文档首页/ 消息通知服务 SMN/ API参考/ API/ 密钥操作/ 更新主题下KMS密钥 - UpdateKmsKey
更新时间:2025-12-16 GMT+08:00
在线调试
CLI示例
查看PDF
分享

更新主题下KMS密钥 - UpdateKmsKey

功能介绍

更新密钥ID。执行更新KMS密钥时,用户需要先在IAM处创建名为smn_kms_agency的委托,并将对应的资源操作权限授权给SMN服务。SMN会使用该委托进行查询密钥状态和创建数据密钥操作。

调用方法

请参见如何调用API

授权信息

账号具备所有API的调用权限,如果使用账号下的IAM用户调用当前API,该IAM用户需具备调用API所需的权限。

  • 如果使用角色与策略授权,具体权限要求请参见权限和授权项
  • 如果使用身份策略授权,需具备如下身份策略权限。

    授权项

    访问级别

    资源类型(*为必须)

    条件键

    别名

    依赖的授权项

    smn:topic:updateKmsKey

    Write

    topic *

    • g:EnterpriseProjectId

    • g:ResourceTag/<tag-key>

    -
    • smn:topic:get
    • smn:topic:getKmsKey

URI

PUT /v2/{project_id}/notifications/topics/{topic_urn}/kms/{id}

表1 路径参数

参数

是否必选

参数类型

描述

project_id

String

项目ID。 获取项目ID请参考 获取项目ID

topic_urn

String

Topic的唯一的资源标识,可通过查询主题列表获取该标识。

id

String

当前已绑定密钥的资源ID。

请求参数

表2 请求Body参数

参数

是否必选

参数类型

描述

key_id

String

在DEW服务上创建的用户主密钥对应的密钥ID,具体参考在DEW服务上创建密钥章节。

响应参数

状态码:200

表3 响应Body参数

参数

参数类型

描述

request_id

String

请求的唯一标识ID。

id

String

主题下密钥的唯一标识ID。该ID由SMN自动生成。

状态码:400

表4 响应Body参数

参数

参数类型

描述

request_id

String

请求的唯一标识ID。

code

String

服务异常错误信息编码。

message

String

服务异常错误信息描述。

状态码:401

表5 响应Body参数

参数

参数类型

描述

request_id

String

请求的唯一标识ID。

code

String

服务异常错误信息编码。

message

String

服务异常错误信息描述。

请求示例

请求成功的示例。

https://{SMN_Endpoint}/v2/{project_id}/notifications/topics/urn:smn:regionId:44ef0bd78eb24f02b40614fe85a7d234:topic_34176907904211f0bfc684a93e8ae4b6/kms/108484454fd34af5b10bd3ef7ee35e0f

{
  "key_id" : "99a5ca7c-56f4-48c3-a92e-e9a517d3d7de"
}

响应示例

状态码:200

请求成功的返回体。

{
  "request_id" : "169f9f6efc6d4da09dd106da6038d954",
  "id" : "9a719209230d4ce19058c1ef10011d7b"
}

状态码:400

Bad Request

{
  "request_id" : "cfe44dcb8ebc4cf48fe704be08375bcc",
  "error_code" : "SMN.00013064",
  "error_msg" : "The kms key resource id is not available."
}

状态码:401

Unauthorized

{
  "request_id" : "c8b2f5d6891d44dca2e42c2295a9d1f9",
  "error_code" : "SMN.00000005",
  "error_msg" : "Invalid token."
}

SDK代码示例

SDK代码示例如下。

请求成功的示例。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.smn.v2.region.SmnRegion;
import com.huaweicloud.sdk.smn.v2.*;
import com.huaweicloud.sdk.smn.v2.model.*;


public class UpdateKmsKeySolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        SmnClient client = SmnClient.newBuilder()
                .withCredential(auth)
                .withRegion(SmnRegion.valueOf("<YOUR REGION>"))
                .build();
        UpdateKmsKeyRequest request = new UpdateKmsKeyRequest();
        request.withTopicUrn("{topic_urn}");
        request.withId("{id}");
        UpdateKmsKeyRequestBody body = new UpdateKmsKeyRequestBody();
        body.withKeyId("99a5ca7c-56f4-48c3-a92e-e9a517d3d7de");
        request.withBody(body);
        try {
            UpdateKmsKeyResponse response = client.updateKmsKey(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

请求成功的示例。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdksmn.v2.region.smn_region import SmnRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdksmn.v2 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = SmnClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(SmnRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = UpdateKmsKeyRequest()
        request.topic_urn = "{topic_urn}"
        request.id = "{id}"
        request.body = UpdateKmsKeyRequestBody(
            key_id="99a5ca7c-56f4-48c3-a92e-e9a517d3d7de"
        )
        response = client.update_kms_key(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

请求成功的示例。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
 
package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    smn "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/smn/v2"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/smn/v2/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/smn/v2/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := smn.NewSmnClient(
        smn.SmnClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.UpdateKmsKeyRequest{}
	request.TopicUrn = "{topic_urn}"
	request.Id = "{id}"
	request.Body = &model.UpdateKmsKeyRequestBody{
		KeyId: "99a5ca7c-56f4-48c3-a92e-e9a517d3d7de",
	}
	response, err := client.UpdateKmsKey(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

更多编程语言的SDK代码示例,请参见API Explorer的代码示例页签,可生成自动对应的SDK代码示例。

状态码

状态码

描述

200

请求成功的返回体。

400

Bad Request

401

Unauthorized

错误码

请参见错误码

父主题: 密钥操作

相关文档