更新时间:2025-12-16 GMT+08:00
主题绑定KMS密钥 - CreateKmsKey
功能介绍
为主题绑定KMS密钥。KMS密钥于绑定后五分钟生效,生效后该主题下发布的消息(确认订阅消息、取消订阅消息、主题消息)均使用指定密钥的数据密钥进行加解密,并将消息内容在SMN服务内部加密传输。执行绑定KMS密钥时,用户需要先在IAM处创建名为smn_kms_agency的委托,并将资源操作权限授权给SMN服务。SMN会使用该委托进行创建数据密钥操作。
调用方法
请参见如何调用API。
授权信息
账号具备所有API的调用权限,如果使用账号下的IAM用户调用当前API,该IAM用户需具备调用API所需的权限。
- 如果使用角色与策略授权,具体权限要求请参见权限和授权项。
- 如果使用身份策略授权,需具备如下身份策略权限。
授权项
访问级别
资源类型(*为必须)
条件键
别名
依赖的授权项
smn:topic:createKmsKey
Write
topic *
-
g:EnterpriseProjectId
-
g:ResourceTag/<tag-key>
-
smn:topic:get
-
URI
POST /v2/{project_id}/notifications/topics/{topic_urn}/kms
请求参数
|
参数 |
是否必选 |
参数类型 |
描述 |
|---|---|---|---|
|
X-Auth-Token |
是 |
String |
用户Token。 通过调用IAM服务获取用户Token接口获取(响应消息头中X-Subject-Token的值)。 |
|
参数 |
是否必选 |
参数类型 |
描述 |
|---|---|---|---|
|
key_id |
是 |
String |
在DEW服务上创建的用户主密钥对应的密钥ID,具体参考在DEW服务上创建密钥章节。 |
响应参数
状态码:200
|
参数 |
参数类型 |
描述 |
|---|---|---|
|
request_id |
String |
请求的唯一标识ID。 |
|
id |
String |
所使用密钥对应的ID。该ID由SMN生成,是主题下的该密钥的唯一标识ID。 |
状态码:400
|
参数 |
参数类型 |
描述 |
|---|---|---|
|
request_id |
String |
请求的唯一标识ID。 |
|
code |
String |
服务异常错误信息编码。 |
|
message |
String |
服务异常错误信息描述。 |
状态码:403
|
参数 |
参数类型 |
描述 |
|---|---|---|
|
request_id |
String |
请求的唯一标识ID。 |
|
code |
String |
服务异常错误信息编码。 |
|
message |
String |
服务异常错误信息描述。 |
状态码:404
|
参数 |
参数类型 |
描述 |
|---|---|---|
|
request_id |
String |
请求的唯一标识ID。 |
|
code |
String |
服务异常错误信息编码。 |
|
message |
String |
服务异常错误信息描述。 |
状态码:409
|
参数 |
参数类型 |
描述 |
|---|---|---|
|
request_id |
String |
请求的唯一标识ID。 |
|
code |
String |
服务异常错误信息编码。 |
|
message |
String |
服务异常错误信息描述。 |
状态码:500
|
参数 |
参数类型 |
描述 |
|---|---|---|
|
request_id |
String |
请求的唯一标识ID。 |
|
code |
String |
服务异常错误信息编码。 |
|
message |
String |
服务异常错误信息描述。 |
请求示例
绑定KMS密钥成功的请求示例
https://{SMN_Endpoint}/v2/{project_id}/notifications/topics/urn:smn:regionId:44ef0bd78eb24f02b40614fe85a7d234:topic_6b10aa8f904111f08c3584a93e8ae4b6/kms
{
"key_id" : "9a618041-a917-49e0-bb3a-1a90163e97fe"
}
响应示例
状态码:200
请求成功的返回体。
{
"request_id" : "44a8e3a585ab4da3954579f5d76ab626",
"id" : "df9831e92dc24c289c0048170f61d5ad"
}
状态码:400
Bad Request
{
"request_id" : "12641f59208d4114a86aace62897980d",
"error_code" : "SMN.00013056",
"error_msg" : "The kms key id is not available."
}
状态码:403
Forbidden
{
"request_id" : "1b261437accc427da6c43eec2fc7e324",
"code" : "SMN.0001",
"message" : "No permission to request resources."
}
状态码:404
Not Found
{
"request_id" : "cfa7a869d1404329adff10ac4bea9308",
"error_code" : "SMN.00010008",
"error_msg" : "Topic information is not found."
}
状态码:409
Conflict
{
"request_id" : "03651b5ef1da4b3d9545036d2a954d7f",
"error_code" : "SMN.00013049",
"error_msg" : "Kms key already exists."
}
状态码:500
Internal Server Error
{
"request_id" : "cfa7a869d1404329adff10ac4bea9308",
"error_code" : "SMN.00013054",
"error_msg" : "Failed to save kms key."
}
SDK代码示例
SDK代码示例如下。
绑定KMS密钥成功的请求示例
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 |
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.smn.v2.region.SmnRegion; import com.huaweicloud.sdk.smn.v2.*; import com.huaweicloud.sdk.smn.v2.model.*; public class CreateKmsKeySolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); String projectId = "{project_id}"; ICredential auth = new BasicCredentials() .withProjectId(projectId) .withAk(ak) .withSk(sk); SmnClient client = SmnClient.newBuilder() .withCredential(auth) .withRegion(SmnRegion.valueOf("<YOUR REGION>")) .build(); CreateKmsKeyRequest request = new CreateKmsKeyRequest(); request.withTopicUrn("{topic_urn}"); AddKmsKeyRequestBody body = new AddKmsKeyRequestBody(); body.withKeyId("9a618041-a917-49e0-bb3a-1a90163e97fe"); request.withBody(body); try { CreateKmsKeyResponse response = client.createKmsKey(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } } |
绑定KMS密钥成功的请求示例
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
# coding: utf-8 import os from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdksmn.v2.region.smn_region import SmnRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdksmn.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = os.environ["CLOUD_SDK_AK"] sk = os.environ["CLOUD_SDK_SK"] projectId = "{project_id}" credentials = BasicCredentials(ak, sk, projectId) client = SmnClient.new_builder() \ .with_credentials(credentials) \ .with_region(SmnRegion.value_of("<YOUR REGION>")) \ .build() try: request = CreateKmsKeyRequest() request.topic_urn = "{topic_urn}" request.body = AddKmsKeyRequestBody( key_id="9a618041-a917-49e0-bb3a-1a90163e97fe" ) response = client.create_kms_key(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg) |
绑定KMS密钥成功的请求示例
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" smn "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/smn/v2" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/smn/v2/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/smn/v2/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") projectId := "{project_id}" auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). WithProjectId(projectId). Build() client := smn.NewSmnClient( smn.SmnClientBuilder(). WithRegion(region.ValueOf("<YOUR REGION>")). WithCredential(auth). Build()) request := &model.CreateKmsKeyRequest{} request.TopicUrn = "{topic_urn}" request.Body = &model.AddKmsKeyRequestBody{ KeyId: "9a618041-a917-49e0-bb3a-1a90163e97fe", } response, err := client.CreateKmsKey(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } } |
更多编程语言的SDK代码示例,请参见API Explorer的代码示例页签,可生成自动对应的SDK代码示例。
状态码
|
状态码 |
描述 |
|---|---|
|
200 |
请求成功的返回体。 |
|
400 |
Bad Request |
|
403 |
Forbidden |
|
404 |
Not Found |
|
409 |
Conflict |
|
500 |
Internal Server Error |
错误码
请参见错误码。
