Managing ModelArts Authorization
This section describes how to manage agency authorization by calling ModelArts APIs.
Overview
The process of managing ModelArts authorization is as follows:
- Call the API for authentication to obtain a user token, which will be added in a request header for authentication.
- Call the API for creating a ModelArts agency to create an agency for ModelArts-dependent services, such as OBS and SWR.
- Call the API for configuring authorization to configure ModelArts authorization. The administrator can use this API to set an agency for IAM users and set the access key of the current user.
ModelArts functions, such as data management, training management, development environment, and real-time services, can be used only after being authorized.
- Call the API for obtaining the authorization list to view the authorization.
- Call the API for deleting authorization to delete the authorization of a specified user or all users.
Prerequisites
- You have obtained the IAM endpoint and ModelArts endpoint.
- The following information is available: region where ModelArts is deployed, project name and ID, account name and ID, and username and ID.
Procedure
- Call the API for authentication to obtain a user token.
- Request body:
URI: POST https://{iam_endpoint}/v3/auth/tokens
Request header: Content-Type →application/json
Request body:{ "auth": { "identity": { "methods": ["password"], "password": { "user": { "name": "user_name", "password": "user_password", "domain": { "name": "domain_name" } } } }, "scope": { "project": { "name": "ap-southeast-1" } } } }
Set the italic parameters based on site requirements.- iam_endpoint: IAM endpoint
- user_name: IAM username
- user_password: Login password of the user
- domain_name: Account to which the user belongs
- ap-southeast-1: Project name, which is the region where ModelArts is deployed
- Status code 201 Created is returned. The X-Subject-Token value in the response header is the token.
x-subject-token → MIIZmgYJKoZIhvcNAQcCoIIZizCCGYcCAQExDTALBglghkgBZQMEAgEwgXXXXXX...
- Request body:
- Call the API for creating a ModelArts agency to create an agency for ModelArts-dependent services, such as OBS, SWR, and IEF.
- Request body:
URI: POST https://{endpoint}/v2/{project_id}/agency
Request header:- X-auth-Token →MIIZmgYJKoZIhvcNAQcCoIIZizCCGYcCAQExDTALBglghkgBZQMEAgEwgXXXXXX...
- Content-Type →application/json
Request body:
{ "agency_name_suffix" : "iam-user01" }
Set the italic parameters based on site requirements.- endpoint: ModelArts endpoint
- project_id: Your project ID
- X-auth-Token: Token obtained in the previous step
- agency_name_suffix: Customized suffix of the agency name
- Response body with status code 200 OK returned (indicating that ma_agency_iam-user01 has been created):
{ "agency_name": "ma_agency_iam-user01" }
- Request body:
- Call the API for configuring authorization to configure ModelArts authorization. The administrator can use this API to set an agency for IAM users and set the access key of the current user.
- Request body:
URI: POST https://{endpoint}/v2/{project_id}/authorizations
Request header:- X-auth-Token →MIIZmgYJKoZIhvcNAQcCoIIZizCCGYcCAQExDTALBglghkgBZQMEAgEwgXXXXXX...
- Content-Type →application/json
Request body:{ "user_id": "****af917080f5d21f55c018ba19****", "type": "agency", "content": "ma_agency_iam-user01" }
Set the italic parameters based on site requirements. Set user_id to the IAM user ID and content to the ModelArts agency created in the previous step.
- Response body with status code 200 OK returned (indicating that the authorization configuration is complete):
{ "result": true }
- Request body:
- Call the API for obtaining the authorization list to view the authorization.
- Request body:
URI: GET https://{endpoint}/v2/{project_id}/authorizations
Request header: X-auth-Token →MIIZmgYJKoZIhvcNAQcCoIIZizCCGYcCAQExDTALBglghkgBZQMEAgEwgXXXXXX...
Set the italic parameters based on site requirements.
- Response body with status code 200 OK returned:
{ "auth": [ { "create_time": 1622804433221, "user_id": "all-users", "user_name": "all-users", "type": "agency", "content": "modelarts_agency" }, { "create_time": 1625457065365, "user_id": "****af917080f5d21f55c018ba19****", "user_name": null, "type": "agency", "content": "ma_agency_iam-user01" } ], "total_count": 2 }
Obtain the authorization information based on the response.
- Request body:
- Call the API for deleting authorization to delete the authorization of a specified user or all users.
- Request body:
URI: DELETE https://{endpoint}/v2/{project_id}/authorizations?user_id=****d80fb058844ae8b82aa66d9fe****
Request header: X-auth-Token →MIIZmgYJKoZIhvcNAQcCoIIZizCCGYcCAQExDTALBglghkgBZQMEAgEwgXXXXXX...
Set the italic parameters based on site requirements. Set ****d80fb058844ae8b82aa66d9fe**** to the IAM user ID of the specified user.
- Response body with status code 200 OK returned (indicating that the authorization has been deleted):
{ "result": true }
- If **user_id** is set to **all-users**, the authorization of all IAM users will be deleted. Response body with status code 200 OK returned (indicating that the authorization has been deleted):
{ "result": true, "success_message": "Delete all-users auth info successfully!" }
- Request body:
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot