应用管理与运维平台 servicestage-j9九游会登录
云服务在iam预置了常用授权项,称为系统身份策略。如果iam系统身份策略无法满足授权要求,管理员可以根据各j9九游会登录的服务支持的授权项,创建iam自定义身份策略来进行精细的访问控制,iam自定义身份策略是对系统身份策略的扩展和补充。
除iam服务外,organizations服务中的服务控制策略(service control policies,以下简称scp)也可以使用这些授权项元素设置访问控制策略。
scp不直接进行授权,只划定权限边界。将scp绑定到组织单元或者成员账号时,并没有直接对组织单元或成员账号授予操作权限,而是规定了成员账号或组织单元包含的成员账号的授权范围。iam策略授予权限的有效性受scp限制,只有在scp允许范围内的权限才能生效。
iam服务与organizations服务在使用这些元素进行访问控制时,存在着一些区别,详情请参考iam服务与organizations服务权限访问控制的区别。
本章节介绍iam服务身份策略授权场景中自定义身份策略和组织服务中scp使用的元素,这些元素包含了操作(action)、资源(resource)和条件(condition)。
操作(action)
操作(action)即为身份策略中支持的授权项。
- “访问级别”列描述如何对操作进行分类(list、read和write等)。此分类可帮助您了解在身份策略中相应操作对应的访问级别。
- “资源类型”列指每个操作是否支持资源级权限。
- 资源类型支持通配符号*表示所有。如果此列没有值(-),则必须在策略语句的resource元素中指定所有资源类型(“*”)。
- 如果该列包含资源类型,则必须在具有该操作的语句中指定该资源的urn。
- 资源类型列中必需资源在表中用星号(*)标识,表示使用此操作必须指定该资源类型。
关于servicestage定义的资源类型的详细信息请参见资源类型(resource)。
- “条件键”列包括了可以在身份策略语句的condition元素中支持指定的键值。
- 如果该授权项资源类型列存在值,则表示条件键仅对列举的资源类型生效。
- 如果该授权项资源类型列没有值(-),则表示条件键对整个授权项生效。
- 如果此列条件键没有值(-),表示此操作不支持指定条件键。
关于servicestage定义的条件键的详细信息请参见条件(condition)。
- “别名”列包括了可以在身份策略中配置的策略授权项。通过这些授权项,可以控制支持策略授权的api访问。详细信息请参见身份策略兼容性说明。
您可以在身份策略语句的action元素中指定以下servicestage的相关操作。
|
授权项 |
描述 |
访问级别 |
资源类型(*为必须) |
条件键 |
别名 |
|---|---|---|---|---|---|
|
servicestage:app:getapplication |
授予用户查看指定应用权限 |
read |
app * |
servicestage:app:get |
|
|
servicestage:app:createapplication |
授予用户创建应用权限 |
write |
- |
servicestage:app:create |
|
|
app * |
- |
||||
|
servicestage:app:modifyapplication |
授予用户更新应用权限 |
write |
- |
servicestage:app:modify |
|
|
app * |
|||||
|
servicestage:app:deleteapplication |
授予用户删除应用权限 |
write |
app * |
servicestage:app:delete |
|
|
servicestage:app:listapplication |
授予用户查看应用列表权限 |
list |
- |
- |
servicestage:app:list |
|
servicestage:app:getconfiguration |
授予用户查看应用配置权限 |
read |
app * |
servicestage:app:get |
|
|
servicestage:app:deleteconfiguration |
授予用户删除应用配置权限 |
write |
app * |
servicestage:app:modify |
|
|
servicestage:app:modifyconfiguration |
授予用户更新应用配置权限 |
write |
app * |
servicestage:app:modify |
|
|
servicestage:app:getcomponent |
授予用户查看指定应用组件权限 |
read |
app * |
servicestage:app:get |
|
|
servicestage:app:createcomponent |
授予用户创建应用组件权限 |
write |
app * |
servicestage:app:create |
|
|
servicestage:app:modifycomponent |
授予用户更新应用组件权限 |
write |
app * |
servicestage:app:modify |
|
|
servicestage:app:deletecomponent |
授予用户删除应用组件权限 |
write |
app * |
servicestage:app:delete |
|
|
servicestage:app:listcomponent |
授予用户查看应用组件列表权限 |
list |
- |
- |
servicestage:app:list |
|
servicestage::approvecontract |
授予用户审批合同的权限 |
write |
- |
- |
servicestage:app:approve |
|
servicestage::createeventreport |
授予用户创建事件上报权限 |
write |
- |
- |
servicestage:app:create |
|
servicestage:app:creategovernancerule |
授予用户创建治理规则权限 |
write |
app * |
- |
servicestage:app:create |
|
servicestage:app:deletegovernancerule |
授予用户删除治理规则权限 |
write |
app * |
- |
servicestage:app:delete |
|
servicestage:app:getgovernancerule |
授予用户获取治理规则权限 |
read |
app * |
- |
servicestage:app:get |
|
servicestage:app:listgovernancerule |
授予用户获取治理规则列表权限 |
list |
app * |
- |
servicestage:app:list |
|
servicestage:app:modifygovernancerule |
授予用户修改治理规则权限 |
write |
app * |
- |
servicestage:app:modify |
|
servicestage:app:createroute |
授予用户创建组件路由权限 |
write |
app * |
- |
servicestage:app:create |
|
servicestage:app:deleteroute |
授予用户删除组件路由权限 |
write |
app * |
- |
servicestage:app:delete |
|
servicestage:app:modifyroute |
授予用户修改组件路由权限 |
write |
app * |
- |
servicestage:app:modify |
|
servicestage:environment:create |
授予用户创建环境权限 |
write |
- |
- |
|
|
environment * |
- |
||||
|
servicestage:environment:get |
授予用户查看环境信息权限 |
read |
environment * |
servicestage:app:get |
|
|
servicestage:environment:list |
授予用户查看环境列表权限 |
list |
- |
- |
servicestage:app:list |
|
servicestage:environment:modify |
授予用户更新环境权限 |
write |
- |
- |
|
|
environment * |
|||||
|
servicestage:environment:delete |
授予用户删除环境权限 |
write |
environment * |
- |
|
|
servicestage:environment:refresh |
授予用户刷新环境权限 |
write |
environment * |
- |
|
|
servicestage:environment:tag |
授予tms用户创建环境标签权限 |
tagging |
- |
servicestage:environment:modify |
|
|
environment * |
|||||
|
servicestage:app:tag |
授予tms用户创建应用标签权限 |
tagging |
- |
servicestage:app:modify |
|
|
app * |
|||||
|
servicestage:environment:listresourcesbytag |
授予tms用户通过标签查询环境资源权限 |
read |
- |
servicestage:app:list |
|
|
environment * |
- |
||||
|
servicestage:app:listresourcesbytag |
授予tms用户通过标签查询应用资源权限 |
read |
- |
servicestage:app:list |
|
|
app * |
- |
||||
|
servicestage:environment:untagresource |
授予tms用户删除环境资源标签权限 |
tagging |
- |
servicestage:environment:modify |
|
|
environment * |
|||||
|
servicestage:app:untagresource |
授予tms用户删除应用资源标签权限 |
tagging |
- |
servicestage:app:modify |
|
|
app * |
|||||
|
servicestage:environment:listtags |
授予tms用户查询环境资源标签列表权限 |
read |
- |
- |
servicestage:app:list |
|
servicestage:app:listtags |
授予tms用户查询应用资源标签列表权限 |
read |
- |
- |
servicestage:app:list |
|
servicestage:environment:createaddon |
授予用户创建插件权限 |
write |
environment * |
- |
servicestage:app:create |
|
servicestage:environment:listaddon |
授予用户查询插件列表权限 |
list |
environment * |
- |
servicestage:app:list |
|
servicestage:environment:getaddon |
授予用户查询插件详情权限 |
read |
environment * |
- |
servicestage:app:get |
|
servicestage:environment:modifyaddon |
授予用户修改插件权限 |
write |
environment * |
- |
servicestage:app:modify |
|
servicestage:environment:deleteaddon |
授予用户删除插件权限 |
write |
environment * |
- |
servicestage:app:delete |
|
servicestage:environment:createcell |
授予用户创建部署单元权限 |
write |
environment * |
- |
servicestage:app:create |
|
servicestage:environment:deletecell |
授予用户删除部署单元权限 |
write |
environment * |
- |
servicestage:app:delete |
|
servicestage:environment:listcell |
授予用户获取部署单元列表权限 |
list |
environment * |
- |
servicestage:app:list |
|
servicestage:environment:modifycell |
授予用户修改部署单元权限 |
write |
environment * |
- |
servicestage:app:modify |
|
servicestage:environment:provisionresources |
授予用户开通环境资源权限 |
write |
environment * |
- |
|
|
servicestage:environment:rollback |
授予用户回滚环境权限 |
write |
environment * |
- |
|
|
servicestage::createlanegroup |
授予用户创建泳道组权限 |
write |
- |
- |
servicestage:app:create |
|
servicestage::getlanegroup |
授予用户查询泳道组权限 |
read |
- |
- |
servicestage:app:get |
|
servicestage::listlanegroup |
授予用户获取所有泳道组权限 |
list |
- |
- |
servicestage:app:list |
|
servicestage::modifylanegroup |
授予用户根据泳道组id修改泳道组权限 |
write |
- |
- |
servicestage:app:modify |
|
servicestage::deletelanegroup |
授予用户根据泳道组id删除泳道组权限 |
write |
- |
- |
servicestage:app:delete |
|
servicestage::createlane |
授予用户泳道组下创建泳道权限 |
write |
- |
- |
servicestage:app:create |
|
servicestage::getlane |
授予用户根据泳道id获取泳道信息权限 |
read |
- |
- |
servicestage:app:get |
|
servicestage::listlane |
授予用户获取泳道组下所有泳道权限 |
list |
- |
- |
servicestage:app:list |
|
servicestage::modifylane |
授予用户根据泳道id修改泳道信息权限 |
write |
- |
- |
servicestage:app:modify |
|
servicestage::deletelane |
授予用户根据泳道id删除泳道权限 |
write |
- |
- |
servicestage:app:delete |
|
servicestage:config:creategroup |
授予用户创建配置分组权限 |
write |
- |
- |
|
|
configgroup * |
- |
||||
|
servicestage:config:getgroup |
授予用户根据配置分组id获取分组详情权限 |
read |
configgroup * |
- |
|
|
servicestage:config:modifygroup |
授予用户修改配置分组权限 |
write |
- |
- |
|
|
configgroup * |
|||||
|
servicestage:config:listgroup |
授予用户获取配置分组权限 |
list |
- |
- |
- |
|
servicestage:config:deletegroup |
授予用户根据配置分组id删除分组权限 |
write |
configgroup * |
- |
|
|
servicestage:configgroup:listresourcesbytag |
授予tms用户通过标签查询配置分组资源权限 |
list |
- |
servicestage:configgroup:list |
|
|
configgroup * |
- |
||||
|
servicestage:configgroup:listtags |
授予tms用户查询配置分组资源标签列表权限 |
read |
- |
- |
servicestage:configgroup:list |
|
servicestage:configgroup:listtagsforresource |
授予eps用户查询配置分组资源标签列表权限 |
read |
configgroup * |
servicestage:configgroup:list |
|
|
servicestage:configgroup:tag |
授予tms用户创建配置分组标签权限 |
tagging |
- |
servicestage:configgroup:modify |
|
|
configgroup * |
|||||
|
servicestage:configgroup:untagresource |
授予tms用户删除配置分组资源标签权限 |
tagging |
- |
servicestage:configgroup:modify |
|
|
configgroup * |
|||||
|
servicestage:config:get |
授予用户根据配置文件id获取配置文件信息权限 |
read |
config * |
- |
|
|
servicestage:config:list |
授予用户获取配置文件信息权限 |
list |
- |
- |
- |
|
servicestage:config:create |
授予用户创建配置文件权限 |
write |
config * |
- |
|
|
servicestage:config:modify |
授予用户根据配置文件id修改配置文件权限 |
write |
config * |
- |
|
|
servicestage:config:delete |
授予用户根据配置文件id删除配置文件权限 |
write |
config * |
- |
|
|
servicestage:config:import |
授予用户导入配置文件权限 |
write |
- |
- |
- |
|
servicestage:config:listhistories |
授予用户根据配置文件id获取配置文件历史权限 |
list |
config * |
- |
|
|
servicestage:config:gethistory |
授予用户根据配置文件历史id获取配置文件历史信息权限 |
read |
config * |
- |
|
|
servicestage:config:deletehistory |
授予用户根据配置文件历史id删除配置文件历史权限 |
write |
config * |
- |
|
|
servicestage::getruntimestack |
授予用户根据技术栈id查询技术栈权限 |
read |
- |
- |
servicestage:runtimestack:get |
|
servicestage::createruntimestack |
授予用户创建技术栈权限 |
write |
- |
- |
servicestage:runtimestack:create |
|
servicestage::modifyruntimestack |
授予用户根据技术栈id修改技术栈权限 |
write |
- |
- |
servicestage:runtimestack:modify |
|
servicestage::deleteruntimestack |
授予用户根据技术栈id删除技术栈权限 |
write |
- |
- |
servicestage:runtimestack:delete |
|
servicestage::switchruntimestackstatus |
授予用户发布和取消发布技术栈权限 |
write |
- |
- |
servicestage:runtimestack:switchstatus |
|
servicestage::createreleaseplan |
授予用户创建发布单权限 |
write |
- |
- |
servicestage:app:create |
|
servicestage::getreleaseplan |
授予用户根据发布单id获取发布单信息权限 |
read |
- |
- |
servicestage:app:get |
|
servicestage::listreleaseplan |
授予用户获取发布单列表权限 |
list |
- |
- |
servicestage:app:list |
|
servicestage::modifyreleaseplan |
授予用户根据发布单id编辑发布单权限 |
write |
- |
- |
servicestage:app:modify |
|
servicestage::deletereleaseplan |
授予用户根据发布单id删除发布单权限 |
write |
- |
- |
servicestage:app:delete |
|
servicestage:pipeline:get |
授予用户查看流水线权限 |
read |
pipeline * |
- |
- |
|
servicestage:pipeline:create |
授予用户创建流水线权限 |
write |
pipeline * |
- |
- |
|
servicestage:pipeline:modify |
授予用户更新流水线权限 |
write |
pipeline * |
- |
servicestage:pipeline:execute |
|
servicestage:pipeline:delete |
授予用户删除流水线权限 |
write |
pipeline * |
- |
- |
|
servicestage:pipeline:list |
授予用户查看流水线列表权限 |
list |
- |
- |
- |
|
servicestage:assembling:runtimelist |
授予用户查看技术栈列表权限 |
read |
- |
- |
servicestage:assembling:get |
|
servicestage:assembling:getinfo |
授予用户查看构建信息权限 |
read |
assembling * |
- |
servicestage:assembling:get |
|
servicestage:assembling:create |
授予用户创建构建任务权限 |
write |
assembling * |
- |
- |
|
servicestage:assembling:modify |
授予用户更新构建任务权限 |
write |
assembling * |
- |
- |
|
servicestage:assembling:delete |
授予用户删除构建任务权限 |
write |
assembling * |
- |
- |
|
servicestage:assembling:list |
授予用户查看构建任务列表权限 |
list |
- |
- |
- |
|
servicestage:repositoryauth:list |
授予用户获取仓库授权列表权限 |
list |
- |
- |
servicestage:app:list |
|
servicestage:repositoryauth:get |
授予用户获取仓库授权权限 |
read |
repositoryauth * |
- |
servicestage:app:get |
|
servicestage:repositoryauth:create |
授予用户创建仓库授权权限 |
write |
repositoryauth * |
- |
servicestage:app:create |
|
servicestage:repositoryauth:delete |
授予用户删除仓库授权权限 |
write |
repositoryauth * |
- |
servicestage:app:delete |
|
servicestage:environment:listtagsforresource |
授予eps用户查询环境资源标签列表权限 |
read |
environment * |
servicestage:app:list |
|
|
servicestage:app:listtagsforresource |
授予eps用户查询应用资源标签列表权限 |
read |
app * |
servicestage:app:list |
|
授权项 |
描述 |
访问级别 |
资源类型(*为必须) |
条件键 |
别名 |
|---|---|---|---|---|---|
|
cse:config:upload |
授予上传微服务配置权限 |
write |
- |
cse:config:modify |
|
|
cse:config:download |
授予下载微服务配置权限 |
write |
- |
cse:config:modify |
|
|
cse:engine:get |
授予查看引擎信息权限 |
read |
engine |
- |
|
|
cse:engine:list |
授予查询引擎信息列表权限 |
list |
- |
- |
- |
|
cse:engine:backuprecover |
授予备份、恢复引擎数据和变更备份策略权限。 |
write |
engine |
- |
|
|
cse:engine:associatepublicips |
授予绑定和解绑引擎公网访问权限。 |
write |
engine |
- |
|
|
cse:engine:update |
授予修改引擎配置和系统管理权限。 |
write |
engine |
- |
|
|
cse:engine:create |
授予创建引擎权限 |
write |
- |
- |
|
|
cse:engine:upgrade |
授予升级引擎权限 |
write |
engine |
- |
|
|
cse:engine:delete |
授予删除引擎权限 |
write |
engine |
- |
|
|
cse:namespace:get |
授予查看命名空间资源权限 |
read |
engine |
cse:namespace:read |
|
|
cse:namespace:update |
授予修改命名空间资源权限 |
write |
engine |
cse:namespace:write |
servicestage的api通常对应着一个或多个授权项。表3展示了api与授权项的关系,以及该api需要依赖的授权项。
|
api |
对应的授权项 |
依赖的授权项 |
|---|---|---|
|
post /v3/{project_id}/cas/environments |
servicestage:environment:create |
- |
|
get /v3/{project_id}/cas/environments |
servicestage:environment:list |
- |
|
put /v3/{project_id}/cas/environments/{environment_id} |
servicestage:environment:modify |
- |
|
delete /v3/{project_id}/cas/environments/{environment_id} |
servicestage:environment:delete |
- |
|
get /v3/{project_id}/cas/environments/{environment_id} |
servicestage:environment:get |
- |
|
put /v3/{project_id}/cas/environments/{environment_id}/resources |
servicestage:environment:modify |
- |
|
get /v3/{project_id}/cas/environments/{environment_id}/resources |
servicestage:environment:list |
- |
|
get /v3/{project_id}/cas/environments/resources |
servicestage:environment:list |
- |
|
post /v3/{project_id}/cas/environments/{environment_id}/refresh |
servicestage:environment:refresh |
- |
|
post /v3/{project_id}/cas/applications |
servicestage:app:createapplication |
- |
|
get /v3/{project_id}/cas/applications |
servicestage:app:listapplication |
- |
|
put /v3/{project_id}/cas/applications/{application_id} |
servicestage:app:modifyapplication |
- |
|
get /v3/{project_id}/cas/applications/{application_id} |
servicestage:app:getapplication |
- |
|
delete /v3/{project_id}/cas/applications/{application_id} |
servicestage:app:deleteapplication |
- |
|
post /v3/{project_id}/cas/applications/{application_id}/action |
servicestage:app:modifyapplication |
- |
|
get /v3/{project_id}/cas/applications/{application_id}/configuration |
servicestage:app:getconfiguration |
- |
|
put /v3/{project_id}/cas/applications/{application_id}/configuration |
servicestage:app:modifyconfiguration |
- |
|
delete /v3/{project_id}/cas/applications/{application_id}/configuration |
servicestage:app:deleteconfiguration |
- |
|
post /v3/{project_id}/cas/applications/{application_id}/components |
servicestage:app:createcomponent |
|
|
get /v3/{project_id}/cas/applications/{application_id}/components |
servicestage:app:listcomponent |
- |
|
get /v3/{project_id}/cas/components |
servicestage:app:listcomponent |
- |
|
put /v3/{project_id}/cas/applications/{application_id}/components/{component_id} |
servicestage:app:modifycomponent |
|
|
delete /v3/{project_id}/cas/applications/{application_id}/components/{component_id} |
servicestage:app:deletecomponent |
|
|
get /v3/{project_id}/cas/applications/{application_id}/components/{component_id} |
servicestage:app:getcomponent |
- |
|
post /v3/{project_id}/cas/applications/{application_id}/components/{component_id}/action |
servicestage:app:modifycomponent |
|
|
get /v3/{project_id}/cas/applications/{application_id}/components/{component_id}/records |
servicestage:app:listcomponent |
- |
|
put /v3/{project_id}/cas/applications/{application_id}/components/{component_id}/refresh |
servicestage:app:modifycomponent |
|
|
get /v3/{project_id}/cas/components/filteroptions |
servicestage:app:listcomponent |
- |
|
post /v3/{project_id}/cas/components/action |
servicestage:app:modifycomponent |
|
|
post /v3/{project_id}/cas/components |
servicestage:app:createcomponent |
|
|
post /v3/{project_id}/cas/components/parse-template-package |
servicestage:app:getcomponent |
- |
|
put /v3/{project_id}/cas/applications/{application_id}/components/{component_id}/redeployment |
servicestage:app:modifycomponent |
|
|
get /v3/{project_id}/cas/jobs/{job_id} |
servicestage:app:listapplication |
- |
|
post /v3/{project_id}/cas/config-groups |
servicestage:config:creategroup |
- |
|
get /v3/{project_id}/cas/config-groups |
servicestage:config:listgroup |
- |
|
post /v3/{project_id}/cas/configs |
servicestage:config:create |
- |
|
post /v3/{project_id}/cas/configs/import |
servicestage:config:import |
- |
|
get /v3/{project_id}/cas/configs |
servicestage:config:list |
- |
|
get /v3/{project_id}/cas/configs/{config_id} |
servicestage:config:get |
- |
|
delete /v3/{project_id}/cas/configs/{config_id} |
servicestage:config:delete |
- |
|
put /v3/{project_id}/cas/configs/{config_id} |
servicestage:config:modify |
- |
|
get /v3/{project_id}/cas/configs/{config_id}/histories |
servicestage:config:listhistories |
- |
|
get /v3/{project_id}/cas//configs/{config_id}/histories/{config_history_id} |
servicestage:config:gethistory |
- |
|
delete /v3/{project_id}/cas/configs/{config_id}/histories/{config_history_id} |
servicestage:config:deletehistory |
- |
|
get /v3/{project_id}/cas/config-groups/{config_group_id} |
servicestage:config:getgroup |
- |
|
delete /v3/{project_id}/cas/config-groups/{config_group_id} |
servicestage:config:deletegroup |
- |
|
post /v3/{project_id}/cas/swimlane-group |
servicestage::createlanegroup |
- |
|
get /v3/{project_id}/cas/swimlane-group |
servicestage::listlanegroup |
- |
|
get /v3/{project_id}/cas/swimlane-group/{lane_group_id} |
servicestage::getlanegroup |
- |
|
put /v3/{project_id}/cas/swimlane-group/{lane_group_id} |
servicestage::modifylanegroup |
- |
|
delete /v3/{project_id}/cas/swimlane-group/{lane_group_id} |
servicestage::deletelanegroup |
- |
|
get /v3/{project_id}/cas/swimlane-group/target-services |
servicestage::listlanegroup |
- |
|
put /v3/{project_id}/cas/swimlane-group/{lane_group_id}/route |
servicestage::modifylanegroup |
- |
|
get /v3/{project_id}/cas/swimlane-group/{lane_group_id}/view |
servicestage::getlanegroup |
- |
|
put /v3/{project_id}/cas/swimlane-group/{lane_group_id}/view |
servicestage::modifylanegroup |
- |
|
post /v3/{project_id}/cas/swimlane-group/{lane_group_id}/swimlanes-action |
servicestage::modifylanegroup |
- |
|
post /v3/{project_id}/cas/swimlane-group/{lane_group_id}/swimlane |
servicestage::createlane |
- |
|
get /v3/{project_id}/cas/swimlane |
servicestage::listlanegroup |
- |
|
get /v3/{project_id}/cas/swimlane-group/{lane_group_id}/swimlane |
servicestage::listlane |
- |
|
get /v3/{project_id}/cas/swimlane-group/{lane_group_id}/swimlane/{lane_id} |
servicestage::getlane |
- |
|
put /v3/{project_id}/cas/swimlane-group/{lane_group_id}/swimlane/{lane_id} |
servicestage::modifylane |
- |
|
delete /v3/{project_id}/cas/swimlane-group/{lane_group_id}/swimlane/{lane_id} |
servicestage::deletelane |
- |
|
post /v3/{project_id}/cas/swimlane-group/{lane_group_id}/swimlane/{lane_id}/action |
servicestage::modifylane |
- |
|
post /v3/{project_id}/cas/swimlane-group/{lane_group_id}/swimlane/{lane_id}/components-action |
servicestage::modifylane |
- |
|
put /v3/{project_id}/cas/swimlane-group/{lane_group_id}/swimlane/{lane_id}/component-instances |
servicestage::modifylane |
- |
|
get /v3/{project_id}/cas/swim_lans/{swimlan_id}/records |
servicestage::getlane |
- |
|
put /v3/{project_id}/cas/swimlane-group/{lane_group_id}/swimlane/{lane_id}/instances |
servicestage::modifylane |
- |
|
post /v3/{project_id}/cas/environments/{environment_id}/addons |
servicestage:environment:createaddon |
- |
|
get /v3/{project_id}/cas/environments/{environment_id}/addons |
servicestage:environment:listaddon |
- |
|
get /v3/{project_id}/cas/environments/{environment_id}/addons-metadata |
servicestage:environment:listaddon |
- |
|
get /v3/{project_id}/cas/environments/{environment_id}/addons/{addon_id} |
servicestage:environment:getaddon |
- |
|
post /v3/{project_id}/cas/environments/{environment_id}/addons/{addon_id}/action |
servicestage:environment:modifyaddon |
- |
|
delete /v3/{project_id}/cas/environments/{environment_id}/addons/{addon_id} |
servicestage:environment:deleteaddon |
- |
|
get /v3/{project_id}/assembling/base-images |
servicestage:assembling:list |
- |
|
post /v3/{project_id}/cas/release-plans |
servicestage::createreleaseplan |
- |
|
put /v3/{project_id}/cas/release-plans/{release_plan_id} |
servicestage::modifyreleaseplan |
- |
|
delete /v3/{project_id}/cas/release-plans/{release_plan_id} |
servicestage::deletereleaseplan |
- |
|
get /v3/{project_id}/cas/release-plans |
servicestage::listreleaseplan |
- |
|
get /v3/{project_id}/cas/release-plans/{release_plan_id} |
servicestage::getreleaseplan |
- |
|
get /v3/{project_id}/cas/release-plans/{release_plan_id}/deploy-info |
servicestage::getreleaseplan |
- |
|
post /v3/{project_id}/cas/release-plans/{release_plan_id}/execute |
servicestage::createreleaseplan |
- |
|
post /v3/{project_id}/cas/release-plans/{release_plan_id}/rollback |
servicestage::createreleaseplan |
- |
|
post /v3/{project_id}/cas/release-plans/{release_plan_id}/abort |
servicestage::createreleaseplan |
- |
|
post /v3/{project_id}/pipeline/pipelines |
servicestage:pipeline:create |
- |
|
get /v3/{project_id}/pipeline/pipelines |
servicestage:pipeline:list |
|
|
put /v3/{project_id}/pipeline/pipelines/{pipeline_id} |
servicestage:pipeline:modify |
- |
|
post /v3/{project_id}/pipeline/pipelines/{pipeline_id}/action |
servicestage:pipeline:modify |
- |
|
get /v3/{project_id}/pipeline/pipelines/{pipeline_id} |
servicestage:pipeline:get |
- |
|
get /v3/{project_id}/pipeline/pipelines/{id}/records |
servicestage:pipeline:get |
- |
|
post /v3/{project_id}/pipeline/pipelines/{pipeline_id}/hooks |
servicestage:pipeline:create |
- |
|
put /v3/{project_id}/pipeline/pipelines/{pipeline_id}/hooks |
servicestage:pipeline:modify |
- |
|
get /v3/{project_id}/pipeline/pipelines/{pipeline_id}/hooks |
servicestage:pipeline:list |
|
|
post /v3/{project_id}/pipeline/pipelines/parse-template-package |
servicestage:pipeline:get |
- |
|
post /v3/{project_id}/cas/runtimestacks |
servicestage::createruntimestack |
- |
|
get /v3/{project_id}/cas/runtimestacks |
servicestage:app:listapplication |
- |
|
get /v3/{project_id}/cas/runtimestacks/{runtimestack_id} |
servicestage::getruntimestack |
- |
|
put /v3/{project_id}/cas/runtimestacks/{runtimestack_id} |
servicestage::modifyruntimestack |
- |
|
delete /v3/{project_id}/cas/runtimestacks/{runtimestack_id} |
servicestage::deleteruntimestack |
- |
|
post /v3/{project_id}/cas/runtimestacks/action |
servicestage::switchruntimestackstatus |
- |
|
get /v3/{project_id}/cas/innerimages |
servicestage:app:listapplication |
- |
|
get /v1/{project_id}/git/auths |
servicestage:repositoryauth:list |
- |
|
get /v1/{project_id}/git/auths/{repo_type}/redirect |
servicestage:repositoryauth:get |
- |
|
post /v1/{project_id}/git/auths/{repo_type}/oauth |
servicestage:repositoryauth:create |
- |
|
post /v1/{project_id}/git/auths/{repo_type}/personal |
servicestage:repositoryauth:create |
- |
|
post /v1/{project_id}/git/auths/{repo_type}/password |
servicestage:repositoryauth:create |
- |
|
delete /v1/{project_id}/git/auths/{name} |
servicestage:repositoryauth:delete |
- |
|
get /v1/{project_id}/git/auths/{repo_type}/password/valid |
servicestage:repositoryauth:get |
- |
|
post /v1/{project_id}/kie/file |
cse:config:upload |
- |
|
post /v1/{project_id}/kie/download |
cse:config:download |
- |
|
get /v2/{project_id}/enginemgr/engines |
cse:engine:list |
- |
|
post /v2/{project_id}/enginemgr/engines |
cse:engine:create |
- |
|
get /v2/{project_id}/enginemgr/engines/{engine_id} |
cse:engine:get |
- |
|
delete /v2/{project_id}/enginemgr/engines/{engine_id} |
cse:engine:delete |
- |
|
get /v2/{project_id}/enginemgr/engines/{engine_id}/jobs/{job_id} |
cse:engine:get |
- |
|
post /v1/{project_id}/kie/kv |
cse:namespace:update |
- |
|
put /v1/{project_id}/kie/kv/{kv_id} |
cse:namespace:update |
- |
|
get /v1/{project_id}/kie/kv |
cse:namespace:get |
- |
|
delete /v1/{project_id}/kie/kv/{kv_id} |
cse:namespace:update |
- |
|
delete /v1/{project_id}/kie/kv |
cse:namespace:update |
- |
资源类型(resource)
资源类型(resource)表示身份策略所作用的资源。如表4中的某些操作指定了可以在该操作指定的资源类型,则必须在具有该操作的身份策略语句中指定该资源的urn,策略仅作用于此资源;如未指定,resource默认为“*”,则策略将应用到所有资源。您也可以在身份策略中设置条件,从而指定资源类型。
servicestage定义了以下可以在身份策略的resource元素中使用的资源类型。
|
资源类型 |
urn |
|---|---|
|
app |
servicestage: |
|
environment |
servicestage: |
|
pipeline |
servicestage: |
|
assembling |
servicestage: |
|
repositoryauth |
servicestage: |
|
configgroup |
servicestage: |
|
config |
servicestage: |
相关文档
意见反馈
文档内容是否对您有帮助?
如您有其它疑问,您也可以通过华为云社区问答频道来与我们联系探讨
