Agencies
KooGallery sends an authorization request to you when you use a service listed in Table 1. Once you agree, you authorize KooGallery to provide you with the service as a delegatee. If the policy of an agency is updated, KooGallery will request authorization again when you use the related service. For details about the agency policies, see Agency Policy Permission Details.
Do not modify KooGallery agencies and their policies, or reuse their policies on other agencies. Otherwise, the services will be affected.
Delegator |
Scenario |
Service |
Agency |
Delegatee |
Agency Policy |
---|---|---|---|---|---|
Product use |
Quick image provisioning |
mkp_agency_trust |
KooGallery system account |
||
mkp_rfs_agency_trust |
Resource Formation Service (RFS) |
||||
Image deployment via templates |
mkp_agency_trust |
KooGallery system account |
KooGallery no longer uses the mkp_ims_trust, mkp_admin_trust, mkp_rf_admin_trust, and mkp_obs_trust agencies. If you have created these agencies, delete them by referring to Canceling Agency Authorization.
Agency Policy Permission Details
- mkp_deployment_policy
{ "Version": "1.1", "Statement": [ { "Effect": "Allow", "Action": [ "kms:cmk:create", "kms:cmk:get", "kms:dek:create" ] }, { "Effect": "Allow", "Action": [ "rf:stack:listStacks", "rf:stack:listStackResources", "rf:stack:listStackOutputs", "rf:stack:createStack", "rf:stack:getStackMetadata", "rf:stack:updateStack" ] } ] }
- mkp_rfs_deployment_policy
{ "Version": "1.1", "Statement": [ { "Effect": "Allow", "Action": [ "kms:cmk:get", "kms:dek:decrypt" ] }, { "Effect": "Allow", "Action": [ "ecs:diskConfigs:use", "ecs:servers:create", "ecs:cloudServers:showServer", "ecs:cloudServers:get", "ecs:serverInterfaces:get", "ecs:serverKeypairs:get", "ecs:flavors:get", "ecs:serverVolumes:use", "ecs:cloudServers:createServers", "ecs:cloudServers:create", "ecs:cloudServers:deleteServers", "ecs:cloudServers:delete", "ecs:servers:get", "ecs:serverInterfaces:use", "ecs:securityGroups:use" ] }, { "Effect": "Allow", "Action": [ "evs:volumes:list", "evs:volumes:create", "evs:volumes:manage", "evs:backups:get", "evs:volumes:attach", "evs:volumes:get", "evs:snapshots:get" ] }, { "Effect": "Allow", "Action": [ "ims:images:get", "ims:images:list" ] }, { "Effect": "Allow", "Action": [ "vpc:securityGroups:create", "vpc:subnets:update", "vpc:routers:update", "vpc:networks:get", "vpc:ports:get", "vpc:ports:update", "vpc:ports:create", "vpc:securityGroupRules:get", "vpc:subnets:create", "vpc:subnets:get", "vpc:securityGroups:update", "vpc:routers:get", "vpc:securityGroups:get", "vpc:networks:create", "vpc:networks:update" ] } ] }
Canceling Agency Authorization
You can cancel authorization by deleting an agency. To do so, point to your account name in the upper right corner of Huawei Cloud console, select Identity and Access Management from the drop-down list, and choose Agencies in the navigation pane. Deleting an agency will instantly invalidate the corresponding service.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot