Updating an Access Policy
Function
This API is used to update an access policy.
Calling Method
For details, see Calling APIs.
URI
PUT /api/v3/access-policies/{policy_id}
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
policy_id |
Yes |
String |
Definition: Access policy ID. For details about how to obtain the access policy ID, see Obtaining the Access Policy List. Constraints: N/A Range: N/A Default Value: N/A |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
kind |
No |
String |
Definition: API type Constraints: The value cannot be changed. Range: N/A Default Value: AccessPolicy |
apiVersion |
No |
String |
Definition: API version Constraints: The value cannot be changed. Range: N/A Default Value: v3 |
name |
No |
String |
Definition: Access policy name Constraints: Enter 1 to 56 characters starting with a lowercase letter and not ending with a hyphen (-). Only lowercase letters, digits, hyphens (-), and periods (.) are allowed. Range: N/A Default Value: N/A |
clusters |
Yes |
Array of strings |
Definition: List of cluster IDs. Wildcards (*) are allowed, which indicate all clusters. For details about how to obtain the value, see How to Obtain Parameters in the API URI. Constraints: A maximum of 200 clusters can be authorized at a time. Range: [*] or cluster ID list Default Value: N/A |
accessScope |
Yes |
AccessScope object |
Definition: Access scope, which is used to specify the cluster and namespace to be authorized Constraints: N/A |
policyType |
Yes |
String |
Definition: Permission type Constraints: N/A Range:
Default Value: N/A |
principal |
Yes |
Principal object |
Definition: Authorization object Constraints: N/A |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
namespaces |
Yes |
Array of strings |
Definition List of cluster namespaces. Wildcards (*) are allowed to indicate all namespaces. If different clusters are selected, the namespace list can be a collection of multiple clusters. When RBAC authorization is used, CCE automatically checks whether the namespaces exist in the clusters. Constraints A maximum of 500 namespaces can be authorized at a time. Range [*] or cluster namespace list Default Value N/A |
Parameter |
Mandatory |
Type |
Description |
---|---|---|---|
type |
Yes |
String |
Definition: Type of the authorization object Constraints: N/A Range:
Default Value: N/A |
ids |
Yes |
Array of strings |
Definition: List of IDs of authorized objects. Enter the IDs based on the object type, user, user group, and agency account. Constraints: A maximum of 500 users or user groups can be authorized at a time. Range: N/A Default Value: N/A |
Response Parameters
Status code: 200
Parameter |
Type |
Description |
---|---|---|
kind |
String |
Definition: API type Constraints: The value cannot be changed. Range: N/A Default Value: AccessPolicy |
apiVersion |
String |
Definition: API version Constraints: The value cannot be changed. Range: N/A Default Value: v3 |
name |
String |
Definition: Access policy name Constraints: Enter 1 to 56 characters starting with a lowercase letter and not ending with a hyphen (-). Only lowercase letters, digits, hyphens (-), and periods (.) are allowed. Range: N/A Default Value: N/A |
policyId |
String |
Definition: Permission ID Constraints: The value is automatically generated and cannot be changed. Range: N/A Default Value: N/A |
clusters |
Array of strings |
Definition: List of cluster IDs. Wildcards (*) are allowed, which indicate all clusters. Constraints: A maximum of 200 clusters can be authorized at a time. Range: [*] or cluster ID list Default Value: N/A |
accessScope |
AccessScope object |
Definition: Access scope, which is used to specify the cluster and namespace to be authorized Constraints: N/A |
policyType |
String |
Definition: Permission type Constraints: N/A Range:
Default Value: N/A |
principal |
Principal object |
Definition: Authorization object Constraints: N/A |
createTime |
String |
Definition: Creation time Constraints: N/A Range: N/A Default Value: N/A |
updateTime |
String |
Definition: Update time Constraints: N/A Range: N/A Default Value: N/A |
Parameter |
Type |
Description |
---|---|---|
namespaces |
Array of strings |
Definition List of cluster namespaces. Wildcards (*) are allowed to indicate all namespaces. If different clusters are selected, the namespace list can be a collection of multiple clusters. When RBAC authorization is used, CCE automatically checks whether the namespaces exist in the clusters. Constraints A maximum of 500 namespaces can be authorized at a time. Range [*] or cluster namespace list Default Value N/A |
Parameter |
Type |
Description |
---|---|---|
type |
String |
Definition: Type of the authorization object Constraints: N/A Range:
Default Value: N/A |
ids |
Array of strings |
Definition: List of IDs of authorized objects. Enter the IDs based on the object type, user, user group, and agency account. Constraints: A maximum of 500 users or user groups can be authorized at a time. Range: N/A Default Value: N/A |
Example Requests
Update an access policy.
POST /api/v3/access-policies { "kind" : "AccessPolicy", "apiVersion" : "v2", "name" : "test-access-policy", "accessScope" : { "clusters" : [ "*" ], "namespaces" : [ "*" ] }, "policy" : "CCEAdminPolicy", "principal" : { "type" : "user", "ids" : [ "069fcc2116c347b89869eae3cdxxxxxx1", "069fcc2116c347b89869eae3cdxxxxxx2" ] } }
Example Responses
Status code: 200
{ "kind" : "AccessPolicy", "apiVersion" : "v3", "name" : "test-access-policy", "policyId" : "402358e8-2e3a-4531-bae7-fe9cba14d0d1", "clusters" : [ "*" ], "accessScope" : { "namespaces" : [ "*" ] }, "policy" : "CCEAdminPolicy", "principal" : { "type" : "user", "ids" : [ "069fcc2116c347b89869eae3cdxxxxxx1", "069fcc2116c347b89869eae3cdxxxxxx2" ] }, "createTime" : "", "updateTime" : "" }
Status Codes
Status Code |
Description |
---|---|
200 |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot