Batch Adding or Deleting Whitelist Records of a VPC Endpoint Service
Function
This API is used to batch add or delete whitelist records of a VPC endpoint service.
Note
Your account is in the whitelist of your own VPC endpoint service by default.
Calling Method
For details, see Calling APIs.
Authorization Information
Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
- If you are using role/policy-based authorization, see Permissions Policies and Supported Actions for details on the required permissions.
- If you are using identity policy-based authorization, the following identity policy-based permissions are required.
Action
Access Level
Resource Type (*: required)
Condition Key
Alias
Dependencies
vpcep:endpointServices:updatePermissions
Permission_management
endpointServices *
-
- vpcep:permissions:update
-
-
-
vpcep:VpceEndpointOrgPath
-
vpcep:VpceEndpointOwner
URI
POST /v1/{project_id}/vpc-endpoint-services/{vpc_endpoint_service_id}/permissions/action
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
project_id |
Yes |
String |
Specifies the project ID. |
|
vpc_endpoint_service_id |
Yes |
String |
Specifies the ID of the VPC endpoint service. |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
X-Auth-Token |
Yes |
String |
Specifies the user token. It can be obtained by calling the IAM API. The value of X-Subject-Token in the response header is the user token. |
|
Content-Type |
No |
String |
Specifies the MIME type of the request body. Default value application/json is recommended. For APIs used to upload objects or images, the MIME type varies depending on the flow type. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
permissions |
Yes |
Array of strings |
Specifies the permissions. The permission formats are as follows:
iam:domain:: is a fixed format. domain_id indicates the account ID of the user that can be connected. domain_id can contain a maximum of 64 characters, including only letters and digits. organizations:orgPath:: is a fixed format. org_path indicates the organization path of the user that can be connected. org_path can contain a maximum of 1,024 characters, including only letters, digits, forward slashes (/), hyphens (-), and question marks (?). You can also enter an asterisk (*) for domain_id or org_path, which indicates that this VPC endpoint service allows accesses from any VPC endpoint. Examples:
|
|
permission_type |
No |
String |
Specifies the whitelist type of the VPC endpoint service.
|
|
action |
Yes |
String |
Specifies the action to be performed, which can be add or remove. |
Response Parameters
Status code: 200
|
Parameter |
Type |
Description |
|---|---|---|
|
permissions |
Array of strings |
Specifies the permissions. The permission formats are as follows:
iam:domain:: is a fixed format. domain_id indicates the account ID of the user that can be connected. domain_id can contain a maximum of 64 characters, including only letters and digits. organizations:orgPath:: is a fixed format. org_path indicates the organization path of the user that can be connected. org_path can contain a maximum of 1,024 characters, including only letters, digits, forward slashes (/), hyphens (-), and question marks (?). You can also enter an asterisk (*) for domain_id or org_path, which indicates that this VPC endpoint service allows accesses from any VPC endpoint. Examples:
|
|
permission_type |
String |
Specifies the whitelist type of the VPC endpoint service.
|
Example Requests
-
Adding a Whitelist for a VPC Endpoint Service
POST https://{endpoint}/v1/{project_id}/vpc-endpoint-services/4189d3c2-8882-4871-a3c2- d380272eed88/permissions/action { "permissions" : [ "iam:domain::fc973eea581490997e82ea11a1d0101" ], "action" : "add" } -
Removing a VPC Endpoint Service from the Whitelist
POST https://{endpoint}/v1/{project_id}/vpc-endpoint-services/4189d3c2-8882-4871-a3c2- d380272eed88/permissions/action { "permissions" : [ "iam:domain::fc973eea581490997e82ea11a1d0101" ], "action" : "remove" }
Example Responses
Status code: 200
The server has successfully processed the request.
{
"permissions" : [ "iam:domain::5fc973eea581490997e82ea11a1d0101", "iam:domain::5fc973eea581490997e82ea11a1d0102" ]
}
SDK Sample Code
The SDK sample code is as follows.
-
Adding a Whitelist for a VPC Endpoint Service
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.vpcep.v1.region.VpcepRegion; import com.huaweicloud.sdk.vpcep.v1.*; import com.huaweicloud.sdk.vpcep.v1.model.*; import java.util.List; import java.util.ArrayList; public class AddOrRemoveServicePermissionsSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); String projectId = "{project_id}"; ICredential auth = new BasicCredentials() .withProjectId(projectId) .withAk(ak) .withSk(sk); VpcepClient client = VpcepClient.newBuilder() .withCredential(auth) .withRegion(VpcepRegion.valueOf("<YOUR REGION>")) .build(); AddOrRemoveServicePermissionsRequest request = new AddOrRemoveServicePermissionsRequest(); request.withVpcEndpointServiceId("{vpc_endpoint_service_id}"); AddOrRemoveServicePermissionsRequestBody body = new AddOrRemoveServicePermissionsRequestBody(); List<String> listbodyPermissions = new ArrayList<>(); listbodyPermissions.add("iam:domain::fc973eea581490997e82ea11a1d0101"); body.withAction(AddOrRemoveServicePermissionsRequestBody.ActionEnum.fromValue("add")); body.withPermissions(listbodyPermissions); request.withBody(body); try { AddOrRemoveServicePermissionsResponse response = client.addOrRemoveServicePermissions(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
-
Removing a VPC Endpoint Service from the Whitelist
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.vpcep.v1.region.VpcepRegion; import com.huaweicloud.sdk.vpcep.v1.*; import com.huaweicloud.sdk.vpcep.v1.model.*; import java.util.List; import java.util.ArrayList; public class AddOrRemoveServicePermissionsSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); String projectId = "{project_id}"; ICredential auth = new BasicCredentials() .withProjectId(projectId) .withAk(ak) .withSk(sk); VpcepClient client = VpcepClient.newBuilder() .withCredential(auth) .withRegion(VpcepRegion.valueOf("<YOUR REGION>")) .build(); AddOrRemoveServicePermissionsRequest request = new AddOrRemoveServicePermissionsRequest(); request.withVpcEndpointServiceId("{vpc_endpoint_service_id}"); AddOrRemoveServicePermissionsRequestBody body = new AddOrRemoveServicePermissionsRequestBody(); []string listbodyPermissions = new ArrayList<>(); listbodyPermissions.add("iam:domain::fc973eea581490997e82ea11a1d0101"); body.withAction(AddOrRemoveServicePermissionsRequestBody.ActionEnum.fromValue("remove")); body.withPermissions(listbodyPermissions); request.withBody(body); try { AddOrRemoveServicePermissionsResponse response = client.addOrRemoveServicePermissions(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
-
Adding a Whitelist for a VPC Endpoint Service
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39
# coding: utf-8 import os from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdkvpcep.v1.region.vpcep_region import VpcepRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdkvpcep.v1 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = os.environ["CLOUD_SDK_AK"] sk = os.environ["CLOUD_SDK_SK"] projectId = "{project_id}" credentials = BasicCredentials(ak, sk, projectId) client = VpcepClient.new_builder() \ .with_credentials(credentials) \ .with_region(VpcepRegion.value_of("<YOUR REGION>")) \ .build() try: request = AddOrRemoveServicePermissionsRequest() request.vpc_endpoint_service_id = "{vpc_endpoint_service_id}" listPermissionsbody = [ "iam:domain::fc973eea581490997e82ea11a1d0101" ] request.body = AddOrRemoveServicePermissionsRequestBody( action="add", permissions=listPermissionsbody ) response = client.add_or_remove_service_permissions(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
-
Removing a VPC Endpoint Service from the Whitelist
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39
# coding: utf-8 import os from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdkvpcep.v1.region.vpcep_region import VpcepRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdkvpcep.v1 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = os.environ["CLOUD_SDK_AK"] sk = os.environ["CLOUD_SDK_SK"] projectId = "{project_id}" credentials = BasicCredentials(ak, sk, projectId) client = VpcepClient.new_builder() \ .with_credentials(credentials) \ .with_region(VpcepRegion.value_of("<YOUR REGION>")) \ .build() try: request = AddOrRemoveServicePermissionsRequest() request.vpc_endpoint_service_id = "{vpc_endpoint_service_id}" listPermissionsbody = [ "iam:domain::fc973eea581490997e82ea11a1d0101" ] request.body = AddOrRemoveServicePermissionsRequestBody( action="remove", permissions=listPermissionsbody ) response = client.add_or_remove_service_permissions(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
-
Adding a Whitelist for a VPC Endpoint Service
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45
package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" vpcep "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpcep/v1" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpcep/v1/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpcep/v1/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") projectId := "{project_id}" auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). WithProjectId(projectId). Build() client := vpcep.NewVpcepClient( vpcep.VpcepClientBuilder(). WithRegion(region.ValueOf("<YOUR REGION>")). WithCredential(auth). Build()) request := &model.AddOrRemoveServicePermissionsRequest{} request.VpcEndpointServiceId = "{vpc_endpoint_service_id}" var listPermissionsbody = []string{ "iam:domain::fc973eea581490997e82ea11a1d0101", } request.Body = &model.AddOrRemoveServicePermissionsRequestBody{ Action: model.GetAddOrRemoveServicePermissionsRequestBodyActionEnum().ADD, Permissions: listPermissionsbody, } response, err := client.AddOrRemoveServicePermissions(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } }
-
Removing a VPC Endpoint Service from the Whitelist
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45
package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" vpcep "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpcep/v1" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpcep/v1/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpcep/v1/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") projectId := "{project_id}" auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). WithProjectId(projectId). Build() client := vpcep.NewVpcepClient( vpcep.VpcepClientBuilder(). WithRegion(region.ValueOf("<YOUR REGION>")). WithCredential(auth). Build()) request := &model.AddOrRemoveServicePermissionsRequest{} request.VpcEndpointServiceId = "{vpc_endpoint_service_id}" var listPermissionsbody = []string{ "iam:domain::fc973eea581490997e82ea11a1d0101", } request.Body = &model.AddOrRemoveServicePermissionsRequestBody{ Action: model.GetAddOrRemoveServicePermissionsRequestBodyActionEnum().REMOVE, Permissions: listPermissionsbody, } response, err := client.AddOrRemoveServicePermissions(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } }
For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.
Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
The server has successfully processed the request. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
