更新时间:2024-09-09 GMT+08:00
分享

授权项变更公告

公告说明

自2024年9月起,当用户使用以下API的自定义策略授权时,用户需创建或更新自定义策略才可访问。

权限描述

对应的API

新增授权项

依赖授权项

IAM项目(Project)

企业项目(Enterprise Project)

获取SSL证书列表

GET /v2/{project_id}/apigw/certificates

apig:certificate:list

-

创建SSL证书

POST /v2/{project_id}/apigw/certificates

apig:certificate:create

apig:instances:get

请求参数中携带instance_id时支持,否则不支持

删除SSL证书

DELETE /v2/{project_id}/apigw/certificates/{certificate_id}

apig:certificate:delete

-

×

查看证书详情

GET /v2/{project_id}/apigw/certificates/{certificate_id}

apig:certificate:get

-

×

修改SSL证书

PUT /v2/{project_id}/apigw/certificates/{certificate_id}

apig:certificate:update

apig:instances:get

请求参数中携带instance_id时支持,否则不支持

获取SSL证书已绑定域名列表

GET /v2/{project_id}/apigw/certificates/{certificate_id}/attached-domains

apig:certificate:listBoundDomain

-

×

SSL证书绑定域名

POST /v2/{project_id}/apigw/certificates/{certificate_id}/domains/attach

apig:certificate:batchBindDomain

apig:certificate:get

apig:groups:get

×

SSL证书解绑域名

POST /v2/{project_id}/apigw/certificates/{certificate_id}/domains/detach

apig:certificate:batchUnbindDomain

apig:certificate:get

apig:groups:get

×

查询实例终端节点连接列表

GET /v2/{project_id}/apigw/instances/{instance_id}/vpc-endpoint/connections

apig:instance:listVpcEndpoint

apig:instances:get

接受或拒绝终端节点连接

POST /v2/{project_id}/apigw/instances/{instance_id}/vpc-endpoint/connections/action

apig:instance:acceptOrRejectVpcEndpointConnection

apig:instances:get

查询实例的终端节点服务的白名单列表

GET /v2/{project_id}/apigw/instances/{instance_id}/vpc-endpoint/permissions

apig:instance:listVpcEndpointPermission

apig:instances:get

批量添加实例终端节点连接白名单

POST/v2/{project_id}/apigw/instances/{instance_id}/vpc-endpoint/permissions/batch-add

apig:instance:batchAddVpcEndpointPermission

apig:instances:get

批量删除实例终端节点连接白名单

POST/v2/{project_id}/apigw/instances/{instance_id}/vpc-endpoint/permissions/batch-delete

apig:instance:batchDeleteVpcEndpointPermission

apig:instances:get

创建参数编排规则

POST /v2/{project_id}/apigw/instances/{instance_id}/orchestration

apig:orchestration:create

apig:instances:get

查看编排规则列表

GET /v2/{project_id}/apigw/instances/{instance_id}/orchestration

apig:orchestration:list

apig:instances:get

查询编排规则详情

GET /v2/{project_id}/apigw/instances/{instance_id}/orchestrations/{orchestration_id}

apig:orchestration:get

apig:instances:get

更新编排规则

PUT /v2/{project_id}/apigw/instances/{instance_id}/orchestrations/{orchestration_id}

apig:orchestration:update

apig:instances:get

删除编排规则

DELETE /v2/{project_id}/apigw/instances/{instance_id}/orchestrations/{orchestration_id}

apig:orchestration:delete

apig:instances:get

查询编排规则绑定的API

GET /v2/{project_id}/apigw/instances/{instance_id}/orchestrations/{orchestration_id}/attached-apis

apig:orchestration:listBoundApis

apig:instances:get

范围

全部Region。

影响

自定义策略中未包含以上新增的授权项时,用户无权访问以上API。

适配方案

创建或更新自定义策略,添加以上新增的授权项以及依赖授权项,并通过给用户组授予自定义策略来进行精细的访问控制。自定义策略请参考API网关自定义策略

相关文档