trove/api-ref/source/user-management.inc

304 lines
10 KiB
PHP
Raw Normal View History

.. -*- rst -*-
=============
Users (users)
=============
Creates, lists all, and deletes users.
Enable root user
~~~~~~~~~~~~~~~~
.. rest_method:: POST /v1.0/{project_id}/instances/{instanceId}/root
Enables the root user for a database instance and returns the root password.
This operation generates a root password for the root user and
enables the root user to log in from any host.
Changes that you make as a root user can impact the database instance
and API operations in unpredictable and detrimental ways. When you
enable the root user, you accept the possibility that we cannot
support your database instance. We might not be able to assist you if
you change core database settings. These changes can be, but are not
limited to, turning off bin logs, removing users that we use to access
your instance, and so on.
Normal response codes: 200
Error response codes: badRequest(400), unauthorized(401), forbidden(403),
itemNotFound(404), badMethod(405), overLimit(413), unprocessableEntity(422),
instanceFault(500), notImplemented(501), serviceUnavailable(503)
Request
-------
.. rest_parameters:: parameters.yaml
- instanceId: instanceId
- project_id: project_id
Response Example
----------------
.. literalinclude:: samples/db-enable-root-user-response.json
:language: javascript
Show root-enabled status for database instance
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. rest_method:: GET /v1.0/{project_id}/instances/{instanceId}/root
Shows root-enabled status for a database instance.
Returns ``true`` if root user is enabled for a database instance.
Otherwise, returns ``false``.
Normal response codes: 200
Error response codes: badRequest(400), unauthorized(401), forbidden(403),
itemNotFound(404), badMethod(405), overLimit(413), unprocessableEntity(422),
instanceFault(500), notImplemented(501), serviceUnavailable(503)
Request
-------
.. rest_parameters:: parameters.yaml
- instanceId: instanceId
- project_id: project_id
Response Example
----------------
.. literalinclude:: samples/db-check-root-user-response.json
:language: javascript
Disable root user
~~~~~~~~~~~~~~~~~
.. rest_method:: DELETE /v1.0/{project_id}/instances/{instanceId}/root
Disables the root user.
Normal response codes: 204
Error response codes: badRequest(400), unauthorized(401), forbidden(403),
itemNotFound(404), badMethod(405), overLimit(413), unprocessableEntity(422),
instanceFault(500), notImplemented(501), serviceUnavailable(503)
Request
-------
.. rest_parameters:: parameters.yaml
- instanceId: instanceId
- project_id: project_id
Delete user
~~~~~~~~~~~
.. rest_method:: DELETE /v1.0/{project_id}/instances/{instanceId}/users/{name}
Deletes a user for a database instance.
Normal response codes: 202
Error response codes: badRequest(400), unauthorized(401), forbidden(403),
itemNotFound(404), badMethod(405), overLimit(413), unprocessableEntity(422),
instanceFault(500), notImplemented(501), serviceUnavailable(503)
Request
-------
.. rest_parameters:: parameters.yaml
- instanceId: instanceId
- project_id: project_id
unwedge the gate This commit is a composite of two commits [1] and [2] to help unwedge the gate. Both of them are required for the gate to possibly pass. It introduces an unsafe change to unblock the gate temporarily. It still needs to be debugged and addressed. The change in question is in _remove_incompatible_context_args() in trove/common/context.py. Without this check, initial tests indicate that the system works as expected and testing locally is successful. Why this is the case, I don't know yet but will investigate in parallel. [1] https://review.openstack.org/#/c/425857/ [2] https://review.openstack.org/#/c/423086/ [3] https://review.openstack.org/#/c/412497 From [1] Fix a ``tox -eapi-ref`` warning Currently, generating api-ref results in a warning that is treated as an error. See [1]. Since api-ref is now a jenkins voting gate, this needs to be fixed. [1] http://logs.openstack.org/56/401456/9/check/gate-trove-api-ref/e2e0d9d/console.html#_2017-01-26_17_23_10_952073 From [2] SessionClient' object has no attribute 'user' Now gate py27 and py34 are being error:'SessionClient' object has no attribute 'user'" I observed that this is because novaclient from 6.0.0 into 7.0.0 caused, In novaclient 7.0.0,password and username is merge to auth[1],[2], I tried to make a change, get password and username from auth[3]. [1]:https://github.com/openstack/python-novaclient/blob/6.0.0/novaclient/client.py#L164 [2]:https://github.com/openstack/python-novaclient/blob/7.0.0/novaclient/client.py#L147 [3]:https://github.com/openstack/keystoneauth/blob/master/keystoneauth1/identity/generic/password.py#L37 Change-Id: I6fb2bdcc4b83457e08b24599fb4a297ef6ec6c14 Closes-Bug: #1657968 Co-Authored-By: Andrey Kurilin <akurilin@mirantis.com> Co-Authored-By: jiansong <jian.song@easystack.cn> Co-Authored-By: Tin Lam <tinlam@gmail.com> Related: I45a40d599b3a302726dc21e409a8da26c9f1f741 Related: I93c1942bb41bd77ea169f0e47d37132ce5d3637d Related: I41f4144821e491da689c188e25bc2b916867bdca
2017-01-28 21:56:42 -05:00
- name: user_name
Create user
~~~~~~~~~~~
.. rest_method:: POST /v1.0/{project_id}/instances/{instanceId}/users
Creates a user for a database instance.
Asynchronously provisions a new user for the database instance by
using the configuration that you define in the request object.
After the API validates the request and starts progress on the
provisioning process, the call returns the ``Accepted (202)``
response code.
If the API cannot fulfill the corresponding request due to
insufficient data or data that is not valid, the API returns the
``Bad Request (400)`` response code with information about the
nature of the failure. You cannot recover from validation errors.
You must correct the cause of the failure and the request again.
This table lists the required attributes for creating users:
**Required attributes for user**
+-----------------+------+------------------------------------+----------+
| Applies to | Name | Description | Required |
+-----------------+------+------------------------------------+----------+
| User | name | Name of the user for the database. | Yes |
+-----------------+------+------------------------------------+----------+
| password | | User password for database access. | Yes |
+-----------------+------+-------------------------+----------+----------+
| (database) name | | Name of the database(s) that the | |
| | | user can access. You can specify | No |
| | | one or more database names. | |
+-----------------+------+------------------------------------+----------+
Name of the database that the user can access. You can specify one or more
database names.
**Notes**
- The operation grants the user all privileges on the databases.
- Do not use the ``root`` user name, which is reserved.
These tables list the valid characters for database names, user
names, and passwords.
**Valid characters in database name, user name, and password**
+---------------------------------------------------------------------------------------------------------------------------------+
| Character |
+---------------------------------------------------------------------------------------------------------------------------------+
| Letters (upper and lower cases allowed) |
+---------------------------------------------------------------------------------------------------------------------------------+
| Numbers |
+---------------------------------------------------------------------------------------------------------------------------------+
| ``@``, ``?``, ``#``, and spaces are allowed, but **not** at the beginning and end of the database name, user name, and password |
+---------------------------------------------------------------------------------------------------------------------------------+
| ``_`` is allowed anywhere in the database name, user name, and password |
+---------------------------------------------------------------------------------------------------------------------------------+
**Characters that are not allowed in database name, user name, and password**
+---------------------------------------------------------+
| Character |
+---------------------------------------------------------+
| Single quotes |
+---------------------------------------------------------+
| Double quotes |
+---------------------------------------------------------+
| Back quotes |
+---------------------------------------------------------+
| Semicolons |
+---------------------------------------------------------+
| Commas |
+---------------------------------------------------------+
| Back slashes |
+---------------------------------------------------------+
| Forward slashes |
+---------------------------------------------------------+
| Spaces at the front or end of the user name or password |
+---------------------------------------------------------+
**Length restrictions for database name, user name, and password**
+------------------------------+-----------------------------+
| Restriction | Value |
+------------------------------+-----------------------------+
| Database name maximum length | 64 |
+------------------------------+-----------------------------+
| User name maximum length | 16 |
+------------------------------+-----------------------------+
| Password maximum length | unlimited (no restrictions) |
+------------------------------+-----------------------------+
Normal response codes: 202
Error response codes: badRequest(400), unauthorized(401), forbidden(403),
itemNotFound(404), badMethod(405), overLimit(413), unprocessableEntity(422),
instanceFault(500), notImplemented(501), serviceUnavailable(503)
Request
-------
.. rest_parameters:: parameters.yaml
- instanceId: instanceId
- project_id: project_id
Request Example
---------------
.. literalinclude:: samples/db-create-users-request.json
:language: javascript
List database instance users
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.. rest_method:: GET /v1.0/{project_id}/instances/{instanceId}/users
Lists the users in a database instance and the associated databases for that
user.
This operation does not return system users. A system user is a
database administrator who administers the health of the database.
Also, this operation returns the ``root`` user only if it is
enabled.
The following notes apply to MySQL users:
- User names can be up to 16 characters long.
- When you create accounts with INSERT, you must use FLUSH
PRIVILEGES to tell the server to reload the grant tables.
- For additional information, See:
`http://dev.mysql.com/doc/refman/5.1/en/user-account-
management.html <http://dev.mysql.com/doc/refman/5.1/en/user-
account-management.html>`_
Normal response codes: 200
Error response codes: badRequest(400), unauthorized(401), forbidden(403),
itemNotFound(404), badMethod(405), overLimit(413), unprocessableEntity(422),
instanceFault(500), notImplemented(501), serviceUnavailable(503)
Request
-------
.. rest_parameters:: parameters.yaml
- instanceId: instanceId
- project_id: project_id
Response Example
----------------
.. literalinclude:: samples/db-list-users-response.json
:language: javascript