From d0def24de91cf49b3fa335b85e810a7a29a9b02f Mon Sep 17 00:00:00 2001 From: OpenTelekomCloud Proposal Bot Date: Mon, 3 Apr 2023 09:55:58 +0000 Subject: [PATCH] Update content --- ...1.png => en-us_image_0000001135802808.png} | Bin ...2097510.png => en-us_image_0170647338.png} | Bin ...6897593.gif => en-us_image_0170787737.gif} | Bin .../stream_management/creating_streams.rst | 2 +- api-ref/source/appendix/error_codes.rst | 6 +- api-ref/source/application_example.rst | 14 ++--- api-ref/source/before_you_start/concepts.rst | 2 +- .../source/calling_apis/authentication.rst | 6 +- api-ref/source/calling_apis/response.rst | 2 +- api-ref/source/change_history.rst | 54 +++++++++++------- ...issions_policies_and_supported_actions.rst | 36 ++++++++---- 11 files changed, 74 insertions(+), 48 deletions(-) rename api-ref/source/_static/images/{en-us_image_0000001266697621.png => en-us_image_0000001135802808.png} (100%) rename api-ref/source/_static/images/{en-us_image_0000001222097510.png => en-us_image_0170647338.png} (100%) rename api-ref/source/_static/images/{en-us_image_0000001266897593.gif => en-us_image_0170787737.gif} (100%) diff --git a/api-ref/source/_static/images/en-us_image_0000001266697621.png b/api-ref/source/_static/images/en-us_image_0000001135802808.png similarity index 100% rename from api-ref/source/_static/images/en-us_image_0000001266697621.png rename to api-ref/source/_static/images/en-us_image_0000001135802808.png diff --git a/api-ref/source/_static/images/en-us_image_0000001222097510.png b/api-ref/source/_static/images/en-us_image_0170647338.png similarity index 100% rename from api-ref/source/_static/images/en-us_image_0000001222097510.png rename to api-ref/source/_static/images/en-us_image_0170647338.png diff --git a/api-ref/source/_static/images/en-us_image_0000001266897593.gif b/api-ref/source/_static/images/en-us_image_0170787737.gif similarity index 100% rename from api-ref/source/_static/images/en-us_image_0000001266897593.gif rename to api-ref/source/_static/images/en-us_image_0170787737.gif diff --git a/api-ref/source/api_description/stream_management/creating_streams.rst b/api-ref/source/api_description/stream_management/creating_streams.rst index db1bee4..291b808 100644 --- a/api-ref/source/api_description/stream_management/creating_streams.rst +++ b/api-ref/source/api_description/stream_management/creating_streams.rst @@ -84,7 +84,7 @@ Request Parameters | | | | | | | | | If this parameter is left unspecified, the default value will be used. | | | | | | - | | | | Maximum: **7** | + | | | | Maximum: **72** | | | | | | | | | | Default: **24** | +--------------------------------+-----------------+-----------------------------------------------------------------+--------------------------------------------------------------------------------------------------------------+ diff --git a/api-ref/source/appendix/error_codes.rst b/api-ref/source/appendix/error_codes.rst index 9e40353..4943675 100644 --- a/api-ref/source/appendix/error_codes.rst +++ b/api-ref/source/appendix/error_codes.rst @@ -22,6 +22,8 @@ Error Codes +-------------+-------------+--------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+ | 400 | DIS.4205 | Stream is not running. | The stream is not in the running state. | Check the stream status. | +-------------+-------------+--------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+ +| 400 | DIS.4208 | Mrs cluster is invalid. %s | The MRS cluster entered during MRS dump task creation is invalid. | Ensure that the MRS cluster name and ID are correct and the cluster is running in security mode. | ++-------------+-------------+--------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+ | 400 | DIS.4209 | Invalid metrics label. %s | The monitoring metric entered during monitoring information query is invalid. | Check and modify the monitoring metric by referring to API Reference. | +-------------+-------------+--------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+ | 400 | DIS.4215 | Invalid cursor type. %s | The cursor type entered during data cursor acquisition is invalid. | Check and modify the cursor type by referring to API Reference. | @@ -68,6 +70,8 @@ Error Codes +-------------+-------------+--------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+ | 400 | DIS.4335 | Invalid IAM agency. | The IAM agency used during dump task creation is invalid. | Ensure that dis_admin_agency created by DIS or the user-defined IAM agency exists and permission is complete. | +-------------+-------------+--------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+ +| 400 | DIS.4336 | Invalid HDFS path. | The MRS HDFS path entered during MRS dump task creation is invalid. | Ensure that the MRS HDFS path exists. | ++-------------+-------------+--------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+ | 400 | DIS.4339 | Consumer quota exceeded. | The consumer quota of the consumer group is insufficient. | Allocate consumers properly or create a consumer group to meet the requirement. | +-------------+-------------+--------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+ | 400 | DIS.4354 | The transfer task does not exist. | The dump task to be deleted or updated does not exist. | Ensure that the dump task exists. | @@ -90,7 +94,7 @@ Error Codes +-------------+-------------+--------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+ | 400 | DIS.4605 | The action is not supported. | The current tag operation is not supported. | Ensure that the current tag operation is valid. Currently, only the create and delete operations are supported. | +-------------+-------------+--------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+ -| 403 | DIS.4116 | Invalid RBAC. %s | User operations are restricted. | Ensure that the account has passed real-name authentication, is not in arrears, or has permissions to operate DIS. | +| 403 | DIS.4116 | Invalid RBAC. %s | User operations are restricted. | Ensure that the account is not in arrears, or has permissions to operate DIS. | +-------------+-------------+--------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+ | 500 | DIS.5000 | System error. | System error. | Contact customer service or technical support to handle system errors. | +-------------+-------------+--------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------+----------------------------------------------------------------------------------------------------------------------------------------------------+ diff --git a/api-ref/source/application_example.rst b/api-ref/source/application_example.rst index 972a03e..c8f20c2 100644 --- a/api-ref/source/application_example.rst +++ b/api-ref/source/application_example.rst @@ -10,7 +10,7 @@ Scenarios DIS provides efficient collection, transmission, and distribution capabilities for real-time data and provides a variety of APIs to help you quickly build real-time data applications. -The following describes how to create a DIS stream by calling the :ref:`Before You Start ` API. For details, see :ref:`Calling APIs `. +The following describes how to create a DIS stream by calling the :ref:`Before You Start ` API. For details, see :ref:`Calling APIs `. .. note:: @@ -29,14 +29,14 @@ Prerequisites You have planned the region where DIS is located and determined the endpoint for calling an API based on the region. -An endpoint is the **request address** for calling an API. Endpoints vary depending on services and regions. You can obtain endpoints from `Regions and Endpoints `__. +An endpoint is the **request address** for calling an API. Endpoints vary depending on services and regions. You can obtain endpoints of the service from `Regions and Endpoints `__. Creating a Stream ----------------- The following is an example of creating a stream with the simplest configuration. -#. Obtain the token by following the instructions in :ref:`Token-based Authentication `. +#. Obtain the token by following the instructions in :ref:`Token-based Authentication `. #. Send **POST https://Endpoint of DIS/v2/{project_id}/streams**. @@ -67,7 +67,7 @@ Creating a Stream That Supports Auto Scaling You can also create a stream that supports auto scaling. The number of partitions can be automatically increased or decreased based on the stream traffic. The following is an example configuration: -#. Obtain the token by following the instructions provided in :ref:`Token-based Authentication `. +#. Obtain the token by following the instructions provided in :ref:`Token-based Authentication `. #. Send **POST https://Endpoint of DIS/v2/{project_id}/streams**. @@ -102,7 +102,7 @@ Creating a Stream with Data Schemas You can also configure a schema for the stream. When using DIS to dump data to other services, you can map data based on the schema configured for the stream. The following is an example configuration: -#. Obtain the token by following the instructions provided in :ref:`Token-based Authentication `. +#. Obtain the token by following the instructions provided in :ref:`Token-based Authentication `. #. Send **POST https://Endpoint of DIS/v2/{project_id}/streams**. @@ -120,9 +120,7 @@ You can also configure a schema for the stream. When using DIS to dump data to o "auto_scale_enabled": true, "auto_scale_min_partition_count": 1, "auto_scale_max_partition_count": 10 - "data_type": "JSON", - "data_schema": - "{\"type\":\"record\",\"name\":\"RecordName\",\"fields\":[{\"name\":\"key1\",\"type\":\"string\"},{\"name\":\"key2\",\"type\":\"string\"}]}" + "data_type": "BLOG", } If the request is successful, 201 Created is returned. diff --git a/api-ref/source/before_you_start/concepts.rst b/api-ref/source/before_you_start/concepts.rst index abce139..6040155 100644 --- a/api-ref/source/before_you_start/concepts.rst +++ b/api-ref/source/before_you_start/concepts.rst @@ -20,7 +20,7 @@ Concepts Projects group and isolate resources (including compute, storage, and network resources) across physical regions. A default project is provided for each region, and subprojects can be created under each default project. Users can be granted permissions to access all resources in a specific project. For more refined access control, create subprojects under a project and create resources in the subprojects. Users can then be assigned permissions to access only specific resources in the subprojects. - .. figure:: /_static/images/en-us_image_0000001266897593.gif + .. figure:: /_static/images/en-us_image_0170787737.gif :alt: **Figure 1** Project isolating model **Figure 1** Project isolating model diff --git a/api-ref/source/calling_apis/authentication.rst b/api-ref/source/calling_apis/authentication.rst index eea7dda..bf4948b 100644 --- a/api-ref/source/calling_apis/authentication.rst +++ b/api-ref/source/calling_apis/authentication.rst @@ -10,7 +10,7 @@ Requests for calling an API can be authenticated using either of the following m - Token-based authentication: Requests are authenticated using a token. - AK/SK-based authentication: Requests are authenticated by encrypting the request body using an AK/SK pair. AK/SK-based authentication is recommended because it is more secure than token-based authentication. -.. _dis_02_0517__en-us_topic_0183235768_en-us_topic_0181281305_en-us_topic_0170647350_en-us_topic_0121671869_section2417768214391: +.. _dis_02_0517__en-us_topic_0183235768_en-us_topic_0181281305_dis_02_0517_en-us_topic_0121671869_section2417768214391: Token-based Authentication -------------------------- @@ -77,7 +77,7 @@ To obtain an access key, perform the following steps: .. _dis_02_0517__en-us_topic_0183235768_en-us_topic_0000001129241845_en-us_topic_0183643042_fig1552229194615: - .. figure:: /_static/images/en-us_image_0000001266697621.png + .. figure:: /_static/images/en-us_image_0000001135802808.png :alt: **Figure 1** Clicking Create Access Key **Figure 1** Clicking Create Access Key @@ -89,7 +89,7 @@ To obtain an access key, perform the following steps: - Only two access keys can be added for each user. - To ensure access key security, the access key is automatically downloaded only when it is generated for the first time and cannot be obtained from the management console later. Keep them properly. -In AK/SK-based authentication, you can use an AK/SK to sign requests based on the signature algorithm or use the signing SDK to sign requests. +In AK/SK-based authentication, you can use an AK/SK to sign requests based on the signature algorithm or use the signing SDK to sign requests. For details about how to sign requests and use the signature SDK, see API Request Signing Guide. .. important:: diff --git a/api-ref/source/calling_apis/response.rst b/api-ref/source/calling_apis/response.rst index 4f5b507..83fdd5b 100644 --- a/api-ref/source/calling_apis/response.rst +++ b/api-ref/source/calling_apis/response.rst @@ -23,7 +23,7 @@ Similar to a request, a response also has a header, for example, **Content-Type* .. _dis_02_0518__en-us_topic_0170155703_fig4865141011511: -.. figure:: /_static/images/en-us_image_0000001222097510.png +.. figure:: /_static/images/en-us_image_0170647338.png :alt: **Figure 1** Header fields of the response to the request for obtaining a user token **Figure 1** Header fields of the response to the request for obtaining a user token diff --git a/api-ref/source/change_history.rst b/api-ref/source/change_history.rst index ac8c929..98af470 100644 --- a/api-ref/source/change_history.rst +++ b/api-ref/source/change_history.rst @@ -5,24 +5,36 @@ Change History ============== -+-----------------------------------+----------------------------------------------------------------------------------+ -| Released On | Description | -+===================================+==================================================================================+ -| 2022-09-30 | Modified the following contents: | -| | | -| | :ref:`Dump Task Management ` | -| | | -| | :ref:`Permissions Policies and Supported Actions ` | -+-----------------------------------+----------------------------------------------------------------------------------+ -| 2018-10-25 | Accepted in OTC 3.2. | -+-----------------------------------+----------------------------------------------------------------------------------+ -| 2018-09-29 | Modified the following contents: | -| | | -| | Added tag management APIs | -+-----------------------------------+----------------------------------------------------------------------------------+ -| 2018-09-26 | Modified the following contents: | -| | | -| | A status code was added in :ref:`Status Codes `. | -+-----------------------------------+----------------------------------------------------------------------------------+ -| 2018-03-16 | This issue is the first official release. | -+-----------------------------------+----------------------------------------------------------------------------------+ ++-----------------------------------+-------------------------------------------------------------------------------------+ +| Released On | Description | ++===================================+=====================================================================================+ +| 2023-04-03 | Modified the following sections: | +| | | +| | :ref:`Creating Streams ` | ++-----------------------------------+-------------------------------------------------------------------------------------+ +| 2022-09-30 | Modified the following sections: | +| | | +| | - :ref:`Application Example ` | +| | - :ref:`Stream Management ` | +| | - :ref:`App Management ` | +| | - :ref:`Checkpoint Management ` | +| | - :ref:`Permissions Policies and Supported Actions ` | +| | | +| | Offline the following sections: | +| | | +| | - Updating Stream Information | +| | - Adding Permission Policies | +| | - Querying Permission Policies | ++-----------------------------------+-------------------------------------------------------------------------------------+ +| 2018-10-25 | Accepted in OTC 3.2. | ++-----------------------------------+-------------------------------------------------------------------------------------+ +| 2018-09-29 | Modified the following contents: | +| | | +| | Added tag management APIs | ++-----------------------------------+-------------------------------------------------------------------------------------+ +| 2018-09-26 | Modified the following contents: | +| | | +| | A status code was added in :ref:`Status Codes `. | ++-----------------------------------+-------------------------------------------------------------------------------------+ +| 2018-03-16 | This issue is the first official release. | ++-----------------------------------+-------------------------------------------------------------------------------------+ diff --git a/api-ref/source/permissions_policies_and_supported_actions.rst b/api-ref/source/permissions_policies_and_supported_actions.rst index fd5f64b..ae54655 100644 --- a/api-ref/source/permissions_policies_and_supported_actions.rst +++ b/api-ref/source/permissions_policies_and_supported_actions.rst @@ -1,29 +1,41 @@ -:original_name: en-us_topic_0000001222577426.html +:original_name: en-us_topic_0000001079240698.html -.. _en-us_topic_0000001222577426: +.. _en-us_topic_0000001079240698: Permissions Policies and Supported Actions ========================================== -By default, new IAM users do not have any permissions assigned. You need to add a user to one or more groups, and assign permissions policies or roles to these groups. The user then inherits permissions from the groups it is a member of. This process is called authorization. After authorization, the users can perform specified operations on GES based on the permissions. +This chapter describes fine-grained permissions management for your DIS. If your cloud account does not need individual IAM users, then you may skip over this chapter. -With IAM, you can use your cloud account to create IAM users for your employees, and assign permissions to the users to control their access to specific resource types. For example, some software developers in your enterprise need to use DIS resources but must not delete them or perform any high-risk operations. To achieve this result, you can create IAM users for the software developers and grant them only the permissions required for using DIS resources. +By default, new IAM users do not have any permissions assigned. You need to add a user to one or more groups, and assign permissions policies to these groups. The user then inherits permissions from the groups it is a member of. This process is called authorization. After authorization, the user can perform specified operations on DIS based on the permissions. -If your cloud account does not need individual IAM users for permissions management, you may skip over this chapter. +You can grant users permissions by using roles and policies. Roles are a type of coarse-grained authorization mechanism provided by IAM that defines permissions related to user responsibilities. Policies define API-based permissions for operations on specific resources under certain conditions, allowing for more fine-grained, secure access control of cloud resources. -**DIS Permissions** +Note: -By default, new IAM users do not have any permissions assigned. You need to add a user to one or more groups, and assign permissions policies or roles to these groups. The user then inherits permissions from the groups it is a member of. This process is called authorization. After authorization, the users can perform specified operations on GES based on the permissions. +Policy-based authorization is useful if you want to allow or deny the access to an API. -DIS is a project-level service deployed in specific physical regions. Therefore, DIS permissions are assigned to users in specific regions and only take effect for these regions. If you want the permissions to take effect for all regions, you need to assign the permissions to users in each region. When accessing DIS, the users need to switch to a region where they have been authorized to use cloud services. +An account has all of the permissions required to call all APIs, but IAM users must have the required permissions specifically assigned. The permissions required for calling an API are determined by the actions supported by the API. Only users who have been granted permissions allowing the actions can call the API successfully. For example, if an IAM user queries MRS clusters using an API, the user must have been granted permissions that allow the **dis:streams:list** action. -You can grant users permissions by using roles and policies. +**Supported Actions** -Roles: A type of coarse-grained authorization mechanism that defines permissions related to user responsibilities. This mechanism provides only a limited number of service-level roles for authorization. When using roles to grant permissions, you need to also assign other roles on which the permissions depend to take effect. However, roles are not an ideal choice for fine-grained authorization and secure access control. +DIS provides system-defined policies that can be directly used in IAM. You can also create custom policies and use them to supplement system-defined policies, implementing more refined access control. Operations supported by policies are specific to APIs. The following are common concepts related to policies: -:ref:`Table 1 ` lists all the system permissions supported by DIS. Dependencies are permissions on which a system permission depends to take effect. For example, some DIS permissions are dependent on the permissions of other services. When assigning DIS permissions to users, you need to also assign dependent policies for the DIS permissions to take effect +· Permission: A statement in a policy that allows or denies certain operations. -.. _en-us_topic_0000001222577426__table145411630112914: +· APIs: REST APIs that can be called in a custom policy. + +· Action: Specific operations that are allowed or denied. + +· IAM or enterprise projects: Type of projects for which an action will take effect. Policies that contain actions supporting both IAM and enterprise projects can be assigned to user groups and take effect in both IAM and Enterprise Management. Policies that only contain actions for IAM projects can be used and only take effect for IAM. + +Note: + +The check mark (Y) indicates that an action takes effect. The cross mark (x) indicates that an action does not take effect. + +:ref:`Table 1 `\ lists the actions that can be defined in custom policies of DIS. All actions listed in the following table support both Project and Enterprise Project. + +.. _en-us_topic_0000001079240698__table397013152131: .. table:: **Table 1** Permissions policies and supported actions