From 37d95c1c8b8e93be0bde14e043fe46ced75a4eb5 Mon Sep 17 00:00:00 2001 From: Murad Biashimov Date: Wed, 14 Jan 2026 16:32:25 +0100 Subject: [PATCH] feat: add Permissions map Contributes to NEX-2265. Adds `Permissions()` function that returns the most granular permissions list required for an OperationID. "Granular" means avoiding "composite" roles like operator or developer where possible. While these roles include most permissions, they undermine the goal of having precise control over resources. --- generator/permissions.go | 55 +- go.mod | 2 + go.sum | 4 + handler/account/account.go | 1 - .../accountauthentication.go | 5 + handler/alloydbomni/alloydbomni.go | 3 + handler/applicationuser/applicationuser.go | 15 +- handler/billinggroup/billinggroup.go | 20 +- handler/clickhouse/clickhouse.go | 22 +- handler/cloud/cloud.go | 1 + handler/domain/domain.go | 10 +- handler/flink/flink.go | 2 +- handler/flinkapplication/flinkapplication.go | 5 + .../flinkapplicationdeployment.go | 6 + .../flinkapplicationversion.go | 4 + .../flinkjarapplication.go | 5 + .../flinkjarapplicationdeployment.go | 6 + .../flinkjarapplicationversion.go | 3 + handler/flinkjob/flinkjob.go | 3 +- handler/kafka/kafka.go | 28 +- handler/kafkaconnect/kafkaconnect.go | 17 +- handler/kafkamirrormaker/kafkamirrormaker.go | 5 + .../kafkaschemaregistry.go | 19 +- handler/kafkatopic/kafkatopic.go | 15 +- handler/mysql/mysql.go | 1 + handler/opensearch/opensearch.go | 15 +- handler/organization/organization.go | 12 +- .../organizationbilling.go | 10 +- .../organizationprojects.go | 5 +- handler/organizationuser/organizationuser.go | 14 +- handler/organizationvpc/organizationvpc.go | 11 +- handler/postgresql/postgresql.go | 8 +- handler/privatelink/privatelink.go | 24 +- handler/project/project.go | 36 +- handler/projectbilling/projectbilling.go | 6 +- handler/service/service.go | 81 +- handler/staticip/staticip.go | 8 +- handler/thanos/thanos.go | 2 +- handler/user/user.go | 3 - handler/usergroup/usergroup.go | 8 +- handler/vpc/vpc.go | 17 +- permissions.go | 17 +- permissions.yaml | 740 +++++++----------- permissions_test.go | 17 +- 44 files changed, 638 insertions(+), 653 deletions(-) diff --git a/generator/permissions.go b/generator/permissions.go index eee3740..caf45fe 100644 --- a/generator/permissions.go +++ b/generator/permissions.go @@ -3,7 +3,10 @@ package main import ( + "bytes" + "fmt" "os" + "slices" "gopkg.in/yaml.v3" ) @@ -11,15 +14,63 @@ import ( // readPermissions reads PermissionsFile // Returns map[OperationID][]Permission func readPermissions(cfg *envConfig) (map[string][]string, error) { - b, err := os.ReadFile(cfg.PermissionsFile) + var config map[string][]string + err := readYamlFile(cfg.ConfigFile, &config) if err != nil { return nil, err } var permissions map[string][]string - err = yaml.Unmarshal(b, &permissions) + err = readYamlFile(cfg.PermissionsFile, &permissions) if err != nil { return nil, err } + + operationIDs := make(map[string]bool) + for _, list := range config { + for _, k := range list { + operationIDs[k] = true + } + } + + for k, v := range permissions { + if !operationIDs[k] { + delete(permissions, k) + continue + } + + slices.Sort(v) + permissions[k] = v + if len(v) == 0 { + delete(permissions, k) + } + } + + // Write permissions back to file + // Removes all unknown permissions not listed in the config file + var buffer bytes.Buffer + encoder := yaml.NewEncoder(&buffer) + encoder.SetIndent(yamlTabSize) + err = encoder.Encode(&permissions) + if err != nil { + return nil, err + } + err = os.WriteFile(cfg.PermissionsFile, buffer.Bytes(), writeMode) + if err != nil { + return nil, err + } + return permissions, nil } + +func readYamlFile(path string, out any) error { + b, err := os.ReadFile(path) + if err != nil { + return err + } + err = yaml.Unmarshal(b, out) + if err != nil { + return fmt.Errorf("error parsing yaml file %q: %v", path, err) + } + return nil +} diff --git a/go.mod b/go.mod index 36999eb..af1d4b7 100644 --- a/go.mod +++ b/go.mod @@ -22,6 +22,8 @@ require ( github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/samber/lo v1.52.0 // indirect github.com/stretchr/objx v0.5.2 // indirect golang.org/x/sys v0.21.0 // indirect + golang.org/x/text v0.22.0 // indirect ) diff --git a/go.sum b/go.sum index 8002328..4abd98d 100644 --- a/go.sum +++ b/go.sum @@ -35,6 +35,8 @@ github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZN github.com/rs/xid v1.6.0/go.mod h1:7XoLgs4eV+QndskICGsho+ADou8ySMSjJKDIan90Nz0= github.com/rs/zerolog v1.34.0 h1:k43nTLIwcTVQAncfCw4KZ2VY6ukYoZaBPNOE8txlOeY= github.com/rs/zerolog v1.34.0/go.mod h1:bJsvje4Z08ROH4Nhs5iH600c3IkWhwp44iRc54W6wYQ= +github.com/samber/lo v1.52.0 h1:Rvi+3BFHES3A8meP33VPAxiBZX/Aws5RxrschYGjomw= +github.com/samber/lo v1.52.0/go.mod h1:4+MXEGsJzbKGaUEQFKBq2xtfuznW9oz/WrgyzMzRoM0= github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= @@ -46,6 +48,8 @@ golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM= +golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= diff --git a/handler/account/account.go b/handler/account/account.go index 0984680..6184e8c 100644 --- a/handler/account/account.go +++ b/handler/account/account.go @@ -19,7 +19,6 @@ type Handler interface { // AccountBillingGroupList list account billing groups // GET /v1/account/{account_id}/billing-group // https://api.aiven.io/doc/#tag/Account/operation/AccountBillingGroupList - // Required roles or permissions: role:organization:admin AccountBillingGroupList(ctx context.Context, accountId string) ([]AccountBillingGroupOut, error) // AccountCreate create a new account diff --git a/handler/accountauthentication/accountauthentication.go b/handler/accountauthentication/accountauthentication.go index 1d4132e..54a45da 100644 --- a/handler/accountauthentication/accountauthentication.go +++ b/handler/accountauthentication/accountauthentication.go @@ -14,26 +14,31 @@ type Handler interface { // AccountAuthenticationMethodCreate create a new authentication method // POST /v1/account/{account_id}/authentication // https://api.aiven.io/doc/#tag/Account/operation/AccountAuthenticationMethodCreate + // Required roles or permissions: role:organization:admin AccountAuthenticationMethodCreate(ctx context.Context, accountId string, in *AccountAuthenticationMethodCreateIn) (*AccountAuthenticationMethodCreateOut, error) // AccountAuthenticationMethodDelete delete authentication method // DELETE /v1/account/{account_id}/authentication/{account_authentication_method_id} // https://api.aiven.io/doc/#tag/Account/operation/AccountAuthenticationMethodDelete + // Required roles or permissions: role:organization:admin AccountAuthenticationMethodDelete(ctx context.Context, accountId string, accountAuthenticationMethodId string) error // AccountAuthenticationMethodGet get details of a single authentication method // GET /v1/account/{account_id}/authentication/{account_authentication_method_id} // https://api.aiven.io/doc/#tag/Account/operation/AccountAuthenticationMethodGet + // Required roles or permissions: role:organization:admin AccountAuthenticationMethodGet(ctx context.Context, accountId string, accountAuthenticationMethodId string) (*AccountAuthenticationMethodGetOut, error) // AccountAuthenticationMethodUpdate update authentication method // PUT /v1/account/{account_id}/authentication/{account_authentication_method_id} // https://api.aiven.io/doc/#tag/Account/operation/AccountAuthenticationMethodUpdate + // Required roles or permissions: role:organization:admin AccountAuthenticationMethodUpdate(ctx context.Context, accountId string, accountAuthenticationMethodId string, in *AccountAuthenticationMethodUpdateIn) (*AccountAuthenticationMethodUpdateOut, error) // AccountAuthenticationMethodsList list authentication methods // GET /v1/account/{account_id}/authentication // https://api.aiven.io/doc/#tag/Account/operation/AccountAuthenticationMethodsList + // Required roles or permissions: role:organization:admin AccountAuthenticationMethodsList(ctx context.Context, accountId string) ([]AuthenticationMethodOut, error) } diff --git a/handler/alloydbomni/alloydbomni.go b/handler/alloydbomni/alloydbomni.go index 4665f15..eda46bf 100644 --- a/handler/alloydbomni/alloydbomni.go +++ b/handler/alloydbomni/alloydbomni.go @@ -13,16 +13,19 @@ type Handler interface { // AlloyDbOmniGoogleCloudPrivateKeyIdentify get Google service account key // GET /v1/project/{project}/service/{service_name}/alloydbomni/google_cloud_private_key // https://api.aiven.io/doc/#tag/Service:_AlloyDB_Omni/operation/AlloyDbOmniGoogleCloudPrivateKeyIdentify + // Required roles or permissions: service:data:write AlloyDbOmniGoogleCloudPrivateKeyIdentify(ctx context.Context, project string, serviceName string) (*AlloyDbOmniGoogleCloudPrivateKeyIdentifyOut, error) // AlloyDbOmniGoogleCloudPrivateKeyRemove delete Google service account key // DELETE /v1/project/{project}/service/{service_name}/alloydbomni/google_cloud_private_key // https://api.aiven.io/doc/#tag/Service:_AlloyDB_Omni/operation/AlloyDbOmniGoogleCloudPrivateKeyRemove + // Required roles or permissions: service:data:write AlloyDbOmniGoogleCloudPrivateKeyRemove(ctx context.Context, project string, serviceName string) (*AlloyDbOmniGoogleCloudPrivateKeyRemoveOut, error) // AlloyDbOmniGoogleCloudPrivateKeySet add Google service account key // POST /v1/project/{project}/service/{service_name}/alloydbomni/google_cloud_private_key // https://api.aiven.io/doc/#tag/Service:_AlloyDB_Omni/operation/AlloyDbOmniGoogleCloudPrivateKeySet + // Required roles or permissions: service:data:write AlloyDbOmniGoogleCloudPrivateKeySet(ctx context.Context, project string, serviceName string, in *AlloyDbOmniGoogleCloudPrivateKeySetIn) (*AlloyDbOmniGoogleCloudPrivateKeySetOut, error) } diff --git a/handler/applicationuser/applicationuser.go b/handler/applicationuser/applicationuser.go index 3aa9ee3..bbe49fd 100644 --- a/handler/applicationuser/applicationuser.go +++ b/handler/applicationuser/applicationuser.go @@ -14,48 +14,49 @@ type Handler interface { // ApplicationUserAccessTokenCreate create an application token // POST /v1/organization/{organization_id}/application-users/{user_id}/access-tokens // https://api.aiven.io/doc/#tag/Application_Users/operation/ApplicationUserAccessTokenCreate - // Required roles or permissions: organization:app_users:write, role:organization:admin + // Required roles or permissions: organization:app_users:write ApplicationUserAccessTokenCreate(ctx context.Context, organizationId string, userId string, in *ApplicationUserAccessTokenCreateIn) (*ApplicationUserAccessTokenCreateOut, error) // ApplicationUserAccessTokenDelete delete an application token // DELETE /v1/organization/{organization_id}/application-users/{user_id}/access-tokens/{token_prefix} // https://api.aiven.io/doc/#tag/Application_Users/operation/ApplicationUserAccessTokenDelete - // Required roles or permissions: organization:app_users:write, role:organization:admin + // Required roles or permissions: organization:app_users:write ApplicationUserAccessTokenDelete(ctx context.Context, organizationId string, userId string, tokenPrefix string) error // ApplicationUserAccessTokensList list application tokens // GET /v1/organization/{organization_id}/application-users/{user_id}/access-tokens // https://api.aiven.io/doc/#tag/Application_Users/operation/ApplicationUserAccessTokensList - // Required roles or permissions: role:organization:admin + // Required roles or permissions: organization:app_users:write ApplicationUserAccessTokensList(ctx context.Context, organizationId string, userId string) ([]TokenOut, error) // ApplicationUserCreate create an application user // POST /v1/organization/{organization_id}/application-users // https://api.aiven.io/doc/#tag/Application_Users/operation/ApplicationUserCreate - // Required roles or permissions: organization:app_users:write, role:organization:admin + // Required roles or permissions: organization:app_users:write ApplicationUserCreate(ctx context.Context, organizationId string, in *ApplicationUserCreateIn) (*ApplicationUserCreateOut, error) // ApplicationUserDelete delete an application user // DELETE /v1/organization/{organization_id}/application-users/{user_id} // https://api.aiven.io/doc/#tag/Application_Users/operation/ApplicationUserDelete - // Required roles or permissions: organization:app_users:write, role:organization:admin + // Required roles or permissions: organization:app_users:write ApplicationUserDelete(ctx context.Context, organizationId string, userId string) error // ApplicationUserGet get an application user // GET /v1/organization/{organization_id}/application-users/{user_id} // https://api.aiven.io/doc/#tag/Application_Users/operation/ApplicationUserGet - // Required roles or permissions: role:organization:admin + // Required roles or permissions: organization:app_users:write ApplicationUserGet(ctx context.Context, organizationId string, userId string) (*ApplicationUserGetOut, error) // ApplicationUserUpdate update details on an application user of the organization // PATCH /v1/organization/{organization_id}/application-users/{user_id} // https://api.aiven.io/doc/#tag/Application_Users/operation/ApplicationUserUpdate - // Required roles or permissions: organization:app_users:write, role:organization:admin + // Required roles or permissions: organization:app_users:write ApplicationUserUpdate(ctx context.Context, organizationId string, userId string, in *ApplicationUserUpdateIn) (*ApplicationUserUpdateOut, error) // ApplicationUsersList list application users // GET /v1/organization/{organization_id}/application-users // https://api.aiven.io/doc/#tag/Application_Users/operation/ApplicationUsersList + // Required roles or permissions: organization:app_users:write ApplicationUsersList(ctx context.Context, organizationId string) ([]ApplicationUserOut, error) } diff --git a/handler/billinggroup/billinggroup.go b/handler/billinggroup/billinggroup.go index d003a9c..8672160 100644 --- a/handler/billinggroup/billinggroup.go +++ b/handler/billinggroup/billinggroup.go @@ -14,79 +14,73 @@ type Handler interface { // BillingGroupCreate create a billing group // POST /v1/billing-group // https://api.aiven.io/doc/#tag/BillingGroup/operation/BillingGroupCreate - // Required roles or permissions: organization:billing:write, role:organization:admin BillingGroupCreate(ctx context.Context, in *BillingGroupCreateIn) (*BillingGroupCreateOut, error) // BillingGroupCreditsClaim claim a credit code // POST /v1/billing-group/{billing_group_id}/credits // https://api.aiven.io/doc/#tag/BillingGroup/operation/BillingGroupCreditsClaim - // Required roles or permissions: admin, role:organization:admin + // Required roles or permissions: developer, operator BillingGroupCreditsClaim(ctx context.Context, billingGroupId string, in *BillingGroupCreditsClaimIn) (*BillingGroupCreditsClaimOut, error) // BillingGroupCreditsList list billing group credits // GET /v1/billing-group/{billing_group_id}/credits // https://api.aiven.io/doc/#tag/BillingGroup/operation/BillingGroupCreditsList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: developer, operator, read_only BillingGroupCreditsList(ctx context.Context, billingGroupId string) ([]CreditOut, error) // BillingGroupDelete delete billing group // DELETE /v1/billing-group/{billing_group_id} // https://api.aiven.io/doc/#tag/BillingGroup/operation/BillingGroupDelete - // Required roles or permissions: admin, role:organization:admin BillingGroupDelete(ctx context.Context, billingGroupId string) error // BillingGroupEventList list billing group events // GET /v1/billing-group/{billing_group_id}/events // https://api.aiven.io/doc/#tag/BillingGroup/operation/BillingGroupEventList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: developer, operator, read_only BillingGroupEventList(ctx context.Context, billingGroupId string) ([]EventOut, error) // BillingGroupGet get billing group details // GET /v1/billing-group/{billing_group_id} // https://api.aiven.io/doc/#tag/BillingGroup/operation/BillingGroupGet - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: developer, operator, read_only BillingGroupGet(ctx context.Context, billingGroupId string) (*BillingGroupGetOut, error) // BillingGroupInvoiceLinesList get invoice lines for a single invoice // GET /v1/billing-group/{billing_group_id}/invoice/{invoice_number}/lines // https://api.aiven.io/doc/#tag/BillingGroup/operation/BillingGroupInvoiceLinesList - // Required roles or permissions: admin, role:organization:admin + // Required roles or permissions: operator BillingGroupInvoiceLinesList(ctx context.Context, billingGroupId string, invoiceNumber string) ([]LineOut, error) // BillingGroupInvoiceList get invoices generated for billing group // GET /v1/billing-group/{billing_group_id}/invoice // https://api.aiven.io/doc/#tag/BillingGroup/operation/BillingGroupInvoiceList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: developer, operator, read_only BillingGroupInvoiceList(ctx context.Context, billingGroupId string) ([]InvoiceOut, error) // BillingGroupList list billing groups // GET /v1/billing-group // https://api.aiven.io/doc/#tag/BillingGroup/operation/BillingGroupList - // Required roles or permissions: organization:billing:read, role:organization:admin BillingGroupList(ctx context.Context) ([]BillingGroupOut, error) // BillingGroupProjectAssign assign project to billing group // POST /v1/billing-group/{billing_group_id}/project-assign/{project} // https://api.aiven.io/doc/#tag/BillingGroup/operation/BillingGroupProjectAssign - // Required roles or permissions: admin, role:organization:admin BillingGroupProjectAssign(ctx context.Context, billingGroupId string, project string) error // BillingGroupProjectList get projects assigned to billing group // GET /v1/billing-group/{billing_group_id}/projects // https://api.aiven.io/doc/#tag/BillingGroup/operation/BillingGroupProjectList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: developer, operator, read_only BillingGroupProjectList(ctx context.Context, billingGroupId string) ([]ProjectOut, error) // BillingGroupProjectsAssign assign projects to billing group // POST /v1/billing-group/{billing_group_id}/projects-assign // https://api.aiven.io/doc/#tag/BillingGroup/operation/BillingGroupProjectsAssign - // Required roles or permissions: admin, role:organization:admin BillingGroupProjectsAssign(ctx context.Context, billingGroupId string, in *BillingGroupProjectsAssignIn) error // BillingGroupUpdate update billing group // PUT /v1/billing-group/{billing_group_id} // https://api.aiven.io/doc/#tag/BillingGroup/operation/BillingGroupUpdate - // Required roles or permissions: admin, role:organization:admin BillingGroupUpdate(ctx context.Context, billingGroupId string, in *BillingGroupUpdateIn) (*BillingGroupUpdateOut, error) } diff --git a/handler/clickhouse/clickhouse.go b/handler/clickhouse/clickhouse.go index 4be1d6d..bd57592 100644 --- a/handler/clickhouse/clickhouse.go +++ b/handler/clickhouse/clickhouse.go @@ -13,67 +13,67 @@ type Handler interface { // ServiceClickHouseCurrentQueries list active queries // GET /v1/project/{project}/service/{service_name}/clickhouse/query // https://api.aiven.io/doc/#tag/Service:_ClickHouse/operation/ServiceClickHouseCurrentQueries - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceClickHouseCurrentQueries(ctx context.Context, project string, serviceName string) ([]QueryOut, error) // ServiceClickHouseDatabaseCreate create a database // POST /v1/project/{project}/service/{service_name}/clickhouse/db // https://api.aiven.io/doc/#tag/Service:_ClickHouse/operation/ServiceClickHouseDatabaseCreate - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceClickHouseDatabaseCreate(ctx context.Context, project string, serviceName string, in *ServiceClickHouseDatabaseCreateIn) error // ServiceClickHouseDatabaseDelete delete a database // DELETE /v1/project/{project}/service/{service_name}/clickhouse/db/{database} // https://api.aiven.io/doc/#tag/Service:_ClickHouse/operation/ServiceClickHouseDatabaseDelete - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceClickHouseDatabaseDelete(ctx context.Context, project string, serviceName string, database string) error // ServiceClickHouseDatabaseList list all databases // GET /v1/project/{project}/service/{service_name}/clickhouse/db // https://api.aiven.io/doc/#tag/Service:_ClickHouse/operation/ServiceClickHouseDatabaseList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceClickHouseDatabaseList(ctx context.Context, project string, serviceName string) ([]DatabaseOut, error) // ServiceClickHousePasswordReset reset a user's password // PUT /v1/project/{project}/service/{service_name}/clickhouse/user/{user_uuid}/password // https://api.aiven.io/doc/#tag/Service:_ClickHouse/operation/ServiceClickHousePasswordReset - // Required roles or permissions: admin, role:organization:admin, service:data:write, service:users:write + // Required roles or permissions: service:data:write, service:users:write ServiceClickHousePasswordReset(ctx context.Context, project string, serviceName string, userUuid string, in *ServiceClickHousePasswordResetIn) (string, error) // ServiceClickHouseQuery execute an SQL query // POST /v1/project/{project}/service/{service_name}/clickhouse/query // https://api.aiven.io/doc/#tag/Service:_ClickHouse/operation/ServiceClickHouseQuery - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceClickHouseQuery(ctx context.Context, project string, serviceName string, in *ServiceClickHouseQueryIn) (*ServiceClickHouseQueryOut, error) // ServiceClickHouseQueryStats return statistics on recent queries // GET /v1/project/{project}/service/{service_name}/clickhouse/query/stats // https://api.aiven.io/doc/#tag/Service:_ClickHouse/operation/ServiceClickHouseQueryStats - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceClickHouseQueryStats(ctx context.Context, project string, serviceName string, query ...[2]string) ([]ServiceClickHouseQueryStatsOut, error) // ServiceClickHouseTieredStorageSummary get the ClickHouse tiered storage summary // GET /v1/project/{project}/service/{service_name}/clickhouse/tiered-storage/summary // https://api.aiven.io/doc/#tag/Service:_ClickHouse/operation/ServiceClickHouseTieredStorageSummary - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceClickHouseTieredStorageSummary(ctx context.Context, project string, serviceName string) (*ServiceClickHouseTieredStorageSummaryOut, error) // ServiceClickHouseUserCreate create a ClickHouse user // POST /v1/project/{project}/service/{service_name}/clickhouse/user // https://api.aiven.io/doc/#tag/Service:_ClickHouse/operation/ServiceClickHouseUserCreate - // Required roles or permissions: admin, role:organization:admin, service:data:write, service:users:write + // Required roles or permissions: service:data:write, service:users:write ServiceClickHouseUserCreate(ctx context.Context, project string, serviceName string, in *ServiceClickHouseUserCreateIn) (*ServiceClickHouseUserCreateOut, error) // ServiceClickHouseUserDelete delete a user // DELETE /v1/project/{project}/service/{service_name}/clickhouse/user/{user_uuid} // https://api.aiven.io/doc/#tag/Service:_ClickHouse/operation/ServiceClickHouseUserDelete - // Required roles or permissions: admin, role:organization:admin, service:data:write, service:users:write + // Required roles or permissions: service:data:write, service:users:write ServiceClickHouseUserDelete(ctx context.Context, project string, serviceName string, userUuid string) error // ServiceClickHouseUserList list all users // GET /v1/project/{project}/service/{service_name}/clickhouse/user // https://api.aiven.io/doc/#tag/Service:_ClickHouse/operation/ServiceClickHouseUserList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write, service:users:write ServiceClickHouseUserList(ctx context.Context, project string, serviceName string) ([]UserOut, error) } diff --git a/handler/cloud/cloud.go b/handler/cloud/cloud.go index 6866eec..eb39514 100644 --- a/handler/cloud/cloud.go +++ b/handler/cloud/cloud.go @@ -18,6 +18,7 @@ type Handler interface { // ListProjectClouds list cloud platforms for a project // GET /v1/project/{project}/clouds // https://api.aiven.io/doc/#tag/Cloud_platforms/operation/ListProjectClouds + // Required roles or permissions: project:services:write ListProjectClouds(ctx context.Context, project string) ([]CloudOut, error) } diff --git a/handler/domain/domain.go b/handler/domain/domain.go index 2ea2fe0..6c61586 100644 --- a/handler/domain/domain.go +++ b/handler/domain/domain.go @@ -14,31 +14,31 @@ type Handler interface { // OrganizationDomainAdd create a domain // POST /v1/organization/{organization_id}/domains // https://api.aiven.io/doc/#tag/Domains/operation/OrganizationDomainAdd - // Required roles or permissions: organization:domains:write, role:organization:admin + // Required roles or permissions: organization:domains:write OrganizationDomainAdd(ctx context.Context, organizationId string, in *OrganizationDomainAddIn) (*OrganizationDomainAddOut, error) // OrganizationDomainUpdate update a domain // PATCH /v1/organization/{organization_id}/domains/{domain_id} // https://api.aiven.io/doc/#tag/Domains/operation/OrganizationDomainUpdate - // Required roles or permissions: organization:domains:write, role:organization:admin + // Required roles or permissions: organization:domains:write OrganizationDomainUpdate(ctx context.Context, organizationId string, domainId string, in *OrganizationDomainUpdateIn) (*OrganizationDomainUpdateOut, error) // OrganizationDomainVerify verify a domain // POST /v1/organization/{organization_id}/domains/{domain_id}/verify // https://api.aiven.io/doc/#tag/Domains/operation/OrganizationDomainVerify - // Required roles or permissions: organization:domains:write, role:organization:admin + // Required roles or permissions: organization:domains:write OrganizationDomainVerify(ctx context.Context, organizationId string, domainId string) (*OrganizationDomainVerifyOut, error) // OrganizationDomainsList list domains // GET /v1/organization/{organization_id}/domains // https://api.aiven.io/doc/#tag/Domains/operation/OrganizationDomainsList - // Required roles or permissions: role:organization:admin + // Required roles or permissions: organization:domains:write OrganizationDomainsList(ctx context.Context, organizationId string) ([]DomainOut, error) // OrganizationDomainsRemove delete a domain // DELETE /v1/organization/{organization_id}/domains/{domain_id} // https://api.aiven.io/doc/#tag/Domains/operation/OrganizationDomainsRemove - // Required roles or permissions: organization:domains:write, role:organization:admin + // Required roles or permissions: organization:domains:write OrganizationDomainsRemove(ctx context.Context, organizationId string, domainId string) error } diff --git a/handler/flink/flink.go b/handler/flink/flink.go index 719b222..b4e4672 100644 --- a/handler/flink/flink.go +++ b/handler/flink/flink.go @@ -13,7 +13,7 @@ type Handler interface { // ServiceFlinkOverview get a cluster overview // GET /v1/project/{project}/service/{service_name}/flink/overview // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkOverview - // Required roles or permissions: admin, role:organization:admin + // Required roles or permissions: service:data:write ServiceFlinkOverview(ctx context.Context, project string, serviceName string) (*ServiceFlinkOverviewOut, error) } diff --git a/handler/flinkapplication/flinkapplication.go b/handler/flinkapplication/flinkapplication.go index 322eb05..8ddec96 100644 --- a/handler/flinkapplication/flinkapplication.go +++ b/handler/flinkapplication/flinkapplication.go @@ -14,26 +14,31 @@ type Handler interface { // ServiceFlinkCreateApplication create a Flink Application // POST /v1/project/{project}/service/{service_name}/flink/application // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkCreateApplication + // Required roles or permissions: service:data:write ServiceFlinkCreateApplication(ctx context.Context, project string, serviceName string, in *ServiceFlinkCreateApplicationIn) (*ServiceFlinkCreateApplicationOut, error) // ServiceFlinkDeleteApplication delete a Flink Application // DELETE /v1/project/{project}/service/{service_name}/flink/application/{application_id} // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkDeleteApplication + // Required roles or permissions: service:data:write ServiceFlinkDeleteApplication(ctx context.Context, project string, serviceName string, applicationId string) (*ServiceFlinkDeleteApplicationOut, error) // ServiceFlinkGetApplication get a Flink Application // GET /v1/project/{project}/service/{service_name}/flink/application/{application_id} // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkGetApplication + // Required roles or permissions: service:data:write ServiceFlinkGetApplication(ctx context.Context, project string, serviceName string, applicationId string) (*ServiceFlinkGetApplicationOut, error) // ServiceFlinkListApplications get all Flink Applications // GET /v1/project/{project}/service/{service_name}/flink/application // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkListApplications + // Required roles or permissions: service:data:write ServiceFlinkListApplications(ctx context.Context, project string, serviceName string) ([]ApplicationOut, error) // ServiceFlinkUpdateApplication update a Flink Application // PUT /v1/project/{project}/service/{service_name}/flink/application/{application_id} // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkUpdateApplication + // Required roles or permissions: service:data:write ServiceFlinkUpdateApplication(ctx context.Context, project string, serviceName string, applicationId string, in *ServiceFlinkUpdateApplicationIn) (*ServiceFlinkUpdateApplicationOut, error) } diff --git a/handler/flinkapplicationdeployment/flinkapplicationdeployment.go b/handler/flinkapplicationdeployment/flinkapplicationdeployment.go index 785d48f..05bc7db 100644 --- a/handler/flinkapplicationdeployment/flinkapplicationdeployment.go +++ b/handler/flinkapplicationdeployment/flinkapplicationdeployment.go @@ -14,31 +14,37 @@ type Handler interface { // ServiceFlinkCancelApplicationDeployment cancel an ApplicationDeployment // POST /v1/project/{project}/service/{service_name}/flink/application/{application_id}/deployment/{deployment_id}/cancel // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkCancelApplicationDeployment + // Required roles or permissions: service:data:write ServiceFlinkCancelApplicationDeployment(ctx context.Context, project string, serviceName string, applicationId string, deploymentId string) (*ServiceFlinkCancelApplicationDeploymentOut, error) // ServiceFlinkCreateApplicationDeployment create an ApplicationDeployment // POST /v1/project/{project}/service/{service_name}/flink/application/{application_id}/deployment // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkCreateApplicationDeployment + // Required roles or permissions: service:data:write ServiceFlinkCreateApplicationDeployment(ctx context.Context, project string, serviceName string, applicationId string, in *ServiceFlinkCreateApplicationDeploymentIn) (*ServiceFlinkCreateApplicationDeploymentOut, error) // ServiceFlinkDeleteApplicationDeployment delete an ApplicationDeployment // DELETE /v1/project/{project}/service/{service_name}/flink/application/{application_id}/deployment/{deployment_id} // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkDeleteApplicationDeployment + // Required roles or permissions: service:data:write ServiceFlinkDeleteApplicationDeployment(ctx context.Context, project string, serviceName string, applicationId string, deploymentId string) (*ServiceFlinkDeleteApplicationDeploymentOut, error) // ServiceFlinkGetApplicationDeployment get an ApplicationDeployment // GET /v1/project/{project}/service/{service_name}/flink/application/{application_id}/deployment/{deployment_id} // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkGetApplicationDeployment + // Required roles or permissions: service:data:write ServiceFlinkGetApplicationDeployment(ctx context.Context, project string, serviceName string, applicationId string, deploymentId string) (*ServiceFlinkGetApplicationDeploymentOut, error) // ServiceFlinkListApplicationDeployments get all ApplicationDeployments // GET /v1/project/{project}/service/{service_name}/flink/application/{application_id}/deployment // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkListApplicationDeployments + // Required roles or permissions: service:data:write ServiceFlinkListApplicationDeployments(ctx context.Context, project string, serviceName string, applicationId string) ([]DeploymentOut, error) // ServiceFlinkStopApplicationDeployment stop an ApplicationDeployment // POST /v1/project/{project}/service/{service_name}/flink/application/{application_id}/deployment/{deployment_id}/stop // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkStopApplicationDeployment + // Required roles or permissions: service:data:write ServiceFlinkStopApplicationDeployment(ctx context.Context, project string, serviceName string, applicationId string, deploymentId string) (*ServiceFlinkStopApplicationDeploymentOut, error) } diff --git a/handler/flinkapplicationversion/flinkapplicationversion.go b/handler/flinkapplicationversion/flinkapplicationversion.go index 90ec571..c24d577 100644 --- a/handler/flinkapplicationversion/flinkapplicationversion.go +++ b/handler/flinkapplicationversion/flinkapplicationversion.go @@ -14,21 +14,25 @@ type Handler interface { // ServiceFlinkCreateApplicationVersion create a Flink ApplicationVersion // POST /v1/project/{project}/service/{service_name}/flink/application/{application_id}/version // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkCreateApplicationVersion + // Required roles or permissions: service:data:write ServiceFlinkCreateApplicationVersion(ctx context.Context, project string, serviceName string, applicationId string, in *ServiceFlinkCreateApplicationVersionIn) (*ServiceFlinkCreateApplicationVersionOut, error) // ServiceFlinkDeleteApplicationVersion delete a Flink ApplicationVersion // DELETE /v1/project/{project}/service/{service_name}/flink/application/{application_id}/version/{application_version_id} // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkDeleteApplicationVersion + // Required roles or permissions: service:data:write ServiceFlinkDeleteApplicationVersion(ctx context.Context, project string, serviceName string, applicationId string, applicationVersionId string) (*ServiceFlinkDeleteApplicationVersionOut, error) // ServiceFlinkGetApplicationVersion get a Flink ApplicationVersion // GET /v1/project/{project}/service/{service_name}/flink/application/{application_id}/version/{application_version_id} // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkGetApplicationVersion + // Required roles or permissions: service:data:write ServiceFlinkGetApplicationVersion(ctx context.Context, project string, serviceName string, applicationId string, applicationVersionId string) (*ServiceFlinkGetApplicationVersionOut, error) // ServiceFlinkValidateApplicationVersion validate a Flink ApplicationVersion // POST /v1/project/{project}/service/{service_name}/flink/application/{application_id}/version/validate // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkValidateApplicationVersion + // Required roles or permissions: service:data:write ServiceFlinkValidateApplicationVersion(ctx context.Context, project string, serviceName string, applicationId string, in *ServiceFlinkValidateApplicationVersionIn) (*ServiceFlinkValidateApplicationVersionOut, error) } diff --git a/handler/flinkjarapplication/flinkjarapplication.go b/handler/flinkjarapplication/flinkjarapplication.go index a387677..5958f71 100644 --- a/handler/flinkjarapplication/flinkjarapplication.go +++ b/handler/flinkjarapplication/flinkjarapplication.go @@ -14,26 +14,31 @@ type Handler interface { // ServiceFlinkCreateJarApplication [EXPERIMENTAL] Create a Flink JarApplication // POST /v1/project/{project}/service/{service_name}/flink/jar_application // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkCreateJarApplication + // Required roles or permissions: service:data:write ServiceFlinkCreateJarApplication(ctx context.Context, project string, serviceName string, in *ServiceFlinkCreateJarApplicationIn) (*ServiceFlinkCreateJarApplicationOut, error) // ServiceFlinkDeleteJarApplication [EXPERIMENTAL] Delete a Flink JarApplication // DELETE /v1/project/{project}/service/{service_name}/flink/jar_application/{application_id} // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkDeleteJarApplication + // Required roles or permissions: service:data:write ServiceFlinkDeleteJarApplication(ctx context.Context, project string, serviceName string, applicationId string) (*ServiceFlinkDeleteJarApplicationOut, error) // ServiceFlinkGetJarApplication [EXPERIMENTAL] Get a Flink JarApplication // GET /v1/project/{project}/service/{service_name}/flink/jar_application/{application_id} // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkGetJarApplication + // Required roles or permissions: service:data:write ServiceFlinkGetJarApplication(ctx context.Context, project string, serviceName string, applicationId string) (*ServiceFlinkGetJarApplicationOut, error) // ServiceFlinkListJarApplications [EXPERIMENTAL] Get all Flink JarApplications // GET /v1/project/{project}/service/{service_name}/flink/jar_application // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkListJarApplications + // Required roles or permissions: service:data:write ServiceFlinkListJarApplications(ctx context.Context, project string, serviceName string) ([]ApplicationOut, error) // ServiceFlinkUpdateJarApplication [EXPERIMENTAL] Update a Flink JarApplication // PUT /v1/project/{project}/service/{service_name}/flink/jar_application/{application_id} // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkUpdateJarApplication + // Required roles or permissions: service:data:write ServiceFlinkUpdateJarApplication(ctx context.Context, project string, serviceName string, applicationId string, in *ServiceFlinkUpdateJarApplicationIn) (*ServiceFlinkUpdateJarApplicationOut, error) } diff --git a/handler/flinkjarapplicationdeployment/flinkjarapplicationdeployment.go b/handler/flinkjarapplicationdeployment/flinkjarapplicationdeployment.go index 425d1a3..29fa880 100644 --- a/handler/flinkjarapplicationdeployment/flinkjarapplicationdeployment.go +++ b/handler/flinkjarapplicationdeployment/flinkjarapplicationdeployment.go @@ -14,31 +14,37 @@ type Handler interface { // ServiceFlinkCancelJarApplicationDeployment [EXPERIMENTAL] Cancel a JarApplicationDeployment // POST /v1/project/{project}/service/{service_name}/flink/jar_application/{application_id}/deployment/{deployment_id}/cancel // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkCancelJarApplicationDeployment + // Required roles or permissions: service:data:write ServiceFlinkCancelJarApplicationDeployment(ctx context.Context, project string, serviceName string, applicationId string, deploymentId string) (*ServiceFlinkCancelJarApplicationDeploymentOut, error) // ServiceFlinkCreateJarApplicationDeployment [EXPERIMENTAL] Create an JarApplicationDeployment // POST /v1/project/{project}/service/{service_name}/flink/jar_application/{application_id}/deployment // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkCreateJarApplicationDeployment + // Required roles or permissions: service:data:write ServiceFlinkCreateJarApplicationDeployment(ctx context.Context, project string, serviceName string, applicationId string, in *ServiceFlinkCreateJarApplicationDeploymentIn) (*ServiceFlinkCreateJarApplicationDeploymentOut, error) // ServiceFlinkDeleteJarApplicationDeployment [EXPERIMENTAL] Delete a JarApplicationDeployment // DELETE /v1/project/{project}/service/{service_name}/flink/jar_application/{application_id}/deployment/{deployment_id} // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkDeleteJarApplicationDeployment + // Required roles or permissions: service:data:write ServiceFlinkDeleteJarApplicationDeployment(ctx context.Context, project string, serviceName string, applicationId string, deploymentId string) (*ServiceFlinkDeleteJarApplicationDeploymentOut, error) // ServiceFlinkGetJarApplicationDeployment [EXPERIMENTAL] Get a JarApplicationDeployment // GET /v1/project/{project}/service/{service_name}/flink/jar_application/{application_id}/deployment/{deployment_id} // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkGetJarApplicationDeployment + // Required roles or permissions: service:data:write ServiceFlinkGetJarApplicationDeployment(ctx context.Context, project string, serviceName string, applicationId string, deploymentId string) (*ServiceFlinkGetJarApplicationDeploymentOut, error) // ServiceFlinkListJarApplicationDeployments [EXPERIMENTAL] Get all JarApplicationDeployments // GET /v1/project/{project}/service/{service_name}/flink/jar_application/{application_id}/deployment // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkListJarApplicationDeployments + // Required roles or permissions: service:data:write ServiceFlinkListJarApplicationDeployments(ctx context.Context, project string, serviceName string, applicationId string) ([]DeploymentOut, error) // ServiceFlinkStopJarApplicationDeployment [EXPERIMENTAL] Stop an JarApplicationDeployment // POST /v1/project/{project}/service/{service_name}/flink/jar_application/{application_id}/deployment/{deployment_id}/stop // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkStopJarApplicationDeployment + // Required roles or permissions: service:data:write ServiceFlinkStopJarApplicationDeployment(ctx context.Context, project string, serviceName string, applicationId string, deploymentId string) (*ServiceFlinkStopJarApplicationDeploymentOut, error) } diff --git a/handler/flinkjarapplicationversion/flinkjarapplicationversion.go b/handler/flinkjarapplicationversion/flinkjarapplicationversion.go index f2291b2..25fd303 100644 --- a/handler/flinkjarapplicationversion/flinkjarapplicationversion.go +++ b/handler/flinkjarapplicationversion/flinkjarapplicationversion.go @@ -14,16 +14,19 @@ type Handler interface { // ServiceFlinkCreateJarApplicationVersion [EXPERIMENTAL] Create a Flink JarApplicationVersion // POST /v1/project/{project}/service/{service_name}/flink/jar_application/{application_id}/version // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkCreateJarApplicationVersion + // Required roles or permissions: service:data:write ServiceFlinkCreateJarApplicationVersion(ctx context.Context, project string, serviceName string, applicationId string) (*ServiceFlinkCreateJarApplicationVersionOut, error) // ServiceFlinkDeleteJarApplicationVersion [EXPERIMENTAL] Delete a Flink JarApplicationVersion // DELETE /v1/project/{project}/service/{service_name}/flink/jar_application/{application_id}/version/{application_version_id} // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkDeleteJarApplicationVersion + // Required roles or permissions: service:data:write ServiceFlinkDeleteJarApplicationVersion(ctx context.Context, project string, serviceName string, applicationId string, applicationVersionId string) (*ServiceFlinkDeleteJarApplicationVersionOut, error) // ServiceFlinkGetJarApplicationVersion [EXPERIMENTAL] Get a Flink JarApplicationVersion // GET /v1/project/{project}/service/{service_name}/flink/jar_application/{application_id}/version/{application_version_id} // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkGetJarApplicationVersion + // Required roles or permissions: service:data:write ServiceFlinkGetJarApplicationVersion(ctx context.Context, project string, serviceName string, applicationId string, applicationVersionId string) (*ServiceFlinkGetJarApplicationVersionOut, error) } diff --git a/handler/flinkjob/flinkjob.go b/handler/flinkjob/flinkjob.go index 21b984a..b6df130 100644 --- a/handler/flinkjob/flinkjob.go +++ b/handler/flinkjob/flinkjob.go @@ -13,12 +13,13 @@ type Handler interface { // ServiceFlinkJobDetails get a Flink job info // GET /v1/project/{project}/service/{service_name}/flink/job/{job_id} // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkJobDetails - // Required roles or permissions: admin, role:organization:admin + // Required roles or permissions: service:data:write ServiceFlinkJobDetails(ctx context.Context, project string, serviceName string, jobId string) (*ServiceFlinkJobDetailsOut, error) // ServiceFlinkJobsList get all Flink jobs // GET /v1/project/{project}/service/{service_name}/flink/job // https://api.aiven.io/doc/#tag/Service:_Flink/operation/ServiceFlinkJobsList + // Required roles or permissions: service:data:write ServiceFlinkJobsList(ctx context.Context, project string, serviceName string) ([]JobOut, error) } diff --git a/handler/kafka/kafka.go b/handler/kafka/kafka.go index bc01992..699fe5c 100644 --- a/handler/kafka/kafka.go +++ b/handler/kafka/kafka.go @@ -13,85 +13,85 @@ type Handler interface { // ServiceKafkaAclAdd add Aiven Kafka ACL entry // POST /v1/project/{project}/service/{service_name}/acl // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaAclAdd - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceKafkaAclAdd(ctx context.Context, project string, serviceName string, in *ServiceKafkaAclAddIn) ([]AclOut, error) // ServiceKafkaAclDelete delete a Kafka ACL entry // DELETE /v1/project/{project}/service/{service_name}/acl/{kafka_acl_id} // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaAclDelete - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceKafkaAclDelete(ctx context.Context, project string, serviceName string, kafkaAclId string) ([]AclOut, error) // ServiceKafkaAclList list Aiven ACL entries for Kafka service // GET /v1/project/{project}/service/{service_name}/acl // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaAclList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceKafkaAclList(ctx context.Context, project string, serviceName string) ([]AclOut, error) // ServiceKafkaNativeAclAdd add a Kafka-native ACL entry // POST /v1/project/{project}/service/{service_name}/kafka/acl // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaNativeAclAdd - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceKafkaNativeAclAdd(ctx context.Context, project string, serviceName string, in *ServiceKafkaNativeAclAddIn) (*ServiceKafkaNativeAclAddOut, error) // ServiceKafkaNativeAclDelete delete a Kafka-native ACL entry // DELETE /v1/project/{project}/service/{service_name}/kafka/acl/{kafka_acl_id} // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaNativeAclDelete - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceKafkaNativeAclDelete(ctx context.Context, project string, serviceName string, kafkaAclId string) error // ServiceKafkaNativeAclGet get single Kafka-native ACL entry // GET /v1/project/{project}/service/{service_name}/kafka/acl/{kafka_acl_id} // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaNativeAclGet - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceKafkaNativeAclGet(ctx context.Context, project string, serviceName string, kafkaAclId string) (*ServiceKafkaNativeAclGetOut, error) // ServiceKafkaNativeAclList list Kafka-native ACL entries // GET /v1/project/{project}/service/{service_name}/kafka/acl // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaNativeAclList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceKafkaNativeAclList(ctx context.Context, project string, serviceName string) (*ServiceKafkaNativeAclListOut, error) // ServiceKafkaQuotaCreate create Kafka quota // POST /v1/project/{project}/service/{service_name}/quota // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaQuotaCreate - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceKafkaQuotaCreate(ctx context.Context, project string, serviceName string, in *ServiceKafkaQuotaCreateIn) error // ServiceKafkaQuotaDelete delete Kafka quota // DELETE /v1/project/{project}/service/{service_name}/quota // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaQuotaDelete - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceKafkaQuotaDelete(ctx context.Context, project string, serviceName string, query ...[2]string) error // ServiceKafkaQuotaDescribe get service quota configuration // GET /v1/project/{project}/service/{service_name}/quota/describe // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaQuotaDescribe - // Required roles or permissions: admin, role:organization:admin + // Required roles or permissions: service:data:write ServiceKafkaQuotaDescribe(ctx context.Context, project string, serviceName string, query ...[2]string) (*ServiceKafkaQuotaDescribeOut, error) // ServiceKafkaQuotaList list Kafka quotas // GET /v1/project/{project}/service/{service_name}/quota // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaQuotaList - // Required roles or permissions: admin, role:organization:admin + // Required roles or permissions: service:data:write ServiceKafkaQuotaList(ctx context.Context, project string, serviceName string) ([]QuotaOut, error) // ServiceKafkaTieredStorageStorageUsageByTopic get the Kafka tiered storage object storage usage by topic // GET /v1/project/{project}/service/{service_name}/kafka/tiered-storage/storage-usage/by-topic // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaTieredStorageStorageUsageByTopic - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceKafkaTieredStorageStorageUsageByTopic(ctx context.Context, project string, serviceName string) (map[string]any, error) // ServiceKafkaTieredStorageStorageUsageTotal get the Kafka tiered storage total object storage usage // GET /v1/project/{project}/service/{service_name}/kafka/tiered-storage/storage-usage/total // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaTieredStorageStorageUsageTotal - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceKafkaTieredStorageStorageUsageTotal(ctx context.Context, project string, serviceName string) (int, error) // ServiceKafkaTieredStorageSummary get the Kafka tiered storage summary // GET /v1/project/{project}/service/{service_name}/kafka/tiered-storage/summary // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaTieredStorageSummary - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceKafkaTieredStorageSummary(ctx context.Context, project string, serviceName string) (*ServiceKafkaTieredStorageSummaryOut, error) } diff --git a/handler/kafkaconnect/kafkaconnect.go b/handler/kafkaconnect/kafkaconnect.go index 0bc3adf..e449e31 100644 --- a/handler/kafkaconnect/kafkaconnect.go +++ b/handler/kafkaconnect/kafkaconnect.go @@ -13,62 +13,67 @@ type Handler interface { // ServiceKafkaConnectCreateConnector create a Kafka Connect connector // POST /v1/project/{project}/service/{service_name}/connectors // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaConnectCreateConnector + // Required roles or permissions: service:data:write ServiceKafkaConnectCreateConnector(ctx context.Context, project string, serviceName string, in *map[string]string) (*ServiceKafkaConnectCreateConnectorOut, error) // ServiceKafkaConnectDeleteConnector delete Kafka Connect connector // DELETE /v1/project/{project}/service/{service_name}/connectors/{connector_name} // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaConnectDeleteConnector + // Required roles or permissions: service:data:write ServiceKafkaConnectDeleteConnector(ctx context.Context, project string, serviceName string, connectorName string) error // ServiceKafkaConnectEditConnector edit Kafka Connect connector // PUT /v1/project/{project}/service/{service_name}/connectors/{connector_name} // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaConnectEditConnector + // Required roles or permissions: service:data:write ServiceKafkaConnectEditConnector(ctx context.Context, project string, serviceName string, connectorName string, in *map[string]string) (*ServiceKafkaConnectEditConnectorOut, error) // ServiceKafkaConnectGetAvailableConnectors get available Kafka Connect connectors // GET /v1/project/{project}/service/{service_name}/available-connectors // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaConnectGetAvailableConnectors - // Required roles or permissions: admin, role:organization:admin + // Required roles or permissions: service:data:write ServiceKafkaConnectGetAvailableConnectors(ctx context.Context, project string, serviceName string) ([]ServiceKafkaConnectGetAvailableConnectorsOut, error) // ServiceKafkaConnectGetConnectorConfiguration get Kafka Connect connector configuration schema // GET /v1/project/{project}/service/{service_name}/connector-plugins/{connector_name}/configuration // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaConnectGetConnectorConfiguration + // Required roles or permissions: service:data:write ServiceKafkaConnectGetConnectorConfiguration(ctx context.Context, project string, serviceName string, connectorName string) ([]ConfigurationSchemaOut, error) // ServiceKafkaConnectGetConnectorStatus get a Kafka Connect Connector status // GET /v1/project/{project}/service/{service_name}/connectors/{connector_name}/status // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaConnectGetConnectorStatus - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceKafkaConnectGetConnectorStatus(ctx context.Context, project string, serviceName string, connectorName string) (*ServiceKafkaConnectGetConnectorStatusOut, error) // ServiceKafkaConnectList lists Kafka connectors // GET /v1/project/{project}/service/{service_name}/connectors // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaConnectList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceKafkaConnectList(ctx context.Context, project string, serviceName string) ([]ConnectorOut, error) // ServiceKafkaConnectPauseConnector pause a Kafka Connect Connector // POST /v1/project/{project}/service/{service_name}/connectors/{connector_name}/pause // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaConnectPauseConnector - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceKafkaConnectPauseConnector(ctx context.Context, project string, serviceName string, connectorName string) error // ServiceKafkaConnectRestartConnector restart a Kafka Connect Connector // POST /v1/project/{project}/service/{service_name}/connectors/{connector_name}/restart // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaConnectRestartConnector - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceKafkaConnectRestartConnector(ctx context.Context, project string, serviceName string, connectorName string) error // ServiceKafkaConnectRestartConnectorTask restart a Kafka Connect Connector task // POST /v1/project/{project}/service/{service_name}/connectors/{connector_name}/tasks/{task_id}/restart // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaConnectRestartConnectorTask + // Required roles or permissions: service:data:write ServiceKafkaConnectRestartConnectorTask(ctx context.Context, project string, serviceName string, connectorName string, taskId string) error // ServiceKafkaConnectResumeConnector resume a Kafka Connect Connector // POST /v1/project/{project}/service/{service_name}/connectors/{connector_name}/resume // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaConnectResumeConnector - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceKafkaConnectResumeConnector(ctx context.Context, project string, serviceName string, connectorName string) error } diff --git a/handler/kafkamirrormaker/kafkamirrormaker.go b/handler/kafkamirrormaker/kafkamirrormaker.go index 6702108..45b1fac 100644 --- a/handler/kafkamirrormaker/kafkamirrormaker.go +++ b/handler/kafkamirrormaker/kafkamirrormaker.go @@ -13,26 +13,31 @@ type Handler interface { // ServiceKafkaMirrorMakerCreateReplicationFlow create a replication flow // POST /v1/project/{project}/service/{service_name}/mirrormaker/replication-flows // https://api.aiven.io/doc/#tag/Service:_Kafka_MirrorMaker/operation/ServiceKafkaMirrorMakerCreateReplicationFlow + // Required roles or permissions: service:data:write ServiceKafkaMirrorMakerCreateReplicationFlow(ctx context.Context, project string, serviceName string, in *ServiceKafkaMirrorMakerCreateReplicationFlowIn) error // ServiceKafkaMirrorMakerDeleteReplicationFlow delete a replication flow // DELETE /v1/project/{project}/service/{service_name}/mirrormaker/replication-flows/{source_cluster}/{target_cluster} // https://api.aiven.io/doc/#tag/Service:_Kafka_MirrorMaker/operation/ServiceKafkaMirrorMakerDeleteReplicationFlow + // Required roles or permissions: service:data:write ServiceKafkaMirrorMakerDeleteReplicationFlow(ctx context.Context, project string, serviceName string, sourceCluster string, targetCluster string) error // ServiceKafkaMirrorMakerGetReplicationFlow get a replication flow // GET /v1/project/{project}/service/{service_name}/mirrormaker/replication-flows/{source_cluster}/{target_cluster} // https://api.aiven.io/doc/#tag/Service:_Kafka_MirrorMaker/operation/ServiceKafkaMirrorMakerGetReplicationFlow + // Required roles or permissions: service:data:write ServiceKafkaMirrorMakerGetReplicationFlow(ctx context.Context, project string, serviceName string, sourceCluster string, targetCluster string) (*ServiceKafkaMirrorMakerGetReplicationFlowOut, error) // ServiceKafkaMirrorMakerGetReplicationFlows get replication flows // GET /v1/project/{project}/service/{service_name}/mirrormaker/replication-flows // https://api.aiven.io/doc/#tag/Service:_Kafka_MirrorMaker/operation/ServiceKafkaMirrorMakerGetReplicationFlows + // Required roles or permissions: service:data:write ServiceKafkaMirrorMakerGetReplicationFlows(ctx context.Context, project string, serviceName string) ([]ReplicationFlowOut, error) // ServiceKafkaMirrorMakerPatchReplicationFlow update a replication flow // PUT /v1/project/{project}/service/{service_name}/mirrormaker/replication-flows/{source_cluster}/{target_cluster} // https://api.aiven.io/doc/#tag/Service:_Kafka_MirrorMaker/operation/ServiceKafkaMirrorMakerPatchReplicationFlow + // Required roles or permissions: service:data:write ServiceKafkaMirrorMakerPatchReplicationFlow(ctx context.Context, project string, serviceName string, sourceCluster string, targetCluster string, in *ServiceKafkaMirrorMakerPatchReplicationFlowIn) (*ServiceKafkaMirrorMakerPatchReplicationFlowOut, error) } diff --git a/handler/kafkaschemaregistry/kafkaschemaregistry.go b/handler/kafkaschemaregistry/kafkaschemaregistry.go index 8af2941..1b7e915 100644 --- a/handler/kafkaschemaregistry/kafkaschemaregistry.go +++ b/handler/kafkaschemaregistry/kafkaschemaregistry.go @@ -13,84 +13,97 @@ type Handler interface { // ServiceSchemaRegistryAclAdd add a Schema Registry ACL entry // POST /v1/project/{project}/service/{service_name}/kafka/schema-registry/acl // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceSchemaRegistryAclAdd + // Required roles or permissions: service:data:write ServiceSchemaRegistryAclAdd(ctx context.Context, project string, serviceName string, in *ServiceSchemaRegistryAclAddIn) ([]AclOut, error) // ServiceSchemaRegistryAclDelete delete a Schema Registry ACL entry // DELETE /v1/project/{project}/service/{service_name}/kafka/schema-registry/acl/{schema_registry_acl_id} // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceSchemaRegistryAclDelete + // Required roles or permissions: service:data:write ServiceSchemaRegistryAclDelete(ctx context.Context, project string, serviceName string, schemaRegistryAclId string) ([]AclOut, error) // ServiceSchemaRegistryAclList list Schema Registry ACL entries // GET /v1/project/{project}/service/{service_name}/kafka/schema-registry/acl // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceSchemaRegistryAclList + // Required roles or permissions: service:data:write ServiceSchemaRegistryAclList(ctx context.Context, project string, serviceName string) ([]AclOut, error) // ServiceSchemaRegistryCompatibility check compatibility of schema in Schema Registry // POST /v1/project/{project}/service/{service_name}/kafka/schema/compatibility/subjects/{subject_name}/versions/{version_id} // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceSchemaRegistryCompatibility + // Required roles or permissions: service:data:write ServiceSchemaRegistryCompatibility(ctx context.Context, project string, serviceName string, subjectName string, versionId int, in *ServiceSchemaRegistryCompatibilityIn) (*ServiceSchemaRegistryCompatibilityOut, error) // ServiceSchemaRegistryGlobalConfigGet get global configuration for Schema Registry // GET /v1/project/{project}/service/{service_name}/kafka/schema/config // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceSchemaRegistryGlobalConfigGet + // Required roles or permissions: service:data:write ServiceSchemaRegistryGlobalConfigGet(ctx context.Context, project string, serviceName string) (CompatibilityType, error) // ServiceSchemaRegistryGlobalConfigPut edit global configuration for Schema Registry // PUT /v1/project/{project}/service/{service_name}/kafka/schema/config // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceSchemaRegistryGlobalConfigPut + // Required roles or permissions: service:data:write ServiceSchemaRegistryGlobalConfigPut(ctx context.Context, project string, serviceName string, in *ServiceSchemaRegistryGlobalConfigPutIn) (CompatibilityType, error) // ServiceSchemaRegistrySchemaGet get schema in Schema Registry // GET /v1/project/{project}/service/{service_name}/kafka/schema/schemas/ids/{schema_id} // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceSchemaRegistrySchemaGet - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceSchemaRegistrySchemaGet(ctx context.Context, project string, serviceName string, schemaId string) error // ServiceSchemaRegistrySubjectConfigGet get configuration for Schema Registry subject // GET /v1/project/{project}/service/{service_name}/kafka/schema/config/{subject_name} // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceSchemaRegistrySubjectConfigGet - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceSchemaRegistrySubjectConfigGet(ctx context.Context, project string, serviceName string, subjectName string, query ...[2]string) (CompatibilityType, error) // ServiceSchemaRegistrySubjectConfigPut edit configuration for Schema Registry subject // PUT /v1/project/{project}/service/{service_name}/kafka/schema/config/{subject_name} // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceSchemaRegistrySubjectConfigPut - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceSchemaRegistrySubjectConfigPut(ctx context.Context, project string, serviceName string, subjectName string, in *ServiceSchemaRegistrySubjectConfigPutIn) (CompatibilityType, error) // ServiceSchemaRegistrySubjectDelete delete Schema Registry subject // DELETE /v1/project/{project}/service/{service_name}/kafka/schema/subjects/{subject_name} // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceSchemaRegistrySubjectDelete + // Required roles or permissions: service:data:write ServiceSchemaRegistrySubjectDelete(ctx context.Context, project string, serviceName string, subjectName string) error // ServiceSchemaRegistrySubjectVersionDelete delete Schema Registry subject version // DELETE /v1/project/{project}/service/{service_name}/kafka/schema/subjects/{subject_name}/versions/{version_id} // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceSchemaRegistrySubjectVersionDelete + // Required roles or permissions: service:data:write ServiceSchemaRegistrySubjectVersionDelete(ctx context.Context, project string, serviceName string, subjectName string, versionId int) error // ServiceSchemaRegistrySubjectVersionGet get Schema Registry Subject version // GET /v1/project/{project}/service/{service_name}/kafka/schema/subjects/{subject_name}/versions/{version_id} // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceSchemaRegistrySubjectVersionGet + // Required roles or permissions: service:data:write ServiceSchemaRegistrySubjectVersionGet(ctx context.Context, project string, serviceName string, subjectName string, versionId int) (*ServiceSchemaRegistrySubjectVersionGetOut, error) // ServiceSchemaRegistrySubjectVersionPost register a new Schema in Schema Registry // POST /v1/project/{project}/service/{service_name}/kafka/schema/subjects/{subject_name}/versions // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceSchemaRegistrySubjectVersionPost + // Required roles or permissions: service:data:write ServiceSchemaRegistrySubjectVersionPost(ctx context.Context, project string, serviceName string, subjectName string, in *ServiceSchemaRegistrySubjectVersionPostIn) (int, error) // Deprecated: ServiceSchemaRegistrySubjectVersionSchemaGet dEPRECATED: Get raw schema of a specific version in Schema Registry // GET /v1/project/{project}/service/{service_name}/kafka/schema/subjects/{subject_name}/versions/{version_id}/schema // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceSchemaRegistrySubjectVersionSchemaGet + // Required roles or permissions: service:data:write ServiceSchemaRegistrySubjectVersionSchemaGet(ctx context.Context, project string, serviceName string, subjectName string, versionId int) error // ServiceSchemaRegistrySubjectVersionsGet get Schema Registry subject versions // GET /v1/project/{project}/service/{service_name}/kafka/schema/subjects/{subject_name}/versions // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceSchemaRegistrySubjectVersionsGet + // Required roles or permissions: service:data:write ServiceSchemaRegistrySubjectVersionsGet(ctx context.Context, project string, serviceName string, subjectName string) ([]int, error) // ServiceSchemaRegistrySubjects lists Schema Registry subjects // GET /v1/project/{project}/service/{service_name}/kafka/schema/subjects // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceSchemaRegistrySubjects + // Required roles or permissions: service:data:write ServiceSchemaRegistrySubjects(ctx context.Context, project string, serviceName string) ([]string, error) } diff --git a/handler/kafkatopic/kafkatopic.go b/handler/kafkatopic/kafkatopic.go index 99d2571..3b1becf 100644 --- a/handler/kafkatopic/kafkatopic.go +++ b/handler/kafkatopic/kafkatopic.go @@ -13,48 +13,47 @@ type Handler interface { // ServiceKafkaTopicCreate create a Kafka topic // POST /v1/project/{project}/service/{service_name}/topic // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaTopicCreate - // Required roles or permissions: admin, role:organization:admin + // Required roles or permissions: developer, operator ServiceKafkaTopicCreate(ctx context.Context, project string, serviceName string, in *ServiceKafkaTopicCreateIn) error // ServiceKafkaTopicDelete delete a Kafka topic // DELETE /v1/project/{project}/service/{service_name}/topic/{topic_name} // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaTopicDelete - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceKafkaTopicDelete(ctx context.Context, project string, serviceName string, topicName string) error // ServiceKafkaTopicGet get Kafka topic info // GET /v1/project/{project}/service/{service_name}/topic/{topic_name} // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaTopicGet - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceKafkaTopicGet(ctx context.Context, project string, serviceName string, topicName string) (*ServiceKafkaTopicGetOut, error) // ServiceKafkaTopicList get Kafka topic list // GET /v1/project/{project}/service/{service_name}/topic // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaTopicList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceKafkaTopicList(ctx context.Context, project string, serviceName string) ([]TopicOut, error) // ServiceKafkaTopicListV2 list Kafka topics V2 // POST /v2/project/{project}/service/{service_name}/topic - // Required roles or permissions: admin, read_only, role:organization:admin, service:data:write ServiceKafkaTopicListV2(ctx context.Context, project string, serviceName string, in *ServiceKafkaTopicListV2In) ([]ServiceKafkaTopicGetOut, error) // ServiceKafkaTopicMessageList list kafka topic messages // POST /v1/project/{project}/service/{service_name}/kafka/rest/topics/{topic_name}/messages // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaTopicMessageList - // Required roles or permissions: admin, read_only, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceKafkaTopicMessageList(ctx context.Context, project string, serviceName string, topicName string, in *ServiceKafkaTopicMessageListIn) ([]MessageOut, error) // ServiceKafkaTopicMessageProduce produce message into a kafka topic // POST /v1/project/{project}/service/{service_name}/kafka/rest/topics/{topic_name}/produce // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaTopicMessageProduce - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceKafkaTopicMessageProduce(ctx context.Context, project string, serviceName string, topicName string, in *ServiceKafkaTopicMessageProduceIn) (*ServiceKafkaTopicMessageProduceOut, error) // ServiceKafkaTopicUpdate update a Kafka topic // PUT /v1/project/{project}/service/{service_name}/topic/{topic_name} // https://api.aiven.io/doc/#tag/Service:_Kafka/operation/ServiceKafkaTopicUpdate - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceKafkaTopicUpdate(ctx context.Context, project string, serviceName string, topicName string, in *ServiceKafkaTopicUpdateIn) error } diff --git a/handler/mysql/mysql.go b/handler/mysql/mysql.go index fa48cde..543932f 100644 --- a/handler/mysql/mysql.go +++ b/handler/mysql/mysql.go @@ -13,6 +13,7 @@ type Handler interface { // MySQLServiceQueryStatistics fetch MySQL service query statistics // POST /v1/project/{project}/service/{service_name}/mysql/query/stats // https://api.aiven.io/doc/#tag/Service:_MySQL/operation/MySQLServiceQueryStatistics + // Required roles or permissions: service:data:write MySQLServiceQueryStatistics(ctx context.Context, project string, serviceName string, in *MySqlserviceQueryStatisticsIn) ([]QueryOut, error) } diff --git a/handler/opensearch/opensearch.go b/handler/opensearch/opensearch.go index e55a709..1c5393b 100644 --- a/handler/opensearch/opensearch.go +++ b/handler/opensearch/opensearch.go @@ -14,48 +14,49 @@ type Handler interface { // ServiceOpenSearchAclGet show OpenSearch ACL configuration // GET /v1/project/{project}/service/{service_name}/opensearch/acl // https://api.aiven.io/doc/#tag/Service:_OpenSearch/operation/ServiceOpenSearchAclGet - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceOpenSearchAclGet(ctx context.Context, project string, serviceName string) (*ServiceOpenSearchAclGetOut, error) // ServiceOpenSearchAclSet set OpenSearch ACL configuration // POST /v1/project/{project}/service/{service_name}/opensearch/acl // https://api.aiven.io/doc/#tag/Service:_OpenSearch/operation/ServiceOpenSearchAclSet - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceOpenSearchAclSet(ctx context.Context, project string, serviceName string, in *ServiceOpenSearchAclSetIn) (*ServiceOpenSearchAclSetOut, error) // ServiceOpenSearchAclUpdate update OpenSearch ACL configuration // PUT /v1/project/{project}/service/{service_name}/opensearch/acl // https://api.aiven.io/doc/#tag/Service:_OpenSearch/operation/ServiceOpenSearchAclUpdate - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceOpenSearchAclUpdate(ctx context.Context, project string, serviceName string, in *ServiceOpenSearchAclUpdateIn) (*ServiceOpenSearchAclUpdateOut, error) // ServiceOpenSearchIndexDelete delete an OpenSearch index // DELETE /v1/project/{project}/service/{service_name}/index/{index_pattern} // https://api.aiven.io/doc/#tag/Service:_OpenSearch/operation/ServiceOpenSearchIndexDelete - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceOpenSearchIndexDelete(ctx context.Context, project string, serviceName string, indexPattern string) error // ServiceOpenSearchIndexList list OpenSearch indexes // GET /v1/project/{project}/service/{service_name}/index // https://api.aiven.io/doc/#tag/Service:_OpenSearch/operation/ServiceOpenSearchIndexList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceOpenSearchIndexList(ctx context.Context, project string, serviceName string) ([]IndexeOut, error) // ServiceOpenSearchSecurityGet show OpenSearch security configuration status // GET /v1/project/{project}/service/{service_name}/opensearch/security // https://api.aiven.io/doc/#tag/Service:_OpenSearch/operation/ServiceOpenSearchSecurityGet - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceOpenSearchSecurityGet(ctx context.Context, project string, serviceName string) (*ServiceOpenSearchSecurityGetOut, error) // ServiceOpenSearchSecurityReset change Opensearch Security Admin password // PUT /v1/project/{project}/service/{service_name}/opensearch/security/admin // https://api.aiven.io/doc/#tag/Service:_OpenSearch/operation/ServiceOpenSearchSecurityReset + // Required roles or permissions: service:data:write ServiceOpenSearchSecurityReset(ctx context.Context, project string, serviceName string, in *ServiceOpenSearchSecurityResetIn) (*ServiceOpenSearchSecurityResetOut, error) // ServiceOpenSearchSecuritySet enable Opensearch Security Admin by setting the password // POST /v1/project/{project}/service/{service_name}/opensearch/security/admin // https://api.aiven.io/doc/#tag/Service:_OpenSearch/operation/ServiceOpenSearchSecuritySet - // Required roles or permissions: admin, read_only, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServiceOpenSearchSecuritySet(ctx context.Context, project string, serviceName string, in *ServiceOpenSearchSecuritySetIn) (*ServiceOpenSearchSecuritySetOut, error) } diff --git a/handler/organization/organization.go b/handler/organization/organization.go index bd5234b..f606528 100644 --- a/handler/organization/organization.go +++ b/handler/organization/organization.go @@ -14,30 +14,31 @@ type Handler interface { // OrganizationAddressCreate [EXPERIMENTAL] Create new address for an organization // POST /v1/organizations/{organization_id}/addresses // https://api.aiven.io/doc/#tag/Billing/operation/OrganizationAddressCreate - // Required roles or permissions: organization:billing:write, role:organization:admin + // Required roles or permissions: organization:billing:write OrganizationAddressCreate(ctx context.Context, organizationId string, in *OrganizationAddressCreateIn) (*OrganizationAddressCreateOut, error) // OrganizationAddressDelete [EXPERIMENTAL] Delete an address of an organization // DELETE /v1/organizations/{organization_id}/addresses/{address_id} // https://api.aiven.io/doc/#tag/Billing/operation/OrganizationAddressDelete - // Required roles or permissions: organization:billing:write, role:organization:admin + // Required roles or permissions: organization:billing:write OrganizationAddressDelete(ctx context.Context, organizationId string, addressId string) error // OrganizationAddressGet [EXPERIMENTAL] Get organization address info // GET /v1/organizations/{organization_id}/addresses/{address_id} // https://api.aiven.io/doc/#tag/Billing/operation/OrganizationAddressGet + // Required roles or permissions: organization:billing:read, organization:billing:write OrganizationAddressGet(ctx context.Context, organizationId string, addressId string) (*OrganizationAddressGetOut, error) // OrganizationAddressList [EXPERIMENTAL] List addresses of an organization // GET /v1/organizations/{organization_id}/addresses // https://api.aiven.io/doc/#tag/Billing/operation/OrganizationAddressList - // Required roles or permissions: organization:billing:read, role:organization:admin + // Required roles or permissions: organization:billing:read, organization:billing:write OrganizationAddressList(ctx context.Context, organizationId string) ([]AddresseOut, error) // OrganizationAddressUpdate [EXPERIMENTAL] Update an address of an organization // PATCH /v1/organizations/{organization_id}/addresses/{address_id} // https://api.aiven.io/doc/#tag/Billing/operation/OrganizationAddressUpdate - // Required roles or permissions: organization:billing:write, role:organization:admin + // Required roles or permissions: organization:billing:write OrganizationAddressUpdate(ctx context.Context, organizationId string, addressId string, in *OrganizationAddressUpdateIn) (*OrganizationAddressUpdateOut, error) // OrganizationAuthDomainLink link a domain to an organization's identity provider @@ -83,19 +84,16 @@ type Handler interface { // PermissionsGet list of permissions // GET /v1/organization/{organization_id}/permissions/{resource_type}/{resource_id} // https://api.aiven.io/doc/#tag/Permissions/operation/PermissionsGet - // Required roles or permissions: role:organization:admin PermissionsGet(ctx context.Context, organizationId string, resourceType ResourceType, resourceId string) ([]PermissionOut, error) // PermissionsSet set permissions // PUT /v1/organization/{organization_id}/permissions/{resource_type}/{resource_id} // https://api.aiven.io/doc/#tag/Permissions/operation/PermissionsSet - // Required roles or permissions: role:organization:admin PermissionsSet(ctx context.Context, organizationId string, resourceType ResourceType, resourceId string, in *PermissionsSetIn) error // PermissionsUpdate update permissions // PATCH /v1/organization/{organization_id}/permissions/{resource_type}/{resource_id} // https://api.aiven.io/doc/#tag/Permissions/operation/PermissionsUpdate - // Required roles or permissions: role:organization:admin PermissionsUpdate(ctx context.Context, organizationId string, resourceType ResourceType, resourceId string, in *PermissionsUpdateIn) error // UserOrganizationCreate create an organization diff --git a/handler/organizationbilling/organizationbilling.go b/handler/organizationbilling/organizationbilling.go index 39b03d5..cc7b345 100644 --- a/handler/organizationbilling/organizationbilling.go +++ b/handler/organizationbilling/organizationbilling.go @@ -13,31 +13,31 @@ type Handler interface { // OrganizationBillingGroupCreate [EXPERIMENTAL] Create an organization billing group // POST /v1/organization/{organization_id}/billing-groups // https://api.aiven.io/doc/#tag/OrganizationBillingGroup/operation/OrganizationBillingGroupCreate - // Required roles or permissions: organization:billing:write, role:organization:admin + // Required roles or permissions: organization:billing:write OrganizationBillingGroupCreate(ctx context.Context, organizationId string, in *OrganizationBillingGroupCreateIn) (*OrganizationBillingGroupCreateOut, error) // OrganizationBillingGroupDelete [EXPERIMENTAL] Delete an organization billing group // DELETE /v1/organization/{organization_id}/billing-groups/{billing_group_id} // https://api.aiven.io/doc/#tag/OrganizationBillingGroup/operation/OrganizationBillingGroupDelete - // Required roles or permissions: organization:billing:write, role:organization:admin + // Required roles or permissions: organization:billing:write OrganizationBillingGroupDelete(ctx context.Context, organizationId string, billingGroupId string) error // OrganizationBillingGroupGet [EXPERIMENTAL] Get organization billing group details // GET /v1/organization/{organization_id}/billing-groups/{billing_group_id} // https://api.aiven.io/doc/#tag/OrganizationBillingGroup/operation/OrganizationBillingGroupGet - // Required roles or permissions: organization:billing:read, role:organization:admin + // Required roles or permissions: organization:billing:read, organization:billing:write OrganizationBillingGroupGet(ctx context.Context, organizationId string, billingGroupId string) (*OrganizationBillingGroupGetOut, error) // OrganizationBillingGroupList [EXPERIMENTAL] List billing groups in an organization // GET /v1/organization/{organization_id}/billing-groups // https://api.aiven.io/doc/#tag/OrganizationBillingGroup/operation/OrganizationBillingGroupList - // Required roles or permissions: organization:billing:read, role:organization:admin + // Required roles or permissions: organization:billing:read, organization:billing:write, organization:projects:write OrganizationBillingGroupList(ctx context.Context, organizationId string) ([]BillingGroupOut, error) // OrganizationBillingGroupUpdate [EXPERIMENTAL] Update organization billing group details // PUT /v1/organization/{organization_id}/billing-groups/{billing_group_id} // https://api.aiven.io/doc/#tag/OrganizationBillingGroup/operation/OrganizationBillingGroupUpdate - // Required roles or permissions: organization:billing:write, role:organization:admin + // Required roles or permissions: organization:billing:write OrganizationBillingGroupUpdate(ctx context.Context, organizationId string, billingGroupId string, in *OrganizationBillingGroupUpdateIn) (*OrganizationBillingGroupUpdateOut, error) } diff --git a/handler/organizationprojects/organizationprojects.go b/handler/organizationprojects/organizationprojects.go index 013f35b..4d39b57 100644 --- a/handler/organizationprojects/organizationprojects.go +++ b/handler/organizationprojects/organizationprojects.go @@ -13,28 +13,29 @@ type Handler interface { // OrganizationProjectsCreate create project under the organization // POST /v1/organization/{organization_id}/projects // https://api.aiven.io/doc/#tag/Organizations/operation/OrganizationProjectsCreate - // Required roles or permissions: organization:projects:write, role:organization:admin OrganizationProjectsCreate(ctx context.Context, organizationId string, in *OrganizationProjectsCreateIn) (*OrganizationProjectsCreateOut, error) // OrganizationProjectsDelete delete project under the organization // DELETE /v1/organization/{organization_id}/projects/{project_id} // https://api.aiven.io/doc/#tag/Organizations/operation/OrganizationProjectsDelete + // Required roles or permissions: organization:projects:write OrganizationProjectsDelete(ctx context.Context, organizationId string, projectId string) error // OrganizationProjectsGet retrieve project under the organization // GET /v1/organization/{organization_id}/projects/{project_id} // https://api.aiven.io/doc/#tag/Organizations/operation/OrganizationProjectsGet + // Required roles or permissions: project:services:read OrganizationProjectsGet(ctx context.Context, organizationId string, projectId string) (*OrganizationProjectsGetOut, error) // OrganizationProjectsList list projects under the organization // GET /v1/organization/{organization_id}/projects // https://api.aiven.io/doc/#tag/Organizations/operation/OrganizationProjectsList - // Required roles or permissions: role:organization:admin OrganizationProjectsList(ctx context.Context, organizationId string) (*OrganizationProjectsListOut, error) // OrganizationProjectsUpdate update project under the organization // PATCH /v1/organization/{organization_id}/projects/{project_id} // https://api.aiven.io/doc/#tag/Organizations/operation/OrganizationProjectsUpdate + // Required roles or permissions: organization:projects:write OrganizationProjectsUpdate(ctx context.Context, organizationId string, projectId string, in *OrganizationProjectsUpdateIn) (*OrganizationProjectsUpdateOut, error) } diff --git a/handler/organizationuser/organizationuser.go b/handler/organizationuser/organizationuser.go index e3a9f91..31d5dd6 100644 --- a/handler/organizationuser/organizationuser.go +++ b/handler/organizationuser/organizationuser.go @@ -14,12 +14,13 @@ type Handler interface { // OrganizationUserAuthenticationMethodsList list authentication methods for a user in the organization // GET /v1/organization/{organization_id}/user/{member_user_id}/authentication_methods // https://api.aiven.io/doc/#tag/Users/operation/OrganizationUserAuthenticationMethodsList - // Required roles or permissions: role:organization:admin + // Required roles or permissions: organization:users:write OrganizationUserAuthenticationMethodsList(ctx context.Context, organizationId string, memberUserId string) ([]AuthenticationMethodOut, error) // OrganizationUserDelete remove a user from the organization // DELETE /v1/organization/{organization_id}/user/{member_user_id} // https://api.aiven.io/doc/#tag/Users/operation/OrganizationUserDelete + // Required roles or permissions: organization:users:write OrganizationUserDelete(ctx context.Context, organizationId string, memberUserId string) error // OrganizationUserGet get details on a user of the organization @@ -35,17 +36,19 @@ type Handler interface { // OrganizationUserInvitationDelete remove an invitation to the organization // DELETE /v1/organization/{organization_id}/invitation/{user_email} // https://api.aiven.io/doc/#tag/Organizations/operation/OrganizationUserInvitationDelete + // Required roles or permissions: organization:users:write OrganizationUserInvitationDelete(ctx context.Context, organizationId string, userEmail string) error // OrganizationUserInvitationsList list user invitations to the organization // GET /v1/organization/{organization_id}/invitation // https://api.aiven.io/doc/#tag/Organizations/operation/OrganizationUserInvitationsList - // Required roles or permissions: role:organization:admin + // Required roles or permissions: organization:users:write OrganizationUserInvitationsList(ctx context.Context, organizationId string) ([]InvitationOut, error) // OrganizationUserInvite invite a user to the organization // POST /v1/organization/{organization_id}/invitation // https://api.aiven.io/doc/#tag/Organizations/operation/OrganizationUserInvite + // Required roles or permissions: organization:users:write OrganizationUserInvite(ctx context.Context, organizationId string, in *OrganizationUserInviteIn) error // OrganizationUserList list users of the organization @@ -56,24 +59,25 @@ type Handler interface { // OrganizationUserPasswordReset reset the password of a managed user in the organization // POST /v1/organization/{organization_id}/user/{member_user_id}/reset_password // https://api.aiven.io/doc/#tag/Users/operation/OrganizationUserPasswordReset + // Required roles or permissions: organization:users:write OrganizationUserPasswordReset(ctx context.Context, organizationId string, memberUserId string) error // OrganizationUserRevokeToken revoke the token of a managed user in the organization // DELETE /v1/organization/{organization_id}/user/{member_user_id}/access-token/{token_prefix} // https://api.aiven.io/doc/#tag/Users/operation/OrganizationUserRevokeToken - // Required roles or permissions: organization:users:write, role:organization:admin + // Required roles or permissions: organization:users:write OrganizationUserRevokeToken(ctx context.Context, organizationId string, memberUserId string, tokenPrefix string) error // OrganizationUserTokensList list tokens from an organization's member // GET /v1/organization/{organization_id}/user/{member_user_id}/access-tokens // https://api.aiven.io/doc/#tag/Users/operation/OrganizationUserTokensList - // Required roles or permissions: role:organization:admin + // Required roles or permissions: organization:users:write OrganizationUserTokensList(ctx context.Context, organizationId string, memberUserId string) ([]TokenOut, error) // OrganizationUserUpdate update details on a user of the organization // PATCH /v1/organization/{organization_id}/user/{member_user_id} // https://api.aiven.io/doc/#tag/Users/operation/OrganizationUserUpdate - // Required roles or permissions: role:organization:admin + // Required roles or permissions: organization:users:write OrganizationUserUpdate(ctx context.Context, organizationId string, memberUserId string, in *OrganizationUserUpdateIn) (*OrganizationUserUpdateOut, error) } diff --git a/handler/organizationvpc/organizationvpc.go b/handler/organizationvpc/organizationvpc.go index f3be773..4a1d03a 100644 --- a/handler/organizationvpc/organizationvpc.go +++ b/handler/organizationvpc/organizationvpc.go @@ -14,36 +14,37 @@ type Handler interface { // OrganizationVpcCreate [EXPERIMENTAL] Create organization VPC // POST /v1/organization/{organization_id}/vpcs // https://api.aiven.io/doc/#tag/Organization_Vpc/operation/OrganizationVpcCreate - // Required roles or permissions: organization:networking:write, role:organization:admin + // Required roles or permissions: organization:networking:write OrganizationVpcCreate(ctx context.Context, organizationId string, in *OrganizationVpcCreateIn) (*OrganizationVpcCreateOut, error) // OrganizationVpcDelete [EXPERIMENTAL] Delete organization VPC // DELETE /v1/organization/{organization_id}/vpcs/{organization_vpc_id} // https://api.aiven.io/doc/#tag/Organization_Vpc/operation/OrganizationVpcDelete - // Required roles or permissions: organization:networking:write, role:organization:admin + // Required roles or permissions: organization:networking:write OrganizationVpcDelete(ctx context.Context, organizationId string, organizationVpcId string) (*OrganizationVpcDeleteOut, error) // OrganizationVpcGet [EXPERIMENTAL] Get organization VPC // GET /v1/organization/{organization_id}/vpcs/{organization_vpc_id} // https://api.aiven.io/doc/#tag/Organization_Vpc/operation/OrganizationVpcGet - // Required roles or permissions: organization:networking:read, role:organization:admin + // Required roles or permissions: organization:networking:read OrganizationVpcGet(ctx context.Context, organizationId string, organizationVpcId string) (*OrganizationVpcGetOut, error) // OrganizationVpcList [EXPERIMENTAL] List organization VPCs // GET /v1/organization/{organization_id}/vpcs // https://api.aiven.io/doc/#tag/Organization_Vpc/operation/OrganizationVpcList - // Required roles or permissions: organization:networking:read, role:organization:admin + // Required roles or permissions: organization:networking:read OrganizationVpcList(ctx context.Context, organizationId string) ([]VpcOut, error) // OrganizationVpcPeeringConnectionCreate [EXPERIMENTAL] Create organization VPC peering // POST /v1/organization/{organization_id}/vpcs/{organization_vpc_id}/peering-connections // https://api.aiven.io/doc/#tag/Organization_Vpc/operation/OrganizationVpcPeeringConnectionCreate - // Required roles or permissions: organization:networking:write, role:organization:admin + // Required roles or permissions: organization:networking:write OrganizationVpcPeeringConnectionCreate(ctx context.Context, organizationId string, organizationVpcId string, in *OrganizationVpcPeeringConnectionCreateIn) (*OrganizationVpcPeeringConnectionCreateOut, error) // OrganizationVpcPeeringConnectionDeleteById [EXPERIMENTAL] Delete organization VPC peering // DELETE /v1/organization/{organization_id}/vpcs/{organization_vpc_id}/peering-connections/{peering_connection_id} // https://api.aiven.io/doc/#tag/Organization_Vpc/operation/OrganizationVpcPeeringConnectionDeleteById + // Required roles or permissions: organization:networking:write OrganizationVpcPeeringConnectionDeleteById(ctx context.Context, organizationId string, organizationVpcId string, peeringConnectionId string) (*OrganizationVpcPeeringConnectionDeleteByIdOut, error) } diff --git a/handler/postgresql/postgresql.go b/handler/postgresql/postgresql.go index 21e0622..ffdc178 100644 --- a/handler/postgresql/postgresql.go +++ b/handler/postgresql/postgresql.go @@ -13,11 +13,13 @@ type Handler interface { // PGServiceAvailableExtensions list PostgreSQL extensions that can be loaded with CREATE EXTENSION in this service // GET /v1/project/{project}/service/{service_name}/pg/available-extensions // https://api.aiven.io/doc/#tag/Service:_PostgreSQL/operation/PGServiceAvailableExtensions + // Required roles or permissions: service:data:write PGServiceAvailableExtensions(ctx context.Context, project string, serviceName string) ([]ExtensionOut, error) // PGServiceQueryStatistics fetch PostgreSQL service query statistics // POST /v1/project/{project}/service/{service_name}/pg/query/stats // https://api.aiven.io/doc/#tag/Service:_PostgreSQL/operation/PGServiceQueryStatistics + // Required roles or permissions: service:data:write PGServiceQueryStatistics(ctx context.Context, project string, serviceName string, in *PgserviceQueryStatisticsIn) ([]QueryOut, error) // PgAvailableExtensions list PostgreSQL extensions available for this tenant grouped by PG version @@ -28,19 +30,19 @@ type Handler interface { // ServicePGBouncerCreate create a new connection pool for service // POST /v1/project/{project}/service/{service_name}/connection_pool // https://api.aiven.io/doc/#tag/Service:_PostgreSQL/operation/ServicePGBouncerCreate - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServicePGBouncerCreate(ctx context.Context, project string, serviceName string, in *ServicePgbouncerCreateIn) error // ServicePGBouncerDelete delete a connection pool // DELETE /v1/project/{project}/service/{service_name}/connection_pool/{pool_name} // https://api.aiven.io/doc/#tag/Service:_PostgreSQL/operation/ServicePGBouncerDelete - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServicePGBouncerDelete(ctx context.Context, project string, serviceName string, poolName string) error // ServicePGBouncerUpdate update a connection pool // PUT /v1/project/{project}/service/{service_name}/connection_pool/{pool_name} // https://api.aiven.io/doc/#tag/Service:_PostgreSQL/operation/ServicePGBouncerUpdate - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: service:data:write ServicePGBouncerUpdate(ctx context.Context, project string, serviceName string, poolName string, in *ServicePgbouncerUpdateIn) error } diff --git a/handler/privatelink/privatelink.go b/handler/privatelink/privatelink.go index 7397859..0fb5f8e 100644 --- a/handler/privatelink/privatelink.go +++ b/handler/privatelink/privatelink.go @@ -18,73 +18,73 @@ type Handler interface { // ServicePrivatelinkAWSConnectionList list VPC Endpoint connections for an AWS Privatelink Endpoint Service // GET /v1/project/{project}/service/{service_name}/privatelink/aws/connections // https://api.aiven.io/doc/#tag/Service/operation/ServicePrivatelinkAWSConnectionList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:configuration:write ServicePrivatelinkAWSConnectionList(ctx context.Context, project string, serviceName string) ([]ConnectionOut, error) // ServicePrivatelinkAWSCreate create an AWS Privatelink Endpoint Service // POST /v1/project/{project}/service/{service_name}/privatelink/aws // https://api.aiven.io/doc/#tag/Service/operation/ServicePrivatelinkAWSCreate - // Required roles or permissions: admin, project:services:write, role:organization:admin, service:configuration:write + // Required roles or permissions: service:configuration:write ServicePrivatelinkAWSCreate(ctx context.Context, project string, serviceName string, in *ServicePrivatelinkAwscreateIn) (*ServicePrivatelinkAwscreateOut, error) // ServicePrivatelinkAWSDelete delete an AWS Privatelink Endpoint Service // DELETE /v1/project/{project}/service/{service_name}/privatelink/aws // https://api.aiven.io/doc/#tag/Service/operation/ServicePrivatelinkAWSDelete - // Required roles or permissions: admin, project:services:write, role:organization:admin, service:configuration:write + // Required roles or permissions: service:configuration:write ServicePrivatelinkAWSDelete(ctx context.Context, project string, serviceName string) (*ServicePrivatelinkAwsdeleteOut, error) // ServicePrivatelinkAWSGet get AWS Privatelink Endpoint Service information // GET /v1/project/{project}/service/{service_name}/privatelink/aws // https://api.aiven.io/doc/#tag/Service/operation/ServicePrivatelinkAWSGet - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:configuration:write ServicePrivatelinkAWSGet(ctx context.Context, project string, serviceName string) (*ServicePrivatelinkAwsgetOut, error) // ServicePrivatelinkAWSUpdate update an AWS Privatelink Endpoint Service // PUT /v1/project/{project}/service/{service_name}/privatelink/aws // https://api.aiven.io/doc/#tag/Service/operation/ServicePrivatelinkAWSUpdate - // Required roles or permissions: admin, project:services:write, role:organization:admin, service:configuration:write + // Required roles or permissions: service:configuration:write ServicePrivatelinkAWSUpdate(ctx context.Context, project string, serviceName string, in *ServicePrivatelinkAwsupdateIn) (*ServicePrivatelinkAwsupdateOut, error) // ServicePrivatelinkAzureConnectionApproval approve an Azure private endpoint connection pending user approval // POST /v1/project/{project}/service/{service_name}/privatelink/azure/connections/{privatelink_connection_id}/approve // https://api.aiven.io/doc/#tag/Service/operation/ServicePrivatelinkAzureConnectionApproval - // Required roles or permissions: admin, project:services:write, role:organization:admin, service:configuration:write + // Required roles or permissions: service:configuration:write ServicePrivatelinkAzureConnectionApproval(ctx context.Context, project string, serviceName string, privatelinkConnectionId string) (*ServicePrivatelinkAzureConnectionApprovalOut, error) // ServicePrivatelinkAzureConnectionList list private endpoint connections for an Azure Privatelink Service // GET /v1/project/{project}/service/{service_name}/privatelink/azure/connections // https://api.aiven.io/doc/#tag/Service/operation/ServicePrivatelinkAzureConnectionList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:configuration:write ServicePrivatelinkAzureConnectionList(ctx context.Context, project string, serviceName string) ([]ServicePrivatelinkAzureConnectionListOut, error) // ServicePrivatelinkAzureConnectionUpdate update a private endpoint connection for an Azure Privatelink Service // PUT /v1/project/{project}/service/{service_name}/privatelink/azure/connections/{privatelink_connection_id} // https://api.aiven.io/doc/#tag/Service/operation/ServicePrivatelinkAzureConnectionUpdate - // Required roles or permissions: admin, project:services:write, role:organization:admin, service:configuration:write + // Required roles or permissions: service:configuration:write ServicePrivatelinkAzureConnectionUpdate(ctx context.Context, project string, serviceName string, privatelinkConnectionId string, in *ServicePrivatelinkAzureConnectionUpdateIn) (*ServicePrivatelinkAzureConnectionUpdateOut, error) // ServicePrivatelinkAzureCreate create an Azure Privatelink Service // POST /v1/project/{project}/service/{service_name}/privatelink/azure // https://api.aiven.io/doc/#tag/Service/operation/ServicePrivatelinkAzureCreate - // Required roles or permissions: admin, project:services:write, role:organization:admin, service:configuration:write + // Required roles or permissions: service:configuration:write ServicePrivatelinkAzureCreate(ctx context.Context, project string, serviceName string, in *ServicePrivatelinkAzureCreateIn) (*ServicePrivatelinkAzureCreateOut, error) // ServicePrivatelinkAzureDelete delete an Azure Privatelink Service // DELETE /v1/project/{project}/service/{service_name}/privatelink/azure // https://api.aiven.io/doc/#tag/Service/operation/ServicePrivatelinkAzureDelete - // Required roles or permissions: admin, project:services:write, role:organization:admin, service:configuration:write + // Required roles or permissions: service:configuration:write ServicePrivatelinkAzureDelete(ctx context.Context, project string, serviceName string) (*ServicePrivatelinkAzureDeleteOut, error) // ServicePrivatelinkAzureGet get Azure Privatelink Service information // GET /v1/project/{project}/service/{service_name}/privatelink/azure // https://api.aiven.io/doc/#tag/Service/operation/ServicePrivatelinkAzureGet - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:configuration:write ServicePrivatelinkAzureGet(ctx context.Context, project string, serviceName string) (*ServicePrivatelinkAzureGetOut, error) // ServicePrivatelinkAzureUpdate update an Azure Privatelink Service // PUT /v1/project/{project}/service/{service_name}/privatelink/azure // https://api.aiven.io/doc/#tag/Service/operation/ServicePrivatelinkAzureUpdate - // Required roles or permissions: admin, project:services:write, role:organization:admin, service:configuration:write + // Required roles or permissions: service:configuration:write ServicePrivatelinkAzureUpdate(ctx context.Context, project string, serviceName string, in *ServicePrivatelinkAzureUpdateIn) (*ServicePrivatelinkAzureUpdateOut, error) } diff --git a/handler/project/project.go b/handler/project/project.go index bd473bd..133a3bf 100644 --- a/handler/project/project.go +++ b/handler/project/project.go @@ -14,48 +14,47 @@ type Handler interface { // ListProjectVpcPeeringConnectionTypes list VPC peering connection types for a project // GET /v1/project/{project}/vpc-peering-connection-types // https://api.aiven.io/doc/#tag/Project/operation/ListProjectVpcPeeringConnectionTypes + // Required roles or permissions: project:networking:read ListProjectVpcPeeringConnectionTypes(ctx context.Context, project string) ([]VpcPeeringConnectionTypeOut, error) // ProjectAlertsList list active alerts for a project // GET /v1/project/{project}/alerts // https://api.aiven.io/doc/#tag/Project/operation/ProjectAlertsList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: developer, operator, read_only ProjectAlertsList(ctx context.Context, project string) ([]AlertOut, error) // ProjectCreate create a project // POST /v1/project // https://api.aiven.io/doc/#tag/Project/operation/ProjectCreate - // Required roles or permissions: organization:projects:write, role:organization:admin ProjectCreate(ctx context.Context, in *ProjectCreateIn) (*ProjectCreateOut, error) // ProjectDelete delete project // DELETE /v1/project/{project} // https://api.aiven.io/doc/#tag/Project/operation/ProjectDelete - // Required roles or permissions: admin, organization:projects:write, role:organization:admin + // Required roles or permissions: organization:projects:write ProjectDelete(ctx context.Context, project string) error // ProjectGenerateSbomDownloadUrl generate SBOM for project // GET /v1/project/{project}/generate-sbom-download-url/{file_format} // https://api.aiven.io/doc/#tag/Project/operation/ProjectGenerateSbomDownloadUrl - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: developer, operator, read_only ProjectGenerateSbomDownloadUrl(ctx context.Context, project string, fileFormat string) (string, error) // ProjectGet get project details // GET /v1/project/{project} // https://api.aiven.io/doc/#tag/Project/operation/ProjectGet - // Required roles or permissions: admin, project:services:read, read_only, role:organization:admin, role:services:maintenance, role:services:recover, service:secrets:read + // Required roles or permissions: project:services:read ProjectGet(ctx context.Context, project string) (*ProjectGetOut, error) // ProjectGetEventLogs get project event log entries // GET /v1/project/{project}/events // https://api.aiven.io/doc/#tag/Project/operation/ProjectGetEventLogs - // Required roles or permissions: admin, project:audit_logs:read, read_only, role:organization:admin + // Required roles or permissions: project:audit_logs:read ProjectGetEventLogs(ctx context.Context, project string) ([]EventOut, error) // ProjectInvite send project membership invitation // POST /v1/project/{project}/invite // https://api.aiven.io/doc/#tag/Project/operation/ProjectInvite - // Required roles or permissions: admin, role:organization:admin ProjectInvite(ctx context.Context, project string, in *ProjectInviteIn) error // ProjectInviteAccept confirm project invite @@ -66,94 +65,91 @@ type Handler interface { // ProjectInviteDelete delete an invitation to a project // DELETE /v1/project/{project}/invite/{invited_email} // https://api.aiven.io/doc/#tag/Project/operation/ProjectInviteDelete - // Required roles or permissions: admin, role:organization:admin ProjectInviteDelete(ctx context.Context, project string, invitedEmail string) error // ProjectKmsGetCA retrieve project CA certificate // GET /v1/project/{project}/kms/ca // https://api.aiven.io/doc/#tag/Project_Key_Management/operation/ProjectKmsGetCA - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: organization:projects:write ProjectKmsGetCA(ctx context.Context, project string) (string, error) // ProjectList list projects // GET /v1/project // https://api.aiven.io/doc/#tag/Project/operation/ProjectList - // Required roles or permissions: role:organization:admin ProjectList(ctx context.Context) (*ProjectListOut, error) // ProjectPrivatelinkAvailabilityList list Privatelink cloud availability and prices for a project // GET /v1/project/{project}/privatelink-availability // https://api.aiven.io/doc/#tag/Project/operation/ProjectPrivatelinkAvailabilityList + // Required roles or permissions: project:services:write ProjectPrivatelinkAvailabilityList(ctx context.Context, project string) ([]PrivatelinkAvailabilityOut, error) // ProjectServicePlanList list service plans // GET /v1/project/{project}/service-types/{service_type}/plans // https://api.aiven.io/doc/#tag/Project/operation/ProjectServicePlanList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: developer, operator, read_only ProjectServicePlanList(ctx context.Context, project string, serviceType string) ([]ServicePlanOut, error) // ProjectServicePlanPriceGet get plan pricing // GET /v1/project/{project}/pricing/service-types/{service_type}/plans/{service_plan}/clouds/{cloud} // https://api.aiven.io/doc/#tag/Project/operation/ProjectServicePlanPriceGet - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: developer, operator, read_only ProjectServicePlanPriceGet(ctx context.Context, project string, serviceType string, servicePlan string, cloud string) (*ProjectServicePlanPriceGetOut, error) // ProjectServicePlanSpecsGet get service plan details // GET /v1/project/{project}/service-types/{service_type}/plans/{service_plan} // https://api.aiven.io/doc/#tag/Project/operation/ProjectServicePlanSpecsGet + // Required roles or permissions: developer, operator, read_only ProjectServicePlanSpecsGet(ctx context.Context, project string, serviceType string, servicePlan string) (*ProjectServicePlanSpecsGetOut, error) // ProjectServiceTypesGet get service type details // GET /v1/project/{project}/service-types/{service_type} // https://api.aiven.io/doc/#tag/Project/operation/ProjectServiceTypesGet + // Required roles or permissions: developer, operator, read_only ProjectServiceTypesGet(ctx context.Context, project string, serviceType string) (*ProjectServiceTypesGetOut, error) // ProjectServiceTypesList list service types // GET /v1/project/{project}/service-types // https://api.aiven.io/doc/#tag/Project/operation/ProjectServiceTypesList - // Required roles or permissions: admin, project:services:read, read_only, role:organization:admin, role:services:maintenance, role:services:recover, service:secrets:read + // Required roles or permissions: project:services:read ProjectServiceTypesList(ctx context.Context, project string) (*ProjectServiceTypesListOut, error) // ProjectTagsList list all tags attached to this project // GET /v1/project/{project}/tags // https://api.aiven.io/doc/#tag/Project/operation/ProjectTagsList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: developer, operator, read_only ProjectTagsList(ctx context.Context, project string) (map[string]string, error) // ProjectTagsReplace replace all project tags with a new set of tags, deleting old ones // PUT /v1/project/{project}/tags // https://api.aiven.io/doc/#tag/Project/operation/ProjectTagsReplace - // Required roles or permissions: admin, role:organization:admin ProjectTagsReplace(ctx context.Context, project string, in *ProjectTagsReplaceIn) error // ProjectTagsUpdate update one or more tags, creating ones that don't exist, and deleting ones given NULL value // PATCH /v1/project/{project}/tags // https://api.aiven.io/doc/#tag/Project/operation/ProjectTagsUpdate - // Required roles or permissions: admin, role:organization:admin ProjectTagsUpdate(ctx context.Context, project string, in *ProjectTagsUpdateIn) error // ProjectUpdate update project // PUT /v1/project/{project} // https://api.aiven.io/doc/#tag/Project/operation/ProjectUpdate - // Required roles or permissions: admin, organization:projects:write, role:organization:admin + // Required roles or permissions: organization:projects:write ProjectUpdate(ctx context.Context, project string, in *ProjectUpdateIn) (*ProjectUpdateOut, error) // ProjectUserList list users with access to the project. May contain same user multiple times if they belong to multiple teams associated to the project // GET /v1/project/{project}/users // https://api.aiven.io/doc/#tag/Project/operation/ProjectUserList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: developer, operator, read_only ProjectUserList(ctx context.Context, project string) (*ProjectUserListOut, error) // ProjectUserRemove remove user from the project // DELETE /v1/project/{project}/user/{user_email} // https://api.aiven.io/doc/#tag/Project/operation/ProjectUserRemove - // Required roles or permissions: admin, role:organization:admin ProjectUserRemove(ctx context.Context, project string, userEmail string) error // ProjectUserUpdate update a project user // PUT /v1/project/{project}/user/{user_email} // https://api.aiven.io/doc/#tag/Project/operation/ProjectUserUpdate - // Required roles or permissions: admin, role:organization:admin ProjectUserUpdate(ctx context.Context, project string, userEmail string, in *ProjectUserUpdateIn) error } diff --git a/handler/projectbilling/projectbilling.go b/handler/projectbilling/projectbilling.go index 955d446..ad3923e 100644 --- a/handler/projectbilling/projectbilling.go +++ b/handler/projectbilling/projectbilling.go @@ -19,19 +19,19 @@ type Handler interface { // Deprecated: ProjectCreditsClaim claim a credit code // POST /v1/project/{project}/credits // https://api.aiven.io/doc/#tag/Project_Billing/operation/ProjectCreditsClaim - // Required roles or permissions: admin, role:organization:admin + // Required roles or permissions: developer, operator ProjectCreditsClaim(ctx context.Context, project string, in *ProjectCreditsClaimIn) (*ProjectCreditsClaimOut, error) // Deprecated: ProjectCreditsList list credits available to the project // GET /v1/project/{project}/credits // https://api.aiven.io/doc/#tag/Project_Billing/operation/ProjectCreditsList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: developer, operator, read_only ProjectCreditsList(ctx context.Context, project string) ([]CreditOut, error) // ProjectInvoiceList list project invoices // GET /v1/project/{project}/invoice // https://api.aiven.io/doc/#tag/Project_Billing/operation/ProjectInvoiceList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: developer, operator, read_only ProjectInvoiceList(ctx context.Context, project string) ([]InvoiceOut, error) } diff --git a/handler/service/service.go b/handler/service/service.go index 6f418c1..f54b4b2 100644 --- a/handler/service/service.go +++ b/handler/service/service.go @@ -14,6 +14,7 @@ type Handler interface { // ListProjectServiceTypes list service types for a project // GET /v1/project/{project}/service_types // https://api.aiven.io/doc/#tag/Service/operation/ListProjectServiceTypes + // Required roles or permissions: project:services:read ListProjectServiceTypes(ctx context.Context, project string) (*ListProjectServiceTypesOut, error) // ListPublicServiceTypes list publicly available service types @@ -29,253 +30,259 @@ type Handler interface { // ProjectGetServiceLogs get service log entries // POST /v1/project/{project}/service/{service_name}/logs // https://api.aiven.io/doc/#tag/Service/operation/ProjectGetServiceLogs - // Required roles or permissions: admin, read_only, role:organization:admin, service:logs:read + // Required roles or permissions: service:logs:read ProjectGetServiceLogs(ctx context.Context, project string, serviceName string, in *ProjectGetServiceLogsIn) (*ProjectGetServiceLogsOut, error) // ProjectServiceTagsList list all tags attached to the service // GET /v1/project/{project}/service/{service_name}/tags // https://api.aiven.io/doc/#tag/Service/operation/ProjectServiceTagsList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:configuration:write ProjectServiceTagsList(ctx context.Context, project string, serviceName string) (map[string]string, error) // ProjectServiceTagsReplace replace all project tags with a new set of tags, deleting old ones // PUT /v1/project/{project}/service/{service_name}/tags // https://api.aiven.io/doc/#tag/Service/operation/ProjectServiceTagsReplace - // Required roles or permissions: admin, project:services:write, role:organization:admin, service:configuration:write + // Required roles or permissions: service:configuration:write ProjectServiceTagsReplace(ctx context.Context, project string, serviceName string, in *ProjectServiceTagsReplaceIn) error // ProjectServiceTagsUpdate update one or more tags, creating ones that don't exist, and deleting ones given NULL value // PATCH /v1/project/{project}/service/{service_name}/tags // https://api.aiven.io/doc/#tag/Service/operation/ProjectServiceTagsUpdate - // Required roles or permissions: admin, project:services:write, role:organization:admin, service:configuration:write + // Required roles or permissions: service:configuration:write ProjectServiceTagsUpdate(ctx context.Context, project string, serviceName string, in *ProjectServiceTagsUpdateIn) error // ServiceAlertsList list active alerts for service // GET /v1/project/{project}/service/{service_name}/alerts // https://api.aiven.io/doc/#tag/Service/operation/ServiceAlertsList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: developer, operator, read_only ServiceAlertsList(ctx context.Context, project string, serviceName string) ([]AlertOut, error) // ServiceBackupToAnotherRegionReport get service's backup to another region information // POST /v1/project/{project}/service/{service_name}/backup_to_another_region/report // https://api.aiven.io/doc/#tag/Service/operation/ServiceBackupToAnotherRegionReport - // Required roles or permissions: admin, project:services:write, read_only, role:organization:admin, service:configuration:write + // Required roles or permissions: service:configuration:write ServiceBackupToAnotherRegionReport(ctx context.Context, project string, serviceName string, in *ServiceBackupToAnotherRegionReportIn) (map[string]any, error) // ServiceBackupsGet get service backup information // GET /v1/project/{project}/service/{service_name}/backups // https://api.aiven.io/doc/#tag/Service/operation/ServiceBackupsGet + // Required roles or permissions: service:configuration:write ServiceBackupsGet(ctx context.Context, project string, serviceName string) (*ServiceBackupsGetOut, error) // ServiceCancelQuery cancel specified query from service // POST /v1/project/{project}/service/{service_name}/query/cancel // https://api.aiven.io/doc/#tag/Service/operation/ServiceCancelQuery - // Required roles or permissions: admin, role:organization:admin + // Required roles or permissions: developer, operator ServiceCancelQuery(ctx context.Context, project string, serviceName string, in *ServiceCancelQueryIn) (bool, error) // ServiceCreate create a service // POST /v1/project/{project}/service // https://api.aiven.io/doc/#tag/Service/operation/ServiceCreate - // Required roles or permissions: admin, project:services:write, role:organization:admin, role:services:recover + // Required roles or permissions: project:services:write, role:services:recover ServiceCreate(ctx context.Context, project string, in *ServiceCreateIn) (*ServiceCreateOut, error) // ServiceDatabaseCreate create a new logical database for service // POST /v1/project/{project}/service/{service_name}/db // https://api.aiven.io/doc/#tag/Service/operation/ServiceDatabaseCreate - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: developer, operator ServiceDatabaseCreate(ctx context.Context, project string, serviceName string, in *ServiceDatabaseCreateIn) error // ServiceDatabaseDelete delete a logical database // DELETE /v1/project/{project}/service/{service_name}/db/{dbname} // https://api.aiven.io/doc/#tag/Service/operation/ServiceDatabaseDelete - // Required roles or permissions: admin, role:organization:admin, service:data:write + // Required roles or permissions: developer, operator ServiceDatabaseDelete(ctx context.Context, project string, serviceName string, dbname string) error // ServiceDatabaseList list service databases // GET /v1/project/{project}/service/{service_name}/db // https://api.aiven.io/doc/#tag/Service/operation/ServiceDatabaseList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: developer, operator, read_only ServiceDatabaseList(ctx context.Context, project string, serviceName string) ([]DatabaseOut, error) // ServiceDelete terminate a service // DELETE /v1/project/{project}/service/{service_name} // https://api.aiven.io/doc/#tag/Service/operation/ServiceDelete - // Required roles or permissions: admin, project:services:write, role:organization:admin + // Required roles or permissions: project:services:write ServiceDelete(ctx context.Context, project string, serviceName string) error // ServiceEnableWrites temporarily enable writes for a service in read-only mode. Will only work if disk usage is lower than 99.0% // POST /v1/project/{project}/service/{service_name}/enable-writes // https://api.aiven.io/doc/#tag/Service/operation/ServiceEnableWrites - // Required roles or permissions: admin, role:organization:admin + // Required roles or permissions: operator ServiceEnableWrites(ctx context.Context, project string, serviceName string) (*string, error) // ServiceGet get service information // GET /v1/project/{project}/service/{service_name} // https://api.aiven.io/doc/#tag/Service/operation/ServiceGet - // Required roles or permissions: admin, project:services:read, read_only, role:organization:admin, role:services:maintenance, role:services:recover, service:secrets:read + // Required roles or permissions: project:services:read ServiceGet(ctx context.Context, project string, serviceName string, query ...[2]string) (*ServiceGetOut, error) // ServiceGetMigrationStatus get migration status // GET /v1/project/{project}/service/{service_name}/migration // https://api.aiven.io/doc/#tag/Service/operation/ServiceGetMigrationStatus + // Required roles or permissions: developer, operator, read_only ServiceGetMigrationStatus(ctx context.Context, project string, serviceName string) (*ServiceGetMigrationStatusOut, error) // ServiceIntegrationCreate create a new service integration // POST /v1/project/{project}/integration // https://api.aiven.io/doc/#tag/Service_Integrations/operation/ServiceIntegrationCreate - // Required roles or permissions: admin, project:integrations:write, role:organization:admin + // Required roles or permissions: project:integrations:write ServiceIntegrationCreate(ctx context.Context, project string, in *ServiceIntegrationCreateIn) (*ServiceIntegrationCreateOut, error) // ServiceIntegrationDelete delete a service integration // DELETE /v1/project/{project}/integration/{integration_id} // https://api.aiven.io/doc/#tag/Service_Integrations/operation/ServiceIntegrationDelete - // Required roles or permissions: admin, project:integrations:write, role:organization:admin, role:services:recover + // Required roles or permissions: project:integrations:write, role:services:recover ServiceIntegrationDelete(ctx context.Context, project string, integrationId string) error // ServiceIntegrationEndpointCreate create a new service integration endpoint // POST /v1/project/{project}/integration_endpoint // https://api.aiven.io/doc/#tag/Service_Integrations/operation/ServiceIntegrationEndpointCreate - // Required roles or permissions: admin, project:integrations:write, role:organization:admin + // Required roles or permissions: project:integrations:write ServiceIntegrationEndpointCreate(ctx context.Context, project string, in *ServiceIntegrationEndpointCreateIn) (*ServiceIntegrationEndpointCreateOut, error) // ServiceIntegrationEndpointDelete delete a service integration endpoint // DELETE /v1/project/{project}/integration_endpoint/{integration_endpoint_id} // https://api.aiven.io/doc/#tag/Service_Integrations/operation/ServiceIntegrationEndpointDelete - // Required roles or permissions: admin, project:integrations:write, role:organization:admin + // Required roles or permissions: project:integrations:write ServiceIntegrationEndpointDelete(ctx context.Context, project string, integrationEndpointId string) error // ServiceIntegrationEndpointGet get service integration endpoint // GET /v1/project/{project}/integration_endpoint/{integration_endpoint_id} // https://api.aiven.io/doc/#tag/Service_Integrations/operation/ServiceIntegrationEndpointGet - // Required roles or permissions: admin, project:integrations:read, read_only, role:organization:admin + // Required roles or permissions: project:integrations:read ServiceIntegrationEndpointGet(ctx context.Context, project string, integrationEndpointId string, query ...[2]string) (*ServiceIntegrationEndpointGetOut, error) // ServiceIntegrationEndpointList list available integration endpoints for project // GET /v1/project/{project}/integration_endpoint // https://api.aiven.io/doc/#tag/Service_Integrations/operation/ServiceIntegrationEndpointList - // Required roles or permissions: admin, project:integrations:read, read_only, role:organization:admin + // Required roles or permissions: project:integrations:read ServiceIntegrationEndpointList(ctx context.Context, project string) ([]ServiceIntegrationEndpointOut, error) // ServiceIntegrationEndpointTypes list available service integration endpoint types // GET /v1/project/{project}/integration_endpoint_types // https://api.aiven.io/doc/#tag/Service_Integrations/operation/ServiceIntegrationEndpointTypes - // Required roles or permissions: admin, project:integrations:read, read_only, role:organization:admin + // Required roles or permissions: project:integrations:read ServiceIntegrationEndpointTypes(ctx context.Context, project string) ([]EndpointTypeOut, error) // ServiceIntegrationEndpointUpdate update service integration endpoint // PUT /v1/project/{project}/integration_endpoint/{integration_endpoint_id} // https://api.aiven.io/doc/#tag/Service_Integrations/operation/ServiceIntegrationEndpointUpdate - // Required roles or permissions: admin, project:integrations:write, role:organization:admin + // Required roles or permissions: project:integrations:write ServiceIntegrationEndpointUpdate(ctx context.Context, project string, integrationEndpointId string, in *ServiceIntegrationEndpointUpdateIn) (*ServiceIntegrationEndpointUpdateOut, error) // ServiceIntegrationGet get service integration // GET /v1/project/{project}/integration/{integration_id} // https://api.aiven.io/doc/#tag/Service_Integrations/operation/ServiceIntegrationGet - // Required roles or permissions: admin, project:integrations:read, read_only, role:organization:admin + // Required roles or permissions: project:integrations:read ServiceIntegrationGet(ctx context.Context, project string, integrationId string) (*ServiceIntegrationGetOut, error) // ServiceIntegrationList list available integrations for a service // GET /v1/project/{project}/service/{service_name}/integration // https://api.aiven.io/doc/#tag/Service_Integrations/operation/ServiceIntegrationList - // Required roles or permissions: admin, project:integrations:read, read_only, role:organization:admin, role:services:recover + // Required roles or permissions: project:integrations:read, role:services:recover ServiceIntegrationList(ctx context.Context, project string, serviceName string) ([]ServiceIntegrationOut, error) // ServiceIntegrationTypes list available service integration types // GET /v1/project/{project}/integration_types // https://api.aiven.io/doc/#tag/Service_Integrations/operation/ServiceIntegrationTypes - // Required roles or permissions: admin, project:integrations:read, read_only, role:organization:admin + // Required roles or permissions: project:integrations:read ServiceIntegrationTypes(ctx context.Context, project string) ([]IntegrationTypeOut, error) // ServiceIntegrationUpdate update a service integration // PUT /v1/project/{project}/integration/{integration_id} // https://api.aiven.io/doc/#tag/Service_Integrations/operation/ServiceIntegrationUpdate - // Required roles or permissions: admin, project:integrations:write, role:organization:admin + // Required roles or permissions: project:integrations:write ServiceIntegrationUpdate(ctx context.Context, project string, integrationId string, in *ServiceIntegrationUpdateIn) (*ServiceIntegrationUpdateOut, error) // ServiceKmsGetCA retrieve a service CA // GET /v1/project/{project}/service/{service_name}/kms/ca/{ca_name} // https://api.aiven.io/doc/#tag/Service/operation/ServiceKmsGetCA + // Required roles or permissions: developer, operator, read_only ServiceKmsGetCA(ctx context.Context, project string, serviceName string, caName string) (string, error) // ServiceKmsGetKeypair retrieve service keypair // GET /v1/project/{project}/service/{service_name}/kms/keypairs/{keypair_name} // https://api.aiven.io/doc/#tag/Service/operation/ServiceKmsGetKeypair + // Required roles or permissions: operator ServiceKmsGetKeypair(ctx context.Context, project string, serviceName string, keypairName string) (*ServiceKmsGetKeypairOut, error) // ServiceList list services // GET /v1/project/{project}/service // https://api.aiven.io/doc/#tag/Service/operation/ServiceList - // Required roles or permissions: admin, project:services:read, read_only, role:organization:admin, role:services:maintenance, role:services:recover, service:secrets:read + // Required roles or permissions: project:services:read ServiceList(ctx context.Context, project string, query ...[2]string) ([]ServiceOut, error) // ServiceMaintenanceStart start maintenance updates // PUT /v1/project/{project}/service/{service_name}/maintenance/start // https://api.aiven.io/doc/#tag/Service/operation/ServiceMaintenanceStart - // Required roles or permissions: admin, role:organization:admin, role:services:maintenance + // Required roles or permissions: role:services:maintenance ServiceMaintenanceStart(ctx context.Context, project string, serviceName string) error // ServiceMetricsFetch fetch service metrics // POST /v1/project/{project}/service/{service_name}/metrics // https://api.aiven.io/doc/#tag/Service/operation/ServiceMetricsFetch + // Required roles or permissions: developer, operator, read_only ServiceMetricsFetch(ctx context.Context, project string, serviceName string, in *ServiceMetricsFetchIn) (map[string]any, error) // ServiceQueryActivity fetch current queries for the service // POST /v1/project/{project}/service/{service_name}/query/activity // https://api.aiven.io/doc/#tag/Service/operation/ServiceQueryActivity + // Required roles or permissions: developer, operator, read_only ServiceQueryActivity(ctx context.Context, project string, serviceName string, in *ServiceQueryActivityIn) ([]QueryOut, error) // ServiceQueryStatisticsReset reset service's query statistics // PUT /v1/project/{project}/service/{service_name}/query/stats/reset // https://api.aiven.io/doc/#tag/Service/operation/ServiceQueryStatisticsReset - // Required roles or permissions: admin, role:organization:admin + // Required roles or permissions: developer, operator ServiceQueryStatisticsReset(ctx context.Context, project string, serviceName string) ([]map[string]any, error) // ServiceTaskCreate create a new task for service // POST /v1/project/{project}/service/{service_name}/task // https://api.aiven.io/doc/#tag/Service/operation/ServiceTaskCreate - // Required roles or permissions: admin, role:organization:admin + // Required roles or permissions: operator ServiceTaskCreate(ctx context.Context, project string, serviceName string, in *ServiceTaskCreateIn) (*ServiceTaskCreateOut, error) // ServiceTaskGet get task result // GET /v1/project/{project}/service/{service_name}/task/{task_id} // https://api.aiven.io/doc/#tag/Service/operation/ServiceTaskGet - // Required roles or permissions: admin, role:organization:admin + // Required roles or permissions: operator ServiceTaskGet(ctx context.Context, project string, serviceName string, taskId string) (*ServiceTaskGetOut, error) // ServiceUpdate update service configuration // PUT /v1/project/{project}/service/{service_name} // https://api.aiven.io/doc/#tag/Service/operation/ServiceUpdate - // Required roles or permissions: admin, project:services:write, role:organization:admin, service:configuration:write + // Required roles or permissions: project:services:write, role:services:maintenance, role:services:recover, service:configuration:write ServiceUpdate(ctx context.Context, project string, serviceName string, in *ServiceUpdateIn, query ...[2]string) (*ServiceUpdateOut, error) // ServiceUserCreate create a new (sub) user for service // POST /v1/project/{project}/service/{service_name}/user // https://api.aiven.io/doc/#tag/Service/operation/ServiceUserCreate - // Required roles or permissions: admin, role:organization:admin, service:users:write + // Required roles or permissions: service:users:write ServiceUserCreate(ctx context.Context, project string, serviceName string, in *ServiceUserCreateIn) (*ServiceUserCreateOut, error) // ServiceUserCredentialsModify modify service user credentials // PUT /v1/project/{project}/service/{service_name}/user/{service_username} // https://api.aiven.io/doc/#tag/Service/operation/ServiceUserCredentialsModify - // Required roles or permissions: admin, role:organization:admin, service:users:write + // Required roles or permissions: service:users:write ServiceUserCredentialsModify(ctx context.Context, project string, serviceName string, serviceUsername string, in *ServiceUserCredentialsModifyIn) (*ServiceUserCredentialsModifyOut, error) // ServiceUserCredentialsReset reset service user credentials // PUT /v1/project/{project}/service/{service_name}/user/{service_username}/credentials/reset // https://api.aiven.io/doc/#tag/Service/operation/ServiceUserCredentialsReset - // Required roles or permissions: admin, role:organization:admin, service:users:write + // Required roles or permissions: service:users:write ServiceUserCredentialsReset(ctx context.Context, project string, serviceName string, serviceUsername string) (*ServiceUserCredentialsResetOut, error) // ServiceUserDelete delete a service user // DELETE /v1/project/{project}/service/{service_name}/user/{service_username} // https://api.aiven.io/doc/#tag/Service/operation/ServiceUserDelete - // Required roles or permissions: admin, role:organization:admin, service:users:write + // Required roles or permissions: service:users:write ServiceUserDelete(ctx context.Context, project string, serviceName string, serviceUsername string) error // ServiceUserGet get details for a single user // GET /v1/project/{project}/service/{service_name}/user/{service_username} // https://api.aiven.io/doc/#tag/Service/operation/ServiceUserGet - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:configuration:write, service:users:write ServiceUserGet(ctx context.Context, project string, serviceName string, serviceUsername string, query ...[2]string) (*ServiceUserGetOut, error) } diff --git a/handler/staticip/staticip.go b/handler/staticip/staticip.go index e063d16..5f42c0d 100644 --- a/handler/staticip/staticip.go +++ b/handler/staticip/staticip.go @@ -13,21 +13,25 @@ type Handler interface { // ProjectStaticIPAssociate associate a static IP address with a service // POST /v1/project/{project}/static-ips/{static_ip_address_id}/association // https://api.aiven.io/doc/#tag/StaticIP/operation/ProjectStaticIPAssociate + // Required roles or permissions: service:configuration:write ProjectStaticIPAssociate(ctx context.Context, project string, staticIpAddressId string, in *ProjectStaticIpassociateIn) (*ProjectStaticIpassociateOut, error) // ProjectStaticIPAvailabilityList list static IP address cloud availability and prices for a project // GET /v1/project/{project}/static-ip-availability // https://api.aiven.io/doc/#tag/StaticIP/operation/ProjectStaticIPAvailabilityList + // Required roles or permissions: developer, operator, read_only ProjectStaticIPAvailabilityList(ctx context.Context, project string) ([]StaticIpAddressAvailabilityOut, error) // ProjectStaticIPDissociate dissociate a static IP address from a service // DELETE /v1/project/{project}/static-ips/{static_ip_address_id}/association // https://api.aiven.io/doc/#tag/StaticIP/operation/ProjectStaticIPDissociate + // Required roles or permissions: service:configuration:write ProjectStaticIPDissociate(ctx context.Context, project string, staticIpAddressId string) (*ProjectStaticIpdissociateOut, error) // ProjectStaticIPPatch update a static IP address configuration // PATCH /v1/project/{project}/static-ips/{static_ip_address_id} // https://api.aiven.io/doc/#tag/StaticIP/operation/ProjectStaticIPPatch + // Required roles or permissions: operator ProjectStaticIPPatch(ctx context.Context, project string, staticIpAddressId string, in *ProjectStaticIppatchIn) (*ProjectStaticIppatchOut, error) // PublicStaticIPAvailabilityList list static IP clouds and prices @@ -38,13 +42,13 @@ type Handler interface { // StaticIPCreate create static IP address // POST /v1/project/{project}/static-ips // https://api.aiven.io/doc/#tag/StaticIP/operation/StaticIPCreate - // Required roles or permissions: admin, role:organization:admin + // Required roles or permissions: operator StaticIPCreate(ctx context.Context, project string, in *StaticIpcreateIn) (*StaticIpcreateOut, error) // StaticIPList list static IP addresses // GET /v1/project/{project}/static-ips // https://api.aiven.io/doc/#tag/StaticIP/operation/StaticIPList - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: developer, operator, read_only StaticIPList(ctx context.Context, project string) ([]StaticIpOut, error) } diff --git a/handler/thanos/thanos.go b/handler/thanos/thanos.go index 323a716..b71588d 100644 --- a/handler/thanos/thanos.go +++ b/handler/thanos/thanos.go @@ -13,7 +13,7 @@ type Handler interface { // ServiceThanosStorageSummary get Thanos object storage summary // GET /v1/project/{project}/service/{service_name}/thanos/storage/summary // https://api.aiven.io/doc/#tag/Service:_Thanos/operation/ServiceThanosStorageSummary - // Required roles or permissions: admin, read_only, role:organization:admin + // Required roles or permissions: service:data:write ServiceThanosStorageSummary(ctx context.Context, project string, serviceName string) (*ServiceThanosStorageSummaryOut, error) } diff --git a/handler/user/user.go b/handler/user/user.go index 41d1789..b85be76 100644 --- a/handler/user/user.go +++ b/handler/user/user.go @@ -44,7 +44,6 @@ type Handler interface { // OrganizationMemberGroupsList list user groups of the organization's member // GET /v1/organization/{organization_id}/user/{member_user_id}/user-groups // https://api.aiven.io/doc/#tag/Users/operation/OrganizationMemberGroupsList - // Required roles or permissions: role:organization:admin OrganizationMemberGroupsList(ctx context.Context, organizationId string, memberUserId string) ([]UserGroupOut, error) // TwoFactorAuthConfigure configure two-factor authentication @@ -90,7 +89,6 @@ type Handler interface { // UserAuthenticationMethodsList list linked authentication methods // GET /v1/me/authentication_methods // https://api.aiven.io/doc/#tag/Users/operation/UserAuthenticationMethodsList - // Required roles or permissions: role:organization:admin UserAuthenticationMethodsList(ctx context.Context) ([]AuthenticationMethodOut, error) // Deprecated: UserCreate create a user @@ -136,7 +134,6 @@ type Handler interface { // UserUpdate edit profile // PATCH /v1/me // https://api.aiven.io/doc/#tag/Users/operation/UserUpdate - // Required roles or permissions: admin, role:organization:admin UserUpdate(ctx context.Context, in *UserUpdateIn) (*UserUpdateOut, error) // UserVerifyEmail confirm user email address diff --git a/handler/usergroup/usergroup.go b/handler/usergroup/usergroup.go index 8a14941..cd8adaa 100644 --- a/handler/usergroup/usergroup.go +++ b/handler/usergroup/usergroup.go @@ -14,13 +14,13 @@ type Handler interface { // UserGroupCreate create a group // POST /v1/organization/{organization_id}/user-groups // https://api.aiven.io/doc/#tag/Groups/operation/UserGroupCreate - // Required roles or permissions: organization:groups:write, role:organization:admin + // Required roles or permissions: organization:groups:write UserGroupCreate(ctx context.Context, organizationId string, in *UserGroupCreateIn) (*UserGroupCreateOut, error) // UserGroupDelete delete a group // DELETE /v1/organization/{organization_id}/user-groups/{user_group_id} // https://api.aiven.io/doc/#tag/Groups/operation/UserGroupDelete - // Required roles or permissions: organization:groups:write, role:organization:admin + // Required roles or permissions: organization:groups:write UserGroupDelete(ctx context.Context, organizationId string, userGroupId string) error // UserGroupGet retrieve a group @@ -36,13 +36,13 @@ type Handler interface { // UserGroupMembersUpdate add or remove group members // PATCH /v1/organization/{organization_id}/user-groups/{user_group_id}/members // https://api.aiven.io/doc/#tag/Groups/operation/UserGroupMembersUpdate - // Required roles or permissions: organization:groups:write, role:organization:admin + // Required roles or permissions: organization:groups:write UserGroupMembersUpdate(ctx context.Context, organizationId string, userGroupId string, in *UserGroupMembersUpdateIn) error // UserGroupUpdate update a group // PATCH /v1/organization/{organization_id}/user-groups/{user_group_id} // https://api.aiven.io/doc/#tag/Groups/operation/UserGroupUpdate - // Required roles or permissions: organization:groups:write, role:organization:admin + // Required roles or permissions: organization:groups:write UserGroupUpdate(ctx context.Context, organizationId string, userGroupId string, in *UserGroupUpdateIn) (*UserGroupUpdateOut, error) // UserGroupsList list groups diff --git a/handler/vpc/vpc.go b/handler/vpc/vpc.go index 7e0c073..907dc6e 100644 --- a/handler/vpc/vpc.go +++ b/handler/vpc/vpc.go @@ -14,54 +14,55 @@ type Handler interface { // VpcCreate create a VPC in a cloud for the project // POST /v1/project/{project}/vpcs // https://api.aiven.io/doc/#tag/Project/operation/VpcCreate - // Required roles or permissions: admin, project:networking:write, role:organization:admin + // Required roles or permissions: project:networking:write VpcCreate(ctx context.Context, project string, in *VpcCreateIn) (*VpcCreateOut, error) // VpcDelete delete a project VPC // DELETE /v1/project/{project}/vpcs/{project_vpc_id} // https://api.aiven.io/doc/#tag/Project/operation/VpcDelete - // Required roles or permissions: admin, project:networking:write, role:organization:admin + // Required roles or permissions: project:networking:write VpcDelete(ctx context.Context, project string, projectVpcId string) (*VpcDeleteOut, error) // VpcGet get VPC information // GET /v1/project/{project}/vpcs/{project_vpc_id} // https://api.aiven.io/doc/#tag/Project/operation/VpcGet - // Required roles or permissions: admin, project:networking:read, read_only, role:organization:admin + // Required roles or permissions: project:networking:read VpcGet(ctx context.Context, project string, projectVpcId string) (*VpcGetOut, error) // VpcList list VPCs for a project // GET /v1/project/{project}/vpcs // https://api.aiven.io/doc/#tag/Project/operation/VpcList - // Required roles or permissions: admin, project:networking:read, read_only, role:organization:admin + // Required roles or permissions: project:networking:read VpcList(ctx context.Context, project string) ([]VpcOut, error) // VpcPeeringConnectionCreate create a peering connection for a project VPC // POST /v1/project/{project}/vpcs/{project_vpc_id}/peering-connections // https://api.aiven.io/doc/#tag/Project/operation/VpcPeeringConnectionCreate - // Required roles or permissions: admin, project:networking:write, role:organization:admin + // Required roles or permissions: project:networking:write VpcPeeringConnectionCreate(ctx context.Context, project string, projectVpcId string, in *VpcPeeringConnectionCreateIn) (*VpcPeeringConnectionCreateOut, error) // VpcPeeringConnectionDelete delete a peering connection for a project VPC // DELETE /v1/project/{project}/vpcs/{project_vpc_id}/peering-connections/peer-accounts/{peer_cloud_account}/peer-vpcs/{peer_vpc} // https://api.aiven.io/doc/#tag/Project/operation/VpcPeeringConnectionDelete - // Required roles or permissions: admin, project:networking:write, role:organization:admin + // Required roles or permissions: project:networking:write VpcPeeringConnectionDelete(ctx context.Context, project string, projectVpcId string, peerCloudAccount string, peerVpc string) (*VpcPeeringConnectionDeleteOut, error) // VpcPeeringConnectionUpdate update user-defined peer network CIDRs for a project VPC // PUT /v1/project/{project}/vpcs/{project_vpc_id}/user-peer-network-cidrs // https://api.aiven.io/doc/#tag/Project/operation/VpcPeeringConnectionUpdate + // Required roles or permissions: project:networking:write VpcPeeringConnectionUpdate(ctx context.Context, project string, projectVpcId string, in *VpcPeeringConnectionUpdateIn) (*VpcPeeringConnectionUpdateOut, error) // VpcPeeringConnectionWithRegionDelete delete a peering connection for a project VPC // DELETE /v1/project/{project}/vpcs/{project_vpc_id}/peering-connections/peer-accounts/{peer_cloud_account}/peer-vpcs/{peer_vpc}/peer-regions/{peer_region} // https://api.aiven.io/doc/#tag/Project/operation/VpcPeeringConnectionWithRegionDelete - // Required roles or permissions: admin, project:networking:write, role:organization:admin + // Required roles or permissions: project:networking:write VpcPeeringConnectionWithRegionDelete(ctx context.Context, project string, projectVpcId string, peerCloudAccount string, peerVpc string, peerRegion string) (*VpcPeeringConnectionWithRegionDeleteOut, error) // VpcPeeringConnectionWithResourceGroupDelete delete a peering connection for a project VPC // DELETE /v1/project/{project}/vpcs/{project_vpc_id}/peering-connections/peer-accounts/{peer_cloud_account}/peer-resource-groups/{peer_resource_group}/peer-vpcs/{peer_vpc} // https://api.aiven.io/doc/#tag/Project/operation/VpcPeeringConnectionWithResourceGroupDelete - // Required roles or permissions: admin, project:networking:write, role:organization:admin + // Required roles or permissions: project:networking:write VpcPeeringConnectionWithResourceGroupDelete(ctx context.Context, project string, projectVpcId string, peerCloudAccount string, peerResourceGroup string, peerVpc string) (*VpcPeeringConnectionWithResourceGroupDeleteOut, error) } diff --git a/permissions.go b/permissions.go index 721da0f..5a07332 100644 --- a/permissions.go +++ b/permissions.go @@ -2,16 +2,23 @@ package aiven import ( _ "embed" + "fmt" "gopkg.in/yaml.v3" ) //go:embed permissions.yaml -var permissionBytes []byte +var permissionsBytes []byte +var permissionsMap map[string][]string + +func init() { + err := yaml.Unmarshal(permissionsBytes, &permissionsMap) + if err != nil { + panic(fmt.Sprintf("Error parsing permissions: %v", err)) + } +} // Permissions returns the map of operation IDs to permission strings. -func Permissions() (map[string][]string, error) { - var m map[string][]string - err := yaml.Unmarshal(permissionBytes, &m) - return m, err +func Permissions() map[string][]string { + return permissionsMap } diff --git a/permissions.yaml b/permissions.yaml index d2b4384..ab4d964 100644 --- a/permissions.yaml +++ b/permissions.yaml @@ -1,739 +1,599 @@ -AccountBillingGroupList: +AccountAuthenticationMethodCreate: - role:organization:admin +AccountAuthenticationMethodDelete: + - role:organization:admin +AccountAuthenticationMethodGet: + - role:organization:admin +AccountAuthenticationMethodUpdate: + - role:organization:admin +AccountAuthenticationMethodsList: + - role:organization:admin +AlloyDbOmniGoogleCloudPrivateKeyIdentify: + - service:data:write +AlloyDbOmniGoogleCloudPrivateKeyRemove: + - service:data:write +AlloyDbOmniGoogleCloudPrivateKeySet: + - service:data:write ApplicationUserAccessTokenCreate: - organization:app_users:write - - role:organization:admin ApplicationUserAccessTokenDelete: - organization:app_users:write - - role:organization:admin ApplicationUserAccessTokensList: - - role:organization:admin + - organization:app_users:write ApplicationUserCreate: - organization:app_users:write - - role:organization:admin ApplicationUserDelete: - organization:app_users:write - - role:organization:admin ApplicationUserGet: - - role:organization:admin + - organization:app_users:write ApplicationUserUpdate: - organization:app_users:write - - role:organization:admin -BillingGroupCreate: - - organization:billing:write - - role:organization:admin +ApplicationUsersList: + - organization:app_users:write BillingGroupCreditsClaim: - - admin - - role:organization:admin + - developer + - operator BillingGroupCreditsList: - - admin + - developer + - operator - read_only - - role:organization:admin -BillingGroupDelete: - - admin - - role:organization:admin BillingGroupEventList: - - admin + - developer + - operator - read_only - - role:organization:admin BillingGroupGet: - - admin + - developer + - operator - read_only - - role:organization:admin BillingGroupInvoiceCsvGet: - - admin - - role:organization:admin + - operator BillingGroupInvoiceLinesList: - - admin - - role:organization:admin + - operator BillingGroupInvoiceList: - - admin + - developer + - operator - read_only - - role:organization:admin -BillingGroupList: - - organization:billing:read - - role:organization:admin -BillingGroupProjectAssign: - - admin - - role:organization:admin BillingGroupProjectList: - - admin + - developer + - operator - read_only - - role:organization:admin -BillingGroupProjectsAssign: - - admin - - role:organization:admin -BillingGroupUpdate: - - admin - - role:organization:admin +ListProjectClouds: + - project:services:write +ListProjectServiceTypes: + - project:services:read +ListProjectVpcPeeringConnectionTypes: + - project:networking:read +MySQLServiceQueryStatistics: + - service:data:write OrganizationAddressCreate: - organization:billing:write - - role:organization:admin OrganizationAddressDelete: - organization:billing:write - - role:organization:admin +OrganizationAddressGet: + - organization:billing:read + - organization:billing:write OrganizationAddressList: - organization:billing:read - - role:organization:admin + - organization:billing:write OrganizationAddressUpdate: - organization:billing:write - - role:organization:admin OrganizationBillingGroupCreate: - organization:billing:write - - role:organization:admin OrganizationBillingGroupDelete: - organization:billing:write - - role:organization:admin OrganizationBillingGroupGet: - organization:billing:read - - role:organization:admin + - organization:billing:write OrganizationBillingGroupList: - organization:billing:read - - role:organization:admin + - organization:billing:write + - organization:projects:write OrganizationBillingGroupUpdate: - organization:billing:write - - role:organization:admin OrganizationDomainAdd: - organization:domains:write - - role:organization:admin OrganizationDomainUpdate: - organization:domains:write - - role:organization:admin OrganizationDomainVerify: - organization:domains:write - - role:organization:admin OrganizationDomainsList: - - role:organization:admin + - organization:domains:write OrganizationDomainsRemove: - organization:domains:write - - role:organization:admin -OrganizationMemberGroupsList: - - role:organization:admin -OrganizationProjectsCreate: +OrganizationProjectsDelete: + - organization:projects:write +OrganizationProjectsGet: + - project:services:read +OrganizationProjectsUpdate: - organization:projects:write - - role:organization:admin -OrganizationProjectsList: - - role:organization:admin OrganizationUserAuthenticationMethodsList: - - role:organization:admin + - organization:users:write +OrganizationUserDelete: + - organization:users:write +OrganizationUserInvitationDelete: + - organization:users:write OrganizationUserInvitationsList: - - role:organization:admin + - organization:users:write +OrganizationUserInvite: + - organization:users:write +OrganizationUserPasswordReset: + - organization:users:write OrganizationUserRevokeToken: - organization:users:write - - role:organization:admin OrganizationUserTokensList: - - role:organization:admin + - organization:users:write OrganizationUserUpdate: - - role:organization:admin + - organization:users:write OrganizationVpcCreate: - organization:networking:write - - role:organization:admin OrganizationVpcDelete: - organization:networking:write - - role:organization:admin OrganizationVpcGet: - organization:networking:read - - role:organization:admin OrganizationVpcList: - organization:networking:read - - role:organization:admin OrganizationVpcPeeringConnectionCreate: - organization:networking:write - - role:organization:admin -PermissionsGet: - - role:organization:admin -PermissionsSet: - - role:organization:admin -PermissionsUpdate: - - role:organization:admin +OrganizationVpcPeeringConnectionDeleteById: + - organization:networking:write +PGServiceAvailableExtensions: + - service:data:write +PGServiceQueryStatistics: + - service:data:write ProjectAlertsList: - - admin + - developer + - operator - read_only - - role:organization:admin -ProjectCreate: - - organization:projects:write - - role:organization:admin ProjectCreditsClaim: - - admin - - role:organization:admin + - developer + - operator ProjectCreditsList: - - admin + - developer + - operator - read_only - - role:organization:admin ProjectDelete: - - admin - organization:projects:write - - role:organization:admin +ProjectDownloadSBOMReport: + - developer + - operator + - read_only ProjectGenerateSbomDownloadUrl: - - admin + - developer + - operator - read_only - - role:organization:admin ProjectGet: - - admin - project:services:read - - read_only - - role:organization:admin - - role:services:maintenance - - role:services:recover - - service:secrets:read ProjectGetEventLogs: - - admin - project:audit_logs:read - - read_only - - role:organization:admin -ProjectInvite: - - admin - - role:organization:admin -ProjectInviteDelete: - - admin - - role:organization:admin +ProjectGetServiceLogs: + - service:logs:read ProjectInvoiceList: - - admin + - developer + - operator - read_only - - role:organization:admin ProjectKmsGetCA: - - admin - - read_only - - role:organization:admin -ProjectList: - - role:organization:admin + - organization:projects:write +ProjectPrivatelinkAvailabilityList: + - project:services:write ProjectServicePlanList: - - admin + - developer + - operator - read_only - - role:organization:admin ProjectServicePlanPriceGet: - - admin + - developer + - operator - read_only - - role:organization:admin -ProjectServiceTagsList: - - admin +ProjectServicePlanSpecsGet: + - developer + - operator - read_only - - role:organization:admin +ProjectServiceTagsList: + - service:configuration:write ProjectServiceTagsReplace: - - admin - - project:services:write - - role:organization:admin - service:configuration:write ProjectServiceTagsUpdate: - - admin - - project:services:write - - role:organization:admin - service:configuration:write +ProjectServiceTypesGet: + - developer + - operator + - read_only ProjectServiceTypesList: - - admin - project:services:read +ProjectStaticIPAssociate: + - service:configuration:write +ProjectStaticIPAvailabilityList: + - developer + - operator - read_only - - role:organization:admin - - role:services:maintenance - - role:services:recover - - service:secrets:read +ProjectStaticIPDissociate: + - service:configuration:write +ProjectStaticIPPatch: + - operator ProjectTagsList: - - admin + - developer + - operator - read_only - - role:organization:admin -ProjectTagsReplace: - - admin - - role:organization:admin -ProjectTagsUpdate: - - admin - - role:organization:admin ProjectUpdate: - - admin - organization:projects:write - - role:organization:admin ProjectUserList: - - admin + - developer + - operator - read_only - - role:organization:admin -ProjectUserRemove: - - admin - - role:organization:admin -ProjectUserUpdate: - - admin - - role:organization:admin -ProjectGetServiceLogs: - - admin - - read_only - - role:organization:admin - - service:logs:read ServiceAlertsList: - - admin + - developer + - operator - read_only - - role:organization:admin ServiceBackupToAnotherRegionReport: - - admin - - project:services:write - - read_only - - role:organization:admin + - service:configuration:write +ServiceBackupsGet: - service:configuration:write ServiceCancelQuery: - - admin - - role:organization:admin + - developer + - operator ServiceClickHouseCurrentQueries: - - admin - - read_only - - role:organization:admin + - service:data:write ServiceClickHouseDatabaseCreate: - - admin - - role:organization:admin - service:data:write ServiceClickHouseDatabaseDelete: - - admin - - role:organization:admin - service:data:write ServiceClickHouseDatabaseList: - - admin - - read_only - - role:organization:admin + - service:data:write ServiceClickHousePasswordReset: - - admin - - role:organization:admin - service:data:write - service:users:write ServiceClickHouseQuery: - - admin - - role:organization:admin - service:data:write ServiceClickHouseQueryStats: - - admin - - read_only - - role:organization:admin + - service:data:write ServiceClickHouseTieredStorageSummary: - - admin - - read_only - - role:organization:admin + - service:data:write ServiceClickHouseUserCreate: - - admin - - role:organization:admin - service:data:write - service:users:write ServiceClickHouseUserDelete: - - admin - - role:organization:admin - service:data:write - service:users:write ServiceClickHouseUserList: - - admin - - read_only - - role:organization:admin + - service:data:write + - service:users:write ServiceCreate: - - admin - project:services:write - - role:organization:admin - role:services:recover ServiceDatabaseCreate: - - admin - - role:organization:admin - - service:data:write + - developer + - operator ServiceDatabaseDelete: - - admin - - role:organization:admin - - service:data:write + - developer + - operator ServiceDatabaseList: - - admin + - developer + - operator - read_only - - role:organization:admin ServiceDelete: - - admin - project:services:write - - role:organization:admin ServiceEnableWrites: - - admin - - role:organization:admin + - operator +ServiceFlinkCancelApplicationDeployment: + - service:data:write +ServiceFlinkCancelJarApplicationDeployment: + - service:data:write +ServiceFlinkCreateApplication: + - service:data:write +ServiceFlinkCreateApplicationDeployment: + - service:data:write +ServiceFlinkCreateApplicationVersion: + - service:data:write +ServiceFlinkCreateJarApplication: + - service:data:write +ServiceFlinkCreateJarApplicationDeployment: + - service:data:write +ServiceFlinkCreateJarApplicationVersion: + - service:data:write +ServiceFlinkDeleteApplication: + - service:data:write +ServiceFlinkDeleteApplicationDeployment: + - service:data:write +ServiceFlinkDeleteApplicationVersion: + - service:data:write +ServiceFlinkDeleteJarApplication: + - service:data:write +ServiceFlinkDeleteJarApplicationDeployment: + - service:data:write +ServiceFlinkDeleteJarApplicationVersion: + - service:data:write +ServiceFlinkGetApplication: + - service:data:write +ServiceFlinkGetApplicationDeployment: + - service:data:write +ServiceFlinkGetApplicationVersion: + - service:data:write +ServiceFlinkGetJarApplication: + - service:data:write +ServiceFlinkGetJarApplicationDeployment: + - service:data:write +ServiceFlinkGetJarApplicationVersion: + - service:data:write ServiceFlinkJobDetails: - - admin - - role:organization:admin + - service:data:write +ServiceFlinkJobsList: + - service:data:write +ServiceFlinkListApplicationDeployments: + - service:data:write +ServiceFlinkListApplications: + - service:data:write +ServiceFlinkListJarApplicationDeployments: + - service:data:write +ServiceFlinkListJarApplications: + - service:data:write ServiceFlinkOverview: - - admin - - role:organization:admin + - service:data:write +ServiceFlinkStopApplicationDeployment: + - service:data:write +ServiceFlinkStopJarApplicationDeployment: + - service:data:write +ServiceFlinkUpdateApplication: + - service:data:write +ServiceFlinkUpdateJarApplication: + - service:data:write +ServiceFlinkValidateApplicationVersion: + - service:data:write ServiceGet: - - admin - project:services:read +ServiceGetMigrationStatus: + - developer + - operator - read_only - - role:organization:admin - - role:services:maintenance - - role:services:recover - - service:secrets:read ServiceIntegrationCreate: - - admin - project:integrations:write - - role:organization:admin ServiceIntegrationDelete: - - admin - project:integrations:write - - role:organization:admin - role:services:recover ServiceIntegrationEndpointCreate: - - admin - project:integrations:write - - role:organization:admin ServiceIntegrationEndpointDelete: - - admin - project:integrations:write - - role:organization:admin ServiceIntegrationEndpointGet: - - admin - project:integrations:read - - read_only - - role:organization:admin ServiceIntegrationEndpointList: - - admin - project:integrations:read - - read_only - - role:organization:admin ServiceIntegrationEndpointTypes: - - admin - project:integrations:read - - read_only - - role:organization:admin ServiceIntegrationEndpointUpdate: - - admin - project:integrations:write - - role:organization:admin ServiceIntegrationGet: - - admin - project:integrations:read - - read_only - - role:organization:admin ServiceIntegrationList: - - admin - project:integrations:read - - read_only - - role:organization:admin - role:services:recover ServiceIntegrationTypes: - - admin - project:integrations:read - - read_only - - role:organization:admin ServiceIntegrationUpdate: - - admin - project:integrations:write - - role:organization:admin ServiceKafkaAclAdd: - - admin - - role:organization:admin - service:data:write ServiceKafkaAclDelete: - - admin - - role:organization:admin - service:data:write ServiceKafkaAclList: - - admin - - read_only - - role:organization:admin + - service:data:write +ServiceKafkaConnectCreateConnector: + - service:data:write +ServiceKafkaConnectDeleteConnector: + - service:data:write +ServiceKafkaConnectEditConnector: + - service:data:write ServiceKafkaConnectGetAvailableConnectors: - - admin - - role:organization:admin + - service:data:write +ServiceKafkaConnectGetConnectorConfiguration: + - service:data:write ServiceKafkaConnectGetConnectorStatus: - - admin - - read_only - - role:organization:admin + - service:data:write ServiceKafkaConnectList: - - admin - - read_only - - role:organization:admin + - service:data:write ServiceKafkaConnectPauseConnector: - - admin - - role:organization:admin - service:data:write ServiceKafkaConnectRestartConnector: - - admin - - role:organization:admin + - service:data:write +ServiceKafkaConnectRestartConnectorTask: - service:data:write ServiceKafkaConnectResumeConnector: - - admin - - role:organization:admin + - service:data:write +ServiceKafkaMirrorMakerCreateReplicationFlow: + - service:data:write +ServiceKafkaMirrorMakerDeleteReplicationFlow: + - service:data:write +ServiceKafkaMirrorMakerGetReplicationFlow: + - service:data:write +ServiceKafkaMirrorMakerGetReplicationFlows: + - service:data:write +ServiceKafkaMirrorMakerPatchReplicationFlow: - service:data:write ServiceKafkaNativeAclAdd: - - admin - - role:organization:admin - service:data:write ServiceKafkaNativeAclDelete: - - admin - - role:organization:admin - service:data:write ServiceKafkaNativeAclGet: - - admin - - read_only - - role:organization:admin + - service:data:write ServiceKafkaNativeAclList: - - admin - - read_only - - role:organization:admin + - service:data:write ServiceKafkaQuotaCreate: - - admin - - role:organization:admin - service:data:write ServiceKafkaQuotaDelete: - - admin - - role:organization:admin - service:data:write ServiceKafkaQuotaDescribe: - - admin - - role:organization:admin + - service:data:write ServiceKafkaQuotaList: - - admin - - role:organization:admin + - service:data:write ServiceKafkaTieredStorageStorageUsageByTopic: - - admin - - read_only - - role:organization:admin + - service:data:write ServiceKafkaTieredStorageStorageUsageTotal: - - admin - - read_only - - role:organization:admin + - service:data:write ServiceKafkaTieredStorageSummary: - - admin - - read_only - - role:organization:admin + - service:data:write ServiceKafkaTopicCreate: - - admin - - role:organization:admin + - developer + - operator ServiceKafkaTopicDelete: - - admin - - role:organization:admin - service:data:write ServiceKafkaTopicGet: - - admin - - read_only - - role:organization:admin + - service:data:write ServiceKafkaTopicList: - - admin - - read_only - - role:organization:admin -ServiceKafkaTopicListV2: - - admin - - read_only - - role:organization:admin - service:data:write ServiceKafkaTopicMessageList: - - admin - - read_only - - role:organization:admin - service:data:write ServiceKafkaTopicMessageProduce: - - admin - - role:organization:admin - service:data:write ServiceKafkaTopicUpdate: - - admin - - role:organization:admin - service:data:write +ServiceKmsGetCA: + - developer + - operator + - read_only +ServiceKmsGetKeypair: + - operator ServiceList: - - admin - project:services:read - - read_only - - role:organization:admin - - role:services:maintenance - - role:services:recover - - service:secrets:read ServiceMaintenanceStart: - - admin - - role:organization:admin - role:services:maintenance -ServiceOpenSearchAclGet: - - admin +ServiceMetricsFetch: + - developer + - operator - read_only - - role:organization:admin +ServiceOpenSearchAclGet: + - service:data:write ServiceOpenSearchAclSet: - - admin - - role:organization:admin - service:data:write ServiceOpenSearchAclUpdate: - - admin - - role:organization:admin - service:data:write ServiceOpenSearchIndexDelete: - - admin - - role:organization:admin - service:data:write ServiceOpenSearchIndexList: - - admin - - read_only - - role:organization:admin + - service:data:write ServiceOpenSearchSecurityGet: - - admin - - read_only - - role:organization:admin + - service:data:write +ServiceOpenSearchSecurityReset: + - service:data:write ServiceOpenSearchSecuritySet: - - admin - - read_only - - role:organization:admin - service:data:write ServicePGBouncerCreate: - - admin - - role:organization:admin - service:data:write ServicePGBouncerDelete: - - admin - - role:organization:admin - service:data:write ServicePGBouncerUpdate: - - admin - - role:organization:admin - service:data:write ServicePrivatelinkAWSConnectionList: - - admin - - read_only - - role:organization:admin + - service:configuration:write ServicePrivatelinkAWSCreate: - - admin - - project:services:write - - role:organization:admin - service:configuration:write ServicePrivatelinkAWSDelete: - - admin - - project:services:write - - role:organization:admin - service:configuration:write ServicePrivatelinkAWSGet: - - admin - - read_only - - role:organization:admin + - service:configuration:write ServicePrivatelinkAWSUpdate: - - admin - - project:services:write - - role:organization:admin - service:configuration:write ServicePrivatelinkAzureConnectionApproval: - - admin - - project:services:write - - role:organization:admin - service:configuration:write ServicePrivatelinkAzureConnectionList: - - admin - - read_only - - role:organization:admin + - service:configuration:write ServicePrivatelinkAzureConnectionUpdate: - - admin - - project:services:write - - role:organization:admin - service:configuration:write ServicePrivatelinkAzureCreate: - - admin - - project:services:write - - role:organization:admin - service:configuration:write ServicePrivatelinkAzureDelete: - - admin - - project:services:write - - role:organization:admin - service:configuration:write ServicePrivatelinkAzureGet: - - admin - - read_only - - role:organization:admin + - service:configuration:write ServicePrivatelinkAzureUpdate: - - admin - - project:services:write - - role:organization:admin - service:configuration:write +ServiceQueryActivity: + - developer + - operator + - read_only ServiceQueryStatisticsReset: - - admin - - role:organization:admin + - developer + - operator +ServiceSchemaRegistryAclAdd: + - service:data:write +ServiceSchemaRegistryAclDelete: + - service:data:write +ServiceSchemaRegistryAclList: + - service:data:write +ServiceSchemaRegistryCompatibility: + - service:data:write +ServiceSchemaRegistryGlobalConfigGet: + - service:data:write +ServiceSchemaRegistryGlobalConfigPut: + - service:data:write ServiceSchemaRegistrySchemaGet: - - admin - - read_only - - role:organization:admin + - service:data:write ServiceSchemaRegistrySubjectConfigGet: - - admin - - read_only - - role:organization:admin + - service:data:write ServiceSchemaRegistrySubjectConfigPut: - - admin - - role:organization:admin + - service:data:write +ServiceSchemaRegistrySubjectDelete: + - service:data:write +ServiceSchemaRegistrySubjectVersionDelete: + - service:data:write +ServiceSchemaRegistrySubjectVersionGet: + - service:data:write +ServiceSchemaRegistrySubjectVersionPost: + - service:data:write +ServiceSchemaRegistrySubjectVersionSchemaGet: + - service:data:write +ServiceSchemaRegistrySubjectVersionsGet: + - service:data:write +ServiceSchemaRegistrySubjects: - service:data:write ServiceTaskCreate: - - admin - - role:organization:admin + - operator ServiceTaskGet: - - admin - - role:organization:admin + - operator ServiceThanosStorageSummary: - - admin - - read_only - - role:organization:admin + - service:data:write ServiceUpdate: - - admin - project:services:write - - role:organization:admin + - role:services:maintenance + - role:services:recover - service:configuration:write ServiceUserCreate: - - admin - - role:organization:admin - service:users:write ServiceUserCredentialsModify: - - admin - - role:organization:admin - service:users:write ServiceUserCredentialsReset: - - admin - - role:organization:admin - service:users:write ServiceUserDelete: - - admin - - role:organization:admin - service:users:write ServiceUserGet: - - admin - - read_only - - role:organization:admin + - service:configuration:write + - service:users:write StaticIPCreate: - - admin - - role:organization:admin + - operator StaticIPList: - - admin + - developer + - operator - read_only - - role:organization:admin -UserAuthenticationMethodsList: - - role:organization:admin UserGroupCreate: - organization:groups:write - - role:organization:admin UserGroupDelete: - organization:groups:write - - role:organization:admin UserGroupMembersUpdate: - organization:groups:write - - role:organization:admin UserGroupUpdate: - organization:groups:write - - role:organization:admin -UserUpdate: - - admin - - role:organization:admin VpcCreate: - - admin - project:networking:write - - role:organization:admin VpcDelete: - - admin - project:networking:write - - role:organization:admin VpcGet: - - admin - project:networking:read - - read_only - - role:organization:admin VpcList: - - admin - project:networking:read - - read_only - - role:organization:admin VpcPeeringConnectionCreate: - - admin - project:networking:write - - role:organization:admin VpcPeeringConnectionDelete: - - admin - project:networking:write - - role:organization:admin +VpcPeeringConnectionUpdate: + - project:networking:write VpcPeeringConnectionWithRegionDelete: - - admin - project:networking:write - - role:organization:admin VpcPeeringConnectionWithResourceGroupDelete: - - admin - project:networking:write - - role:organization:admin diff --git a/permissions_test.go b/permissions_test.go index e27f2f4..10ac219 100644 --- a/permissions_test.go +++ b/permissions_test.go @@ -7,23 +7,16 @@ import ( "github.com/stretchr/testify/require" ) -func TestPermissions_ProjectGet(t *testing.T) { - permissions, err := Permissions() - require.NoError(t, err) +func TestPermissions_ServiceGet(t *testing.T) { + permissions := Permissions() require.NotNil(t, permissions) - projectGetPerms, exists := permissions["ProjectGet"] - require.True(t, exists, "ProjectGet should exist in permissions map") + serviceGetPerms, exists := permissions["ServiceGet"] + require.True(t, exists, "ServiceGet should exist in permissions map") expectedPerms := []string{ - "admin", "project:services:read", - "read_only", - "role:organization:admin", - "role:services:maintenance", - "role:services:recover", - "service:secrets:read", } - assert.ElementsMatch(t, expectedPerms, projectGetPerms, "ProjectGet permissions should match expected values") + assert.ElementsMatch(t, expectedPerms, serviceGetPerms, "ServiceGet permissions should match expected values") }