationMethodUpdate(ctx context.Context, accountId string, accountAuthenticationMethodId string, in *AccountAuthenticationMethodUpdateIn) (*AccountAuthenticationMethodUpdateOut, error) // AccountAuthenticationMethodsList list authentication methods // GET /v1/account/{account_id}/authentication // https://api.aiven.io/doc/#tag/Account/operation/AccountAuthenticationMethodsList + // Required roles or permissions: role:organization:admin AccountAuthenticationMethodsList(ctx context.Context, accountId string) ([]AuthenticationMethodOut, error) } diff --git a/handler/alloydbomni/alloydbomni.go b/handler/alloydbomni/alloydbomni.go index 4665f15..eda46bf 100644 --- a/handler/alloydbomni/alloydbomni.go +++ b/handler/alloydbomni/alloydbomni.go @@ -13,16 +13,19 @@ type Handler interface { // AlloyDbOmniGoogleCloudPrivateKeyIdentify get Google service account key // GET /v1/project/{project}/service/{service_name}/alloydbomni/google_cloud_private_key // https://api.aiven.io/doc/#tag/Service:_AlloyDB_Omni/operation/AlloyDbOmniGoogleCloudPrivateKeyIdentify + // Required roles or permissions: service:data:write AlloyDbOmniGoogleCloudPrivateKeyIdentify(ctx context.Context, project string, serviceName string) (*AlloyDbOmniGoogleCloudPrivateKeyIdentifyOut, error) // AlloyDbOmniGoogleCloudPrivateKeyRemove delete Google service account key // DELETE /v1/project/{project}/service/{service_name}/alloydbomni/google_cloud_private_key // https://api.aiven.io/doc/#tag/Service:_AlloyDB_Omni/operation/AlloyDbOmniGoogleCloudPrivateKeyRemove + // Required roles or permissions: service:data:write AlloyDbOmniGoogleCloudPrivateKeyRemove(ctx context.Context, project string, serviceName string) (*AlloyDbOmniGoogleCloudPrivateKeyRemoveOut, error) // AlloyDbOmniGoogleCloudPrivateKeySet add Google service account key // POST /v1/project/{project}/service/{service_name}/alloydbomni/google_cloud_private_key // https://api.aiven.io/doc/#tag/Service:_AlloyDB_Omni/operation/AlloyDbOmniGoogleCloudPrivateKeySet + // Required roles or permissions: service:data:write AlloyDbOmniGoogleCloudPrivateKeySet(ctx context.Context, project string, serviceName string, in *AlloyDbOmniGoogleCloudPrivateKeySetIn) (*AlloyDbOmniGoogleCloudPrivateKeySetOut, error) } diff --git a/handler/applicationuser/applicationuser.go b/handler/applicationuser/applicationuser.go index 3aa9ee3..bbe49fd 100644 --- a/handler/applicationuser/applicationuser.go +++ b/handler/applicationuser/applicationuser.go @@ -14,48 +14,49 @@ type Handler interface { // ApplicationUserAccessTokenCreate create an application token // POST /v1/organization/{organization_id}/application-users/{user_id}/access-tokens // https://api.aiven.io/doc/#tag/Application_Users/operation/ApplicationUserAccessTokenCreate - // Required roles or permissions: organization:app_users:write, role:organization:admin + // Required roles or permissions: organization:app_users:write ApplicationUserAccessTokenCreate(ctx context.Context, organizationId string, userId string, in *ApplicationUserAccessTokenCreateIn) (*ApplicationUserAccessTokenCreateOut, error) // ApplicationUserAccessTokenDelete delete an application token // DELETE /v1/organization/{organization_id}/application-users/{user_id}/access-tokens/{token_prefix} // https://api.aiven.io/doc/#tag/Application_Users/operation/ApplicationUserAccessTokenDelete - // Required roles or permissions: organization:app_users:write, role:organization:admin + // Required roles or permissions: organization:app_users:write ApplicationUserAccessTokenDelete(ctx context.Context, organizationId string, userId string, tokenPrefix string) error // ApplicationUserAccessTokensList list application tokens // GET /v1/organization/{organization_id}/application-users/{user_id}/access-tokens // https://api.aiven.io/doc/#tag/Application_Users/operation/ApplicationUserAccessTokensList - // Required roles or permissions: role:organization:admin + // Required roles or permissions: organization:app_users:write ApplicationUserAccessTokensList(ctx context.Context, organizationId string, userId string) ([]TokenOut, error) // ApplicationUserCreate create an application user // POST /v1/organization/{organization_id}/application-users // https://api.aiven.io/doc/#tag/Application_Users/operation/ApplicationUserCreate - // Required roles or permissions: organization:app_users:write, role:organization:admin + // Required roles or permissions: organization:app_users:write ApplicationUserCreate(ctx context.Context, organizationId string, in *ApplicationUserCreateIn) (*ApplicationUserCreateOut, error) // ApplicationUserDelete delete an application user // DELETE /v1/organization/{organization_id}/application-users/{user_id} // https://api.aiven.io/doc/#tag/Application_Users/operation/ApplicationUserDelete - // Required roles or permissions: organization:app_users:write, role:organization:admin + // Required roles or permissions: organization:app_users:write ApplicationUserDelete(ctx context.Context, organizationId string, userId string) error // ApplicationUserGet get an application user // GET /v1/organization/{organization_id}/application-users/{user_id} // https://api.aiven.io/doc/#tag/Application_Users/operation/ApplicationUserGet - // Required roles or permissions: role:organization:admin + // Required roles or permissions: organization:app_users:write ApplicationUserGet(ctx context.Context, organizationId string, userId string) (*ApplicationUserGetOut, error) // ApplicationUserUpdate update details on an application user of the organization // PATCH /v1/organization/{organization_id}/application-users/{user_id} // https://api.aiven.io/doc/#tag/Application_Users/operation/ApplicationUserUpdate - // Required roles or permissions: organization:app_users:write, role:organization:admin + // Required roles or permissions: organization:app_users:write ApplicationUserUpdate(ctx context.Context, organizationId string, userId string, in *ApplicationUserUpdateIn) (*ApplicationUserUpdateOut, error) // ApplicationUsersList list application users // GET /v1/organization/{organization_id}/application-users // https://api.aiven.io/doc/#tag/Application_Users/operation/ApplicationUsersList + // Required roles or permissions: organization:app_users:write ApplicationUsersList(ctx context.Context, organizationId string) ([]ApplicationUserOut, error) } diff --git a/handler/billinggroup/billinggroup.go b/handler/billinggroup/billinggroup.go index d003a9c..8672160 100644 --- a/handler/billinggroup/billinggroup.go +++ b/handler/billinggroup/billinggroup.go @@ -14,79 +14,73 @@ type Handler interface { // BillingGroupCreate create a billing group // POST /v1/billing-group // https://api.aiven.io/doc/#tag/BillingGroup/operation/BillingGroupCreate - // Required roles or permissions: organization:billing:write, role:organization:admin BillingGroupCreate(ctx context.Context, in *BillingGroupCreateIn) (*BillingGroupCreateOut, error) // BillingGroupCreditsClaim claim a credit code // POST /v1/billing-group/{billing_group_id}/credits // https://api.aiven.io/doc/#tag/BillingGroup/operation/BillingGroupCreditsClaim - // Required roles or permissions: admin, role:organization:admin + // Required roles or permissions: developer, operator BillingGroupCreditsClaim(ctx context.Context, billingGroupId string, in *BillingGroupCreditsClaimIn) (*BillingGroupCreditsClaimOut, error) // BillingGroupCreditsList list billing group credits // GET /v1/billing-group/{billing_group_id}/credits // https://api.aiven.io/doc/#tag/BillingGroup/operation/BillingGroupCreditsList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: developer, operator, read_only BillingGroupCreditsList(ctx context.Context, billingGroupId string) ([]CreditOut, error) // BillingGroupDelete delete billing group // DELETE /v1/billing-group/{billing_group_id} // https://api.aiven.io/doc/#tag/BillingGroup/operation/BillingGroupDelete - // Required roles or permissions: admin, role:organization:admin BillingGroupDelete(ctx context.Context, billingGroupId string) error // BillingGroupEventList list billing group events // GET /v1/billing-group/{billing_group_id}/events // https://api.aiven.io/doc/#tag/BillingGroup/operation/BillingGroupEventList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: developer, operator, read_only BillingGroupEventList(ctx context.Context, billingGroupId string) ([]EventOut, error) // BillingGroupGet get billing group details // GET /v1/billing-group/{billing_group_id} // https://api.aiven.io/doc/#tag/BillingGroup/operation/BillingGroupGet - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: developer, operator, read_only BillingGroupGet(ctx context.Context, billingGroupId string) (*BillingGroupGetOut, error) // BillingGroupInvoiceLinesList get invoice lines for a single invoice // GET /v1/billing-group/{billing_group_id}/invoice/{invoice_number}/lines // https://api.aiven.io/doc/#tag/BillingGroup/operation/BillingGroupInvoiceLinesList - // Required roles or permissions: admin, role:organization:admin + // Required roles or permissions: operator BillingGroupInvoiceLinesList(ctx context.Context, billingGroupId string, invoiceNumber string) ([]LineOut, error) // BillingGroupInvoiceList get invoices generated for billing group // GET /v1/billing-group/{billing_group_id}/invoice // https://api.aiven.io/doc/#tag/BillingGroup/operation/BillingGroupInvoiceList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: developer, operator, read_only BillingGroupInvoiceList(ctx context.Context, billingGroupId string) ([]InvoiceOut, error) // BillingGroupList list billing groups // GET /v1/billing-group // https://api.aiven.io/doc/#tag/BillingGroup/operation/BillingGroupList - // Required roles or permissions: organization:billing:read, role:organization:admin BillingGroupList(ctx context.Context) ([]BillingGroupOut, error) // BillingGroupProjectAssign assign project to billing group // POST /v1/billing-group/{billing_group_id}/project-assign/{project} // https://api.aiven.io/doc/#tag/BillingGroup/operation/BillingGroupProjectAssign - // Required roles or permissions: admin, role:organization:admin BillingGroupProjectAssign(ctx context.Context, billingGroupId string, project string) error // BillingGroupProjectList get projects assigned to billing group // GET /v1/billing-group/{billing_group_id}/projects // https://api.aiven.io/doc/#tag/BillingGroup/operation/BillingGroupProjectList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: developer, operator, read_only BillingGroupProjectList(ctx context.Context, billingGroupId string) ([]ProjectOut, error) // BillingGroupProjectsAssign assign projects to billing group // POST /v1/billing-group/{billing_group_id}/projects-assign // https://api.aiven.io/doc/#tag/BillingGroup/operation/BillingGroupProjectsAssign - // Required roles or permissions: admin, role:organization:admin BillingGroupProjectsAssign(ctx context.Context, billingGroupId string, in *BillingGroupProjectsAssignIn) error // BillingGroupUpdate update billing group // PUT /v1/billing-group/{billing_group_id} // https://api.aiven.io/doc/#tag/BillingGroup/operation/BillingGroupUpdate - // Required roles or permissions: admin, role:organization:admin BillingGroupUpdate(ctx context.Context, billingGroupId string, in *BillingGroupUpdateIn) (*BillingGroupUpdateOut, error) } diff --git a/handler/clickhouse/clickhouse.go b/handler/clickhouse/clickhouse.go index 4be1d6d..bd57592 100644 --- a/handler/clickhouse/clickhouse.go +++ b/handler/clickhouse/clickhouse.go @@ -13,67 +13,67 @@ type Handler interface { // ServiceClickHouseCurrentQueries list active queries // GET /v1/project/{project}/service/{service_name}/clickhouse/query // https://api.aiven.io/doc/#tag/Service:_ClickHouse/operation/ServiceClickHouseCurrentQueries - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceClickHouseCurrentQueries(ctx context.Context, project string, serviceName string) ([]QueryOut, error) // ServiceClickHouseDatabaseCreate create a database // POST /v1/project/{project}/service/{service_name}/clickhouse/db // https://api.aiven.io/doc/#tag/Service:_ClickHouse/operation/ServiceClickHouseDatabaseCreate - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceClickHouseDatabaseCreate(ctx context.Context, project string, serviceName string, in *ServiceClickHouseDatabaseCreateIn) error // ServiceClickHouseDatabaseDelete delete a database // DELETE /v1/project/{project}/service/{service_name}/clickhouse/db/{database} // https://api.aiven.io/doc/#tag/Service:_ClickHouse/operation/ServiceClickHouseDatabaseDelete - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceClickHouseDatabaseDelete(ctx context.Context, project string, serviceName string, database string) error // ServiceClickHouseDatabaseList list all databases // GET /v1/project/{project}/service/{service_name}/clickhouse/db // https://api.aiven.io/doc/#tag/Service:_ClickHouse/operation/ServiceClickHouseDatabaseList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceClickHouseDatabaseList(ctx context.Context, project string, serviceName string) ([]DatabaseOut, error) // ServiceClickHousePasswordReset reset a user's password // PUT /v1/project/{project}/service/{service_name}/clickhouse/user/{user_uuid}/password // https://api.aiven.io/doc/#tag/Service:_ClickHouse/operation/ServiceClickHousePasswordReset - // Required roles or permissions: admin, role:organization:admin, service:data:write, service:users:write + // Required roles or permissions: service:data:write, service:users:write ServiceClickHousePasswordReset(ctx context.Context, project string, serviceName string, userUuid string, in *ServiceClickHousePasswordResetIn) (string, error) // ServiceClickHouseQuery execute an SQL query // POST /v1/project/{project}/service/{service_name}/clickhouse/query // https://api.aiven.io/doc/#tag/Service:_ClickHouse/operation/ServiceClickHouseQuery - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceClickHouseQuery(ctx context.Context, project string, serviceName string, in *ServiceClickHouseQueryIn) (*ServiceClickHouseQueryOut, error) // ServiceClickHouseQueryStats return statistics on recent queries // GET /v1/project/{project}/service/{service_name}/clickhouse/query/stats // https://api.aiven.io/doc/#tag/Service:_ClickHouse/operation/ServiceClickHouseQueryStats - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceClickHouseQueryStats(ctx context.Context, project string, serviceName string, query ...[2]string) ([]ServiceClickHouseQueryStatsOut, error) // ServiceClickHouseTieredStorageSummary get the ClickHouse tiered storage summary // GET /v1/project/{project}/service/{service_name}/clickhouse/tiered-storage/summary // https://api.aiven.io/doc/#tag/Service:_ClickHouse/operation/ServiceClickHouseTieredStorageSummary - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceClickHouseTieredStorageSummary(ctx context.Context, project string, serviceName string) (*ServiceClickHouseTieredStorageSummaryOut, error) // ServiceClickHouseUserCreate create a ClickHouse user // POST /v1/project/{project}/service/{service_name}/clickhouse/user // https://api.aiven.io/doc/#tag/Service:_ClickHouse/operation/ServiceClickHouseUserCreate - // Required roles or permissions: admin, role:organization:admin, service:data:write, service:users:write + // Required roles or permissions: service:data:write, service:users:write ServiceClickHouseUserCreate(ctx context.Context, project string, serviceName string, in *ServiceClickHouseUserCreateIn) (*ServiceClickHouseUserCreateOut, error) // ServiceClickHouseUserDelete delete a user // DELETE /v1/project/{project}/service/{service_name}/clickhouse/user/{user_uuid} // https://api.aiven.io/doc/#tag/Service:_ClickHouse/operation/ServiceClickHouseUserDelete - // Required roles or permissions: admin, role:organization:admin, service:data:write, service:users:write + // Required roles or permissions: service:data:write, service:users:write ServiceClickHouseUserDelete(ctx context.Context, project string, serviceName string, userUuid string) error // ServiceClickHouseUserList list all users // GET /v1/project/{project}/service/{service_name}/clickhouse/user // https://api.aiven.io/doc/#tag/Service:_ClickHouse/operation/ServiceClickHouseUserList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write, service:users:write ServiceClickHouseUserList(ctx context.Context, project string, serviceName string) ([]UserOut, error) } diff --git a/handler/cloud/cloud.go b/handler/cloud/cloud.go index 6866eec..eb39514 100644 --- a/handler/cloud/cloud.go +++ b/handler/cloud/cloud.go @@ -18,6 +18,7 @@ type Handler interface { // ListProjectClouds list cloud platforms for a project // GET /v1/project/{project}/clouds // https://api.aiven.io/doc/#tag/Cloud_platforms/operation/ListProjectClouds + // Required roles or permissions: project:services:write ListProjectClouds(ctx context.Context, project string) ([]CloudOut, error) } diff --git a/handler/domain/domain.go b/handler/domain/domain.go index 2ea2fe0..6c61586 100644 --- a/handler/domain/domain.go +++ b/handler/domain/domain.go @@ -14,31 +14,31 @@ type Handler interface { // OrganizationDomainAdd create a domain // POST /v1/organization/{organization_id}/domains // https://api.aiven.io/doc/#tag/Domains/operation/OrganizationDomainAdd - // Required roles or permissions: organization:domains:write, role:organization:admin + // Required roles or permissions: organization:domains:write OrganizationDomainAdd(ctx context.Context, organizationId string, in *OrganizationDomainAddIn) (*OrganizationDomainAddOut, error) // OrganizationDomainUpdate update a domain // PATCH /v1/organization/{organization_id}/domains/{domain_id} // https://api.aiven.io/doc/#tag/Domains/operation/OrganizationDomainUpdate - // Required roles or permissions: organization:domains:write, role:organization:admin + // Required roles or permissions: organization:domains:write OrganizationDomainUpdate(ctx context.Context, organizationId string, domainId string, in *OrganizationDomainUpdateIn) (*OrganizationDomainUpdateOut, error) // OrganizationDomainVerify verify a domain // POST /v1/organization/{organization_id}/domains/{domain_id}/verify // https://api.aiven.io/doc/#tag/Domains/operation/OrganizationDomainVerify - // Required roles or permissions: organization:domains:write, role:organization:admin + // Required roles or permissions: organization:domains:write OrganizationDomainVerify(ctx context.Context, organizationId string, domainId string) (*OrganizationDomainVerifyOut, error) // OrganizationDomainsList list domains // GET /v1/organization/{organization_id}/domains // https://api.aiven.io/doc/#tag/Domains/operation/OrganizationDomainsList - // Required roles or permissions: role:organization:admin + // Required roles or permissions: organization:domains:write OrganizationDomainsList(ctx context.Context, organizationId string) ([]DomainOut, error) // OrganizationDomainsRemove delete a domain // DELETE /v1/organization/{organization_id}/domains/{domain_id} // https://api.aiven.io/doc/#tag/Domains/operation/OrganizationDomainsRemove - // Required roles or permissions: organization:domains:write, role:organization:admin + // Required roles or permissions: organization:domains:write OrganizationDomainsRemove(ctx context.Context, organizationId string, domainId string) error } diff --git a/handler/flink/flink.go b/handler/flink/flink.go index 719b222..b4e4672 100644 --- a/handler/flink/flink.go +++ b/handler/flink/flink.go @@ -13,7 +13,7 @@ type Handler interface { // ServiceFlinkOverview get a cluster overview // GET /v1/project/{project}/service/{service_name}/flink/overview // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkOverview - // Required roles or permissions: admin, role:organization:admin + // Required roles or permissions: service:data:write ServiceFlinkOverview(ctx context.Context, project string, serviceName string) (*ServiceFlinkOverviewOut, error) } diff --git a/handler/flinkapplication/flinkapplication.go b/handler/flinkapplication/flinkapplication.go index 322eb05..8ddec96 100644 --- a/handler/flinkapplication/flinkapplication.go +++ b/handler/flinkapplication/flinkapplication.go @@ -14,26 +14,31 @@ type Handler interface { // ServiceFlinkCreateApplication create a Flink Application // POST /v1/project/{project}/service/{service_name}/flink/application // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkCreateApplication + // Required roles or permissions: service:data:write ServiceFlinkCreateApplication(ctx context.Context, project string, serviceName string, in *ServiceFlinkCreateApplicationIn) (*ServiceFlinkCreateApplicationOut, error) // ServiceFlinkDeleteApplication delete a Flink Application // DELETE /v1/project/{project}/service/{service_name}/flink/application/{application_id} // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkDeleteApplication + // Required roles or permissions: service:data:write ServiceFlinkDeleteApplication(ctx context.Context, project string, serviceName string, applicationId string) (*ServiceFlinkDeleteApplicationOut, error) // ServiceFlinkGetApplication get a Flink Application // GET /v1/project/{project}/service/{service_name}/flink/application/{application_id} // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkGetApplication + // Required roles or permissions: service:data:write ServiceFlinkGetApplication(ctx context.Context, project string, serviceName string, applicationId string) (*ServiceFlinkGetApplicationOut, error) // ServiceFlinkListApplications get all Flink Applications // GET /v1/project/{project}/service/{service_name}/flink/application // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkListApplications + // Required roles or permissions: service:data:write ServiceFlinkListApplications(ctx context.Context, project string, serviceName string) ([]ApplicationOut, error) // ServiceFlinkUpdateApplication update a Flink Application // PUT /v1/project/{project}/service/{service_name}/flink/application/{application_id} // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkUpdateApplication + // Required roles or permissions: service:data:write ServiceFlinkUpdateApplication(ctx context.Context, project string, serviceName string, applicationId string, in *ServiceFlinkUpdateApplicationIn) (*ServiceFlinkUpdateApplicationOut, error) } diff --git a/handler/flinkapplicationdeployment/flinkapplicationdeployment.go b/handler/flinkapplicationdeployment/flinkapplicationdeployment.go index 785d48f..05bc7db 100644 --- a/handler/flinkapplicationdeployment/flinkapplicationdeployment.go +++ b/handler/flinkapplicationdeployment/flinkapplicationdeployment.go @@ -14,31 +14,37 @@ type Handler interface { // ServiceFlinkCancelApplicationDeployment cancel an ApplicationDeployment // POST /v1/project/{project}/service/{service_name}/flink/application/{application_id}/deployment/{deployment_id}/cancel // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkCancelApplicationDeployment + // Required roles or permissions: service:data:write ServiceFlinkCancelApplicationDeployment(ctx context.Context, project string, serviceName string, applicationId string, deploymentId string) (*ServiceFlinkCancelApplicationDeploymentOut, error) // ServiceFlinkCreateApplicationDeployment create an ApplicationDeployment // POST /v1/project/{project}/service/{service_name}/flink/application/{application_id}/deployment // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkCreateApplicationDeployment + // Required roles or permissions: service:data:write ServiceFlinkCreateApplicationDeployment(ctx context.Context, project string, serviceName string, applicationId string, in *ServiceFlinkCreateApplicationDeploymentIn) (*ServiceFlinkCreateApplicationDeploymentOut, error) // ServiceFlinkDeleteApplicationDeployment delete an ApplicationDeployment // DELETE /v1/project/{project}/service/{service_name}/flink/application/{application_id}/deployment/{deployment_id} // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkDeleteApplicationDeployment + // Required roles or permissions: service:data:write ServiceFlinkDeleteApplicationDeployment(ctx context.Context, project string, serviceName string, applicationId string, deploymentId string) (*ServiceFlinkDeleteApplicationDeploymentOut, error) // ServiceFlinkGetApplicationDeployment get an ApplicationDeployment // GET /v1/project/{project}/service/{service_name}/flink/application/{application_id}/deployment/{deployment_id} // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkGetApplicationDeployment + // Required roles or permissions: service:data:write ServiceFlinkGetApplicationDeployment(ctx context.Context, project string, serviceName string, applicationId string, deploymentId string) (*ServiceFlinkGetApplicationDeploymentOut, error) // ServiceFlinkListApplicationDeployments get all ApplicationDeployments // GET /v1/project/{project}/service/{service_name}/flink/application/{application_id}/deployment // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkListApplicationDeployments + // Required roles or permissions: service:data:write ServiceFlinkListApplicationDeployments(ctx context.Context, project string, serviceName string, applicationId string) ([]DeploymentOut, error) // ServiceFlinkStopApplicationDeployment stop an ApplicationDeployment // POST /v1/project/{project}/service/{service_name}/flink/application/{application_id}/deployment/{deployment_id}/stop // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkStopApplicationDeployment + // Required roles or permissions: service:data:write ServiceFlinkStopApplicationDeployment(ctx context.Context, project string, serviceName string, applicationId string, deploymentId string) (*ServiceFlinkStopApplicationDeploymentOut, error) } diff --git a/handler/flinkapplicationversion/flinkapplicationversion.go b/handler/flinkapplicationversion/flinkapplicationversion.go index 90ec571..c24d577 100644 --- a/handler/flinkapplicationversion/flinkapplicationversion.go +++ b/handler/flinkapplicationversion/flinkapplicationversion.go @@ -14,21 +14,25 @@ type Handler interface { // ServiceFlinkCreateApplicationVersion create a Flink ApplicationVersion // POST /v1/project/{project}/service/{service_name}/flink/application/{application_id}/version // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkCreateApplicationVersion + // Required roles or permissions: service:data:write ServiceFlinkCreateApplicationVersion(ctx context.Context, project string, serviceName string, applicationId string, in *ServiceFlinkCreateApplicationVersionIn) (*ServiceFlinkCreateApplicationVersionOut, error) // ServiceFlinkDeleteApplicationVersion delete a Flink ApplicationVersion // DELETE /v1/project/{project}/service/{service_name}/flink/application/{application_id}/version/{application_version_id} // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkDeleteApplicationVersion + // Required roles or permissions: service:data:write ServiceFlinkDeleteApplicationVersion(ctx context.Context, project string, serviceName string, applicationId string, applicationVersionId string) (*ServiceFlinkDeleteApplicationVersionOut, error) // ServiceFlinkGetApplicationVersion get a Flink ApplicationVersion // GET /v1/project/{project}/service/{service_name}/flink/application/{application_id}/version/{application_version_id} // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkGetApplicationVersion + // Required roles or permissions: service:data:write ServiceFlinkGetApplicationVersion(ctx context.Context, project string, serviceName string, applicationId string, applicationVersionId string) (*ServiceFlinkGetApplicationVersionOut, error) // ServiceFlinkValidateApplicationVersion validate a Flink ApplicationVersion // POST /v1/project/{project}/service/{service_name}/flink/application/{application_id}/version/validate // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkValidateApplicationVersion + // Required roles or permissions: service:data:write ServiceFlinkValidateApplicationVersion(ctx context.Context, project string, serviceName string, applicationId string, in *ServiceFlinkValidateApplicationVersionIn) (*ServiceFlinkValidateApplicationVersionOut, error) } diff --git a/handler/flinkjarapplication/flinkjarapplication.go b/handler/flinkjarapplication/flinkjarapplication.go index a387677..5958f71 100644 --- a/handler/flinkjarapplication/flinkjarapplication.go +++ b/handler/flinkjarapplication/flinkjarapplication.go @@ -14,26 +14,31 @@ type Handler interface { // ServiceFlinkCreateJarApplication [EXPERIMENTAL] Create a Flink JarApplication // POST /v1/project/{project}/service/{service_name}/flink/jar_application // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkCreateJarApplication + // Required roles or permissions: service:data:write ServiceFlinkCreateJarApplication(ctx context.Context, project string, serviceName string, in *ServiceFlinkCreateJarApplicationIn) (*ServiceFlinkCreateJarApplicationOut, error) // ServiceFlinkDeleteJarApplication [EXPERIMENTAL] Delete a Flink JarApplication // DELETE /v1/project/{project}/service/{service_name}/flink/jar_application/{application_id} // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkDeleteJarApplication + // Required roles or permissions: service:data:write ServiceFlinkDeleteJarApplication(ctx context.Context, project string, serviceName string, applicationId string) (*ServiceFlinkDeleteJarApplicationOut, error) // ServiceFlinkGetJarApplication [EXPERIMENTAL] Get a Flink JarApplication // GET /v1/project/{project}/service/{service_name}/flink/jar_application/{application_id} // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkGetJarApplication + // Required roles or permissions: service:data:write ServiceFlinkGetJarApplication(ctx context.Context, project string, serviceName string, applicationId string) (*ServiceFlinkGetJarApplicationOut, error) // ServiceFlinkListJarApplications [EXPERIMENTAL] Get all Flink JarApplications // GET /v1/project/{project}/service/{service_name}/flink/jar_application // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkListJarApplications + // Required roles or permissions: service:data:write ServiceFlinkListJarApplications(ctx context.Context, project string, serviceName string) ([]ApplicationOut, error) // ServiceFlinkUpdateJarApplication [EXPERIMENTAL] Update a Flink JarApplication // PUT /v1/project/{project}/service/{service_name}/flink/jar_application/{application_id} // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkUpdateJarApplication + // Required roles or permissions: service:data:write ServiceFlinkUpdateJarApplication(ctx context.Context, project string, serviceName string, applicationId string, in *ServiceFlinkUpdateJarApplicationIn) (*ServiceFlinkUpdateJarApplicationOut, error) } diff --git a/handler/flinkjarapplicationdeployment/flinkjarapplicationdeployment.go b/handler/flinkjarapplicationdeployment/flinkjarapplicationdeployment.go index 425d1a3..29fa880 100644 --- a/handler/flinkjarapplicationdeployment/flinkjarapplicationdeployment.go +++ b/handler/flinkjarapplicationdeployment/flinkjarapplicationdeployment.go @@ -14,31 +14,37 @@ type Handler interface { // ServiceFlinkCancelJarApplicationDeployment [EXPERIMENTAL] Cancel a JarApplicationDeployment // POST /v1/project/{project}/service/{service_name}/flink/jar_application/{application_id}/deployment/{deployment_id}/cancel // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkCancelJarApplicationDeployment + // Required roles or permissions: service:data:write ServiceFlinkCancelJarApplicationDeployment(ctx context.Context, project string, serviceName string, applicationId string, deploymentId string) (*ServiceFlinkCancelJarApplicationDeploymentOut, error) // ServiceFlinkCreateJarApplicationDeployment [EXPERIMENTAL] Create an JarApplicationDeployment // POST /v1/project/{project}/service/{service_name}/flink/jar_application/{application_id}/deployment // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkCreateJarApplicationDeployment + // Required roles or permissions: service:data:write ServiceFlinkCreateJarApplicationDeployment(ctx context.Context, project string, serviceName string, applicationId string, in *ServiceFlinkCreateJarApplicationDeploymentIn) (*ServiceFlinkCreateJarApplicationDeploymentOut, error) // ServiceFlinkDeleteJarApplicationDeployment [EXPERIMENTAL] Delete a JarApplicationDeployment // DELETE /v1/project/{project}/service/{service_name}/flink/jar_application/{application_id}/deployment/{deployment_id} // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkDeleteJarApplicationDeployment + // Required roles or permissions: service:data:write ServiceFlinkDeleteJarApplicationDeployment(ctx context.Context, project string, serviceName string, applicationId string, deploymentId string) (*ServiceFlinkDeleteJarApplicationDeploymentOut, error) // ServiceFlinkGetJarApplicationDeployment [EXPERIMENTAL] Get a JarApplicationDeployment // GET /v1/project/{project}/service/{service_name}/flink/jar_application/{application_id}/deployment/{deployment_id} // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkGetJarApplicationDeployment + // Required roles or permissions: service:data:write ServiceFlinkGetJarApplicationDeployment(ctx context.Context, project string, serviceName string, applicationId string, deploymentId string) (*ServiceFlinkGetJarApplicationDeploymentOut, error) // ServiceFlinkListJarApplicationDeployments [EXPERIMENTAL] Get all JarApplicationDeployments // GET /v1/project/{project}/service/{service_name}/flink/jar_application/{application_id}/deployment // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkListJarApplicationDeployments + // Required roles or permissions: service:data:write ServiceFlinkListJarApplicationDeployments(ctx context.Context, project string, serviceName string, applicationId string) ([]DeploymentOut, error) // ServiceFlinkStopJarApplicationDeployment [EXPERIMENTAL] Stop an JarApplicationDeployment // POST /v1/project/{project}/service/{service_name}/flink/jar_application/{application_id}/deployment/{deployment_id}/stop // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkStopJarApplicationDeployment + // Required roles or permissions: service:data:write ServiceFlinkStopJarApplicationDeployment(ctx context.Context, project string, serviceName string, applicationId string, deploymentId string) (*ServiceFlinkStopJarApplicationDeploymentOut, error) } diff --git a/handler/flinkjarapplicationversion/flinkjarapplicationversion.go b/handler/flinkjarapplicationversion/flinkjarapplicationversion.go index f2291b2..25fd303 100644 --- a/handler/flinkjarapplicationversion/flinkjarapplicationversion.go +++ b/handler/flinkjarapplicationversion/flinkjarapplicationversion.go @@ -14,16 +14,19 @@ type Handler interface { // ServiceFlinkCreateJarApplicationVersion [EXPERIMENTAL] Create a Flink JarApplicationVersion // POST /v1/project/{project}/service/{service_name}/flink/jar_application/{application_id}/version // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkCreateJarApplicationVersion + // Required roles or permissions: service:data:write ServiceFlinkCreateJarApplicationVersion(ctx context.Context, project string, serviceName string, applicationId string) (*ServiceFlinkCreateJarApplicationVersionOut, error) // ServiceFlinkDeleteJarApplicationVersion [EXPERIMENTAL] Delete a Flink JarApplicationVersion // DELETE /v1/project/{project}/service/{service_name}/flink/jar_application/{application_id}/version/{application_version_id} // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkDeleteJarApplicationVersion + // Required roles or permissions: service:data:write ServiceFlinkDeleteJarApplicationVersion(ctx context.Context, project string, serviceName string, applicationId string, applicationVersionId string) (*ServiceFlinkDeleteJarApplicationVersionOut, error) // ServiceFlinkGetJarApplicationVersion [EXPERIMENTAL] Get a Flink JarApplicationVersion // GET /v1/project/{project}/service/{service_name}/flink/jar_application/{application_id}/version/{application_version_id} // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkGetJarApplicationVersion + // Required roles or permissions: service:data:write ServiceFlinkGetJarApplicationVersion(ctx context.Context, project string, serviceName string, applicationId string, applicationVersionId string) (*ServiceFlinkGetJarApplicationVersionOut, error) } diff --git a/handler/flinkjob/flinkjob.go b/handler/flinkjob/flinkjob.go index 21b984a..b6df130 100644 --- a/handler/flinkjob/flinkjob.go +++ b/handler/flinkjob/flinkjob.go @@ -13,12 +13,13 @@ type Handler interface { // ServiceFlinkJobDetails get a Flink job info // GET /v1/project/{project}/service/{service_name}/flink/job/{job_id} // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkJobDetails - // Required roles or permissions: admin, role:organization:admin + // Required roles or permissions: service:data:write ServiceFlinkJobDetails(ctx context.Context, project string, serviceName string, jobId string) (*ServiceFlinkJobDetailsOut, error) // ServiceFlinkJobsList get all Flink jobs // GET /v1/project/{project}/service/{service_name}/flink/job // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkJobsList + // Required roles or permissions: service:data:write ServiceFlinkJobsList(ctx context.Context, project string, serviceName string) ([]JobOut, error) } diff --git a/handler/kafka/kafka.go b/handler/kafka/kafka.go index bc01992..699fe5c 100644 --- a/handler/kafka/kafka.go +++ b/handler/kafka/kafka.go @@ -13,85 +13,85 @@ type Handler interface { // ServiceKafkaAclAdd add Aiven Kafka ACL entry // POST /v1/project/{project}/service/{service_name}/acl // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaAclAdd - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceKafkaAclAdd(ctx context.Context, project string, serviceName string, in *ServiceKafkaAclAddIn) ([]AclOut, error) // ServiceKafkaAclDelete delete a Kafka ACL entry // DELETE /v1/project/{project}/service/{service_name}/acl/{kafka_acl_id} // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaAclDelete - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceKafkaAclDelete(ctx context.Context, project string, serviceName string, kafkaAclId string) ([]AclOut, error) // ServiceKafkaAclList list Aiven ACL entries for Kafka service // GET /v1/project/{project}/service/{service_name}/acl // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaAclList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceKafkaAclList(ctx context.Context, project string, serviceName string) ([]AclOut, error) // ServiceKafkaNativeAclAdd add a Kafka-native ACL entry // POST /v1/project/{project}/service/{service_name}/kafka/acl // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaNativeAclAdd - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceKafkaNativeAclAdd(ctx context.Context, project string, serviceName string, in *ServiceKafkaNativeAclAddIn) (*ServiceKafkaNativeAclAddOut, error) // ServiceKafkaNativeAclDelete delete a Kafka-native ACL entry // DELETE /v1/project/{project}/service/{service_name}/kafka/acl/{kafka_acl_id} // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaNativeAclDelete - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceKafkaNativeAclDelete(ctx context.Context, project string, serviceName string, kafkaAclId string) error // ServiceKafkaNativeAclGet get single Kafka-native ACL entry // GET /v1/project/{project}/service/{service_name}/kafka/acl/{kafka_acl_id} // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaNativeAclGet - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceKafkaNativeAclGet(ctx context.Context, project string, serviceName string, kafkaAclId string) (*ServiceKafkaNativeAclGetOut, error) // ServiceKafkaNativeAclList list Kafka-native ACL entries // GET /v1/project/{project}/service/{service_name}/kafka/acl // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaNativeAclList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceKafkaNativeAclList(ctx context.Context, project string, serviceName string) (*ServiceKafkaNativeAclListOut, error) // ServiceKafkaQuotaCreate create Kafka quota // POST /v1/project/{project}/service/{service_name}/quota // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaQuotaCreate - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceKafkaQuotaCreate(ctx context.Context, project string, serviceName string, in *ServiceKafkaQuotaCreateIn) error // ServiceKafkaQuotaDelete delete Kafka quota // DELETE /v1/project/{project}/service/{service_name}/quota // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaQuotaDelete - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceKafkaQuotaDelete(ctx context.Context, project string, serviceName string, query ...[2]string) error // ServiceKafkaQuotaDescribe get service quota configuration // GET /v1/project/{project}/service/{service_name}/quota/describe // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaQuotaDescribe - // Required roles or permissions: admin, role:organization:admin + // Required roles or permissions: service:data:write ServiceKafkaQuotaDescribe(ctx context.Context, project string, serviceName string, query ...[2]string) (*ServiceKafkaQuotaDescribeOut, error) // ServiceKafkaQuotaList list Kafka quotas // GET /v1/project/{project}/service/{service_name}/quota // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaQuotaList - // Required roles or permissions: admin, role:organization:admin + // Required roles or permissions: service:data:write ServiceKafkaQuotaList(ctx context.Context, project string, serviceName string) ([]QuotaOut, error) // ServiceKafkaTieredStorageStorageUsageByTopic get the Kafka tiered storage object storage usage by topic // GET /v1/project/{project}/service/{service_name}/kafka/tiered-storage/storage-usage/by-topic // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaTieredStorageStorageUsageByTopic - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceKafkaTieredStorageStorageUsageByTopic(ctx context.Context, project string, serviceName string) (map[string]any, error) // ServiceKafkaTieredStorageStorageUsageTotal get the Kafka tiered storage total object storage usage // GET /v1/project/{project}/service/{service_name}/kafka/tiered-storage/storage-usage/total // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaTieredStorageStorageUsageTotal - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceKafkaTieredStorageStorageUsageTotal(ctx context.Context, project string, serviceName string) (int, error) // ServiceKafkaTieredStorageSummary get the Kafka tiered storage summary // GET /v1/project/{project}/service/{service_name}/kafka/tiered-storage/summary // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaTieredStorageSummary - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceKafkaTieredStorageSummary(ctx context.Context, project string, serviceName string) (*ServiceKafkaTieredStorageSummaryOut, error) } diff --git a/handler/kafkaconnect/kafkaconnect.go b/handler/kafkaconnect/kafkaconnect.go index 0bc3adf..e449e31 100644 --- a/handler/kafkaconnect/kafkaconnect.go +++ b/handler/kafkaconnect/kafkaconnect.go @@ -13,62 +13,67 @@ type Handler interface { // ServiceKafkaConnectCreateConnector create a Kafka Connect connector // POST /v1/project/{project}/service/{service_name}/connectors // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaConnectCreateConnector + // Required roles or permissions: service:data:write ServiceKafkaConnectCreateConnector(ctx context.Context, project string, serviceName string, in *map[string]string) (*ServiceKafkaConnectCreateConnectorOut, error) // ServiceKafkaConnectDeleteConnector delete Kafka Connect connector // DELETE /v1/project/{project}/service/{service_name}/connectors/{connector_name} // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaConnectDeleteConnector + // Required roles or permissions: service:data:write ServiceKafkaConnectDeleteConnector(ctx context.Context, project string, serviceName string, connectorName string) error // ServiceKafkaConnectEditConnector edit Kafka Connect connector // PUT /v1/project/{project}/service/{service_name}/connectors/{connector_name} // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaConnectEditConnector + // Required roles or permissions: service:data:write ServiceKafkaConnectEditConnector(ctx context.Context, project string, serviceName string, connectorName string, in *map[string]string) (*ServiceKafkaConnectEditConnectorOut, error) // ServiceKafkaConnectGetAvailableConnectors get available Kafka Connect connectors // GET /v1/project/{project}/service/{service_name}/available-connectors // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaConnectGetAvailableConnectors - // Required roles or permissions: admin, role:organization:admin + // Required roles or permissions: service:data:write ServiceKafkaConnectGetAvailableConnectors(ctx context.Context, project string, serviceName string) ([]ServiceKafkaConnectGetAvailableConnectorsOut, error) // ServiceKafkaConnectGetConnectorConfiguration get Kafka Connect connector configuration schema // GET /v1/project/{project}/service/{service_name}/connector-plugins/{connector_name}/configuration // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaConnectGetConnectorConfiguration + // Required roles or permissions: service:data:write ServiceKafkaConnectGetConnectorConfiguration(ctx context.Context, project string, serviceName string, connectorName string) ([]ConfigurationSchemaOut, error) // ServiceKafkaConnectGetConnectorStatus get a Kafka Connect Connector status // GET /v1/project/{project}/service/{service_name}/connectors/{connector_name}/status // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaConnectGetConnectorStatus - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceKafkaConnectGetConnectorStatus(ctx context.Context, project string, serviceName string, connectorName string) (*ServiceKafkaConnectGetConnectorStatusOut, error) // ServiceKafkaConnectList lists Kafka connectors // GET /v1/project/{project}/service/{service_name}/connectors // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaConnectList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceKafkaConnectList(ctx context.Context, project string, serviceName string) ([]ConnectorOut, error) // ServiceKafkaConnectPauseConnector pause a Kafka Connect Connector // POST /v1/project/{project}/service/{service_name}/connectors/{connector_name}/pause // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaConnectPauseConnector - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceKafkaConnectPauseConnector(ctx context.Context, project string, serviceName string, connectorName string) error // ServiceKafkaConnectRestartConnector restart a Kafka Connect Connector // POST /v1/project/{project}/service/{service_name}/connectors/{connector_name}/restart // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaConnectRestartConnector - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceKafkaConnectRestartConnector(ctx context.Context, project string, serviceName string, connectorName string) error // ServiceKafkaConnectRestartConnectorTask restart a Kafka Connect Connector task // POST /v1/project/{project}/service/{service_name}/connectors/{connector_name}/tasks/{task_id}/restart // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaConnectRestartConnectorTask + // Required roles or permissions: service:data:write ServiceKafkaConnectRestartConnectorTask(ctx context.Context, project string, serviceName string, connectorName string, taskId string) error // ServiceKafkaConnectResumeConnector resume a Kafka Connect Connector // POST /v1/project/{project}/service/{service_name}/connectors/{connector_name}/resume // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaConnectResumeConnector - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceKafkaConnectResumeConnector(ctx context.Context, project string, serviceName string, connectorName string) error } diff --git a/handler/kafkamirrormaker/kafkamirrormaker.go b/handler/kafkamirrormaker/kafkamirrormaker.go index 6702108..45b1fac 100644 --- a/handler/kafkamirrormaker/kafkamirrormaker.go +++ b/handler/kafkamirrormaker/kafkamirrormaker.go @@ -13,26 +13,31 @@ type Handler interface { // ServiceKafkaMirrorMakerCreateReplicationFlow create a replication flow // POST /v1/project/{project}/service/{service_name}/mirrormaker/replication-flows // https://api.aiven.io/doc/#tag/Service:_Kafka_MirrorMaker/operation/ServiceKafkaMirrorMakerCreateReplicationFlow + // Required roles or permissions: service:data:write ServiceKafkaMirrorMakerCreateReplicationFlow(ctx context.Context, project string, serviceName string, in *ServiceKafkaMirrorMakerCreateReplicationFlowIn) error // ServiceKafkaMirrorMakerDeleteReplicationFlow delete a replication flow // DELETE /v1/project/{project}/service/{service_name}/mirrormaker/replication-flows/{source_cluster}/{target_cluster} // https://api.aiven.io/doc/#tag/Service:_Kafka_MirrorMaker/operation/ServiceKafkaMirrorMakerDeleteReplicationFlow + // Required roles or permissions: service:data:write ServiceKafkaMirrorMakerDeleteReplicationFlow(ctx context.Context, project string, serviceName string, sourceCluster string, targetCluster string) error // ServiceKafkaMirrorMakerGetReplicationFlow get a replication flow // GET /v1/project/{project}/service/{service_name}/mirrormaker/replication-flows/{source_cluster}/{target_cluster} // https://api.aiven.io/doc/#tag/Service:_Kafka_MirrorMaker/operation/ServiceKafkaMirrorMakerGetReplicationFlow + // Required roles or permissions: service:data:write ServiceKafkaMirrorMakerGetReplicationFlow(ctx context.Context, project string, serviceName string, sourceCluster string, targetCluster string) (*ServiceKafkaMirrorMakerGetReplicationFlowOut, error) // ServiceKafkaMirrorMakerGetReplicationFlows get replication flows // GET /v1/project/{project}/service/{service_name}/mirrormaker/replication-flows // https://api.aiven.io/doc/#tag/Service:_Kafka_MirrorMaker/operation/ServiceKafkaMirrorMakerGetReplicationFlows + // Required roles or permissions: service:data:write ServiceKafkaMirrorMakerGetReplicationFlows(ctx context.Context, project string, serviceName string) ([]ReplicationFlowOut, error) // ServiceKafkaMirrorMakerPatchReplicationFlow update a replication flow // PUT /v1/project/{project}/service/{service_name}/mirrormaker/replication-flows/{source_cluster}/{target_cluster} // https://api.aiven.io/doc/#tag/Service:_Kafka_MirrorMaker/operation/ServiceKafkaMirrorMakerPatchReplicationFlow + // Required roles or permissions: service:data:write ServiceKafkaMirrorMakerPatchReplicationFlow(ctx context.Context, project string, serviceName string, sourceCluster string, targetCluster string, in *ServiceKafkaMirrorMakerPatchReplicationFlowIn) (*ServiceKafkaMirrorMakerPatchReplicationFlowOut, error) } diff --git a/handler/kafkaschemaregistry/kafkaschemaregistry.go b/handler/kafkaschemaregistry/kafkaschemaregistry.go index 8af2941..1b7e915 100644 --- a/handler/kafkaschemaregistry/kafkaschemaregistry.go +++ b/handler/kafkaschemaregistry/kafkaschemaregistry.go @@ -13,84 +13,97 @@ type Handler interface { // ServiceSchemaRegistryAclAdd add a Schema Registry ACL entry // POST /v1/project/{project}/service/{service_name}/kafka/schema-registry/acl // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceSchemaRegistryAclAdd + // Required roles or permissions: service:data:write ServiceSchemaRegistryAclAdd(ctx context.Context, project string, serviceName string, in *ServiceSchemaRegistryAclAddIn) ([]AclOut, error) // ServiceSchemaRegistryAclDelete delete a Schema Registry ACL entry // DELETE /v1/project/{project}/service/{service_name}/kafka/schema-registry/acl/{schema_registry_acl_id} // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceSchemaRegistryAclDelete + // Required roles or permissions: service:data:write ServiceSchemaRegistryAclDelete(ctx context.Context, project string, serviceName string, schemaRegistryAclId string) ([]AclOut, error) // ServiceSchemaRegistryAclList list Schema Registry ACL entries // GET /v1/project/{project}/service/{service_name}/kafka/schema-registry/acl // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceSchemaRegistryAclList + // Required roles or permissions: service:data:write ServiceSchemaRegistryAclList(ctx context.Context, project string, serviceName string) ([]AclOut, error) // ServiceSchemaRegistryCompatibility check compatibility of schema in Schema Registry // POST /v1/project/{project}/service/{service_name}/kafka/schema/compatibility/subjects/{subject_name}/versions/{version_id} // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceSchemaRegistryCompatibility + // Required roles or permissions: service:data:write ServiceSchemaRegistryCompatibility(ctx context.Context, project string, serviceName string, subjectName string, versionId int, in *ServiceSchemaRegistryCompatibilityIn) (*ServiceSchemaRegistryCompatibilityOut, error) // ServiceSchemaRegistryGlobalConfigGet get global configuration for Schema Registry // GET /v1/project/{project}/service/{service_name}/kafka/schema/config // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceSchemaRegistryGlobalConfigGet + // Required roles or permissions: service:data:write ServiceSchemaRegistryGlobalConfigGet(ctx context.Context, project string, serviceName string) (CompatibilityType, error) // ServiceSchemaRegistryGlobalConfigPut edit global configuration for Schema Registry // PUT /v1/project/{project}/service/{service_name}/kafka/schema/config // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceSchemaRegistryGlobalConfigPut + // Required roles or permissions: service:data:write ServiceSchemaRegistryGlobalConfigPut(ctx context.Context, project string, serviceName string, in *ServiceSchemaRegistryGlobalConfigPutIn) (CompatibilityType, error) // ServiceSchemaRegistrySchemaGet get schema in Schema Registry // GET /v1/project/{project}/service/{service_name}/kafka/schema/schemas/ids/{schema_id} // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceSchemaRegistrySchemaGet - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceSchemaRegistrySchemaGet(ctx context.Context, project string, serviceName string, schemaId string) error // ServiceSchemaRegistrySubjectConfigGet get configuration for Schema Registry subject // GET /v1/project/{project}/service/{service_name}/kafka/schema/config/{subject_name} // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceSchemaRegistrySubjectConfigGet - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceSchemaRegistrySubjectConfigGet(ctx context.Context, project string, serviceName string, subjectName string, query ...[2]string) (CompatibilityType, error) // ServiceSchemaRegistrySubjectConfigPut edit configuration for Schema Registry subject // PUT /v1/project/{project}/service/{service_name}/kafka/schema/config/{subject_name} // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceSchemaRegistrySubjectConfigPut - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceSchemaRegistrySubjectConfigPut(ctx context.Context, project string, serviceName string, subjectName string, in *ServiceSchemaRegistrySubjectConfigPutIn) (CompatibilityType, error) // ServiceSchemaRegistrySubjectDelete delete Schema Registry subject // DELETE /v1/project/{project}/service/{service_name}/kafka/schema/subjects/{subject_name} // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceSchemaRegistrySubjectDelete + // Required roles or permissions: service:data:write ServiceSchemaRegistrySubjectDelete(ctx context.Context, project string, serviceName string, subjectName string) error // ServiceSchemaRegistrySubjectVersionDelete delete Schema Registry subject version // DELETE /v1/project/{project}/service/{service_name}/kafka/schema/subjects/{subject_name}/versions/{version_id} // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceSchemaRegistrySubjectVersionDelete + // Required roles or permissions: service:data:write ServiceSchemaRegistrySubjectVersionDelete(ctx context.Context, project string, serviceName string, subjectName string, versionId int) error // ServiceSchemaRegistrySubjectVersionGet get Schema Registry Subject version // GET /v1/project/{project}/service/{service_name}/kafka/schema/subjects/{subject_name}/versions/{version_id} // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceSchemaRegistrySubjectVersionGet + // Required roles or permissions: service:data:write ServiceSchemaRegistrySubjectVersionGet(ctx context.Context, project string, serviceName string, subjectName string, versionId int) (*ServiceSchemaRegistrySubjectVersionGetOut, error) // ServiceSchemaRegistrySubjectVersionPost register a new Schema in Schema Registry // POST /v1/project/{project}/service/{service_name}/kafka/schema/subjects/{subject_name}/versions // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceSchemaRegistrySubjectVersionPost + // Required roles or permissions: service:data:write ServiceSchemaRegistrySubjectVersionPost(ctx context.Context, project string, serviceName string, subjectName string, in *ServiceSchemaRegistrySubjectVersionPostIn) (int, error) // Deprecated: ServiceSchemaRegistrySubjectVersionSchemaGet dEPRECATED: Get raw schema of a specific version in Schema Registry // GET /v1/project/{project}/service/{service_name}/kafka/schema/subjects/{subject_name}/versions/{version_id}/schema // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceSchemaRegistrySubjectVersionSchemaGet + // Required roles or permissions: service:data:write ServiceSchemaRegistrySubjectVersionSchemaGet(ctx context.Context, project string, serviceName string, subjectName string, versionId int) error // ServiceSchemaRegistrySubjectVersionsGet get Schema Registry subject versions // GET /v1/project/{project}/service/{service_name}/kafka/schema/subjects/{subject_name}/versions // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceSchemaRegistrySubjectVersionsGet + // Required roles or permissions: service:data:write ServiceSchemaRegistrySubjectVersionsGet(ctx context.Context, project string, serviceName string, subjectName string) ([]int, error) // ServiceSchemaRegistrySubjects lists Schema Registry subjects // GET /v1/project/{project}/service/{service_name}/kafka/schema/subjects // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceSchemaRegistrySubjects + // Required roles or permissions: service:data:write ServiceSchemaRegistrySubjects(ctx context.Context, project string, serviceName string) ([]string, error) } diff --git a/handler/kafkatopic/kafkatopic.go b/handler/kafkatopic/kafkatopic.go index 99d2571..3b1becf 100644 --- a/handler/kafkatopic/kafkatopic.go +++ b/handler/kafkatopic/kafkatopic.go @@ -13,48 +13,47 @@ type Handler interface { // ServiceKafkaTopicCreate create a Kafka topic // POST /v1/project/{project}/service/{service_name}/topic // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaTopicCreate - // Required roles or permissions: admin, role:organization:admin + // Required roles or permissions: developer, operator ServiceKafkaTopicCreate(ctx context.Context, project string, serviceName string, in *ServiceKafkaTopicCreateIn) error // ServiceKafkaTopicDelete delete a Kafka topic // DELETE /v1/project/{project}/service/{service_name}/topic/{topic_name} // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaTopicDelete - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceKafkaTopicDelete(ctx context.Context, project string, serviceName string, topicName string) error // ServiceKafkaTopicGet get Kafka topic info // GET /v1/project/{project}/service/{service_name}/topic/{topic_name} // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaTopicGet - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceKafkaTopicGet(ctx context.Context, project string, serviceName string, topicName string) (*ServiceKafkaTopicGetOut, error) // ServiceKafkaTopicList get Kafka topic list // GET /v1/project/{project}/service/{service_name}/topic // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaTopicList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceKafkaTopicList(ctx context.Context, project string, serviceName string) ([]TopicOut, error) // ServiceKafkaTopicListV2 list Kafka topics V2 // POST /v2/project/{project}/service/{service_name}/topic - // Required roles or permissions: admin, read_only, role:organization:admin, service:data:write ServiceKafkaTopicListV2(ctx context.Context, project string, serviceName string, in *ServiceKafkaTopicListV2In) ([]ServiceKafkaTopicGetOut, error) // ServiceKafkaTopicMessageList list kafka topic messages // POST /v1/project/{project}/service/{service_name}/kafka/rest/topics/{topic_name}/messages // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaTopicMessageList - // Required roles or permissions: admin, read_only, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceKafkaTopicMessageList(ctx context.Context, project string, serviceName string, topicName string, in *ServiceKafkaTopicMessageListIn) ([]MessageOut, error) // ServiceKafkaTopicMessageProduce produce message into a kafka topic // POST /v1/project/{project}/service/{service_name}/kafka/rest/topics/{topic_name}/produce // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaTopicMessageProduce - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceKafkaTopicMessageProduce(ctx context.Context, project string, serviceName string, topicName string, in *ServiceKafkaTopicMessageProduceIn) (*ServiceKafkaTopicMessageProduceOut, error) // ServiceKafkaTopicUpdate update a Kafka topic // PUT /v1/project/{project}/service/{service_name}/topic/{topic_name} // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaTopicUpdate - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceKafkaTopicUpdate(ctx context.Context, project string, serviceName string, topicName string, in *ServiceKafkaTopicUpdateIn) error } diff --git a/handler/mysql/mysql.go b/handler/mysql/mysql.go index fa48cde..543932f 100644 --- a/handler/mysql/mysql.go +++ b/handler/mysql/mysql.go @@ -13,6 +13,7 @@ type Handler interface { // MySQLServiceQueryStatistics fetch MySQL service query statistics // POST /v1/project/{project}/service/{service_name}/mysql/query/stats // https://api.aiven.io/doc/#tag/Service:_MySQL/operation/MySQLServiceQueryStatistics + // Required roles or permissions: service:data:write MySQLServiceQueryStatistics(ctx context.Context, project string, serviceName string, in *MySqlserviceQueryStatisticsIn) ([]QueryOut, error) } diff --git a/handler/opensearch/opensearch.go b/handler/opensearch/opensearch.go index e55a709..1c5393b 100644 --- a/handler/opensearch/opensearch.go +++ b/handler/opensearch/opensearch.go @@ -14,48 +14,49 @@ type Handler interface { // ServiceOpenSearchAclGet show OpenSearch ACL configuration // GET /v1/project/{project}/service/{service_name}/opensearch/acl // https://api.aiven.io/doc/#tag/Service:_OpenSearch/operation/ServiceOpenSearchAclGet - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceOpenSearchAclGet(ctx context.Context, project string, serviceName string) (*ServiceOpenSearchAclGetOut, error) // ServiceOpenSearchAclSet set OpenSearch ACL configuration // POST /v1/project/{project}/service/{service_name}/opensearch/acl // https://api.aiven.io/doc/#tag/Service:_OpenSearch/operation/ServiceOpenSearchAclSet - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceOpenSearchAclSet(ctx context.Context, project string, serviceName string, in *ServiceOpenSearchAclSetIn) (*ServiceOpenSearchAclSetOut, error) // ServiceOpenSearchAclUpdate update OpenSearch ACL configuration // PUT /v1/project/{project}/service/{service_name}/opensearch/acl // https://api.aiven.io/doc/#tag/Service:_OpenSearch/operation/ServiceOpenSearchAclUpdate - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceOpenSearchAclUpdate(ctx context.Context, project string, serviceName string, in *ServiceOpenSearchAclUpdateIn) (*ServiceOpenSearchAclUpdateOut, error) // ServiceOpenSearchIndexDelete delete an OpenSearch index // DELETE /v1/project/{project}/service/{service_name}/index/{index_pattern} // https://api.aiven.io/doc/#tag/Service:_OpenSearch/operation/ServiceOpenSearchIndexDelete - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceOpenSearchIndexDelete(ctx context.Context, project string, serviceName string, indexPattern string) error // ServiceOpenSearchIndexList list OpenSearch indexes // GET /v1/project/{project}/service/{service_name}/index // https://api.aiven.io/doc/#tag/Service:_OpenSearch/operation/ServiceOpenSearchIndexList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceOpenSearchIndexList(ctx context.Context, project string, serviceName string) ([]IndexeOut, error) // ServiceOpenSearchSecurityGet show OpenSearch security configuration status // GET /v1/project/{project}/service/{service_name}/opensearch/security // https://api.aiven.io/doc/#tag/Service:_OpenSearch/operation/ServiceOpenSearchSecurityGet - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceOpenSearchSecurityGet(ctx context.Context, project string, serviceName string) (*ServiceOpenSearchSecurityGetOut, error) // ServiceOpenSearchSecurityReset change Opensearch Security Admin password // PUT /v1/project/{project}/service/{service_name}/opensearch/security/admin // https://api.aiven.io/doc/#tag/Service:_OpenSearch/operation/ServiceOpenSearchSecurityReset + // Required roles or permissions: service:data:write ServiceOpenSearchSecurityReset(ctx context.Context, project string, serviceName string, in *ServiceOpenSearchSecurityResetIn) (*ServiceOpenSearchSecurityResetOut, error) // ServiceOpenSearchSecuritySet enable Opensearch Security Admin by setting the password // POST /v1/project/{project}/service/{service_name}/opensearch/security/admin // https://api.aiven.io/doc/#tag/Service:_OpenSearch/operation/ServiceOpenSearchSecuritySet - // Required roles or permissions: admin, read_only, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceOpenSearchSecuritySet(ctx context.Context, project string, serviceName string, in *ServiceOpenSearchSecuritySetIn) (*ServiceOpenSearchSecuritySetOut, error) } diff --git a/handler/organization/organization.go b/handler/organization/organization.go index bd5234b..f606528 100644 --- a/handler/organization/organization.go +++ b/handler/organization/organization.go @@ -14,30 +14,31 @@ type Handler interface { // OrganizationAddressCreate [EXPERIMENTAL] Create new address for an organization // POST /v1/organizations/{organization_id}/addresses // https://api.aiven.io/doc/#tag/Billing/operation/OrganizationAddressCreate - // Required roles or permissions: organization:billing:write, role:organization:admin + // Required roles or permissions: organization:billing:write OrganizationAddressCreate(ctx context.Context, organizationId string, in *OrganizationAddressCreateIn) (*OrganizationAddressCreateOut, error) // OrganizationAddressDelete [EXPERIMENTAL] Delete an address of an organization // DELETE /v1/organizations/{organization_id}/addresses/{address_id} // https://api.aiven.io/doc/#tag/Billing/operation/OrganizationAddressDelete - // Required roles or permissions: organization:billing:write, role:organization:admin + // Required roles or permissions: organization:billing:write OrganizationAddressDelete(ctx context.Context, organizationId string, addressId string) error // OrganizationAddressGet [EXPERIMENTAL] Get organization address info // GET /v1/organizations/{organization_id}/addresses/{address_id} // https://api.aiven.io/doc/#tag/Billing/operation/OrganizationAddressGet + // Required roles or permissions: organization:billing:read, organization:billing:write OrganizationAddressGet(ctx context.Context, organizationId string, addressId string) (*OrganizationAddressGetOut, error) // OrganizationAddressList [EXPERIMENTAL] List addresses of an organization // GET /v1/organizations/{organization_id}/addresses // https://api.aiven.io/doc/#tag/Billing/operation/OrganizationAddressList - // Required roles or permissions: organization:billing:read, role:organization:admin + // Required roles or permissions: organization:billing:read, organization:billing:write OrganizationAddressList(ctx context.Context, organizationId string) ([]AddresseOut, error) // OrganizationAddressUpdate [EXPERIMENTAL] Update an address of an organization // PATCH /v1/organizations/{organization_id}/addresses/{address_id} // https://api.aiven.io/doc/#tag/Billing/operation/OrganizationAddressUpdate - // Required roles or permissions: organization:billing:write, role:organization:admin + // Required roles or permissions: organization:billing:write OrganizationAddressUpdate(ctx context.Context, organizationId string, addressId string, in *OrganizationAddressUpdateIn) (*OrganizationAddressUpdateOut, error) // OrganizationAuthDomainLink link a domain to an organization's identity provider @@ -83,19 +84,16 @@ type Handler interface { // PermissionsGet list of permissions // GET /v1/organization/{organization_id}/permissions/{resource_type}/{resource_id} // https://api.aiven.io/doc/#tag/Permissions/operation/PermissionsGet - // Required roles or permissions: role:organization:admin PermissionsGet(ctx context.Context, organizationId string, resourceType ResourceType, resourceId string) ([]PermissionOut, error) // PermissionsSet set permissions // PUT /v1/organization/{organization_id}/permissions/{resource_type}/{resource_id} // https://api.aiven.io/doc/#tag/Permissions/operation/PermissionsSet - // Required roles or permissions: role:organization:admin PermissionsSet(ctx context.Context, organizationId string, resourceType ResourceType, resourceId string, in *PermissionsSetIn) error // PermissionsUpdate update permissions // PATCH /v1/organization/{organization_id}/permissions/{resource_type}/{resource_id} // https://api.aiven.io/doc/#tag/Permissions/operation/PermissionsUpdate - // Required roles or permissions: role:organization:admin PermissionsUpdate(ctx context.Context, organizationId string, resourceType ResourceType, resourceId string, in *PermissionsUpdateIn) error // UserOrganizationCreate create an organization diff --git a/handler/organizationbilling/organizationbilling.go b/handler/organizationbilling/organizationbilling.go index 39b03d5..cc7b345 100644 --- a/handler/organizationbilling/organizationbilling.go +++ b/handler/organizationbilling/organizationbilling.go @@ -13,31 +13,31 @@ type Handler interface { // OrganizationBillingGroupCreate [EXPERIMENTAL] Create an organization billing group // POST /v1/organization/{organization_id}/billing-groups // https://api.aiven.io/doc/#tag/OrganizationBillingGroup/operation/OrganizationBillingGroupCreate - // Required roles or permissions: organization:billing:write, role:organization:admin + // Required roles or permissions: organization:billing:write OrganizationBillingGroupCreate(ctx context.Context, organizationId string, in *OrganizationBillingGroupCreateIn) (*OrganizationBillingGroupCreateOut, error) // OrganizationBillingGroupDelete [EXPERIMENTAL] Delete an organization billing group // DELETE /v1/organization/{organization_id}/billing-groups/{billing_group_id} // https://api.aiven.io/doc/#tag/OrganizationBillingGroup/operation/OrganizationBillingGroupDelete - // Required roles or permissions: organization:billing:write, role:organization:admin + // Required roles or permissions: organization:billing:write OrganizationBillingGroupDelete(ctx context.Context, organizationId string, billingGroupId string) error // OrganizationBillingGroupGet [EXPERIMENTAL] Get organization billing group details // GET /v1/organization/{organization_id}/billing-groups/{billing_group_id} // https://api.aiven.io/doc/#tag/OrganizationBillingGroup/operation/OrganizationBillingGroupGet - // Required roles or permissions: organization:billing:read, role:organization:admin + // Required roles or permissions: organization:billing:read, organization:billing:write OrganizationBillingGroupGet(ctx context.Context, organizationId string, billingGroupId string) (*OrganizationBillingGroupGetOut, error) // OrganizationBillingGroupList [EXPERIMENTAL] List billing groups in an organization // GET /v1/organization/{organization_id}/billing-groups // https://api.aiven.io/doc/#tag/OrganizationBillingGroup/operation/OrganizationBillingGroupList - // Required roles or permissions: organization:billing:read, role:organization:admin + // Required roles or permissions: organization:billing:read, organization:billing:write, organization:projects:write OrganizationBillingGroupList(ctx context.Context, organizationId string) ([]BillingGroupOut, error) // OrganizationBillingGroupUpdate [EXPERIMENTAL] Update organization billing group details // PUT /v1/organization/{organization_id}/billing-groups/{billing_group_id} // https://api.aiven.io/doc/#tag/OrganizationBillingGroup/operation/OrganizationBillingGroupUpdate - // Required roles or permissions: organization:billing:write, role:organization:admin + // Required roles or permissions: organization:billing:write OrganizationBillingGroupUpdate(ctx context.Context, organizationId string, billingGroupId string, in *OrganizationBillingGroupUpdateIn) (*OrganizationBillingGroupUpdateOut, error) } diff --git a/handler/organizationprojects/organizationprojects.go b/handler/organizationprojects/organizationprojects.go index 013f35b..4d39b57 100644 --- a/handler/organizationprojects/organizationprojects.go +++ b/handler/organizationprojects/organizationprojects.go @@ -13,28 +13,29 @@ type Handler interface { // OrganizationProjectsCreate create project under the organization // POST /v1/organization/{organization_id}/projects // https://api.aiven.io/doc/#tag/Organizations/operation/OrganizationProjectsCreate - // Required roles or permissions: organization:projects:write, role:organization:admin OrganizationProjectsCreate(ctx context.Context, organizationId string, in *OrganizationProjectsCreateIn) (*OrganizationProjectsCreateOut, error) // OrganizationProjectsDelete delete project under the organization // DELETE /v1/organization/{organization_id}/projects/{project_id} // https://api.aiven.io/doc/#tag/Organizations/operation/OrganizationProjectsDelete + // Required roles or permissions: organization:projects:write OrganizationProjectsDelete(ctx context.Context, organizationId string, projectId string) error // OrganizationProjectsGet retrieve project under the organization // GET /v1/organization/{organization_id}/projects/{project_id} // https://api.aiven.io/doc/#tag/Organizations/operation/OrganizationProjectsGet + // Required roles or permissions: project:services:read OrganizationProjectsGet(ctx context.Context, organizationId string, projectId string) (*OrganizationProjectsGetOut, error) // OrganizationProjectsList list projects under the organization // GET /v1/organization/{organization_id}/projects // https://api.aiven.io/doc/#tag/Organizations/operation/OrganizationProjectsList - // Required roles or permissions: role:organization:admin OrganizationProjectsList(ctx context.Context, organizationId string) (*OrganizationProjectsListOut, error) // OrganizationProjectsUpdate update project under the organization // PATCH /v1/organization/{organization_id}/projects/{project_id} // https://api.aiven.io/doc/#tag/Organizations/operation/OrganizationProjectsUpdate + // Required roles or permissions: organization:projects:write OrganizationProjectsUpdate(ctx context.Context, organizationId string, projectId string, in *OrganizationProjectsUpdateIn) (*OrganizationProjectsUpdateOut, error) } diff --git a/handler/organizationuser/organizationuser.go b/handler/organizationuser/organizationuser.go index e3a9f91..31d5dd6 100644 --- a/handler/organizationuser/organizationuser.go +++ b/handler/organizationuser/organizationuser.go @@ -14,12 +14,13 @@ type Handler interface { // OrganizationUserAuthenticationMethodsList list authentication methods for a user in the organization // GET /v1/organization/{organization_id}/user/{member_user_id}/authentication_methods // https://api.aiven.io/doc/#tag/Users/operation/OrganizationUserAuthenticationMethodsList - // Required roles or permissions: role:organization:admin + // Required roles or permissions: organization:users:write OrganizationUserAuthenticationMethodsList(ctx context.Context, organizationId string, memberUserId string) ([]AuthenticationMethodOut, error) // OrganizationUserDelete remove a user from the organization // DELETE /v1/organization/{organization_id}/user/{member_user_id} // https://api.aiven.io/doc/#tag/Users/operation/OrganizationUserDelete + // Required roles or permissions: organization:users:write OrganizationUserDelete(ctx context.Context, organizationId string, memberUserId string) error // OrganizationUserGet get details on a user of the organization @@ -35,17 +36,19 @@ type Handler interface { // OrganizationUserInvitationDelete remove an invitation to the organization // DELETE /v1/organization/{organization_id}/invitation/{user_email} // https://api.aiven.io/doc/#tag/Organizations/operation/OrganizationUserInvitationDelete + // Required roles or permissions: organization:users:write OrganizationUserInvitationDelete(ctx context.Context, organizationId string, userEmail string) error // OrganizationUserInvitationsList list user invitations to the organization // GET /v1/organization/{organization_id}/invitation // https://api.aiven.io/doc/#tag/Organizations/operation/OrganizationUserInvitationsList - // Required roles or permissions: role:organization:admin + // Required roles or permissions: organization:users:write OrganizationUserInvitationsList(ctx context.Context, organizationId string) ([]InvitationOut, error) // OrganizationUserInvite invite a user to the organization // POST /v1/organization/{organization_id}/invitation // https://api.aiven.io/doc/#tag/Organizations/operation/OrganizationUserInvite + // Required roles or permissions: organization:users:write OrganizationUserInvite(ctx context.Context, organizationId string, in *OrganizationUserInviteIn) error // OrganizationUserList list users of the organization @@ -56,24 +59,25 @@ type Handler interface { // OrganizationUserPasswordReset reset the password of a managed user in the organization // POST /v1/organization/{organization_id}/user/{member_user_id}/reset_password // https://api.aiven.io/doc/#tag/Users/operation/OrganizationUserPasswordReset + // Required roles or permissions: organization:users:write OrganizationUserPasswordReset(ctx context.Context, organizationId string, memberUserId string) error // OrganizationUserRevokeToken revoke the token of a managed user in the organization // DELETE /v1/organization/{organization_id}/user/{member_user_id}/access-token/{token_prefix} // https://api.aiven.io/doc/#tag/Users/operation/OrganizationUserRevokeToken - // Required roles or permissions: organization:users:write, role:organization:admin + // Required roles or permissions: organization:users:write OrganizationUserRevokeToken(ctx context.Context, organizationId string, memberUserId string, tokenPrefix string) error // OrganizationUserTokensList list tokens from an organization's member // GET /v1/organization/{organization_id}/user/{member_user_id}/access-tokens // https://api.aiven.io/doc/#tag/Users/operation/OrganizationUserTokensList - // Required roles or permissions: role:organization:admin + // Required roles or permissions: organization:users:write OrganizationUserTokensList(ctx context.Context, organizationId string, memberUserId string) ([]TokenOut, error) // OrganizationUserUpdate update details on a user of the organization // PATCH /v1/organization/{organization_id}/user/{member_user_id} // https://api.aiven.io/doc/#tag/Users/operation/OrganizationUserUpdate - // Required roles or permissions: role:organization:admin + // Required roles or permissions: organization:users:write OrganizationUserUpdate(ctx context.Context, organizationId string, memberUserId string, in *OrganizationUserUpdateIn) (*OrganizationUserUpdateOut, error) } diff --git a/handler/organizationvpc/organizationvpc.go b/handler/organizationvpc/organizationvpc.go index f3be773..4a1d03a 100644 --- a/handler/organizationvpc/organizationvpc.go +++ b/handler/organizationvpc/organizationvpc.go @@ -14,36 +14,37 @@ type Handler interface { // OrganizationVpcCreate [EXPERIMENTAL] Create organization VPC // POST /v1/organization/{organization_id}/vpcs // https://api.aiven.io/doc/#tag/Organization_Vpc/operation/OrganizationVpcCreate - // Required roles or permissions: organization:networking:write, role:organization:admin + // Required roles or permissions: organization:networking:write OrganizationVpcCreate(ctx context.Context, organizationId string, in *OrganizationVpcCreateIn) (*OrganizationVpcCreateOut, error) // OrganizationVpcDelete [EXPERIMENTAL] Delete organization VPC // DELETE /v1/organization/{organization_id}/vpcs/{organization_vpc_id} // https://api.aiven.io/doc/#tag/Organization_Vpc/operation/OrganizationVpcDelete - // Required roles or permissions: organization:networking:write, role:organization:admin + // Required roles or permissions: organization:networking:write OrganizationVpcDelete(ctx context.Context, organizationId string, organizationVpcId string) (*OrganizationVpcDeleteOut, error) // OrganizationVpcGet [EXPERIMENTAL] Get organization VPC // GET /v1/organization/{organization_id}/vpcs/{organization_vpc_id} // https://api.aiven.io/doc/#tag/Organization_Vpc/operation/OrganizationVpcGet - // Required roles or permissions: organization:networking:read, role:organization:admin + // Required roles or permissions: organization:networking:read OrganizationVpcGet(ctx context.Context, organizationId string, organizationVpcId string) (*OrganizationVpcGetOut, error) // OrganizationVpcList [EXPERIMENTAL] List organization VPCs // GET /v1/organization/{organization_id}/vpcs // https://api.aiven.io/doc/#tag/Organization_Vpc/operation/OrganizationVpcList - // Required roles or permissions: organization:networking:read, role:organization:admin + // Required roles or permissions: organization:networking:read OrganizationVpcList(ctx context.Context, organizationId string) ([]VpcOut, error) // OrganizationVpcPeeringConnectionCreate [EXPERIMENTAL] Create organization VPC peering // POST /v1/organization/{organization_id}/vpcs/{organization_vpc_id}/peering-connections // https://api.aiven.io/doc/#tag/Organization_Vpc/operation/OrganizationVpcPeeringConnectionCreate - // Required roles or permissions: organization:networking:write, role:organization:admin + // Required roles or permissions: organization:networking:write OrganizationVpcPeeringConnectionCreate(ctx context.Context, organizationId string, organizationVpcId string, in *OrganizationVpcPeeringConnectionCreateIn) (*OrganizationVpcPeeringConnectionCreateOut, error) // OrganizationVpcPeeringConnectionDeleteById [EXPERIMENTAL] Delete organization VPC peering // DELETE /v1/organization/{organization_id}/vpcs/{organization_vpc_id}/peering-connections/{peering_connection_id} // https://api.aiven.io/doc/#tag/Organization_Vpc/operation/OrganizationVpcPeeringConnectionDeleteById + // Required roles or permissions: organization:networking:write OrganizationVpcPeeringConnectionDeleteById(ctx context.Context, organizationId string, organizationVpcId string, peeringConnectionId string) (*OrganizationVpcPeeringConnectionDeleteByIdOut, error) } diff --git a/handler/postgresql/postgresql.go b/handler/postgresql/postgresql.go index 21e0622..ffdc178 100644 --- a/handler/postgresql/postgresql.go +++ b/handler/postgresql/postgresql.go @@ -13,11 +13,13 @@ type Handler interface { // PGServiceAvailableExtensions list PostgreSQL extensions that can be loaded with CREATE EXTENSION in this service // GET /v1/project/{project}/service/{service_name}/pg/available-extensions // https://api.aiven.io/doc/#tag/Service:_PostgreSQL/operation/PGServiceAvailableExtensions + // Required roles or permissions: service:data:write PGServiceAvailableExtensions(ctx context.Context, project string, serviceName string) ([]ExtensionOut, error) // PGServiceQueryStatistics fetch PostgreSQL service query statistics // POST /v1/project/{project}/service/{service_name}/pg/query/stats // https://api.aiven.io/doc/#tag/Service:_PostgreSQL/operation/PGServiceQueryStatistics + // Required roles or permissions: service:data:write PGServiceQueryStatistics(ctx context.Context, project string, serviceName string, in *PgserviceQueryStatisticsIn) ([]QueryOut, error) // PgAvailableExtensions list PostgreSQL extensions available for this tenant grouped by PG version @@ -28,19 +30,19 @@ type Handler interface { // ServicePGBouncerCreate create a new connection pool for service // POST /v1/project/{project}/service/{service_name}/connection_pool // https://api.aiven.io/doc/#tag/Service:_PostgreSQL/operation/ServicePGBouncerCreate - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServicePGBouncerCreate(ctx context.Context, project string, serviceName string, in *ServicePgbouncerCreateIn) error // ServicePGBouncerDelete delete a connection pool // DELETE /v1/project/{project}/service/{service_name}/connection_pool/{pool_name} // https://api.aiven.io/doc/#tag/Service:_PostgreSQL/operation/ServicePGBouncerDelete - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServicePGBouncerDelete(ctx context.Context, project string, serviceName string, poolName string) error // ServicePGBouncerUpdate update a connection pool // PUT /v1/project/{project}/service/{service_name}/connection_pool/{pool_name} // https://api.aiven.io/doc/#tag/Service:_PostgreSQL/operation/ServicePGBouncerUpdate - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServicePGBouncerUpdate(ctx context.Context, project string, serviceName string, poolName string, in *ServicePgbouncerUpdateIn) error } diff --git a/handler/privatelink/privatelink.go b/handler/privatelink/privatelink.go index 7397859..0fb5f8e 100644 --- a/handler/privatelink/privatelink.go +++ b/handler/privatelink/privatelink.go @@ -18,73 +18,73 @@ type Handler interface { // ServicePrivatelinkAWSConnectionList list VPC Endpoint connections for an AWS Privatelink Endpoint Service // GET /v1/project/{project}/service/{service_name}/privatelink/aws/connections // https://api.aiven.io/doc/#tag/Service/operation/ServicePrivatelinkAWSConnectionList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:configuration:write ServicePrivatelinkAWSConnectionList(ctx context.Context, project string, serviceName string) ([]ConnectionOut, error) // ServicePrivatelinkAWSCreate create an AWS Privatelink Endpoint Service // POST /v1/project/{project}/service/{service_name}/privatelink/aws // https://api.aiven.io/doc/#tag/Service/operation/ServicePrivatelinkAWSCreate - // Required roles or permissions: admin, project:services:write, role:organization:admin, service:configuration:write + // Required roles or permissions: service:configuration:write ServicePrivatelinkAWSCreate(ctx context.Context, project string, serviceName string, in *ServicePrivatelinkAwscreateIn) (*ServicePrivatelinkAwscreateOut, error) // ServicePrivatelinkAWSDelete delete an AWS Privatelink Endpoint Service // DELETE /v1/project/{project}/service/{service_name}/privatelink/aws // https://api.aiven.io/doc/#tag/Service/operation/ServicePrivatelinkAWSDelete - // Required roles or permissions: admin, project:services:write, role:organization:admin, service:configuration:write + // Required roles or permissions: service:configuration:write ServicePrivatelinkAWSDelete(ctx context.Context, project string, serviceName string) (*ServicePrivatelinkAwsdeleteOut, error) // ServicePrivatelinkAWSGet get AWS Privatelink Endpoint Service information // GET /v1/project/{project}/service/{service_name}/privatelink/aws // https://api.aiven.io/doc/#tag/Service/operation/ServicePrivatelinkAWSGet - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:configuration:write ServicePrivatelinkAWSGet(ctx context.Context, project string, serviceName string) (*ServicePrivatelinkAwsgetOut, error) // ServicePrivatelinkAWSUpdate update an AWS Privatelink Endpoint Service // PUT /v1/project/{project}/service/{service_name}/privatelink/aws // https://api.aiven.io/doc/#tag/Service/operation/ServicePrivatelinkAWSUpdate - // Required roles or permissions: admin, project:services:write, role:organization:admin, service:configuration:write + // Required roles or permissions: service:configuration:write ServicePrivatelinkAWSUpdate(ctx context.Context, project string, serviceName string, in *ServicePrivatelinkAwsupdateIn) (*ServicePrivatelinkAwsupdateOut, error) // ServicePrivatelinkAzureConnectionApproval approve an Azure private endpoint connection pending user approval // POST /v1/project/{project}/service/{service_name}/privatelink/azure/connections/{privatelink_connection_id}/approve // https://api.aiven.io/doc/#tag/Service/operation/ServicePrivatelinkAzureConnectionApproval - // Required roles or permissions: admin, project:services:write, role:organization:admin, service:configuration:write + // Required roles or permissions: service:configuration:write ServicePrivatelinkAzureConnectionApproval(ctx context.Context, project string, serviceName string, privatelinkConnectionId string) (*ServicePrivatelinkAzureConnectionApprovalOut, error) // ServicePrivatelinkAzureConnectionList list private endpoint connections for an Azure Privatelink Service // GET /v1/project/{project}/service/{service_name}/privatelink/azure/connections // https://api.aiven.io/doc/#tag/Service/operation/ServicePrivatelinkAzureConnectionList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:configuration:write ServicePrivatelinkAzureConnectionList(ctx context.Context, project string, serviceName string) ([]ServicePrivatelinkAzureConnectionListOut, error) // ServicePrivatelinkAzureConnectionUpdate update a private endpoint connection for an Azure Privatelink Service // PUT /v1/project/{project}/service/{service_name}/privatelink/azure/connections/{privatelink_connection_id} // https://api.aiven.io/doc/#tag/Service/operation/ServicePrivatelinkAzureConnectionUpdate - // Required roles or permissions: admin, project:services:write, role:organization:admin, service:configuration:write + // Required roles or permissions: service:configuration:write ServicePrivatelinkAzureConnectionUpdate(ctx context.Context, project string, serviceName string, privatelinkConnectionId string, in *ServicePrivatelinkAzureConnectionUpdateIn) (*ServicePrivatelinkAzureConnectionUpdateOut, error) // ServicePrivatelinkAzureCreate create an Azure Privatelink Service // POST /v1/project/{project}/service/{service_name}/privatelink/azure // https://api.aiven.io/doc/#tag/Service/operation/ServicePrivatelinkAzureCreate - // Required roles or permissions: admin, project:services:write, role:organization:admin, service:configuration:write + // Required roles or permissions: service:configuration:write ServicePrivatelinkAzureCreate(ctx context.Context, project string, serviceName string, in *ServicePrivatelinkAzureCreateIn) (*ServicePrivatelinkAzureCreateOut, error) // ServicePrivatelinkAzureDelete delete an Azure Privatelink Service // DELETE /v1/project/{project}/service/{service_name}/privatelink/azure // https://api.aiven.io/doc/#tag/Service/operation/ServicePrivatelinkAzureDelete - // Required roles or permissions: admin, project:services:write, role:organization:admin, service:configuration:write + // Required roles or permissions: service:configuration:write ServicePrivatelinkAzureDelete(ctx context.Context, project string, serviceName string) (*ServicePrivatelinkAzureDeleteOut, error) // ServicePrivatelinkAzureGet get Azure Privatelink Service information // GET /v1/project/{project}/service/{service_name}/privatelink/azure // https://api.aiven.io/doc/#tag/Service/operation/ServicePrivatelinkAzureGet - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:configuration:write ServicePrivatelinkAzureGet(ctx context.Context, project string, serviceName string) (*ServicePrivatelinkAzureGetOut, error) // ServicePrivatelinkAzureUpdate update an Azure Privatelink Service // PUT /v1/project/{project}/service/{service_name}/privatelink/azure // https://api.aiven.io/doc/#tag/Service/operation/ServicePrivatelinkAzureUpdate - // Required roles or permissions: admin, project:services:write, role:organization:admin, service:configuration:write + // Required roles or permissions: service:configuration:write ServicePrivatelinkAzureUpdate(ctx context.Context, project string, serviceName string, in *ServicePrivatelinkAzureUpdateIn) (*ServicePrivatelinkAzureUpdateOut, error) } diff --git a/handler/project/project.go b/handler/project/project.go index bd473bd..133a3bf 100644 --- a/handler/project/project.go +++ b/handler/project/project.go @@ -14,48 +14,47 @@ type Handler interface { // ListProjectVpcPeeringConnectionTypes list VPC peering connection types for a project // GET /v1/project/{project}/vpc-peering-connection-types // https://api.aiven.io/doc/#tag/Project/operation/ListProjectVpcPeeringConnectionTypes + // Required roles or permissions: project:networking:read ListProjectVpcPeeringConnectionTypes(ctx context.Context, project string) ([]VpcPeeringConnectionTypeOut, error) // ProjectAlertsList list active alerts for a project // GET /v1/project/{project}/alerts // https://api.aiven.io/doc/#tag/Project/operation/ProjectAlertsList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: developer, operator, read_only ProjectAlertsList(ctx context.Context, project string) ([]AlertOut, error) // ProjectCreate create a project // POST /v1/project // https://api.aiven.io/doc/#tag/Project/operation/ProjectCreate - // Required roles or permissions: organization:projects:write, role:organization:admin ProjectCreate(ctx context.Context, in *ProjectCreateIn) (*ProjectCreateOut, error) // ProjectDelete delete project // DELETE /v1/project/{project} // https://api.aiven.io/doc/#tag/Project/operation/ProjectDelete - // Required roles or permissions: admin, organization:projects:write, role:organization:admin + // Required roles or permissions: organization:projects:write ProjectDelete(ctx context.Context, project string) error // ProjectGenerateSbomDownloadUrl generate SBOM for project // GET /v1/project/{project}/generate-sbom-download-url/{file_format} // https://api.aiven.io/doc/#tag/Project/operation/ProjectGenerateSbomDownloadUrl - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: developer, operator, read_only ProjectGenerateSbomDownloadUrl(ctx context.Context, project string, fileFormat string) (string, error) // ProjectGet get project details // GET /v1/project/{project} // https://api.aiven.io/doc/#tag/Project/operation/ProjectGet - // Required roles or permissions: admin, project:services:read, read_only, role:organization:admin, role:services:maintenance, role:services:recover, service:secrets:read + // Required roles or permissions: project:services:read ProjectGet(ctx context.Context, project string) (*ProjectGetOut, error) // ProjectGetEventLogs get project event log entries // GET /v1/project/{project}/events // https://api.aiven.io/doc/#tag/Project/operation/ProjectGetEventLogs - // Required roles or permissions: admin, project:audit_logs:read, read_only, role:organization:admin + // Required roles or permissions: project:audit_logs:read ProjectGetEventLogs(ctx context.Context, project string) ([]EventOut, error) // ProjectInvite send project membership invitation // POST /v1/project/{project}/invite // https://api.aiven.io/doc/#tag/Project/operation/ProjectInvite - // Required roles or permissions: admin, role:organization:admin ProjectInvite(ctx context.Context, project string, in *ProjectInviteIn) error // ProjectInviteAccept confirm project invite @@ -66,94 +65,91 @@ type Handler interface { // ProjectInviteDelete delete an invitation to a project // DELETE /v1/project/{project}/invite/{invited_email} // https://api.aiven.io/doc/#tag/Project/operation/ProjectInviteDelete - // Required roles or permissions: admin, role:organization:admin ProjectInviteDelete(ctx context.Context, project string, invitedEmail string) error // ProjectKmsGetCA retrieve project CA certificate // GET /v1/project/{project}/kms/ca // https://api.aiven.io/doc/#tag/Project_Key_Management/operation/ProjectKmsGetCA - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: organization:projects:write ProjectKmsGetCA(ctx context.Context, project string) (string, error) // ProjectList list projects // GET /v1/project // https://api.aiven.io/doc/#tag/Project/operation/ProjectList - // Required roles or permissions: role:organization:admin ProjectList(ctx context.Context) (*ProjectListOut, error) // ProjectPrivatelinkAvailabilityList list Privatelink cloud availability and prices for a project // GET /v1/project/{project}/privatelink-availability // https://api.aiven.io/doc/#tag/Project/operation/ProjectPrivatelinkAvailabilityList + // Required roles or permissions: project:services:write ProjectPrivatelinkAvailabilityList(ctx context.Context, project string) ([]PrivatelinkAvailabilityOut, error) // ProjectServicePlanList list service plans // GET /v1/project/{project}/service-types/{service_type}/plans // https://api.aiven.io/doc/#tag/Project/operation/ProjectServicePlanList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: developer, operator, read_only ProjectServicePlanList(ctx context.Context, project string, serviceType string) ([]ServicePlanOut, error) // ProjectServicePlanPriceGet get plan pricing // GET /v1/project/{project}/pricing/service-types/{service_type}/plans/{service_plan}/clouds/{cloud} // https://api.aiven.io/doc/#tag/Project/operation/ProjectServicePlanPriceGet - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: developer, operator, read_only ProjectServicePlanPriceGet(ctx context.Context, project string, serviceType string, servicePlan string, cloud string) (*ProjectServicePlanPriceGetOut, error) // ProjectServicePlanSpecsGet get service plan details // GET /v1/project/{project}/service-types/{service_type}/plans/{service_plan} // https://api.aiven.io/doc/#tag/Project/operation/ProjectServicePlanSpecsGet + // Required roles or permissions: developer, operator, read_only ProjectServicePlanSpecsGet(ctx context.Context, project string, serviceType string, servicePlan string) (*ProjectServicePlanSpecsGetOut, error) // ProjectServiceTypesGet get service type details // GET /v1/project/{project}/service-types/{service_type} // https://api.aiven.io/doc/#tag/Project/operation/ProjectServiceTypesGet + // Required roles or permissions: developer, operator, read_only ProjectServiceTypesGet(ctx context.Context, project string, serviceType string) (*ProjectServiceTypesGetOut, error) // ProjectServiceTypesList list service types // GET /v1/project/{project}/service-types // https://api.aiven.io/doc/#tag/Project/operation/ProjectServiceTypesList - // Required roles or permissions: admin, project:services:read, read_only, role:organization:admin, role:services:maintenance, role:services:recover, service:secrets:read + // Required roles or permissions: project:services:read ProjectServiceTypesList(ctx context.Context, project string) (*ProjectServiceTypesListOut, error) // ProjectTagsList list all tags attached to this project // GET /v1/project/{project}/tags // https://api.aiven.io/doc/#tag/Project/operation/ProjectTagsList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: developer, operator, read_only ProjectTagsList(ctx context.Context, project string) (map[string]string, error) // ProjectTagsReplace replace all project tags with a new set of tags, deleting old ones // PUT /v1/project/{project}/tags // https://api.aiven.io/doc/#tag/Project/operation/ProjectTagsReplace - // Required roles or permissions: admin, role:organization:admin ProjectTagsReplace(ctx context.Context, project string, in *ProjectTagsReplaceIn) error // ProjectTagsUpdate update one or more tags, creating ones that don't exist, and deleting ones given NULL value // PATCH /v1/project/{project}/tags // https://api.aiven.io/doc/#tag/Project/operation/ProjectTagsUpdate - // Required roles or permissions: admin, role:organization:admin ProjectTagsUpdate(ctx context.Context, project string, in *ProjectTagsUpdateIn) error // ProjectUpdate update project // PUT /v1/project/{project} // https://api.aiven.io/doc/#tag/Project/operation/ProjectUpdate - // Required roles or permissions: admin, organization:projects:write, role:organization:admin + // Required roles or permissions: organization:projects:write ProjectUpdate(ctx context.Context, project string, in *ProjectUpdateIn) (*ProjectUpdateOut, error) // ProjectUserList list users with access to the project. May contain same user multiple times if they belong to multiple teams associated to the project // GET /v1/project/{project}/users // https://api.aiven.io/doc/#tag/Project/operation/ProjectUserList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: developer, operator, read_only ProjectUserList(ctx context.Context, project string) (*ProjectUserListOut, error) // ProjectUserRemove remove user from the project // DELETE /v1/project/{project}/user/{user_email} // https://api.aiven.io/doc/#tag/Project/operation/ProjectUserRemove - // Required roles or permissions: admin, role:organization:admin ProjectUserRemove(ctx context.Context, project string, userEmail string) error // ProjectUserUpdate update a project user // PUT /v1/project/{project}/user/{user_email} // https://api.aiven.io/doc/#tag/Project/operation/ProjectUserUpdate - // Required roles or permissions: admin, role:organization:admin ProjectUserUpdate(ctx context.Context, project string, userEmail string, in *ProjectUserUpdateIn) error } diff --git a/handler/projectbilling/projectbilling.go b/handler/projectbilling/projectbilling.go index 955d446..ad3923e 100644 --- a/handler/projectbilling/projectbilling.go +++ b/handler/projectbilling/projectbilling.go @@ -19,19 +19,19 @@ type Handler interface { // Deprecated: ProjectCreditsClaim claim a credit code // POST /v1/project/{project}/credits // https://api.aiven.io/doc/#tag/Project_Billing/operation/ProjectCreditsClaim - // Required roles or permissions: admin, role:organization:admin + // Required roles or permissions: developer, operator ProjectCreditsClaim(ctx context.Context, project string, in *ProjectCreditsClaimIn) (*ProjectCreditsClaimOut, error) // Deprecated: ProjectCreditsList list credits available to the project // GET /v1/project/{project}/credits // https://api.aiven.io/doc/#tag/Project_Billing/operation/ProjectCreditsList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: developer, operator, read_only ProjectCreditsList(ctx context.Context, project string) ([]CreditOut, error) // ProjectInvoiceList list project invoices // GET /v1/project/{project}/invoice // https://api.aiven.io/doc/#tag/Project_Billing/operation/ProjectInvoiceList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: developer, operator, read_only ProjectInvoiceList(ctx context.Context, project string) ([]InvoiceOut, error) } diff --git a/handler/service/service.go b/handler/service/service.go index 6f418c1..f54b4b2 100644 --- a/handler/service/service.go +++ b/handler/service/service.go @@ -14,6 +14,7 @@ type Handler interface { // ListProjectServiceTypes list service types for a project // GET /v1/project/{project}/service_types // https://api.aiven.io/doc/#tag/Service/operation/ListProjectServiceTypes + // Required roles or permissions: project:services:read ListProjectServiceTypes(ctx context.Context, project string) (*ListProjectServiceTypesOut, error) // ListPublicServiceTypes list publicly available service types @@ -29,253 +30,259 @@ type Handler interface { // ProjectGetServiceLogs get service log entries // POST /v1/project/{project}/service/{service_name}/logs // https://api.aiven.io/doc/#tag/Service/operation/ProjectGetServiceLogs - // Required roles or permissions: admin, read_only, role:organization:admin, service:logs:read + // Required roles or permissions: service:logs:read ProjectGetServiceLogs(ctx context.Context, project string, serviceName string, in *ProjectGetServiceLogsIn) (*ProjectGetServiceLogsOut, error) // ProjectServiceTagsList list all tags attached to the service // GET /v1/project/{project}/service/{service_name}/tags // https://api.aiven.io/doc/#tag/Service/operation/ProjectServiceTagsList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:configuration:write ProjectServiceTagsList(ctx context.Context, project string, serviceName string) (map[string]string, error) // ProjectServiceTagsReplace replace all project tags with a new set of tags, deleting old ones // PUT /v1/project/{project}/service/{service_name}/tags // https://api.aiven.io/doc/#tag/Service/operation/ProjectServiceTagsReplace - // Required roles or permissions: admin, project:services:write, role:organization:admin, service:configuration:write + // Required roles or permissions: service:configuration:write ProjectServiceTagsReplace(ctx context.Context, project string, serviceName string, in *ProjectServiceTagsReplaceIn) error // ProjectServiceTagsUpdate update one or more tags, creating ones that don't exist, and deleting ones given NULL value // PATCH /v1/project/{project}/service/{service_name}/tags // https://api.aiven.io/doc/#tag/Service/operation/ProjectServiceTagsUpdate - // Required roles or permissions: admin, project:services:write, role:organization:admin, service:configuration:write + // Required roles or permissions: service:configuration:write ProjectServiceTagsUpdate(ctx context.Context, project string, serviceName string, in *ProjectServiceTagsUpdateIn) error // ServiceAlertsList list active alerts for service // GET /v1/project/{project}/service/{service_name}/alerts // https://api.aiven.io/doc/#tag/Service/operation/ServiceAlertsList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: developer, operator, read_only ServiceAlertsList(ctx context.Context, project string, serviceName string) ([]AlertOut, error) // ServiceBackupToAnotherRegionReport get service's backup to another region information // POST /v1/project/{project}/service/{service_name}/backup_to_another_region/report // https://api.aiven.io/doc/#tag/Service/operation/ServiceBackupToAnotherRegionReport - // Required roles or permissions: admin, project:services:write, read_only, role:organization:admin, service:configuration:write + // Required roles or permissions: service:configuration:write ServiceBackupToAnotherRegionReport(ctx context.Context, project string, serviceName string, in *ServiceBackupToAnotherRegionReportIn) (map[string]any, error) // ServiceBackupsGet get service backup information // GET /v1/project/{project}/service/{service_name}/backups // https://api.aiven.io/doc/#tag/Service/operation/ServiceBackupsGet + // Required roles or permissions: service:configuration:write ServiceBackupsGet(ctx context.Context, project string, serviceName string) (*ServiceBackupsGetOut, error) // ServiceCancelQuery cancel specified query from service // POST /v1/project/{project}/service/{service_name}/query/cancel // https://api.aiven.io/doc/#tag/Service/operation/ServiceCancelQuery - // Required roles or permissions: admin, role:organization:admin + // Required roles or permissions: developer, operator ServiceCancelQuery(ctx context.Context, project string, serviceName string, in *ServiceCancelQueryIn) (bool, error) // ServiceCreate create a service // POST /v1/project/{project}/service // https://api.aiven.io/doc/#tag/Service/operation/ServiceCreate - // Required roles or permissions: admin, project:services:write, role:organization:admin, role:services:recover + // Required roles or permissions: project:services:write, role:services:recover ServiceCreate(ctx context.Context, project string, in *ServiceCreateIn) (*ServiceCreateOut, error) // ServiceDatabaseCreate create a new logical database for service // POST /v1/project/{project}/service/{service_name}/db // https://api.aiven.io/doc/#tag/Service/operation/ServiceDatabaseCreate - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: developer, operator ServiceDatabaseCreate(ctx context.Context, project string, serviceName string, in *ServiceDatabaseCreateIn) error // ServiceDatabaseDelete delete a logical database // DELETE /v1/project/{project}/service/{service_name}/db/{dbname} // https://api.aiven.io/doc/#tag/Service/operation/ServiceDatabaseDelete - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: developer, operator ServiceDatabaseDelete(ctx context.Context, project string, serviceName string, dbname string) error // ServiceDatabaseList list service databases // GET /v1/project/{project}/service/{service_name}/db // https://api.aiven.io/doc/#tag/Service/operation/ServiceDatabaseList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: developer, operator, read_only ServiceDatabaseList(ctx context.Context, project string, serviceName string) ([]DatabaseOut, error) // ServiceDelete terminate a service // DELETE /v1/project/{project}/service/{service_name} // https://api.aiven.io/doc/#tag/Service/operation/ServiceDelete - // Required roles or permissions: admin, project:services:write, role:organization:admin + // Required roles or permissions: project:services:write ServiceDelete(ctx context.Context, project string, serviceName string) error // ServiceEnableWrites temporarily enable writes for a service in read-only mode. Will only work if disk usage is lower than 99.0% // POST /v1/project/{project}/service/{service_name}/enable-writes // https://api.aiven.io/doc/#tag/Service/operation/ServiceEnableWrites - // Required roles or permissions: admin, role:organization:admin + // Required roles or permissions: operator ServiceEnableWrites(ctx context.Context, project string, serviceName string) (*string, error) // ServiceGet get service information // GET /v1/project/{project}/service/{service_name} // https://api.aiven.io/doc/#tag/Service/operation/ServiceGet - // Required roles or permissions: admin, project:services:read, read_only, role:organization:admin, role:services:maintenance, role:services:recover, service:secrets:read + // Required roles or permissions: project:services:read ServiceGet(ctx context.Context, project string, serviceName string, query ...[2]string) (*ServiceGetOut, error) // ServiceGetMigrationStatus get migration status // GET /v1/project/{project}/service/{service_name}/migration // https://api.aiven.io/doc/#tag/Service/operation/ServiceGetMigrationStatus + // Required roles or permissions: developer, operator, read_only ServiceGetMigrationStatus(ctx context.Context, project string, serviceName string) (*ServiceGetMigrationStatusOut, error) // ServiceIntegrationCreate create a new service integration // POST /v1/project/{project}/integration // https://api.aiven.io/doc/#tag/Service_Integrations/operation/ServiceIntegrationCreate - // Required roles or permissions: admin, project:integrations:write, role:organization:admin + // Required roles or permissions: project:integrations:write ServiceIntegrationCreate(ctx context.Context, project string, in *ServiceIntegrationCreateIn) (*ServiceIntegrationCreateOut, error) // ServiceIntegrationDelete delete a service integration // DELETE /v1/project/{project}/integration/{integration_id} // https://api.aiven.io/doc/#tag/Service_Integrations/operation/ServiceIntegrationDelete - // Required roles or permissions: admin, project:integrations:write, role:organization:admin, role:services:recover + // Required roles or permissions: project:integrations:write, role:services:recover ServiceIntegrationDelete(ctx context.Context, project string, integrationId string) error // ServiceIntegrationEndpointCreate create a new service integration endpoint // POST /v1/project/{project}/integration_endpoint // https://api.aiven.io/doc/#tag/Service_Integrations/operation/ServiceIntegrationEndpointCreate - // Required roles or permissions: admin, project:integrations:write, role:organization:admin + // Required roles or permissions: project:integrations:write ServiceIntegrationEndpointCreate(ctx context.Context, project string, in *ServiceIntegrationEndpointCreateIn) (*ServiceIntegrationEndpointCreateOut, error) // ServiceIntegrationEndpointDelete delete a service integration endpoint // DELETE /v1/project/{project}/integration_endpoint/{integration_endpoint_id} // https://api.aiven.io/doc/#tag/Service_Integrations/operation/ServiceIntegrationEndpointDelete - // Required roles or permissions: admin, project:integrations:write, role:organization:admin + // Required roles or permissions: project:integrations:write ServiceIntegrationEndpointDelete(ctx context.Context, project string, integrationEndpointId string) error // ServiceIntegrationEndpointGet get service integration endpoint // GET /v1/project/{project}/integration_endpoint/{integration_endpoint_id} // https://api.aiven.io/doc/#tag/Service_Integrations/operation/ServiceIntegrationEndpointGet - // Required roles or permissions: admin, project:integrations:read, read_only, role:organization:admin + // Required roles or permissions: project:integrations:read ServiceIntegrationEndpointGet(ctx context.Context, project string, integrationEndpointId string, query ...[2]string) (*ServiceIntegrationEndpointGetOut, error) // ServiceIntegrationEndpointList list available integration endpoints for project // GET /v1/project/{project}/integration_endpoint // https://api.aiven.io/doc/#tag/Service_Integrations/operation/ServiceIntegrationEndpointList - // Required roles or permissions: admin, project:integrations:read, read_only, role:organization:admin + // Required roles or permissions: project:integrations:read ServiceIntegrationEndpointList(ctx context.Context, project string) ([]ServiceIntegrationEndpointOut, error) // ServiceIntegrationEndpointTypes list available service integration endpoint types // GET /v1/project/{project}/integration_endpoint_types // https://api.aiven.io/doc/#tag/Service_Integrations/operation/ServiceIntegrationEndpointTypes - // Required roles or permissions: admin, project:integrations:read, read_only, role:organization:admin + // Required roles or permissions: project:integrations:read ServiceIntegrationEndpointTypes(ctx context.Context, project string) ([]EndpointTypeOut, error) // ServiceIntegrationEndpointUpdate update service integration endpoint // PUT /v1/project/{project}/integration_endpoint/{integration_endpoint_id} // https://api.aiven.io/doc/#tag/Service_Integrations/operation/ServiceIntegrationEndpointUpdate - // Required roles or permissions: admin, project:integrations:write, role:organization:admin + // Required roles or permissions: project:integrations:write ServiceIntegrationEndpointUpdate(ctx context.Context, project string, integrationEndpointId string, in *ServiceIntegrationEndpointUpdateIn) (*ServiceIntegrationEndpointUpdateOut, error) // ServiceIntegrationGet get service integration // GET /v1/project/{project}/integration/{integration_id} // https://api.aiven.io/doc/#tag/Service_Integrations/operation/ServiceIntegrationGet - // Required roles or permissions: admin, project:integrations:read, read_only, role:organization:admin + // Required roles or permissions: project:integrations:read ServiceIntegrationGet(ctx context.Context, project string, integrationId string) (*ServiceIntegrationGetOut, error) // ServiceIntegrationList list available integrations for a service // GET /v1/project/{project}/service/{service_name}/integration // https://api.aiven.io/doc/#tag/Service_Integrations/operation/ServiceIntegrationList - // Required roles or permissions: admin, project:integrations:read, read_only, role:organization:admin, role:services:recover + // Required roles or permissions: project:integrations:read, role:services:recover ServiceIntegrationList(ctx context.Context, project string, serviceName string) ([]ServiceIntegrationOut, error) // ServiceIntegrationTypes list available service integration types // GET /v1/project/{project}/integration_types // https://api.aiven.io/doc/#tag/Service_Integrations/operation/ServiceIntegrationTypes - // Required roles or permissions: admin, project:integrations:read, read_only, role:organization:admin + // Required roles or permissions: project:integrations:read ServiceIntegrationTypes(ctx context.Context, project string) ([]IntegrationTypeOut, error) // ServiceIntegrationUpdate update a service integration // PUT /v1/project/{project}/integration/{integration_id} // https://api.aiven.io/doc/#tag/Service_Integrations/operation/ServiceIntegrationUpdate - // Required roles or permissions: admin, project:integrations:write, role:organization:admin + // Required roles or permissions: project:integrations:write ServiceIntegrationUpdate(ctx context.Context, project string, integrationId string, in *ServiceIntegrationUpdateIn) (*ServiceIntegrationUpdateOut, error) // ServiceKmsGetCA retrieve a service CA // GET /v1/project/{project}/service/{service_name}/kms/ca/{ca_name} // https://api.aiven.io/doc/#tag/Service/operation/ServiceKmsGetCA + // Required roles or permissions: developer, operator, read_only ServiceKmsGetCA(ctx context.Context, project string, serviceName string, caName string) (string, error) // ServiceKmsGetKeypair retrieve service keypair // GET /v1/project/{project}/service/{service_name}/kms/keypairs/{keypair_name} // https://api.aiven.io/doc/#tag/Service/operation/ServiceKmsGetKeypair + // Required roles or permissions: operator ServiceKmsGetKeypair(ctx context.Context, project string, serviceName string, keypairName string) (*ServiceKmsGetKeypairOut, error) // ServiceList list services // GET /v1/project/{project}/service // https://api.aiven.io/doc/#tag/Service/operation/ServiceList - // Required roles or permissions: admin, project:services:read, read_only, role:organization:admin, role:services:maintenance, role:services:recover, service:secrets:read + // Required roles or permissions: project:services:read ServiceList(ctx context.Context, project string, query ...[2]string) ([]ServiceOut, error) // ServiceMaintenanceStart start maintenance updates // PUT /v1/project/{project}/service/{service_name}/maintenance/start // https://api.aiven.io/doc/#tag/Service/operation/ServiceMaintenanceStart - // Required roles or permissions: admin, role:organization:admin, role:services:maintenance + // Required roles or permissions: role:services:maintenance ServiceMaintenanceStart(ctx context.Context, project string, serviceName string) error // ServiceMetricsFetch fetch service metrics // POST /v1/project/{project}/service/{service_name}/metrics // https://api.aiven.io/doc/#tag/Service/operation/ServiceMetricsFetch + // Required roles or permissions: developer, operator, read_only ServiceMetricsFetch(ctx context.Context, project string, serviceName string, in *ServiceMetricsFetchIn) (map[string]any, error) // ServiceQueryActivity fetch current queries for the service // POST /v1/project/{project}/service/{service_name}/query/activity // https://api.aiven.io/doc/#tag/Service/operation/ServiceQueryActivity + // Required roles or permissions: developer, operator, read_only ServiceQueryActivity(ctx context.Context, project string, serviceName string, in *ServiceQueryActivityIn) ([]QueryOut, error) // ServiceQueryStatisticsReset reset service's query statistics // PUT /v1/project/{project}/service/{service_name}/query/stats/reset // https://api.aiven.io/doc/#tag/Service/operation/ServiceQueryStatisticsReset - // Required roles or permissions: admin, role:organization:admin + // Required roles or permissions: developer, operator ServiceQueryStatisticsReset(ctx context.Context, project string, serviceName string) ([]map[string]any, error) // ServiceTaskCreate create a new task for service // POST /v1/project/{project}/service/{service_name}/task // https://api.aiven.io/doc/#tag/Service/operation/ServiceTaskCreate - // Required roles or permissions: admin, role:organization:admin + // Required roles or permissions: operator ServiceTaskCreate(ctx context.Context, project string, serviceName string, in *ServiceTaskCreateIn) (*ServiceTaskCreateOut, error) // ServiceTaskGet get task result // GET /v1/project/{project}/service/{service_name}/task/{task_id} // https://api.aiven.io/doc/#tag/Service/operation/ServiceTaskGet - // Required roles or permissions: admin, role:organization:admin + // Required roles or permissions: operator ServiceTaskGet(ctx context.Context, project string, serviceName string, taskId string) (*ServiceTaskGetOut, error) // ServiceUpdate update service configuration // PUT /v1/project/{project}/service/{service_name} // https://api.aiven.io/doc/#tag/Service/operation/ServiceUpdate - // Required roles or permissions: admin, project:services:write, role:organization:admin, service:configuration:write + // Required roles or permissions: project:services:write, role:services:maintenance, role:services:recover, service:configuration:write ServiceUpdate(ctx context.Context, project string, serviceName string, in *ServiceUpdateIn, query ...[2]string) (*ServiceUpdateOut, error) // ServiceUserCreate create a new (sub) user for service // POST /v1/project/{project}/service/{service_name}/user // https://api.aiven.io/doc/#tag/Service/operation/ServiceUserCreate - // Required roles or permissions: admin, role:organization:admin, service:users:write + // Required roles or permissions: service:users:write ServiceUserCreate(ctx context.Context, project string, serviceName string, in *ServiceUserCreateIn) (*ServiceUserCreateOut, error) // ServiceUserCredentialsModify modify service user credentials // PUT /v1/project/{project}/service/{service_name}/user/{service_username} // https://api.aiven.io/doc/#tag/Service/operation/ServiceUserCredentialsModify - // Required roles or permissions: admin, role:organization:admin, service:users:write + // Required roles or permissions: service:users:write ServiceUserCredentialsModify(ctx context.Context, project string, serviceName string, serviceUsername string, in *ServiceUserCredentialsModifyIn) (*ServiceUserCredentialsModifyOut, error) // ServiceUserCredentialsReset reset service user credentials // PUT /v1/project/{project}/service/{service_name}/user/{service_username}/credentials/reset // https://api.aiven.io/doc/#tag/Service/operation/ServiceUserCredentialsReset - // Required roles or permissions: admin, role:organization:admin, service:users:write + // Required roles or permissions: service:users:write ServiceUserCredentialsReset(ctx context.Context, project string, serviceName string, serviceUsername string) (*ServiceUserCredentialsResetOut, error) // ServiceUserDelete delete a service user // DELETE /v1/project/{project}/service/{service_name}/user/{service_username} // https://api.aiven.io/doc/#tag/Service/operation/ServiceUserDelete - // Required roles or permissions: admin, role:organization:admin, service:users:write + // Required roles or permissions: service:users:write ServiceUserDelete(ctx context.Context, project string, serviceName string, serviceUsername string) error // ServiceUserGet get details for a single user // GET /v1/project/{project}/service/{service_name}/user/{service_username} // https://api.aiven.io/doc/#tag/Service/operation/ServiceUserGet - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:configuration:write, service:users:write ServiceUserGet(ctx context.Context, project string, serviceName string, serviceUsername string, query ...[2]string) (*ServiceUserGetOut, error) } diff --git a/handler/staticip/staticip.go b/handler/staticip/staticip.go index e063d16..5f42c0d 100644 --- a/handler/staticip/staticip.go +++ b/handler/staticip/staticip.go @@ -13,21 +13,25 @@ type Handler interface { // ProjectStaticIPAssociate associate a static IP address with a service // POST /v1/project/{project}/static-ips/{static_ip_address_id}/association // https://api.aiven.io/doc/#tag/StaticIP/operation/ProjectStaticIPAssociate + // Required roles or permissions: service:configuration:write ProjectStaticIPAssociate(ctx context.Context, project string, staticIpAddressId string, in *ProjectStaticIpassociateIn) (*ProjectStaticIpassociateOut, error) // ProjectStaticIPAvailabilityList list static IP address cloud availability and prices for a project // GET /v1/project/{project}/static-ip-availability // https://api.aiven.io/doc/#tag/StaticIP/operation/ProjectStaticIPAvailabilityList + // Required roles or permissions: developer, operator, read_only ProjectStaticIPAvailabilityList(ctx context.Context, project string) ([]StaticIpAddressAvailabilityOut, error) // ProjectStaticIPDissociate dissociate a static IP address from a service // DELETE /v1/project/{project}/static-ips/{static_ip_address_id}/association // https://api.aiven.io/doc/#tag/StaticIP/operation/ProjectStaticIPDissociate + // Required roles or permissions: service:configuration:write ProjectStaticIPDissociate(ctx context.Context, project string, staticIpAddressId string) (*ProjectStaticIpdissociateOut, error) // ProjectStaticIPPatch update a static IP address configuration // PATCH /v1/project/{project}/static-ips/{static_ip_address_id} // https://api.aiven.io/doc/#tag/StaticIP/operation/ProjectStaticIPPatch + // Required roles or permissions: operator ProjectStaticIPPatch(ctx context.Context, project string, staticIpAddressId string, in *ProjectStaticIppatchIn) (*ProjectStaticIppatchOut, error) // PublicStaticIPAvailabilityList list static IP clouds and prices @@ -38,13 +42,13 @@ type Handler interface { // StaticIPCreate create static IP address // POST /v1/project/{project}/static-ips // https://api.aiven.io/doc/#tag/StaticIP/operation/StaticIPCreate - // Required roles or permissions: admin, role:organization:admin + // Required roles or permissions: operator StaticIPCreate(ctx context.Context, project string, in *StaticIpcreateIn) (*StaticIpcreateOut, error) // StaticIPList list static IP addresses // GET /v1/project/{project}/static-ips // https://api.aiven.io/doc/#tag/StaticIP/operation/StaticIPList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: developer, operator, read_only StaticIPList(ctx context.Context, project string) ([]StaticIpOut, error) } diff --git a/handler/thanos/thanos.go b/handler/thanos/thanos.go index 323a716..b71588d 100644 --- a/handler/thanos/thanos.go +++ b/handler/thanos/thanos.go @@ -13,7 +13,7 @@ type Handler interface { // ServiceThanosStorageSummary get Thanos object storage summary // GET /v1/project/{project}/service/{service_name}/thanos/storage/summary // https://api.aiven.io/doc/#tag/Service:_Thanos/operation/ServiceThanosStorageSummary - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceThanosStorageSummary(ctx context.Context, project string, serviceName string) (*ServiceThanosStorageSummaryOut, error) } diff --git a/handler/user/user.go b/handler/user/user.go index 41d1789..b85be76 100644 --- a/handler/user/user.go +++ b/handler/user/user.go @@ -44,7 +44,6 @@ type Handler interface { // OrganizationMemberGroupsList list user groups of the organization's member // GET /v1/organization/{organization_id}/user/{member_user_id}/user-groups // https://api.aiven.io/doc/#tag/Users/operation/OrganizationMemberGroupsList - // Required roles or permissions: role:organization:admin OrganizationMemberGroupsList(ctx context.Context, organizationId string, memberUserId string) ([]UserGroupOut, error) // TwoFactorAuthConfigure configure two-factor authentication @@ -90,7 +89,6 @@ type Handler interface { // UserAuthenticationMethodsList list linked authentication methods // GET /v1/me/authentication_methods // https://api.aiven.io/doc/#tag/Users/operation/UserAuthenticationMethodsList - // Required roles or permissions: role:organization:admin UserAuthenticationMethodsList(ctx context.Context) ([]AuthenticationMethodOut, error) // Deprecated: UserCreate create a user @@ -136,7 +134,6 @@ type Handler interface { // UserUpdate edit profile // PATCH /v1/me // https://api.aiven.io/doc/#tag/Users/operation/UserUpdate - // Required roles or permissions: admin, role:organization:admin UserUpdate(ctx context.Context, in *UserUpdateIn) (*UserUpdateOut, error) // UserVerifyEmail confirm user email address diff --git a/handler/usergroup/usergroup.go b/handler/usergroup/usergroup.go index 8a14941..cd8adaa 100644 --- a/handler/usergroup/usergroup.go +++ b/handler/usergroup/usergroup.go @@ -14,13 +14,13 @@ type Handler interface { // UserGroupCreate create a group // POST /v1/organization/{organization_id}/user-groups // https://api.aiven.io/doc/#tag/Groups/operation/UserGroupCreate - // Required roles or permissions: organization:groups:write, role:organization:admin + // Required roles or permissions: organization:groups:write UserGroupCreate(ctx context.Context, organizationId string, in *UserGroupCreateIn) (*UserGroupCreateOut, error) // UserGroupDelete delete a group // DELETE /v1/organization/{organization_id}/user-groups/{user_group_id} // https://api.aiven.io/doc/#tag/Groups/operation/UserGroupDelete - // Required roles or permissions: organization:groups:write, role:organization:admin + // Required roles or permissions: organization:groups:write UserGroupDelete(ctx context.Context, organizationId string, userGroupId string) error // UserGroupGet retrieve a group @@ -36,13 +36,13 @@ type Handler interface { // UserGroupMembersUpdate add or remove group members // PATCH /v1/organization/{organization_id}/user-groups/{user_group_id}/members // https://api.aiven.io/doc/#tag/Groups/operation/UserGroupMembersUpdate - // Required roles or permissions: organization:groups:write, role:organization:admin + // Required roles or permissions: organization:groups:write UserGroupMembersUpdate(ctx context.Context, organizationId string, userGroupId string, in *UserGroupMembersUpdateIn) error // UserGroupUpdate update a group // PATCH /v1/organization/{organization_id}/user-groups/{user_group_id} // https://api.aiven.io/doc/#tag/Groups/operation/UserGroupUpdate - // Required roles or permissions: organization:groups:write, role:organization:admin + // Required roles or permissions: organization:groups:write UserGroupUpdate(ctx context.Context, organizationId string, userGroupId string, in *UserGroupUpdateIn) (*UserGroupUpdateOut, error) // UserGroupsList list groups diff --git a/handler/vpc/vpc.go b/handler/vpc/vpc.go index 7e0c073..907dc6e 100644 --- a/handler/vpc/vpc.go +++ b/handler/vpc/vpc.go @@ -14,54 +14,55 @@ type Handler interface { // VpcCreate create a VPC in a cloud for the project // POST /v1/project/{project}/vpcs // https://api.aiven.io/doc/#tag/Project/operation/VpcCreate - // Required roles or permissions: admin, project:networking:write, role:organization:admin + // Required roles or permissions: project:networking:write VpcCreate(ctx context.Context, project string, in *VpcCreateIn) (*VpcCreateOut, error) // VpcDelete delete a project VPC // DELETE /v1/project/{project}/vpcs/{project_vpc_id} // https://api.aiven.io/doc/#tag/Project/operation/VpcDelete - // Required roles or permissions: admin, project:networking:write, role:organization:admin + // Required roles or permissions: project:networking:write VpcDelete(ctx context.Context, project string, projectVpcId string) (*VpcDeleteOut, error) // VpcGet get VPC information // GET /v1/project/{project}/vpcs/{project_vpc_id} // https://api.aiven.io/doc/#tag/Project/operation/VpcGet - // Required roles or permissions: admin, project:networking:read, read_only, role:organization:admin + // Required roles or permissions: project:networking:read VpcGet(ctx context.Context, project string, projectVpcId string) (*VpcGetOut, error) // VpcList list VPCs for a project // GET /v1/project/{project}/vpcs // https://api.aiven.io/doc/#tag/Project/operation/VpcList - // Required roles or permissions: admin, project:networking:read, read_only, role:organization:admin + // Required roles or permissions: project:networking:read VpcList(ctx context.Context, project string) ([]VpcOut, error) // VpcPeeringConnectionCreate create a peering connection for a project VPC // POST /v1/project/{project}/vpcs/{project_vpc_id}/peering-connections // https://api.aiven.io/doc/#tag/Project/operation/VpcPeeringConnectionCreate - // Required roles or permissions: admin, project:networking:write, role:organization:admin + // Required roles or permissions: project:networking:write VpcPeeringConnectionCreate(ctx context.Context, project string, projectVpcId string, in *VpcPeeringConnectionCreateIn) (*VpcPeeringConnectionCreateOut, error) // VpcPeeringConnectionDelete delete a peering connection for a project VPC // DELETE /v1/project/{project}/vpcs/{project_vpc_id}/peering-connections/peer-accounts/{peer_cloud_account}/peer-vpcs/{peer_vpc} // https://api.aiven.io/doc/#tag/Project/operation/VpcPeeringConnectionDelete - // Required roles or permissions: admin, project:networking:write, role:organization:admin + // Required roles or permissions: project:networking:write VpcPeeringConnectionDelete(ctx context.Context, project string, projectVpcId string, peerCloudAccount string, peerVpc string) (*VpcPeeringConnectionDeleteOut, error) // VpcPeeringConnectionUpdate update user-defined peer network CIDRs for a project VPC // PUT /v1/project/{project}/vpcs/{project_vpc_id}/user-peer-network-cidrs // https://api.aiven.io/doc/#tag/Project/operation/VpcPeeringConnectionUpdate + // Required roles or permissions: project:networking:write VpcPeeringConnectionUpdate(ctx context.Context, project string, projectVpcId string, in *VpcPeeringConnectionUpdateIn) (*VpcPeeringConnectionUpdateOut, error) // VpcPeeringConnectionWithRegionDelete delete a peering connection for a project VPC // DELETE /v1/project/{project}/vpcs/{project_vpc_id}/peering-connections/peer-accounts/{peer_cloud_account}/peer-vpcs/{peer_vpc}/peer-regions/{peer_region} // https://api.aiven.io/doc/#tag/Project/operation/VpcPeeringConnectionWithRegionDelete - // Required roles or permissions: admin, project:networking:write, role:organization:admin + // Required roles or permissions: project:networking:write VpcPeeringConnectionWithRegionDelete(ctx context.Context, project string, projectVpcId string, peerCloudAccount string, peerVpc string, peerRegion string) (*VpcPeeringConnectionWithRegionDeleteOut, error) // VpcPeeringConnectionWithResourceGroupDelete delete a peering connection for a project VPC // DELETE /v1/project/{project}/vpcs/{project_vpc_id}/peering-connections/peer-accounts/{peer_cloud_account}/peer-resource-groups/{peer_resource_group}/peer-vpcs/{peer_vpc} // https://api.aiven.io/doc/#tag/Project/operation/VpcPeeringConnectionWithResourceGroupDelete - // Required roles or permissions: admin, project:networking:write, role:organization:admin + // Required roles or permissions: project:networking:write VpcPeeringConnectionWithResourceGroupDelete(ctx context.Context, project string, projectVpcId string, peerCloudAccount string, peerResourceGroup string, peerVpc string) (*VpcPeeringConnectionWithResourceGroupDeleteOut, error) } diff --git a/permissions.go b/permissions.go index 721da0f..5a07332 100644 --- a/permissions.go +++ b/permissions.go @@ -2,16 +2,23 @@ package aiven import ( _ "embed" + "fmt" "gopkg.in/yaml.v3" ) //go:embed permissions.yaml -var permissionBytes []byte +var permissionsBytes []byte +var permissionsMap map[string][]string + +func init() { + err := yaml.Unmarshal(permissionsBytes, &permissionsMap) + if err != nil { + panic(fmt.Sprintf("Error parsing permissions: %v", err)) + } +} // Permissions returns the map of operation IDs to permission strings. -func Permissions() (map[string][]string, error) { - var m map[string][]string - err := yaml.Unmarshal(permissionBytes, &m) - return m, err +func Permissions() map[string][]string { + return permissionsMap } diff --git a/permissions.yaml b/permissions.yaml index d2b4384..ab4d964 100644 --- a/permissions.yaml +++ b/permissions.yaml @@ -1,739 +1,599 @@ -AccountBillingGroupList: +AccountAuthenticationMethodCreate: - role:organization:admin +AccountAuthenticationMethodDelete: + - role:organization:admin +AccountAuthenticationMethodGet: + - role:organization:admin +AccountAuthenticationMethodUpdate: + - role:organization:admin +AccountAuthenticationMethodsList: + - role:organization:admin +AlloyDbOmniGoogleCloudPrivateKeyIdentify: + - service:data:write +AlloyDbOmniGoogleCloudPrivateKeyRemove: + - service:data:write +AlloyDbOmniGoogleCloudPrivateKeySet: + - service:data:write ApplicationUserAccessTokenCreate: - organization:app_users:write - - role:organization:admin ApplicationUserAccessTokenDelete: - organization:app_users:write - - role:organization:admin ApplicationUserAccessTokensList: - - role:organization:admin + - organization:app_users:write ApplicationUserCreate: - organization:app_users:write - - role:organization:admin ApplicationUserDelete: - organization:app_users:write - - role:organization:admin ApplicationUserGet: - - role:organization:admin + - organization:app_users:write ApplicationUserUpdate: - organization:app_users:write - - role:organization:admin -BillingGroupCreate: - - organization:billing:write - - role:organization:admin +ApplicationUsersList: + - organization:app_users:write BillingGroupCreditsClaim: - - admin - - role:organization:admin + - developer + - operator BillingGroupCreditsList: - - admin + - developer + - operator - read_only - - role:organization:admin -BillingGroupDelete: - - admin - - role:organization:admin BillingGroupEventList: - - admin + - developer + - operator - read_only - - role:organization:admin BillingGroupGet: - - admin + - developer + - operator - read_only - - role:organization:admin BillingGroupInvoiceCsvGet: - - admin - - role:organization:admin + - operator BillingGroupInvoiceLinesList: - - admin - - role:organization:admin + - operator BillingGroupInvoiceList: - - admin + - developer + - operator - read_only - - role:organization:admin -BillingGroupList: - - organization:billing:read - - role:organization:admin -BillingGroupProjectAssign: - - admin - - role:organization:admin BillingGroupProjectList: - - admin + - developer + - operator - read_only - - role:organization:admin -BillingGroupProjectsAssign: - - admin - - role:organization:admin -BillingGroupUpdate: - - admin - - role:organization:admin +ListProjectClouds: + - project:services:write +ListProjectServiceTypes: + - project:services:read +ListProjectVpcPeeringConnectionTypes: + - project:networking:read +MySQLServiceQueryStatistics: + - service:data:write OrganizationAddressCreate: - organization:billing:write - - role:organization:admin OrganizationAddressDelete: - organization:billing:write - - role:organization:admin +OrganizationAddressGet: + - organization:billing:read + - organization:billing:write OrganizationAddressList: - organization:billing:read - - role:organization:admin + - organization:billing:write OrganizationAddressUpdate: - organization:billing:write - - role:organization:admin OrganizationBillingGroupCreate: - organization:billing:write - - role:organization:admin OrganizationBillingGroupDelete: - organization:billing:write - - role:organization:admin OrganizationBillingGroupGet: - organization:billing:read - - role:organization:admin + - organization:billing:write OrganizationBillingGroupList: - organization:billing:read - - role:organization:admin + - organization:billing:write + - organization:projects:write OrganizationBillingGroupUpdate: - organization:billing:write - - role:organization:admin OrganizationDomainAdd: - organization:domains:write - - role:organization:admin OrganizationDomainUpdate: - organization:domains:write - - role:organization:admin OrganizationDomainVerify: - organization:domains:write - - role:organization:admin OrganizationDomainsList: - - role:organization:admin + - organization:domains:write OrganizationDomainsRemove: - organization:domains:write - - role:organization:admin -OrganizationMemberGroupsList: - - role:organization:admin -OrganizationProjectsCreate: +OrganizationProjectsDelete: + - organization:projects:write +OrganizationProjectsGet: + - project:services:read +OrganizationProjectsUpdate: - organization:projects:write - - role:organization:admin -OrganizationProjectsList: - - role:organization:admin OrganizationUserAuthenticationMethodsList: - - role:organization:admin + - organization:users:write +OrganizationUserDelete: + - organization:users:write +OrganizationUserInvitationDelete: + - organization:users:write OrganizationUserInvitationsList: - - role:organization:admin + - organization:users:write +OrganizationUserInvite: + - organization:users:write +OrganizationUserPasswordReset: + - organization:users:write OrganizationUserRevokeToken: - organization:users:write - - role:organization:admin OrganizationUserTokensList: - - role:organization:admin + - organization:users:write OrganizationUserUpdate: - - role:organization:admin + - organization:users:write OrganizationVpcCreate: - organization:networking:write - - role:organization:admin OrganizationVpcDelete: - organization:networking:write - - role:organization:admin OrganizationVpcGet: - organization:networking:read - - role:organization:admin OrganizationVpcList: - organization:networking:read - - role:organization:admin OrganizationVpcPeeringConnectionCreate: - organization:networking:write - - role:organization:admin -PermissionsGet: - - role:organization:admin -PermissionsSet: - - role:organization:admin -PermissionsUpdate: - - role:organization:admin +OrganizationVpcPeeringConnectionDeleteById: + - organization:networking:write +PGServiceAvailableExtensions: + - service:data:write +PGServiceQueryStatistics: + - service:data:write ProjectAlertsList: - - admin + - developer + - operator - read_only - - role:organization:admin -ProjectCreate: - - organization:projects:write - - role:organization:admin ProjectCreditsClaim: - - admin - - role:organization:admin + - developer + - operator ProjectCreditsList: - - admin + - developer + - operator - read_only - - role:organization:admin ProjectDelete: - - admin - organization:projects:write - - role:organization:admin +ProjectDownloadSBOMReport: + - developer + - operator + - read_only ProjectGenerateSbomDownloadUrl: - - admin + - developer + - operator - read_only - - role:organization:admin ProjectGet: - - admin - project:services:read - - read_only - - role:organization:admin - - role:services:maintenance - - role:services:recover - - service:secrets:read ProjectGetEventLogs: - - admin - project:audit_logs:read - - read_only - - role:organization:admin -ProjectInvite: - - admin - - role:organization:admin -ProjectInviteDelete: - - admin - - role:organization:admin +ProjectGetServiceLogs: + - service:logs:read ProjectInvoiceList: - - admin + - developer + - operator - read_only - - role:organization:admin ProjectKmsGetCA: - - admin - - read_only - - role:organization:admin -ProjectList: - - role:organization:admin + - organization:projects:write +ProjectPrivatelinkAvailabilityList: + - project:services:write ProjectServicePlanList: - - admin + - developer + - operator - read_only - - role:organization:admin ProjectServicePlanPriceGet: - - admin + - developer + - operator - read_only - - role:organization:admin -ProjectServiceTagsList: - - admin +ProjectServicePlanSpecsGet: + - developer + - operator - read_only - - role:organization:admin +ProjectServiceTagsList: + - service:configuration:write ProjectServiceTagsReplace: - - admin - - project:services:write - - role:organization:admin - service:configuration:write ProjectServiceTagsUpdate: - - admin - - project:services:write - - role:organization:admin - service:configuration:write +ProjectServiceTypesGet: + - developer + - operator + - read_only ProjectServiceTypesList: - - admin - project:services:read +ProjectStaticIPAssociate: + - service:configuration:write +ProjectStaticIPAvailabilityList: + - developer + - operator - read_only - - role:organization:admin - - role:services:maintenance - - role:services:recover - - service:secrets:read +ProjectStaticIPDissociate: + - service:configuration:write +ProjectStaticIPPatch: + - operator ProjectTagsList: - - admin + - developer + - operator - read_only - - role:organization:admin -ProjectTagsReplace: - - admin - - role:organization:admin -ProjectTagsUpdate: - - admin - - role:organization:admin ProjectUpdate: - - admin - organization:projects:write - - role:organization:admin ProjectUserList: - - admin + - developer + - operator - read_only - - role:organization:admin -ProjectUserRemove: - - admin - - role:organization:admin -ProjectUserUpdate: - - admin - - role:organization:admin -ProjectGetServiceLogs: - - admin - - read_only - - role:organization:admin - - service:logs:read ServiceAlertsList: - - admin + - developer + - operator - read_only - - role:organization:admin ServiceBackupToAnotherRegionReport: - - admin - - project:services:write - - read_only - - role:organization:admin + - service:configuration:write +ServiceBackupsGet: - service:configuration:write ServiceCancelQuery: - - admin - - role:organization:admin + - developer + - operator ServiceClickHouseCurrentQueries: - - admin - - read_only - - role:organization:admin + - service:data:write ServiceClickHouseDatabaseCreate: - - admin - - role:organization:admin - service:data:write ServiceClickHouseDatabaseDelete: - - admin - - role:organization:admin - service:data:write ServiceClickHouseDatabaseList: - - admin - - read_only - - role:organization:admin + - service:data:write ServiceClickHousePasswordReset: - - admin - - role:organization:admin - service:data:write - service:users:write ServiceClickHouseQuery: - - admin - - role:organization:admin - service:data:write ServiceClickHouseQueryStats: - - admin - - read_only - - role:organization:admin + - service:data:write ServiceClickHouseTieredStorageSummary: - - admin - - read_only - - role:organization:admin + - service:data:write ServiceClickHouseUserCreate: - - admin - - role:organization:admin - service:data:write - service:users:write ServiceClickHouseUserDelete: - - admin - - role:organization:admin - service:data:write - service:users:write ServiceClickHouseUserList: - - admin - - read_only - - role:organization:admin + - service:data:write + - service:users:write ServiceCreate: - - admin - project:services:write - - role:organization:admin - role:services:recover ServiceDatabaseCreate: - - admin - - role:organization:admin - - service:data:write + - developer + - operator ServiceDatabaseDelete: - - admin - - role:organization:admin - - service:data:write + - developer + - operator ServiceDatabaseList: - - admin + - developer + - operator - read_only - - role:organization:admin ServiceDelete: - - admin - project:services:write - - role:organization:admin ServiceEnableWrites: - - admin - - role:organization:admin + - operator +ServiceFlinkCancelApplicationDeployment: + - service:data:write +ServiceFlinkCancelJarApplicationDeployment: + - service:data:write +ServiceFlinkCreateApplication: + - service:data:write +ServiceFlinkCreateApplicationDeployment: + - service:data:write +ServiceFlinkCreateApplicationVersion: + - service:data:write +ServiceFlinkCreateJarApplication: + - service:data:write +ServiceFlinkCreateJarApplicationDeployment: + - service:data:write +ServiceFlinkCreateJarApplicationVersion: + - service:data:write +ServiceFlinkDeleteApplication: + - service:data:write +ServiceFlinkDeleteApplicationDeployment: + - service:data:write +ServiceFlinkDeleteApplicationVersion: + - service:data:write +ServiceFlinkDeleteJarApplication: + - service:data:write +ServiceFlinkDeleteJarApplicationDeployment: + - service:data:write +ServiceFlinkDeleteJarApplicationVersion: + - service:data:write +ServiceFlinkGetApplication: + - service:data:write +ServiceFlinkGetApplicationDeployment: + - service:data:write +ServiceFlinkGetApplicationVersion: + - service:data:write +ServiceFlinkGetJarApplication: + - service:data:write +ServiceFlinkGetJarApplicationDeployment: + - service:data:write +ServiceFlinkGetJarApplicationVersion: + - service:data:write ServiceFlinkJobDetails: - - admin - - role:organization:admin + - service:data:write +ServiceFlinkJobsList: + - service:data:write +ServiceFlinkListApplicationDeployments: + - service:data:write +ServiceFlinkListApplications: + - service:data:write +ServiceFlinkListJarApplicationDeployments: + - service:data:write +ServiceFlinkListJarApplications: + - service:data:write ServiceFlinkOverview: - - admin - - role:organization:admin + - service:data:write +ServiceFlinkStopApplicationDeployment: + - service:data:write +ServiceFlinkStopJarApplicationDeployment: + - service:data:write +ServiceFlinkUpdateApplication: + - service:data:write +ServiceFlinkUpdateJarApplication: + - service:data:write +ServiceFlinkValidateApplicationVersion: + - service:data:write ServiceGet: - - admin - project:services:read +ServiceGetMigrationStatus: + - developer + - operator - read_only - - role:organization:admin - - role:services:maintenance - - role:services:recover - - service:secrets:read ServiceIntegrationCreate: - - admin - project:integrations:write - - role:organization:admin ServiceIntegrationDelete: - - admin - project:integrations:write - - role:organization:admin - role:services:recover ServiceIntegrationEndpointCreate: - - admin - project:integrations:write - - role:organization:admin ServiceIntegrationEndpointDelete: - - admin - project:integrations:write - - role:organization:admin ServiceIntegrationEndpointGet: - - admin - project:integrations:read - - read_only - - role:organization:admin ServiceIntegrationEndpointList: - - admin - project:integrations:read - - read_only - - role:organization:admin ServiceIntegrationEndpointTypes: - - admin - project:integrations:read - - read_only - - role:organization:admin ServiceIntegrationEndpointUpdate: - - admin - project:integrations:write - - role:organization:admin ServiceIntegrationGet: - - admin - project:integrations:read - - read_only - - role:organization:admin ServiceIntegrationList: - - admin - project:integrations:read - - read_only - - role:organization:admin - role:services:recover ServiceIntegrationTypes: - - admin - project:integrations:read - - read_only - - role:organization:admin ServiceIntegrationUpdate: - - admin - project:integrations:write - - role:organization:admin ServiceKafkaAclAdd: - - admin - - role:organization:admin - service:data:write ServiceKafkaAclDelete: - - admin - - role:organization:admin - service:data:write ServiceKafkaAclList: - - admin - - read_only - - role:organization:admin + - service:data:write +ServiceKafkaConnectCreateConnector: + - service:data:write +ServiceKafkaConnectDeleteConnector: + - service:data:write +ServiceKafkaConnectEditConnector: + - service:data:write ServiceKafkaConnectGetAvailableConnectors: - - admin - - role:organization:admin + - service:data:write +ServiceKafkaConnectGetConnectorConfiguration: + - service:data:write ServiceKafkaConnectGetConnectorStatus: - - admin - - read_only - - role:organization:admin + - service:data:write ServiceKafkaConnectList: - - admin - - read_only - - role:organization:admin + - service:data:write ServiceKafkaConnectPauseConnector: - - admin - - role:organization:admin - service:data:write ServiceKafkaConnectRestartConnector: - - admin - - role:organization:admin + - service:data:write +ServiceKafkaConnectRestartConnectorTask: - service:data:write ServiceKafkaConnectResumeConnector: - - admin - - role:organization:admin + - service:data:write +ServiceKafkaMirrorMakerCreateReplicationFlow: + - service:data:write +ServiceKafkaMirrorMakerDeleteReplicationFlow: + - service:data:write +ServiceKafkaMirrorMakerGetReplicationFlow: + - service:data:write +ServiceKafkaMirrorMakerGetReplicationFlows: + - service:data:write +ServiceKafkaMirrorMakerPatchReplicationFlow: - service:data:write ServiceKafkaNativeAclAdd: - - admin - - role:organization:admin - service:data:write ServiceKafkaNativeAclDelete: - - admin - - role:organization:admin - service:data:write ServiceKafkaNativeAclGet: - - admin - - read_only - - role:organization:admin + - service:data:write ServiceKafkaNativeAclList: - - admin - - read_only - - role:organization:admin + - service:data:write ServiceKafkaQuotaCreate: - - admin - - role:organization:admin - service:data:write ServiceKafkaQuotaDelete: - - admin - - role:organization:admin - service:data:write ServiceKafkaQuotaDescribe: - - admin - - role:organization:admin + - service:data:write ServiceKafkaQuotaList: - - admin - - role:organization:admin + - service:data:write ServiceKafkaTieredStorageStorageUsageByTopic: - - admin - - read_only - - role:organization:admin + - service:data:write ServiceKafkaTieredStorageStorageUsageTotal: - - admin - - read_only - - role:organization:admin + - service:data:write ServiceKafkaTieredStorageSummary: - - admin - - read_only - - role:organization:admin + - service:data:write ServiceKafkaTopicCreate: - - admin - - role:organization:admin + - developer + - operator ServiceKafkaTopicDelete: - - admin - - role:organization:admin - service:data:write ServiceKafkaTopicGet: - - admin - - read_only - - role:organization:admin + - service:data:write ServiceKafkaTopicList: - - admin - - read_only - - role:organization:admin -ServiceKafkaTopicListV2: - - admin - - read_only - - role:organization:admin - service:data:write ServiceKafkaTopicMessageList: - - admin - - read_only - - role:organization:admin - service:data:write ServiceKafkaTopicMessageProduce: - - admin - - role:organization:admin - service:data:write ServiceKafkaTopicUpdate: - - admin - - role:organization:admin - service:data:write +ServiceKmsGetCA: + - developer + - operator + - read_only +ServiceKmsGetKeypair: + - operator ServiceList: - - admin - project:services:read - - read_only - - role:organization:admin - - role:services:maintenance - - role:services:recover - - service:secrets:read ServiceMaintenanceStart: - - admin - - role:organization:admin - role:services:maintenance -ServiceOpenSearchAclGet: - - admin +ServiceMetricsFetch: + - developer + - operator - read_only - - role:organization:admin +ServiceOpenSearchAclGet: + - service:data:write ServiceOpenSearchAclSet: - - admin - - role:organization:admin - service:data:write ServiceOpenSearchAclUpdate: - - admin - - role:organization:admin - service:data:write ServiceOpenSearchIndexDelete: - - admin - - role:organization:admin - service:data:write ServiceOpenSearchIndexList: - - admin - - read_only - - role:organization:admin + - service:data:write ServiceOpenSearchSecurityGet: - - admin - - read_only - - role:organization:admin + - service:data:write +ServiceOpenSearchSecurityReset: + - service:data:write ServiceOpenSearchSecuritySet: - - admin - - read_only - - role:organization:admin - service:data:write ServicePGBouncerCreate: - - admin - - role:organization:admin - service:data:write ServicePGBouncerDelete: - - admin - - role:organization:admin - service:data:write ServicePGBouncerUpdate: - - admin - - role:organization:admin - service:data:write ServicePrivatelinkAWSConnectionList: - - admin - - read_only - - role:organization:admin + - service:configuration:write ServicePrivatelinkAWSCreate: - - admin - - project:services:write - - role:organization:admin - service:configuration:write ServicePrivatelinkAWSDelete: - - admin - - project:services:write - - role:organization:admin - service:configuration:write ServicePrivatelinkAWSGet: - - admin - - read_only - - role:organization:admin + - service:configuration:write ServicePrivatelinkAWSUpdate: - - admin - - project:services:write - - role:organization:admin - service:configuration:write ServicePrivatelinkAzureConnectionApproval: - - admin - - project:services:write - - role:organization:admin - service:configuration:write ServicePrivatelinkAzureConnectionList: - - admin - - read_only - - role:organization:admin + - service:configuration:write ServicePrivatelinkAzureConnectionUpdate: - - admin - - project:services:write - - role:organization:admin - service:configuration:write ServicePrivatelinkAzureCreate: - - admin - - project:services:write - - role:organization:admin - service:configuration:write ServicePrivatelinkAzureDelete: - - admin - - project:services:write - - role:organization:admin - service:configuration:write ServicePrivatelinkAzureGet: - - admin - - read_only - - role:organization:admin + - service:configuration:write ServicePrivatelinkAzureUpdate: - - admin - - project:services:write - - role:organization:admin - service:configuration:write +ServiceQueryActivity: + - developer + - operator + - read_only ServiceQueryStatisticsReset: - - admin - - role:organization:admin + - developer + - operator +ServiceSchemaRegistryAclAdd: + - service:data:write +ServiceSchemaRegistryAclDelete: + - service:data:write +ServiceSchemaRegistryAclList: + - service:data:write +ServiceSchemaRegistryCompatibility: + - service:data:write +ServiceSchemaRegistryGlobalConfigGet: + - service:data:write +ServiceSchemaRegistryGlobalConfigPut: + - service:data:write ServiceSchemaRegistrySchemaGet: - - admin - - read_only - - role:organization:admin + - service:data:write ServiceSchemaRegistrySubjectConfigGet: - - admin - - read_only - - role:organization:admin + - service:data:write ServiceSchemaRegistrySubjectConfigPut: - - admin - - role:organization:admin + - service:data:write +ServiceSchemaRegistrySubjectDelete: + - service:data:write +ServiceSchemaRegistrySubjectVersionDelete: + - service:data:write +ServiceSchemaRegistrySubjectVersionGet: + - service:data:write +ServiceSchemaRegistrySubjectVersionPost: + - service:data:write +ServiceSchemaRegistrySubjectVersionSchemaGet: + - service:data:write +ServiceSchemaRegistrySubjectVersionsGet: + - service:data:write +ServiceSchemaRegistrySubjects: - service:data:write ServiceTaskCreate: - - admin - - role:organization:admin + - operator ServiceTaskGet: - - admin - - role:organization:admin + - operator ServiceThanosStorageSummary: - - admin - - read_only - - role:organization:admin + - service:data:write ServiceUpdate: - - admin - project:services:write - - role:organization:admin + - role:services:maintenance + - role:services:recover - service:configuration:write ServiceUserCreate: - - admin - - role:organization:admin - service:users:write ServiceUserCredentialsModify: - - admin - - role:organization:admin - service:users:write ServiceUserCredentialsReset: - - admin - - role:organization:admin - service:users:write ServiceUserDelete: - - admin - - role:organization:admin - service:users:write ServiceUserGet: - - admin - - read_only - - role:organization:admin + - service:configuration:write + - service:users:write StaticIPCreate: - - admin - - role:organization:admin + - operator StaticIPList: - - admin + - developer + - operator - read_only - - role:organization:admin -UserAuthenticationMethodsList: - - role:organization:admin UserGroupCreate: - organization:groups:write - - role:organization:admin UserGroupDelete: - organization:groups:write - - role:organization:admin UserGroupMembersUpdate: - organization:groups:write - - role:organization:admin UserGroupUpdate: - organization:groups:write - - role:organization:admin -UserUpdate: - - admin - - role:organization:admin VpcCreate: - - admin - project:networking:write - - role:organization:admin VpcDelete: - - admin - project:networking:write - - role:organization:admin VpcGet: - - admin - project:networking:read - - read_only - - role:organization:admin VpcList: - - admin - project:networking:read - - read_only - - role:organization:admin VpcPeeringConnectionCreate: - - admin - project:networking:write - - role:organization:admin VpcPeeringConnectionDelete: - - admin - project:networking:write - - role:organization:admin +VpcPeeringConnectionUpdate: + - project:networking:write VpcPeeringConnectionWithRegionDelete: - - admin - project:networking:write - - role:organization:admin VpcPeeringConnectionWithResourceGroupDelete: - - admin - project:networking:write - - role:organization:admin diff --git a/permissions_test.go b/permissions_test.go index e27f2f4..10ac219 100644 --- a/permissions_test.go +++ b/permissions_test.go @@ -7,23 +7,16 @@ import ( "github.com/stretchr/testify/require" ) -func TestPermissions_ProjectGet(t *testing.T) { - permissions, err := Permissions() - require.NoError(t, err) +func TestPermissions_ServiceGet(t *testing.T) { + permissions := Permissions() require.NotNil(t, permissions) - projectGetPerms, exists := permissions["ProjectGet"] - require.True(t, exists, "ProjectGet should exist in permissions map") + serviceGetPerms, exists := permissions["ServiceGet"] + require.True(t, exists, "ServiceGet should exist in permissions map") expectedPerms := []string{ - "admin", "project:services:read", - "read_only", - "role:organization:admin", - "role:services:maintenance", - "role:services:recover", - "service:secrets:read", } - assert.ElementsMatch(t, expectedPerms, projectGetPerms, "ProjectGet permissions should match expected values") + assert.ElementsMatch(t, expectedPerms, serviceGetPerms, "ServiceGet permissions should match expected values") }