Cloud Search Service (CSS)
The Organizations service provides Service Control Policies (SCPs) to set access control policies.
SCPs do not actually grant any permissions to a principal. They only set the permissions boundary for the principal. When SCPs are attached to a member account or an organizational unit (OU), they do not directly grant permissions to that member account or OU. Instead, the SCPs just determine what permissions are available for that member account or the member accounts under that OU.
This section describes the elements used by Organizations SCPs. The elements include actions, resources, and conditions.
For details about how to use these elements to create a custom SCP, see Creating an SCP.
Action
Actions are specific operations that are allowed or denied in an SCP.
- The Access Level column describes how the action is classified (List, Read, or Write). This classification helps you understand the level of access that an action grants when you use it in an SCP.
- The Resource Type column indicates whether the action supports resource-level permissions.
- You can use a wildcard (*) to indicate all resource types. If this column is empty (-), the action does not support resource-level permissions, and you must specify all resources ("*") in your SCP statements.
- If this column includes a resource type, you must specify the URN in the Resource element of your statements.
- Required resources are marked with asterisks (*) in the table. If you specify a resource in a statement using this action, then it must be of this type.
For details about the resource types defined by CSS, see Resource Type.
- The Condition Key column includes keys that you can specify in the Condition element of an SCP statement.
- If the Resource Type column has values for an action, the condition key takes effect only for the listed resource types.
- If the Resource Type column is empty (-) for an action, the condition key takes effect for all resources that action supports.
- If the Condition Key column is empty (-) for an action, the action does not support any condition keys.
For details about condition keys defined by CSS, see Condition.
The following table lists the actions that you can define in SCP statements for CSS.
|
Action |
Description |
Access Level |
Resource Type (*: Required) |
Condition Key |
|---|---|---|---|---|
|
css:VPCEndpoint:updateWhitelist |
Grant the permission to update an existing whitelist of VPC endpoints. |
write |
cluster * |
|
|
css:log:updateBackupPolicy |
Grant the permission to modify or delete log backups. |
write |
cluster * |
|
|
css:snapshot:setSnapshotPolicy |
Grant the permission to set backup policies. |
write |
cluster * |
|
|
css:snapshot:getSnapshotPolicy |
Grant the permission to query backup policies. |
read |
cluster * |
|
|
css:snapshot:restore |
Grant the permission to restore data from a snapshot. |
write |
cluster * |
|
|
css:snapshot:create |
Grant the permission to create a snapshot. |
write |
cluster * |
|
|
css:publicIPAddress:associates |
Grant the permission to enable or disable public access. |
write |
cluster * |
|
|
css:publicIPAddress:setAccessControl |
Grant the permission to manage whitelists for access control. |
write |
cluster * |
|
|
css:tag:get |
Grant the permission to query resource tags. |
read |
cluster * |
|
|
css:publicIPAddress:modifyBandwidth |
Grant the permission to modify the bandwidth size. |
write |
cluster * |
|
|
css:VPCEndpoint:enableOrDisable |
Grant the permission to create or delete a VPCEP. |
write |
cluster * |
|
|
css:log:getBasicConfigurations |
Grant the permission to query basic configurations. |
read |
cluster * |
|
|
css:snapshot:list |
Grant the permission to view the snapshot list. |
list |
cluster * |
|
|
css:log:list |
Grant the permission to view logs. |
list |
cluster * |
|
|
css:snapshot:setSnapshotContiguration |
Grant the permission to set basic snapshot configurations. |
write |
cluster * |
|
|
css:cluster:listFlavors |
Grant the permission to query the flavor ID list. |
list |
- |
- |
|
css:cluster:listDiskType |
Grant the permission to list available disk types. |
list |
- |
- |
|
css:tag:list |
Grant the permission to query project tags. |
list |
cluster * |
- |
|
css:VPCEndpoint:manageConnection |
Grant the permission to configure the connection of the endpoint. |
write |
cluster * |
|
|
css:log:listJob |
Grant the permission to query the job list. |
list |
cluster * |
|
|
css:cluster:downloadCert |
Grant the permission to obtain the content of a certificate. |
read |
- |
- |
|
css:cluster:get |
Grant the permission to query cluster details. |
read |
cluster * |
|
|
css:snapshot:enableAtomaticSnapsot |
Grant the permission to set basic configurations for automatic snapshot backup. |
write |
cluster * |
|
|
css:snapshot:delete |
Grant the permission to delete a specified snapshot. |
write |
cluster * |
|
|
css:IKThesaurus:get |
Grant the permission to view the custom word dictionary configuration. |
read |
cluster * |
|
|
css:cluster:restart |
Grant the permission to restart an Elasticsearch cluster. |
write |
cluster * |
|
|
css:cluster:modifySecurityGroup |
Grant the permission to modify the cluster security group. |
write |
cluster * |
|
|
css:configurations:list |
Grant the permission to query parameter settings. |
list |
cluster * |
|
|
css:cluster:delete |
Grant the permission to delete a cluster. |
write |
cluster * |
|
|
css:cluster:modifySpecifications |
Grant the permission to modify cluster specifications. |
write |
cluster * |
|
|
css:cluster:list |
Grant the permission to list cluster information. |
list |
cluster * |
- |
|
css:cluster:scaleOut |
Grant the permission to scale out a cluster. |
write |
cluster * |
|
|
css:IKThesaurus:load |
Grant the permission to load a custom word dictionary. |
write |
cluster * |
|
|
css:configurations:modify |
Grant permission to update parameter settings. |
write |
cluster * |
|
|
css:configurations:get |
Grant the permission to obtain the parameter list. |
list |
cluster * |
|
|
css:IKThesaurus:delete |
Grant the permission to delete a word dictionary. |
write |
cluster * |
|
|
css:cluster:expand |
Grant the permission to scale out the quantity and storage capacity of instances. |
write |
cluster * |
|
|
css:snapshot:disableSnapshotFuction |
Grant the permission to disable the cluster snapshot function. |
write |
cluster * |
|
|
css:cluster:upgradeCluster |
Grant the permission to upgrade clusters or replace nodes. |
write |
cluster * |
|
|
css:VPCEndpoint:listConnection |
Grant the permission to query VPCEP connections. |
list |
cluster * |
|
|
css:cluster:scaleIn |
Grant the permission to scale in a cluster. |
write |
cluster * |
|
|
css:log:setBasicConfigurations |
Grant the permission to set basic configurations. |
write |
cluster * |
|
|
css:tag:addOrDelete |
Grant the permission to add or delete resource tags in batches. |
tagging |
cluster * |
|
|
- |
|
|||
|
css:publicKibana:close |
Grant the permission to disable public access. |
write |
cluster * |
|
|
css:tag:edit |
Grant the permission to modify cluster tags. |
tagging |
cluster * |
|
|
- |
|
|||
|
css:cluster:create |
Grant the permission to create a cluster. |
write |
cluster * |
- |
|
- |
|
|||
|
css:cluster:toPeriod |
Grant the permission to change the billing mode of a cluster to yearly/monthly. |
write |
cluster * |
|
|
css:cluster:modifyName |
Grant the permission to change the cluster name. |
write |
cluster * |
|
|
css:log:backup |
Grant the permission to back up logs. |
write |
cluster * |
|
|
css:cluster:closeLogSetting |
Grant the permission to disable logging. |
write |
cluster * |
|
|
css:cluster:openLogSetting |
Grant the permission to enable logging. |
write |
cluster * |
|
|
css:cluster:modifyPassword |
Grant the permission to change the cluster password. |
write |
cluster * |
|
|
css:publicIPAddress:disassociates |
Grant the permission to unbind public networks. |
write |
cluster * |
|
|
css:publicKibana:open |
Grant the permission to bind public networks. |
write |
cluster * |
|
|
css:tag:delete |
Grant the permission to delete a tag. |
tagging |
cluster * |
|
|
- |
g:TagKeys |
|||
|
css:cluster:shrinkNodes |
Grant the permission to scale in a specified node. |
write |
cluster * |
|
|
css:cluster:changeMode |
Grant the permission to modify the security mode. |
write |
cluster * |
|
|
css:cluster:addIndependenceNodes |
Grant the permission to add independent master and client nodes. |
write |
cluster * |
|
|
css:cluster:rollingReboot |
Grant the permission to perform a rolling restart of an Elasticsearch cluster. |
write |
cluster * |
|
|
css:logstash:listActions |
Grant the permission to query operation records. |
read |
cluster * |
|
|
css:cluster:uploadCerts |
Grant the permission to upload certificates. |
write |
cluster * |
|
|
css:cluster:deleteCerts |
Grant the permission to delete certificates. |
write |
cluster * |
|
|
css:cluster:listCerts |
Grant the permission to query the certificate list. |
list |
cluster * |
|
|
css:cluster:getCertsDetail |
Grant the permission to query certificate details. |
read |
cluster * |
|
|
css:logstash:deleteConfTemplate |
Grant the permission to delete a custom template. |
write |
cluster * |
|
|
css:logstash:listConfigTemplate |
Grant the permission to query the template list. |
list |
- |
- |
|
css:logstash:confStop |
Grant the permission to stop or hot-stop pipeline tasks for data migration. |
write |
cluster * |
|
|
css:logstash:checkConnection |
Grant the permission to test the connectivity. |
write |
cluster * |
|
|
css:logstash:confDelete |
Grant the permission to delete configuration files. |
write |
cluster * |
|
|
css:logstash:confStart |
Grant the permission to start or hot-start pipeline tasks for data migration. |
write |
cluster * |
|
|
css:logstash:getConfDetail |
Grant the permission to query the content of configuration files. |
read |
cluster * |
|
|
css:cluster:azmigrate |
Grant the permission to switch AZs. |
write |
cluster * |
|
|
css:logstash:confUpdate |
Grant the permission to update configuration files. |
write |
cluster * |
|
|
css:logstash:listPipelines |
Grant the permission to query the pipeline list. |
list |
cluster * |
|
|
css:cluster:retryAction |
Grant the permission to retry a task or terminate the impact of a task. |
write |
cluster * |
|
|
css:logstash:listConfs |
Grant the permission to query the configuration file list. |
list |
cluster * |
|
|
css:logstash:configFavorites |
Grant the permission to add items to a custom template. |
write |
cluster * |
|
|
css:cluster:listUpgradeCluster |
Grant the permission to obtain the upgrade image ID and upgrade details. |
list |
cluster * |
|
|
css:logstash:submitConf |
Grant the permission to create configuration files. |
write |
cluster * |
|
|
css:plugin:list |
Grant the permission to query the cluster plug-in list. |
list |
cluster * |
|
|
css:plugin:getOperationRecords |
Grant the permission to query the plug-in operation records. |
read |
cluster * |
|
|
css:plugin:delete |
Grant the permission to delete plug-ins. |
write |
cluster * |
|
|
css:plugin:installOrUninstall |
Grant the permission to install or uninstall plug-ins. |
write |
cluster * |
|
|
css:plugin:upload |
Grant the permission to upload plug-ins. |
write |
cluster * |
|
|
css:plugin:getDefault |
Grant the permission to query default plug-ins. |
read |
cluster * |
|
|
css:cluster:getAgencies |
Grant the permission to obtain agents. |
read |
- |
- |
|
css:cluster:modifyRoute |
Grant the permission to modify cluster routes. |
write |
cluster * |
|
|
css:cluster:getRoutes |
Grant the permission to obtain the cluster routes. |
read |
cluster * |
|
|
css:logstash:actionList |
Grant the permission to query the cluster task list. |
list |
cluster * |
|
|
css:cluster:createUserInfo |
Grant the permission to query information about a created user. |
write |
cluster * |
- |
|
css:VPCEndpoint:modifyConnections |
Grant the permission to modify the size of a connection. |
write |
cluster * |
|
|
css:cluster:queryNeedDeleteInstances |
Grant the permission to query the node to be deleted. |
write |
cluster * |
|
|
css:cluster:queryKey |
Grant the permission to obtain keys. |
read |
- |
- |
|
css:cluster:queryKeys |
Grant the permission to obtain the key list. |
list |
- |
- |
|
css:cluster:getPubliczonePice |
Grant the permission to obtain the bandwidth price. |
read |
cluster * |
- |
|
css:datastore:get |
Grant the permission to obtain the data engine. |
read |
cluster * |
- |
|
css:datastore:list |
Grant the permission to obtain the data engine list. |
list |
cluster * |
- |
|
css:cluster:getDiskUsage |
Grant the permission to obtain the cluster storage capacity status. |
read |
cluster * |
- |
|
css:snapshot:showDetail |
Grant the permission to obtain snapshot details. |
read |
cluster * |
- |
|
css:cluster:getAvailableBuckets |
Grant the permission to obtain an available OBS bucket. |
list |
- |
- |
|
css:cluster:checkCssName |
Grant the permission to check cluster names. |
write |
cluster * |
- |
|
css:snapshot:deleteAllFailedTask |
Grant the permission to delete all failed tasks. |
write |
- |
- |
|
css:snapshot:deleteSingleFailedTask |
Grant the permission to delete specified failed tasks. |
write |
- |
- |
|
css:snapshot:getAllFailedTask |
Grant the permission to view failed backup tasks. |
list |
- |
- |
|
css::createServiceAgency |
Grant the permission to create agencies. |
write |
- |
- |
|
css:cluster:createAiOps |
Grant the permission to create detection tasks. |
write |
cluster * |
|
|
css:cluster:listAiOps |
Grant the permission to obtain the detection task list. |
list |
cluster * |
|
|
css:cluster:deleteAiOps |
Grant the permission to delete detection tasks. |
write |
cluster * |
|
|
css:cluster:listSmnTopics |
Grant the permission to obtain the SMN topic list. |
list |
cluster * |
|
|
css:cluster:listElbs |
Grant the permission to obtain the list of available load balancers for the current cluster. |
list |
cluster * |
|
|
css:cluster:elbSwitch |
Grant the permission to enable or disable load balancing. |
write |
cluster * |
|
|
css:cluster:createElbListener |
Grant the permission to create listeners for the current cluster. |
write |
cluster * |
|
|
css:cluster:updateElbListener |
Grant the permission to modify listeners for the current cluster. |
write |
cluster * |
|
|
css:cluster:getElbDetail |
Grant the permission to query information about load balancers used by the current cluster. |
read |
cluster * |
|
|
css:cluster:listElbCerts |
Grant the permission to obtain the load balancer certificate list. |
list |
cluster * |
|
Each API of CSS usually supports one or more actions. Table 2 lists the supported actions and dependencies.
|
API |
Action |
Dependency |
|---|---|---|
|
POST /v1.0/{project_id}/clusters |
css:cluster:create |
|
|
POST /v2.0/{project_id}/clusters |
css:cluster:create |
|
|
POST /v1.0/{project_id}/clusters/{cluster_id}/sg/change |
css:cluster:modifySecurityGroup |
|
|
GET /v1.0/{project_id}/clusters |
css:cluster:list |
- |
|
GET /v1.0/{project_id}/clusters/{cluster_id} |
css:cluster:get |
- |
|
DELETE /v1.0/{project_id}/clusters/{cluster_id} |
css:cluster:delete |
- |
|
POST /v1.0/{project_id}/cluster/{cluster_id}/period |
css:cluster:toPeriod |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/changename |
css:cluster:modifyName |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/password/reset |
css:cluster:modifyPassword |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/restart |
css:cluster:restart |
- |
|
POST /v2.0/{project_id}/clusters/{cluster_id}/restart |
css:cluster:restart |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/extend |
css:cluster:scaleOut |
|
|
POST /v1.0/{project_id}/clusters/{cluster_id}/role_extend |
css:cluster:expand |
|
|
POST /v1.0/{project_id}/clusters/{cluster_id}/flavor |
css:cluster:modifySpecifications |
ecs:cloudServerFlavors:get |
|
GET /v1.0/{project_id}/es-flavors |
css:cluster:listFlavors |
ecs:cloudServerFlavors:get |
|
GET /v1.0/{project_id}/{resource_type}/tags |
css:tag:list |
- |
|
GET /v1.0/{project_id}/{resource_type}/{cluster_id}/tags |
css:tag:get |
- |
|
POST /v1.0/{project_id}/{resource_type}/{cluster_id}/tags |
css:tag:edit |
- |
|
DELETE /v1.0/{project_id}/{resource_type}/{cluster_id}/tags/{key} |
css:tag:delete |
- |
|
POST /v1.0/{project_id}/{resource_type}/{cluster_id}/tags/action |
css:tag:addOrDelete |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/{types}/flavor |
css:cluster:modifySpecifications |
ecs:cloudServerFlavors:get |
|
POST /v1.0/extend/{project_id}/clusters/{cluster_id}/role/shrink |
css:cluster:scaleIn |
|
|
GET /v1.0/{project_id}/cer/download |
css:cluster:downloadCert |
- |
|
PUT /v1.0/{project_id}/clusters/{cluster_id}/instance/{instance_id}/replace |
css:cluster:upgradeCluster |
|
|
POST /v1.0/{project_id}/clusters/{cluster_id}/node/offline |
css:cluster:shrinkNodes |
|
|
POST /v1.0/{project_id}/clusters/{cluster_id}/mode/change |
css:cluster:changeMode |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/type/{type}/independent |
css:cluster:addIndependenceNodes |
|
|
POST /v1.0/{project_id}/clusters/{cluster_id}/inst-type/{inst_type}/image/upgrade |
css:cluster:upgradeCluster |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/inst-type/{inst_type}/azmigrate |
css:cluster:azmigrate |
|
|
GET /v1.0/{project_id}/clusters/{cluster_id}/upgrade/detail |
css:cluster:listUpgradeCluster |
- |
|
GET /v1.0/{project_id}/clusters/{cluster_id}/target/{upgrade_type}/images |
css:cluster:listUpgradeCluster |
- |
|
PUT /v1.0/{project_id}/clusters/{cluster_id}/upgrade/{action_id}/retry |
css:cluster:retryAction |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/thesaurus |
css:IKThesaurus:load |
|
|
GET /v1.0/{project_id}/clusters/{cluster_id}/thesaurus |
css:IKThesaurus:get |
- |
|
DELETE /v1.0/{project_id}/clusters/{cluster_id}/thesaurus |
css:IKThesaurus:delete |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/publickibana/open |
css:publicKibana:open |
- |
|
PUT /v1.0/{project_id}/clusters/{cluster_id}/publickibana/close |
css:publicKibana:close |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/publickibana/bandwidth |
css:publicIPAddress:modifyBandwidth |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/publickibana/whitelist/update |
css:publicIPAddress:setAccessControl |
- |
|
PUT /v1.0/{project_id}/clusters/{cluster_id}/publickibana/whitelist/close |
css:publicIPAddress:setAccessControl |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/logs/open |
css:cluster:openLogSetting |
|
|
PUT /v1.0/{project_id}/clusters/{cluster_id}/logs/close |
css:cluster:closeLogSetting |
- |
|
GET /v1.0/{project_id}/clusters/{cluster_id}/logs/records |
css:log:listJob |
- |
|
GET /v1.0/{project_id}/clusters/{cluster_id}/logs/settings |
css:log:getBasicConfigurations |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/logs/settings |
css:log:setBasicConfigurations |
|
|
POST /v1.0/{project_id}/clusters/{cluster_id}/logs/policy/update |
css:log:updateBackupPolicy |
- |
|
PUT /v1.0/{project_id}/clusters/{cluster_id}/logs/policy/close |
css:log:updateBackupPolicy |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/logs/collect |
css:log:backup |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/logs/search |
css:log:list |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/public/open |
css:publicIPAddress:associates |
- |
|
PUT /v1.0/{project_id}/clusters/{cluster_id}/public/close |
css:publicIPAddress:disassociates |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/public/bandwidth |
css:publicIPAddress:modifyBandwidth |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/public/whitelist/update |
css:publicIPAddress:setAccessControl |
- |
|
PUT /v1.0/{project_id}/clusters/{cluster_id}/public/whitelist/close |
css:publicIPAddress:setAccessControl |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/index_snapshot/auto_setting |
css:snapshot:enableAtomaticSnapsot |
|
|
POST /v1.0/{project_id}/clusters/{cluster_id}/index_snapshot/setting |
css:snapshot:setSnapshotContiguration |
|
|
POST /v1.0/{project_id}/clusters/{cluster_id}/index_snapshot |
css:snapshot:create |
iam:agencies:pass |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/index_snapshot/{snapshot_id}/restore |
css:snapshot:restore |
- |
|
DELETE /v1.0/{project_id}/clusters/{cluster_id}/index_snapshot/{snapshot_id} |
css:snapshot:delete |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/index_snapshot/policy |
css:snapshot:setSnapshotPolicy |
- |
|
GET /v1.0/{project_id}/clusters/{cluster_id}/index_snapshot/policy |
css:snapshot:getSnapshotPolicy |
- |
|
GET /v1.0/{project_id}/clusters/{cluster_id}/index_snapshots |
css:snapshot:list |
- |
|
DELETE /v1.0/{project_id}/clusters/{cluster_id}/index_snapshots |
css:snapshot:disableSnapshotFuction |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/vpcepservice/open |
css:VPCEndpoint:enableOrDisable |
|
|
PUT /v1.0/{project_id}/clusters/{cluster_id}/vpcepservice/close |
css:VPCEndpoint:enableOrDisable |
|
|
GET /v1.0/{project_id}/clusters/{cluster_id}/vpcepservice/connections |
css:VPCEndpoint:listConnection |
vpcep:endpoints:get |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/vpcepservice/connections |
css:VPCEndpoint:manageConnection |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/vpcepservice/permissions |
css:VPCEndpoint:updateWhitelist |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/ymls/update |
css:configurations:modify |
- |
|
GET /v1.0/{project_id}/clusters/{cluster_id}/ymls/joblists |
css:configurations:list |
- |
|
GET /v1.0/{project_id}/clusters/{cluster_id}/ymls/template |
css:configurations:get |
- |
|
POST /v2.0/{project_id}/clusters/{cluster_id}/snapshots/policy/open |
css:snapshot:setSnapshotPolicy |
- |
|
PUT /v2.0/{project_id}/clusters/{cluster_id}/snapshots/policy/close |
css:snapshot:setSnapshotPolicy |
- |
|
POST /v2.0/{project_id}/clusters/{cluster_id}/rolling_restart |
css:cluster:rollingReboot |
- |
|
GET /v1.0/{project_id}/clusters/{cluster_id}/lgsconf/listactions |
css:logstash:listActions |
- |
|
DELETE /v1.0/{project_id}/lgsconf/deletetemplate |
css:logstash:deleteConfTemplate |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/lgsconf/stop |
css:logstash:confStop |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/lgsconf/hot-stop |
css:logstash:confStop |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/checkconnection |
css:logstash:checkConnection |
- |
|
DELETE /v1.0/{project_id}/clusters/{cluster_id}/lgsconf/delete |
css:logstash:confDelete |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/lgsconf/start |
css:logstash:confStart |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/lgsconf/hot-start |
css:logstash:confStart |
- |
|
GET /v1.0/{project_id}/clusters/{cluster_id}/lgsconf/confdetail |
css:logstash:getConfDetail |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/lgsconf/update |
css:logstash:confUpdate |
- |
|
GET /v1.0/{project_id}/clusters/{cluster_id}/lgsconf/listpipelines |
css:logstash:listPipelines |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/lgsconf/submit |
css:logstash:submitConf |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/lgsconf/favorite |
css:logstash:configFavorites |
- |
|
GET /v1.0/{project_id}/clusters/{cluster_id}/lgsconf/listconfs |
css:logstash:listConfs |
- |
|
GET /v1.0/{project_id}/lgsconf/template |
css:logstash:listConfigTemplate |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/certs/upload |
css:cluster:uploadCerts |
- |
|
DELETE /v1.0/{project_id}/clusters/{cluster_id}/certs/{cert_id}/delete |
css:cluster:deleteCerts |
- |
|
GET /v1.0/{project_id}/clusters/{cluster_id}/certs |
css:cluster:listCerts |
- |
|
GET /v1.0/{project_id}/clusters/{cluster_id}/certs/{cert_id} |
css:cluster:getCertsDetail |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/route |
css:cluster:modifyRoute |
- |
|
GET /v1.0/{project_id}/clusters/{cluster_id}/route |
css:cluster:getRoutes |
- |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/ai-ops |
css:cluster:createAiOps |
- |
|
GET /v1.0/{project_id}/clusters/{cluster_id}/ai-ops |
css:cluster:listAiOps |
- |
|
DELETE /v1.0/{project_id}/clusters/{cluster_id}/ai-ops/{aiops_id} |
css:cluster:deleteAiOps |
- |
|
GET /v1.0/{project_id}/domains/{domain_id}/ai-ops/smn-topics |
css:cluster:listSmnTopics |
|
|
GET /v1.0/{project_id}/clusters/{cluster_id}/loadbalancers |
css:cluster:listElbs |
elb:loadbalancers:list |
|
POST /v1.0/{project_id}/clusters/{cluster_id}/loadbalancers/es-switch |
css:cluster:elbSwitch |
|
|
POST /v1.0/{project_id}/clusters/{cluster_id}/es-listeners |
css:cluster:createElbListener |
- |
|
GET /v1.0/{project_id}/clusters/{cluster_id}/es-listeners |
css:cluster:getElbDetail |
- |
|
GET /v1.0/{project_id}/clusters/{cluster_id}/elb/certificates |
css:cluster:listElbCerts |
- |
|
PUT /v1.0/{project_id}/clusters/{cluster_id}/es-listeners/{listener_id} |
css:cluster:updateElbListener |
- |
Resource Type
A resource type indicates the resources that an SCP policy applies to. If you specify a resource type for any action in Table 3, the resource URN must be specified in the SCP statements using that action, and the SCP applies only to resources of this type. If no resource type is specified, the Resource element is marked with an asterisk (*) and the SCP applies to all resources. You can also set condition keys in an SCP to define resource types.
The following table lists the resource types that you can define in SCP statements for CSS.
Condition
CSS does not support service-specific condition keys in SCPs.
It can only use global condition keys applicable to all services. For details, see Global Condition Keys.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
