forked from aliyun/oos-templates
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathACS::RDS::GrantAccountPrivilege.json
138 lines (138 loc) · 3.96 KB
/
ACS::RDS::GrantAccountPrivilege.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
{
"FormatVersion": "OOS-2019-06-01",
"Description": "Grant account privilege to specified or all dbs of the instance.",
"Parameters": {
"regionId": {
"Description": "The region id of DB instance.",
"Type": "String",
"Default": "{{ ACS::RegionId }}"
},
"dbInstanceId": {
"Description": "The id of DB instance to grant account privilege in.",
"Type": "String"
},
"accountName": {
"Description": "The account name to grant privilege for.",
"Type": "String"
},
"dbNames": {
"Description": "The DB names to grant account privilege to. tips, the wildcard parameter value [\"all\"] that represents all dbs is only suoported when all dbs count of single instance not greater than 100.",
"Type": "List"
},
"accountPrivilege": {
"Description": "The target account privilege to grant, the default is ReadOnly.",
"Type": "String",
"AllowedValues": [
"ReadWrite",
"ReadOnly",
"DDLOnly",
"DMLOnly",
"DBOwner"
],
"Default": "ReadOnly"
}
},
"Tasks": [
{
"Name": "checkForInstanceReady",
"Action": "ACS::CheckFor",
"Description": "Check wether the DB instance is running status.",
"Properties": {
"Service": "RDS",
"API": "DescribeDBInstanceAttribute",
"Parameters": {
"RegionId": "{{ regionId }}",
"DBInstanceId": "{{ dbInstanceId }}"
},
"DesiredValues": [
"Running"
],
"PropertySelector": "Items.DBInstanceAttribute[].DBInstanceStatus"
}
},
{
"Name": "whetherSpecifiedDBNames",
"Action": "ACS::Choice",
"Description": "Choose next task by the dbNames parameter value.",
"Properties": {
"DefaultTask": "grantAccountPrivilege",
"Choices": [
{
"When": {
"Fn::Equals": [
[
"all"
],
"{{ dbNames }}"
]
},
"NextTask": "describeDatabases"
}
]
}
},
{
"Name": "describeDatabases",
"Action": "ACS::ExecuteAPI",
"OnSuccess": "grantAccountPrivilegeForAllDBs",
"OnError": "ACS::END",
"Description": "Query all running databases name of the instance.",
"Properties": {
"Service": "RDS",
"API": "DescribeDatabases",
"Parameters": {
"RegionId": "{{ regionId }}",
"DBInstanceId": "{{ dbInstanceId }}",
"DBStatus": "Running",
"PageSize": 100
}
},
"Outputs": {
"dbNames": {
"Type": "List",
"ValueSelector": ".Databases.Database[].DBName"
}
}
},
{
"Name": "grantAccountPrivilege",
"Action": "ACS::ExecuteAPI",
"OnSuccess": "ACS::END",
"OnError": "ACS::END",
"Description": "Grant account privilege to specified dbs of instance.",
"Properties": {
"Service": "RDS",
"API": "GrantAccountPrivilege",
"Parameters": {
"RegionId": "{{ regionId }}",
"DBInstanceId": "{{ dbInstanceId }}",
"AccountName": "{{ accountName }}",
"DBName": "{{ ACS::TaskLoopItem }}",
"AccountPrivilege": "{{ accountPrivilege }}"
}
},
"Loop": {
"Items": "{{ dbNames }}"
}
},
{
"Name": "grantAccountPrivilegeForAllDBs",
"Action": "ACS::ExecuteAPI",
"Description": "Grant account privilege to all dbs of instance.",
"Properties": {
"Service": "RDS",
"API": "GrantAccountPrivilege",
"Parameters": {
"RegionId": "{{ regionId }}",
"DBInstanceId": "{{ dbInstanceId }}",
"AccountName": "{{ accountName }}",
"DBName": "{{ ACS::TaskLoopItem }}",
"AccountPrivilege": "{{ accountPrivilege }}"
}
},
"Loop": {
"Items": "{{ describeDatabases.dbNames }}"
}
}
]
}