Compute
Elastic Cloud Server
Huawei Cloud Flexus
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
FunctionGraph
Cloud Phone Host
Huawei Cloud EulerOS
Networking
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
VPC Endpoint
Cloud Connect
Enterprise Router
Enterprise Switch
Global Accelerator
Management & Governance
Cloud Eye
Identity and Access Management
Cloud Trace Service
Resource Formation Service
Tag Management Service
Log Tank Service
Config
OneAccess
Resource Access Manager
Simple Message Notification
Application Performance Management
Application Operations Management
Organizations
Optimization Advisor
IAM Identity Center
Cloud Operations Center
Resource Governance Center
Migration
Server Migration Service
Object Storage Migration Service
Cloud Data Migration
Migration Center
Cloud Ecosystem
KooGallery
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP Filing
Support Plans
My Credentials
Customer Operation Capabilities
Partner Support Plans
Professional Services
Analytics
MapReduce Service
Data Lake Insight
CloudTable Service
Cloud Search Service
Data Lake Visualization
Data Ingestion Service
GaussDB(DWS)
DataArts Studio
Data Lake Factory
DataArts Lake Formation
IoT
IoT Device Access
Others
Product Pricing Details
System Permissions
Console Quick Start
Common FAQs
Instructions for Associating with a HUAWEI CLOUD Partner
Message Center
Security & Compliance
Security Technologies and Applications
Web Application Firewall
Host Security Service
Cloud Firewall
SecMaster
Anti-DDoS Service
Data Encryption Workshop
Database Security Service
Cloud Bastion Host
Data Security Center
Cloud Certificate Manager
Edge Security
Managed Threat Detection
Blockchain
Blockchain Service
Web3 Node Engine Service
Media Services
Media Processing Center
Video On Demand
Live
SparkRTC
MetaStudio
Storage
Object Storage Service
Elastic Volume Service
Cloud Backup and Recovery
Storage Disaster Recovery Service
Scalable File Service Turbo
Scalable File Service
Volume Backup Service
Cloud Server Backup Service
Data Express Service
Dedicated Distributed Storage Service
Containers
Cloud Container Engine
SoftWare Repository for Container
Application Service Mesh
Ubiquitous Cloud Native Service
Cloud Container Instance
Databases
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GeminiDB
GaussDB
Distributed Database Middleware
Database and Application Migration UGO
TaurusDB
Middleware
Distributed Cache Service
API Gateway
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Multi-Site High Availability Service
EventGrid
Dedicated Cloud
Dedicated Computing Cluster
Business Applications
Workspace
ROMA Connect
Message & SMS
Domain Name Service
Edge Data Center Management
Meeting
AI
Face Recognition Service
Graph Engine Service
Content Moderation
Image Recognition
Optical Character Recognition
ModelArts
ImageSearch
Conversational Bot Service
Speech Interaction Service
Huawei HiLens
Video Intelligent Analysis Service
Developer Tools
SDK Developer Guide
API Request Signing Guide
Terraform
Koo Command Line Interface
Content Delivery & Edge Computing
Content Delivery Network
Intelligent EdgeFabric
CloudPond
Intelligent EdgeCloud
Solutions
SAP Cloud
High Performance Computing
Developer Services
ServiceStage
CodeArts
CodeArts PerfTest
CodeArts Req
CodeArts Pipeline
CodeArts Build
CodeArts Deploy
CodeArts Artifact
CodeArts TestPlan
CodeArts Check
CodeArts Repo
Cloud Application Engine
MacroVerse aPaaS
KooMessage
KooPhone
KooDrive
Help Center/ VPC Endpoint/ API Reference/ API/ VPC Endpoints/ Modifying the Policy of a Gateway VPC Endpoint

Modifying the Policy of a Gateway VPC Endpoint

Function

This API is used to modify the policy of a VPC endpoint.

Calling Method

For details, see Calling APIs.

URI

PUT /v1/{project_id}/vpc-endpoints/{vpc_endpoint_id}/policy

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Specifies the project ID.

Minimum: 1

Maximum: 64

vpc_endpoint_id

Yes

String

Specifies the ID of the VPC endpoint.

Minimum: 1

Maximum: 64

Request Parameters

Table 2 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

Specifies the user token. It can be obtained by calling the IAM API. The value of X-Subject-Token in the response header is the user token.

Content-Type

No

String

Specifies the MIME type of the request body. Default value application/json is recommended. For APIs used to upload objects or images, the MIME type varies depending on the flow type.

Default: application/json

Table 3 Request body parameters

Parameter

Mandatory

Type

Description

policy_statement

No

Array of PolicyStatement objects

Only gateway VPC endpoints with both ends fixed are involved.

policy_document

No

Object

Specifies the IAM 5.0 policies.

Array Length: 0 - 20480

Table 4 PolicyStatement

Parameter

Mandatory

Type

Description

Effect

Yes

String

  • Allow indicates that the VPC endpoint policy can be modified.

  • Deny indicates that the VPC endpoint policy cannot be modified.

Action

Yes

Array of strings

Specifies OBS access permissions.

Resource

Yes

Array of strings

Specifies the OBS object.

Response Parameters

Status code: 200

Table 5 Response body parameters

Parameter

Type

Description

id

String

Specifies the unique ID of the VPC endpoint.

Minimum: 1

Maximum: 64

service_type

String

Specifies the type of the VPC endpoint service that the VPC endpoint is used to connect to.

  • gateway: indicates VPC endpoint services that are configured by the O&M personnel. You can directly use them.

  • interface: indicates cloud services configured by the O&M personnel and private services created by yourselves. You cannot configure these cloud services, but can use them. You can query the public VPC endpoint services to view the VPC endpoint services that are visible and accessible to all users and are configured by the O&M personnel. You can create interface VPC endpoint services.

status

String

Specifies the VPC endpoint status.

  • pendingAcceptance: The VPC endpoint is to be accepted.

  • creating: The VPC endpoint is being created.

  • accepted: The VPC endpoint has been accepted.

  • rejected: The VPC endpoint has been rejected.

  • failed: The VPC endpoint service failed to be created.

  • deleting: The VPC endpoint service is being deleted.

active_status

Array of strings

Specifies the account status.

  • frozen: The account is frozen.

  • active: The account is unfrozen.

endpoint_service_name

String

Specifies the name of a VPC endpoint service.

marker_id

Integer

Specifies the packet ID of the VPC endpoint.

endpoint_service_id

String

Specifies the ID of the VPC endpoint service.

Minimum: 1

Maximum: 64

ip

String

Specifies the IP address for accessing the associated VPC endpoint service. This parameter is returned only under the following conditions:

  • You query a VPC endpoint for accessing an interface VPC endpoint service.

  • Connection approval has been enabled for the VPC endpoint service, and the connection has been approved. status of the VPC endpoint can be accepted or rejected. The rejected status only appears when the VPC endpoint is accepted and then rejected.

Minimum: 1

Maximum: 64

vpc_id

String

Specifies the ID of the VPC where the VPC endpoint is to be created.

Minimum: 1

Maximum: 64

created_at

String

Specifies when the VPC endpoint was created. The UTC time format YYYY-MM-DDTHH:MM:SSZ is used.

updated_at

String

Specifies the update time of the VPC endpoint. The UTC time format YYYY-MM-DDTHH:MM:SSZ is used.

project_id

String

Specifies the project ID. For details about how to obtain the project ID, see Obtaining a Project ID.

Minimum: 1

Maximum: 64

tags

Array of TagList objects

Specifies the list of queried tags. If no tag is matched, an empty array is returned.

error

Array of QueryError objects

Specifies the error message. This field is returned when the VPC endpoint is abnormal, that is, the value of status is failed.

whitelist

Array of strings

Specifies the whitelist for controlling access to the VPC endpoint. If you do not specify this parameter, an empty whitelist will be returned. This parameter is available only when you create a VPC endpoint for connecting to an interface VPC endpoint service.

Minimum: 0

Maximum: 32

enable_whitelist

Boolean

Specifies whether access control is enabled.

  • true: Access control is enabled.

  • false: Access control is disabled. If you do not specify this parameter, false will be returned. This parameter is available only when you create a VPC endpoint for connecting to an interface VPC endpoint service.

routetables

Array of strings

Specifies the route table ID list. If this parameter is not specified, the ID of the default route table of the VPC is returned. This parameter is available when you create a VPC endpoint for connecting to a gateway VPC endpoint service.

Minimum: 0

Maximum: 64

description

String

Specifies the description field. The value can contain characters such as letters and digits, but cannot contain less than signs (<) nor great than signs (>).

Minimum: 0

Maximum: 512

policy_statement

Array of PolicyStatement objects

Specifies the policy of the gateway VPC endpoint. This parameter is only available when enable_policy of the VPC endpoint services for OBS and SFS is set to true.

Array Length: 0 - 10

policy_document

Object

Specifies the IAM 5.0 policies.

Array Length: 0 - 20480

endpoint_pool_id

String

(To be discarded) Specifies the ID of the cluster associated with the VPC endpoint.

Minimum: 1

Maximum: 64

public_border_group

String

Specifies the information about the public border group associated with the VPC endpoint. This parameter is returned only when the VPC endpoint is associated with an edge pool.

Table 6 TagList

Parameter

Type

Description

key

String

Specifies the tag key. A tag key contains a maximum of 36 Unicode characters. It cannot be left blank. It cannot contain equal signs (=), asterisks (*), less than signs (<), greater than signs (>), backslashes (), commas (,), vertical bars (|), and slashes (/), and the first and last characters cannot be spaces.

Minimum: 1

Maximum: 128

value

String

Specifies the tag key. A tag value contains a maximum of 43 Unicode characters and can be an empty string. It cannot contain equal signs (=), asterisks (*), less than signs(<), greater than signs (>), backslashes (), commas (,), vertical bars (|), and slashes (/), and the first and last characters cannot be spaces.

Maximum: 255

Table 7 QueryError

Parameter

Type

Description

error_code

String

Error code.

Minimum: 0

Maximum: 10

error_message

String

Error message.

Minimum: 0

Maximum: 1024

Table 8 PolicyStatement

Parameter

Type

Description

Effect

String

  • Allow indicates that the VPC endpoint policy can be modified.

  • Deny indicates that the VPC endpoint policy cannot be modified.

Action

Array of strings

Specifies OBS access permissions.

Resource

Array of strings

Specifies the OBS object.

Example Requests

  • Modifying the policy of a gateway VPC endpoint (Setting Action to obs::, Resource to obs::::/* and obs::::, and Effect to** Allow**)

    PUT https://{endpoint}/v1/{project_id}/vpc-endpoints/938c8167-631e-40a4-99f9-493753fbd16b/policy
    
    {
      "policy_statement" : [ {
        "Action" : [ "obs:*:*" ],
        "Resource" : [ "obs:*:*:*:*/*", "obs:*:*:*:*" ],
        "Effect" : "Allow"
      } ]
    }
  • Modifying the policy of a VPC endpoint

    PUT https://{endpoint}/v1/{project_id}/vpc-endpoints/2af6c328-057a-4146-882b-6828e270e594/policy
    
    {
      "policy_document" : {
        "Version" : "5.0",
        "Statement" : [ {
          "Effect" : "Allow",
          "Principal" : "*",
          "Action" : [ "*" ],
          "Resource" : [ "*" ]
        } ]
      }
    }

Example Responses

Status code: 200

The server has successfully processed the request.

  • {
      "id" : "938c8167-631e-40a4-99f9-493753fbd16b",
      "status" : "accepted",
      "tags" : [ ],
      "marker_id" : 302035929,
      "active_status" : [ "active" ],
      "vpc_id" : "0da03835-1dcf-4361-9b87-34139d58dd59",
      "service_type" : "gateway",
      "project_id" : "0605767a3300d5762fb7c0186d9e1779",
      "routetables" : [ "99477d3b-87f6-49d2-8f3b-2ffc72731a38" ],
      "created_at" : "2022-08-03T03:03:54Z",
      "updated_at" : "2022-08-03T03:03:57Z",
      "endpoint_service_id" : "4651bc78-5cec-41b7-b448-f77326ebbed0",
      "endpoint_service_name" : "br-abc-aaa1.obs_test.4651bc78-5cec-41b7-b448-f77326ebbed0",
      "policy_statement" : [ {
        "Action" : [ "obs:*:*" ],
        "Resource" : [ "obs:*:*:*:*/*", "obs:*:*:*:*" ],
        "Effect" : "Allow"
      } ],
      "description" : "",
      "endpoint_pool_id" : "b0ad6a4f-55c0-43f1-a26d-278639661fc2"
    }
  • {
      "id" : "2af6c328-057a-4146-882b-6828e270e594",
      "status" : "accepted",
      "tags" : [ ],
      "marker_id" : 335620220,
      "active_status" : [ "active" ],
      "vpc_id" : "a8494c3b-5dc9-46a4-8ca1-17a54f588d17",
      "service_type" : "interface",
      "project_id" : "0df9cbd6cf00f37***0c64b5af21",
      "created_at" : "2022-08-03T03:03:54Z",
      "updated_at" : "2022-08-03T03:03:57Z",
      "endpoint_service_id" : "925b47bd-ffef-4abe-a450-d997f4f4e2be",
      "endpoint_service_name" : "com.myhuaweicloud.cn-southwest-2.swr",
      "policy_document" : {
        "Version" : "5.0",
        "Statement" : [ {
          "Effect" : "Allow",
          "Principal" : "*",
          "Action" : [ "*" ],
          "Resource" : [ "*" ]
        } ]
      },
      "description" : "",
      "endpoint_pool_id" : "15027791-b2b5-4b12-8e01-8dec1b576bf1"
    }

SDK Sample Code

The SDK sample code is as follows.

  • Modifying the policy of a gateway VPC endpoint (Setting Action to obs::, Resource to obs::::/* and obs::::, and Effect to** Allow**)

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    package com.huaweicloud.sdk.test;
    
    import com.huaweicloud.sdk.core.auth.ICredential;
    import com.huaweicloud.sdk.core.auth.BasicCredentials;
    import com.huaweicloud.sdk.core.exception.ConnectionException;
    import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
    import com.huaweicloud.sdk.core.exception.ServiceResponseException;
    import com.huaweicloud.sdk.vpcep.v1.region.VpcepRegion;
    import com.huaweicloud.sdk.vpcep.v1.*;
    import com.huaweicloud.sdk.vpcep.v1.model.*;
    
    import java.util.List;
    import java.util.ArrayList;
    
    public class UpdateEndpointPolicySolution {
    
        public static void main(String[] args) {
            // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
            // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
            String ak = System.getenv("CLOUD_SDK_AK");
            String sk = System.getenv("CLOUD_SDK_SK");
    
            ICredential auth = new BasicCredentials()
                    .withAk(ak)
                    .withSk(sk);
    
            VpcepClient client = VpcepClient.newBuilder()
                    .withCredential(auth)
                    .withRegion(VpcepRegion.valueOf("<YOUR REGION>"))
                    .build();
            UpdateEndpointPolicyRequest request = new UpdateEndpointPolicyRequest();
            UpdateEndpointPolicyRequestBody body = new UpdateEndpointPolicyRequestBody();
            List<String> listPolicyStatementResource = new ArrayList<>();
            listPolicyStatementResource.add("obs:*:*:*:*/*");
            listPolicyStatementResource.add("obs:*:*:*:*");
            List<String> listPolicyStatementAction = new ArrayList<>();
            listPolicyStatementAction.add("obs:*:*");
            List<PolicyStatement> listbodyPolicyStatement = new ArrayList<>();
            listbodyPolicyStatement.add(
                new PolicyStatement()
                    .withEffect(PolicyStatement.EffectEnum.fromValue("Allow"))
                    .withAction(listPolicyStatementAction)
                    .withResource(listPolicyStatementResource)
            );
            body.withPolicyStatement(listbodyPolicyStatement);
            request.withBody(body);
            try {
                UpdateEndpointPolicyResponse response = client.updateEndpointPolicy(request);
                System.out.println(response.toString());
            } catch (ConnectionException e) {
                e.printStackTrace();
            } catch (RequestTimeoutException e) {
                e.printStackTrace();
            } catch (ServiceResponseException e) {
                e.printStackTrace();
                System.out.println(e.getHttpStatusCode());
                System.out.println(e.getRequestId());
                System.out.println(e.getErrorCode());
                System.out.println(e.getErrorMsg());
            }
        }
    }
    
  • Modifying the policy of a VPC endpoint

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    package com.huaweicloud.sdk.test;
    
    import com.huaweicloud.sdk.core.auth.ICredential;
    import com.huaweicloud.sdk.core.auth.BasicCredentials;
    import com.huaweicloud.sdk.core.exception.ConnectionException;
    import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
    import com.huaweicloud.sdk.core.exception.ServiceResponseException;
    import com.huaweicloud.sdk.vpcep.v1.region.VpcepRegion;
    import com.huaweicloud.sdk.vpcep.v1.*;
    import com.huaweicloud.sdk.vpcep.v1.model.*;
    
    
    public class UpdateEndpointPolicySolution {
    
        public static void main(String[] args) {
            // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
            // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
            String ak = System.getenv("CLOUD_SDK_AK");
            String sk = System.getenv("CLOUD_SDK_SK");
    
            ICredential auth = new BasicCredentials()
                    .withAk(ak)
                    .withSk(sk);
    
            VpcepClient client = VpcepClient.newBuilder()
                    .withCredential(auth)
                    .withRegion(VpcepRegion.valueOf("<YOUR REGION>"))
                    .build();
            UpdateEndpointPolicyRequest request = new UpdateEndpointPolicyRequest();
            UpdateEndpointPolicyRequestBody body = new UpdateEndpointPolicyRequestBody();
            body.withPolicyDocument("{\"Version\":\"5.0\",\"Statement\":[{\"Action\":[\"*\"],\"Resource\":[\"*\"],\"Effect\":\"Allow\",\"Principal\":\"*\"}]}");
            request.withBody(body);
            try {
                UpdateEndpointPolicyResponse response = client.updateEndpointPolicy(request);
                System.out.println(response.toString());
            } catch (ConnectionException e) {
                e.printStackTrace();
            } catch (RequestTimeoutException e) {
                e.printStackTrace();
            } catch (ServiceResponseException e) {
                e.printStackTrace();
                System.out.println(e.getHttpStatusCode());
                System.out.println(e.getRequestId());
                System.out.println(e.getErrorCode());
                System.out.println(e.getErrorMsg());
            }
        }
    }
    
  • Modifying the policy of a gateway VPC endpoint (Setting Action to obs::, Resource to obs::::/* and obs::::, and Effect to** Allow**)

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    # coding: utf-8
    
    import os
    from huaweicloudsdkcore.auth.credentials import BasicCredentials
    from huaweicloudsdkvpcep.v1.region.vpcep_region import VpcepRegion
    from huaweicloudsdkcore.exceptions import exceptions
    from huaweicloudsdkvpcep.v1 import *
    
    if __name__ == "__main__":
        # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        ak = os.environ["CLOUD_SDK_AK"]
        sk = os.environ["CLOUD_SDK_SK"]
    
        credentials = BasicCredentials(ak, sk)
    
        client = VpcepClient.new_builder() \
            .with_credentials(credentials) \
            .with_region(VpcepRegion.value_of("<YOUR REGION>")) \
            .build()
    
        try:
            request = UpdateEndpointPolicyRequest()
            listResourcePolicyStatement = [
                "obs:*:*:*:*/*",
                "obs:*:*:*:*"
            ]
            listActionPolicyStatement = [
                "obs:*:*"
            ]
            listPolicyStatementbody = [
                PolicyStatement(
                    effect="Allow",
                    action=listActionPolicyStatement,
                    resource=listResourcePolicyStatement
                )
            ]
            request.body = UpdateEndpointPolicyRequestBody(
                policy_statement=listPolicyStatementbody
            )
            response = client.update_endpoint_policy(request)
            print(response)
        except exceptions.ClientRequestException as e:
            print(e.status_code)
            print(e.request_id)
            print(e.error_code)
            print(e.error_msg)
    
  • Modifying the policy of a VPC endpoint

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    # coding: utf-8
    
    import os
    from huaweicloudsdkcore.auth.credentials import BasicCredentials
    from huaweicloudsdkvpcep.v1.region.vpcep_region import VpcepRegion
    from huaweicloudsdkcore.exceptions import exceptions
    from huaweicloudsdkvpcep.v1 import *
    
    if __name__ == "__main__":
        # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        ak = os.environ["CLOUD_SDK_AK"]
        sk = os.environ["CLOUD_SDK_SK"]
    
        credentials = BasicCredentials(ak, sk)
    
        client = VpcepClient.new_builder() \
            .with_credentials(credentials) \
            .with_region(VpcepRegion.value_of("<YOUR REGION>")) \
            .build()
    
        try:
            request = UpdateEndpointPolicyRequest()
            request.body = UpdateEndpointPolicyRequestBody(
                policy_document="{\"Version\":\"5.0\",\"Statement\":[{\"Action\":[\"*\"],\"Resource\":[\"*\"],\"Effect\":\"Allow\",\"Principal\":\"*\"}]}"
            )
            response = client.update_endpoint_policy(request)
            print(response)
        except exceptions.ClientRequestException as e:
            print(e.status_code)
            print(e.request_id)
            print(e.error_code)
            print(e.error_msg)
    
  • Modifying the policy of a gateway VPC endpoint (Setting Action to obs::, Resource to obs::::/* and obs::::, and Effect to** Allow**)

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    package main
    
    import (
    	"fmt"
    	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
        vpcep "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpcep/v1"
    	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpcep/v1/model"
        region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpcep/v1/region"
    )
    
    func main() {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        ak := os.Getenv("CLOUD_SDK_AK")
        sk := os.Getenv("CLOUD_SDK_SK")
    
        auth := basic.NewCredentialsBuilder().
            WithAk(ak).
            WithSk(sk).
            Build()
    
        client := vpcep.NewVpcepClient(
            vpcep.VpcepClientBuilder().
                WithRegion(region.ValueOf("<YOUR REGION>")).
                WithCredential(auth).
                Build())
    
        request := &model.UpdateEndpointPolicyRequest{}
    	var listResourcePolicyStatement = []string{
            "obs:*:*:*:*/*",
    	    "obs:*:*:*:*",
        }
    	var listActionPolicyStatement = []string{
            "obs:*:*",
        }
    	var listPolicyStatementbody = []model.PolicyStatement{
            {
                Effect: model.GetPolicyStatementEffectEnum().ALLOW,
                Action: listActionPolicyStatement,
                Resource: listResourcePolicyStatement,
            },
        }
    	request.Body = &model.UpdateEndpointPolicyRequestBody{
    		PolicyStatement: &listPolicyStatementbody,
    	}
    	response, err := client.UpdateEndpointPolicy(request)
    	if err == nil {
            fmt.Printf("%+v\n", response)
        } else {
            fmt.Println(err)
        }
    }
    
  • Modifying the policy of a VPC endpoint

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    package main
    
    import (
    	"fmt"
    	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
        vpcep "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpcep/v1"
    	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpcep/v1/model"
        region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpcep/v1/region"
    )
    
    func main() {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        ak := os.Getenv("CLOUD_SDK_AK")
        sk := os.Getenv("CLOUD_SDK_SK")
    
        auth := basic.NewCredentialsBuilder().
            WithAk(ak).
            WithSk(sk).
            Build()
    
        client := vpcep.NewVpcepClient(
            vpcep.VpcepClientBuilder().
                WithRegion(region.ValueOf("<YOUR REGION>")).
                WithCredential(auth).
                Build())
    
        request := &model.UpdateEndpointPolicyRequest{}
    	var policyDocumentUpdateEndpointPolicyRequestBody interface{} = "{\"Version\":\"5.0\",\"Statement\":[{\"Action\":[\"*\"],\"Resource\":[\"*\"],\"Effect\":\"Allow\",\"Principal\":\"*\"}]}"
    	request.Body = &model.UpdateEndpointPolicyRequestBody{
    		PolicyDocument: &policyDocumentUpdateEndpointPolicyRequestBody,
    	}
    	response, err := client.UpdateEndpointPolicy(request)
    	if err == nil {
            fmt.Printf("%+v\n", response)
        } else {
            fmt.Println(err)
        }
    }
    

For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.

  • Modifying the policy of a gateway VPC endpoint (Setting Action to obs::, Resource to obs::::/* and obs::::, and Effect to** Allow**)

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    55
    56
    57
    58
    59
    60
    61
    62
    package com.huaweicloud.sdk.test;
    
    import com.huaweicloud.sdk.core.auth.ICredential;
    import com.huaweicloud.sdk.core.auth.BasicCredentials;
    import com.huaweicloud.sdk.core.exception.ConnectionException;
    import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
    import com.huaweicloud.sdk.core.exception.ServiceResponseException;
    import com.huaweicloud.sdk.vpcep.v1.region.VpcepRegion;
    import com.huaweicloud.sdk.vpcep.v1.*;
    import com.huaweicloud.sdk.vpcep.v1.model.*;
    
    import java.util.List;
    import java.util.ArrayList;
    
    public class UpdateEndpointPolicySolution {
    
        public static void main(String[] args) {
            // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
            // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
            String ak = System.getenv("CLOUD_SDK_AK");
            String sk = System.getenv("CLOUD_SDK_SK");
    
            ICredential auth = new BasicCredentials()
                    .withAk(ak)
                    .withSk(sk);
    
            VpcepClient client = VpcepClient.newBuilder()
                    .withCredential(auth)
                    .withRegion(VpcepRegion.valueOf("<YOUR REGION>"))
                    .build();
            UpdateEndpointPolicyRequest request = new UpdateEndpointPolicyRequest();
            UpdateEndpointPolicyRequestBody body = new UpdateEndpointPolicyRequestBody();
            List<String> listPolicyStatementResource = new ArrayList<>();
            listPolicyStatementResource.add("obs:*:*:*:*/*");
            listPolicyStatementResource.add("obs:*:*:*:*");
            List<String> listPolicyStatementAction = new ArrayList<>();
            listPolicyStatementAction.add("obs:*:*");
            List<PolicyStatement> listbodyPolicyStatement = new ArrayList<>();
            listbodyPolicyStatement.add(
                new PolicyStatement()
                    .withEffect(PolicyStatement.EffectEnum.fromValue("Allow"))
                    .withAction(listPolicyStatementAction)
                    .withResource(listPolicyStatementResource)
            );
            body.withPolicyStatement(listbodyPolicyStatement);
            request.withBody(body);
            try {
                UpdateEndpointPolicyResponse response = client.updateEndpointPolicy(request);
                System.out.println(response.toString());
            } catch (ConnectionException e) {
                e.printStackTrace();
            } catch (RequestTimeoutException e) {
                e.printStackTrace();
            } catch (ServiceResponseException e) {
                e.printStackTrace();
                System.out.println(e.getHttpStatusCode());
                System.out.println(e.getRequestId());
                System.out.println(e.getErrorCode());
                System.out.println(e.getErrorMsg());
            }
        }
    }
    
  • Modifying the policy of a VPC endpoint

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    package com.huaweicloud.sdk.test;
    
    import com.huaweicloud.sdk.core.auth.ICredential;
    import com.huaweicloud.sdk.core.auth.BasicCredentials;
    import com.huaweicloud.sdk.core.exception.ConnectionException;
    import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
    import com.huaweicloud.sdk.core.exception.ServiceResponseException;
    import com.huaweicloud.sdk.vpcep.v1.region.VpcepRegion;
    import com.huaweicloud.sdk.vpcep.v1.*;
    import com.huaweicloud.sdk.vpcep.v1.model.*;
    
    
    public class UpdateEndpointPolicySolution {
    
        public static void main(String[] args) {
            // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
            // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
            String ak = System.getenv("CLOUD_SDK_AK");
            String sk = System.getenv("CLOUD_SDK_SK");
    
            ICredential auth = new BasicCredentials()
                    .withAk(ak)
                    .withSk(sk);
    
            VpcepClient client = VpcepClient.newBuilder()
                    .withCredential(auth)
                    .withRegion(VpcepRegion.valueOf("<YOUR REGION>"))
                    .build();
            UpdateEndpointPolicyRequest request = new UpdateEndpointPolicyRequest();
            UpdateEndpointPolicyRequestBody body = new UpdateEndpointPolicyRequestBody();
            body.withPolicyDocument("{\"Version\":\"5.0\",\"Statement\":[{\"Action\":[\"*\"],\"Resource\":[\"*\"],\"Effect\":\"Allow\",\"Principal\":\"*\"}]}");
            request.withBody(body);
            try {
                UpdateEndpointPolicyResponse response = client.updateEndpointPolicy(request);
                System.out.println(response.toString());
            } catch (ConnectionException e) {
                e.printStackTrace();
            } catch (RequestTimeoutException e) {
                e.printStackTrace();
            } catch (ServiceResponseException e) {
                e.printStackTrace();
                System.out.println(e.getHttpStatusCode());
                System.out.println(e.getRequestId());
                System.out.println(e.getErrorCode());
                System.out.println(e.getErrorMsg());
            }
        }
    }
    
  • Modifying the policy of a gateway VPC endpoint (Setting Action to obs::, Resource to obs::::/* and obs::::, and Effect to** Allow**)

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    # coding: utf-8
    
    import os
    from huaweicloudsdkcore.auth.credentials import BasicCredentials
    from huaweicloudsdkvpcep.v1.region.vpcep_region import VpcepRegion
    from huaweicloudsdkcore.exceptions import exceptions
    from huaweicloudsdkvpcep.v1 import *
    
    if __name__ == "__main__":
        # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        ak = os.environ["CLOUD_SDK_AK"]
        sk = os.environ["CLOUD_SDK_SK"]
    
        credentials = BasicCredentials(ak, sk)
    
        client = VpcepClient.new_builder() \
            .with_credentials(credentials) \
            .with_region(VpcepRegion.value_of("<YOUR REGION>")) \
            .build()
    
        try:
            request = UpdateEndpointPolicyRequest()
            listResourcePolicyStatement = [
                "obs:*:*:*:*/*",
                "obs:*:*:*:*"
            ]
            listActionPolicyStatement = [
                "obs:*:*"
            ]
            listPolicyStatementbody = [
                PolicyStatement(
                    effect="Allow",
                    action=listActionPolicyStatement,
                    resource=listResourcePolicyStatement
                )
            ]
            request.body = UpdateEndpointPolicyRequestBody(
                policy_statement=listPolicyStatementbody
            )
            response = client.update_endpoint_policy(request)
            print(response)
        except exceptions.ClientRequestException as e:
            print(e.status_code)
            print(e.request_id)
            print(e.error_code)
            print(e.error_msg)
    
  • Modifying the policy of a VPC endpoint

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    # coding: utf-8
    
    import os
    from huaweicloudsdkcore.auth.credentials import BasicCredentials
    from huaweicloudsdkvpcep.v1.region.vpcep_region import VpcepRegion
    from huaweicloudsdkcore.exceptions import exceptions
    from huaweicloudsdkvpcep.v1 import *
    
    if __name__ == "__main__":
        # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        ak = os.environ["CLOUD_SDK_AK"]
        sk = os.environ["CLOUD_SDK_SK"]
    
        credentials = BasicCredentials(ak, sk)
    
        client = VpcepClient.new_builder() \
            .with_credentials(credentials) \
            .with_region(VpcepRegion.value_of("<YOUR REGION>")) \
            .build()
    
        try:
            request = UpdateEndpointPolicyRequest()
            request.body = UpdateEndpointPolicyRequestBody(
                policy_document="{\"Version\":\"5.0\",\"Statement\":[{\"Action\":[\"*\"],\"Resource\":[\"*\"],\"Effect\":\"Allow\",\"Principal\":\"*\"}]}"
            )
            response = client.update_endpoint_policy(request)
            print(response)
        except exceptions.ClientRequestException as e:
            print(e.status_code)
            print(e.request_id)
            print(e.error_code)
            print(e.error_msg)
    
  • Modifying the policy of a gateway VPC endpoint (Setting Action to obs::, Resource to obs::::/* and obs::::, and Effect to** Allow**)

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    package main
    
    import (
    	"fmt"
    	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
        vpcep "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpcep/v1"
    	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpcep/v1/model"
        region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpcep/v1/region"
    )
    
    func main() {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        ak := os.Getenv("CLOUD_SDK_AK")
        sk := os.Getenv("CLOUD_SDK_SK")
    
        auth := basic.NewCredentialsBuilder().
            WithAk(ak).
            WithSk(sk).
            Build()
    
        client := vpcep.NewVpcepClient(
            vpcep.VpcepClientBuilder().
                WithRegion(region.ValueOf("<YOUR REGION>")).
                WithCredential(auth).
                Build())
    
        request := &model.UpdateEndpointPolicyRequest{}
    	var listResourcePolicyStatement = []string{
            "obs:*:*:*:*/*",
    	    "obs:*:*:*:*",
        }
    	var listActionPolicyStatement = []string{
            "obs:*:*",
        }
    	var listPolicyStatementbody = []model.PolicyStatement{
            {
                Effect: model.GetPolicyStatementEffectEnum().ALLOW,
                Action: listActionPolicyStatement,
                Resource: listResourcePolicyStatement,
            },
        }
    	request.Body = &model.UpdateEndpointPolicyRequestBody{
    		PolicyStatement: &listPolicyStatementbody,
    	}
    	response, err := client.UpdateEndpointPolicy(request)
    	if err == nil {
            fmt.Printf("%+v\n", response)
        } else {
            fmt.Println(err)
        }
    }
    
  • Modifying the policy of a VPC endpoint

     1
     2
     3
     4
     5
     6
     7
     8
     9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    package main
    
    import (
    	"fmt"
    	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
        vpcep "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpcep/v1"
    	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpcep/v1/model"
        region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpcep/v1/region"
    )
    
    func main() {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        ak := os.Getenv("CLOUD_SDK_AK")
        sk := os.Getenv("CLOUD_SDK_SK")
    
        auth := basic.NewCredentialsBuilder().
            WithAk(ak).
            WithSk(sk).
            Build()
    
        client := vpcep.NewVpcepClient(
            vpcep.VpcepClientBuilder().
                WithRegion(region.ValueOf("<YOUR REGION>")).
                WithCredential(auth).
                Build())
    
        request := &model.UpdateEndpointPolicyRequest{}
    	var policyDocumentUpdateEndpointPolicyRequestBody interface{} = "{\"Version\":\"5.0\",\"Statement\":[{\"Action\":[\"*\"],\"Resource\":[\"*\"],\"Effect\":\"Allow\",\"Principal\":\"*\"}]}"
    	request.Body = &model.UpdateEndpointPolicyRequestBody{
    		PolicyDocument: &policyDocumentUpdateEndpointPolicyRequestBody,
    	}
    	response, err := client.UpdateEndpointPolicy(request)
    	if err == nil {
            fmt.Printf("%+v\n", response)
        } else {
            fmt.Println(err)
        }
    }
    

For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.

Status Codes

Status Code

Description

200

The server has successfully processed the request.

Error Codes

See Error Codes.

We use cookies to improve our site and your experience. By continuing to browse our site you accept our cookie policy. Find out more

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback