修改签名策略
功能介绍
修改签名策略
接口约束
无
调用方法
请参见如何调用API。
URI
PUT /v2/{project_id}/instances/{instance_id}/namespaces/{namespace_name}/signature/policies/{policy_id}
参数 |
是否必选 |
参数类型 |
描述 |
---|---|---|---|
project_id |
是 |
String |
项目ID |
instance_id |
是 |
String |
企业仓库实例ID |
namespace_name |
是 |
String |
命名空间名称 |
policy_id |
是 |
Integer |
策略ID |
请求参数
参数 |
是否必选 |
参数类型 |
描述 |
---|---|---|---|
X-Auth-Token |
是 |
String |
用户Token。 通过调用IAM服务获取用户Token接口获取(响应消息头中X-Subject-Token的值)。 |
参数 |
是否必选 |
参数类型 |
描述 |
---|---|---|---|
name |
是 |
String |
签名策略名称,由字母、汉字、数字、下划线(_)、中划线 (-)组成,1-256个字符。 |
description |
否 |
String |
签名策略描述 |
enabled |
是 |
Boolean |
是否开启 |
signature_method |
是 |
String |
加签方式,可选KMS |
signature_algorithm |
是 |
String |
加签算法,KMS的密钥算法EC_P256对应着ECDSA_SHA_256,EC_P384对应着ECDSA_SHA_384,SM2对应着SM2DSA_SM3 |
signature_key |
是 |
String |
加签Key |
trigger |
是 |
TriggerConfig object |
触发方式 |
scope_rules |
是 |
Array of SignScopeRule objects |
作用范围规则 |
参数 |
是否必选 |
参数类型 |
描述 |
---|---|---|---|
type |
是 |
String |
触发类型,镜像签名、老化规则只支持manual(手动)、scheduled(定时+手动);同步策略支持manual(手动)、scheduled(定时+手动)、event_based(事件触发+手动) |
trigger_settings |
否 |
TriggerSetting object |
触发设置,只有type为scheduled的时候,才需要设置 |
参数 |
是否必选 |
参数类型 |
描述 |
---|---|---|---|
tag_selectors |
是 |
Array of SignRuleSelector objects |
制品版本选择器,目前只支持长度为1 |
scope_selectors |
是 |
Map<String,Array<SignRuleSelector>> |
制品仓库选择器,目前只支持repository且长度为1 |
repo_scope_mode |
是 |
String |
repository选择方式。可选regular、selection,前端显示需要,api调用时可选regular |
参数 |
是否必选 |
参数类型 |
描述 |
---|---|---|---|
kind |
是 |
String |
匹配类型,目前只支持doublestar |
decoration |
是 |
String |
选择器匹配类型,当前支持repoMatches |
pattern |
是 |
String |
选择器匹配样式,最大长度512。支持正则表达式,正则表达式规则可填写如 nginx-* ,{repo1,repo2} 等,其中:
**:匹配包含 '/' 的任何字段。 ? :匹配任何单个非 '/' 的字符。 {选项1,选项2,...}:同时匹配多个选项。 |
extras |
否 |
String |
预留字段,镜像签名策略中,对无版本的制品进行签名则传入{"untagged":true} |
响应参数
状态码:200
成功更新策略信息
状态码:400
参数 |
参数类型 |
描述 |
---|---|---|
error_code |
String |
错误码 |
error_msg |
String |
错误信息 |
encoded_authorization_message |
String |
加密后的详细拒绝原因,用户可以自行调用STS服务的decode-authorization-message接口进行解密。 |
状态码:401
参数 |
参数类型 |
描述 |
---|---|---|
error_code |
String |
错误码 |
error_msg |
String |
错误信息 |
encoded_authorization_message |
String |
加密后的详细拒绝原因,用户可以自行调用STS服务的decode-authorization-message接口进行解密。 |
状态码:403
参数 |
参数类型 |
描述 |
---|---|---|
error_code |
String |
错误码 |
error_msg |
String |
错误信息 |
encoded_authorization_message |
String |
加密后的详细拒绝原因,用户可以自行调用STS服务的decode-authorization-message接口进行解密。 |
状态码:404
参数 |
参数类型 |
描述 |
---|---|---|
error_code |
String |
错误码 |
error_msg |
String |
错误信息 |
encoded_authorization_message |
String |
加密后的详细拒绝原因,用户可以自行调用STS服务的decode-authorization-message接口进行解密。 |
状态码:500
参数 |
参数类型 |
描述 |
---|---|---|
error_code |
String |
错误码 |
error_msg |
String |
错误信息 |
encoded_authorization_message |
String |
加密后的详细拒绝原因,用户可以自行调用STS服务的decode-authorization-message接口进行解密。 |
请求示例
PUT https://{endpoint}/v2/{project_id}/instances/{instance_id}/namespaces/{namespace_name}/replication/policies/{policy_id} { "name" : "test11", "scope_rules" : [ { "repo_scope_mode" : "regular", "tag_selectors" : [ { "kind" : "doublestar", "decoration" : "matches", "pattern" : "**", "extras" : "{\"untagged\":true}" } ], "scope_selectors" : { "repository" : [ { "kind" : "doublestar", "decoration" : "repoMatches", "pattern" : "**" } ] } } ], "enabled" : true, "trigger" : { "trigger_settings" : { "cron" : "" }, "type" : "manual" }, "signature_method" : "KMS", "signature_algorithm" : "ECDSA_SHA_384", "signature_key" : "668985d5-919d-4c51-9293-eb846c78cbf0" }
响应示例
无
SDK代码示例
SDK代码示例如下。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 |
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.swr.v2.region.SwrRegion; import com.huaweicloud.sdk.swr.v2.*; import com.huaweicloud.sdk.swr.v2.model.*; import java.util.List; import java.util.ArrayList; import java.util.Map; import java.util.HashMap; public class UpdateInstanceSignPolicySolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); String projectId = "{project_id}"; ICredential auth = new BasicCredentials() .withProjectId(projectId) .withAk(ak) .withSk(sk); SwrClient client = SwrClient.newBuilder() .withCredential(auth) .withRegion(SwrRegion.valueOf("<YOUR REGION>")) .build(); UpdateInstanceSignPolicyRequest request = new UpdateInstanceSignPolicyRequest(); request.withInstanceId("{instance_id}"); request.withNamespaceName("{namespace_name}"); request.withPolicyId({policy_id}); UpdateSignaturePolicyRequestBody body = new UpdateSignaturePolicyRequestBody(); List<SignRuleSelector> listScopeSelectorsScopeSelectors = new ArrayList<>(); listScopeSelectorsScopeSelectors.add( new SignRuleSelector() .withKind("doublestar") .withDecoration("repoMatches") .withPattern("**") ); Map<String, List<SignRuleSelector>> listScopeRulesScopeSelectors = new HashMap<>(); listScopeRulesScopeSelectors.put("repository", listScopeSelectorsScopeSelectors); List<SignRuleSelector> listScopeRulesTagSelectors = new ArrayList<>(); listScopeRulesTagSelectors.add( new SignRuleSelector() .withKind("doublestar") .withDecoration("matches") .withPattern("**") .withExtras("{"untagged":true}") ); List<SignScopeRule> listbodyScopeRules = new ArrayList<>(); listbodyScopeRules.add( new SignScopeRule() .withTagSelectors(listScopeRulesTagSelectors) .withScopeSelectors(listScopeRulesScopeSelectors) .withRepoScopeMode("regular") ); TriggerSetting triggerSettingsTrigger = new TriggerSetting(); triggerSettingsTrigger.withCron(""); TriggerConfig triggerbody = new TriggerConfig(); triggerbody.withType("manual") .withTriggerSettings(triggerSettingsTrigger); body.withScopeRules(listbodyScopeRules); body.withTrigger(triggerbody); body.withSignatureKey("668985d5-919d-4c51-9293-eb846c78cbf0"); body.withSignatureAlgorithm(UpdateSignaturePolicyRequestBody.SignatureAlgorithmEnum.fromValue("ECDSA_SHA_384")); body.withSignatureMethod(UpdateSignaturePolicyRequestBody.SignatureMethodEnum.fromValue("KMS")); body.withEnabled(true); body.withName("test11"); request.withBody(body); try { UpdateInstanceSignPolicyResponse response = client.updateInstanceSignPolicy(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } } |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 |
# coding: utf-8 import os from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdkswr.v2.region.swr_region import SwrRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdkswr.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = os.environ["CLOUD_SDK_AK"] sk = os.environ["CLOUD_SDK_SK"] projectId = "{project_id}" credentials = BasicCredentials(ak, sk, projectId) client = SwrClient.new_builder() \ .with_credentials(credentials) \ .with_region(SwrRegion.value_of("<YOUR REGION>")) \ .build() try: request = UpdateInstanceSignPolicyRequest() request.instance_id = "{instance_id}" request.namespace_name = "{namespace_name}" request.policy_id = {policy_id} listScopeSelectorsScopeSelectors = [ SignRuleSelector( kind="doublestar", decoration="repoMatches", pattern="**" ) ] listScopeSelectorsScopeRules = { "repository": listScopeSelectorsScopeSelectors } listTagSelectorsScopeRules = [ SignRuleSelector( kind="doublestar", decoration="matches", pattern="**", extras="{"untagged":true}" ) ] listScopeRulesbody = [ SignScopeRule( tag_selectors=listTagSelectorsScopeRules, scope_selectors=listScopeSelectorsScopeRules, repo_scope_mode="regular" ) ] triggerSettingsTrigger = TriggerSetting( cron="" ) triggerbody = TriggerConfig( type="manual", trigger_settings=triggerSettingsTrigger ) request.body = UpdateSignaturePolicyRequestBody( scope_rules=listScopeRulesbody, trigger=triggerbody, signature_key="668985d5-919d-4c51-9293-eb846c78cbf0", signature_algorithm="ECDSA_SHA_384", signature_method="KMS", enabled=True, name="test11" ) response = client.update_instance_sign_policy(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg) |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 |
package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" swr "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/swr/v2" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/swr/v2/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/swr/v2/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") projectId := "{project_id}" auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). WithProjectId(projectId). Build() client := swr.NewSwrClient( swr.SwrClientBuilder(). WithRegion(region.ValueOf("<YOUR REGION>")). WithCredential(auth). Build()) request := &model.UpdateInstanceSignPolicyRequest{} request.InstanceId = "{instance_id}" request.NamespaceName = "{namespace_name}" request.PolicyId = int32({policy_id}) var listScopeSelectorsScopeSelectors = []model.SignRuleSelector{ { Kind: "doublestar", Decoration: "repoMatches", Pattern: "**", }, } var listScopeSelectorsScopeRules = map[string][](model.SignRuleSelector){ "repository": listScopeSelectorsScopeSelectors, } extrasTagSelectors:= "{"untagged":true}" var listTagSelectorsScopeRules = []model.SignRuleSelector{ { Kind: "doublestar", Decoration: "matches", Pattern: "**", Extras: &extrasTagSelectors, }, } var listScopeRulesbody = []model.SignScopeRule{ { TagSelectors: listTagSelectorsScopeRules, ScopeSelectors: listScopeSelectorsScopeRules, RepoScopeMode: "regular", }, } cronTriggerSettings:= "" triggerSettingsTrigger := &model.TriggerSetting{ Cron: &cronTriggerSettings, } triggerbody := &model.TriggerConfig{ Type: "manual", TriggerSettings: triggerSettingsTrigger, } request.Body = &model.UpdateSignaturePolicyRequestBody{ ScopeRules: listScopeRulesbody, Trigger: triggerbody, SignatureKey: "668985d5-919d-4c51-9293-eb846c78cbf0", SignatureAlgorithm: model.GetUpdateSignaturePolicyRequestBodySignatureAlgorithmEnum().ECDSA_SHA_384, SignatureMethod: model.GetUpdateSignaturePolicyRequestBodySignatureMethodEnum().KMS, Enabled: true, Name: "test11", } response, err := client.UpdateInstanceSignPolicy(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } } |
更多编程语言的SDK代码示例,请参见API Explorer的代码示例页签,可生成自动对应的SDK代码示例。
状态码
状态码 |
描述 |
---|---|
200 |
成功更新策略信息 |
400 |
错误的请求 |
401 |
鉴权失败 |
403 |
禁止访问 |
404 |
未找到资源 |
500 |
内部错误 |
错误码
请参见错误码。