文档首页/ 云容器实例 CCI/ API参考/ 权限和授权项/ 授权项分类

更新时间：2023-02-06 GMT+08:00

查看PDF

授权项分类

表1 Namespace
权限	对应API接口	授权项	IAM项目(Project)	企业项目(Enterprise Project)
创建Namespace	POST /api/v1/namespaces	CCI:namespace:create	√	√
查询namespace	GET /api/v1/namespaces/{name}	CCI:namespace:get	√	√
列出namespaces	GET /api/v1/namespaces	CCI:namespace:list	√	√
删除namespace	DELETE /api/v1/namespaces/{name}	CCI:namespace:delete	√	√

表2 Pod
权限	对应API接口	授权项	IAM项目(Project)	企业项目(Enterprise Project)
创建Pod	POST /api/v1/namespaces/{namespace}/pods	CCI:namespaceSubResource:Create	√	√
查询Pod	GET /api/v1/namespaces/{namespace}/pods/{name}	CCI:namespaceSubResource:Get	√	√
查询指定Namespace下所有Pod	GET /api/v1/namespaces/{namespace}/pods	CCI:namespaceSubResource:List	√	√
查询Pod状态	GET /api/v1/namespaces/{namespace}/pods/{name}/status	CCI:namespaceSubResource:Get	√	√
查询Pod日志	GET /api/v1/namespaces/{namespace}/pods/{name}/log	CCI:namespaceSubResource:Get	√	√
列出用户所有的Pod	GET /api/v1/pods	cci:namespaceSubResource:List	√	√
替换Pod	PUT /api/v1/namespaces/{namespace}/pods/{name}	CCI:namespaceSubResource:Update	√	√
更新Pod	PATCH /api/v1/namespaces/{namespace}/pods/{name}	CCI:namespaceSubResource:Update	√	√
删除Pod	DELETE /api/v1/namespaces/{namespace}/pods/{name}	CCI:namespaceSubResource:Delete	√	√
删除所有Pod	DELETE /api/v1/namespaces/{namespace}/pods	CCI:namespaceSubResource:Delete	√	√

表3 Deployment
权限	对应API接口	授权项	IAM项目(Project)	企业项目(Enterprise Project)
创建Deployment	POST /apis/apps/v1/namespaces/{namespace}/deployments	CCI:namespaceSubResource:Create elb:loadbalancers:create	√	√
查询Deployment	GET /apis/apps/v1/namespaces/{namespace}/deployments/{name}	CCI:namespaceSubResource:Get	√	√
查询Namespace下所有Deployment	GET /apis/apps/v1/namespaces/{namespace}/deployments	CCI:namespaceSubResource:List	√	√
查询Deployment的状态	GET /apis/apps/v1/namespaces/{namespace}/deployments/{name}/status	CCI:namespaceSubResource:Get	√	√
查询Deployment伸缩操作	GET /apis/apps/v1/namespaces/{namespace}/deployments/{name}/scale	CCI:namespaceSubResource:Get	√	√
列出用户所有的Deployment	GET /apis/apps/v1/deployments	CCI:namespaceSubResource:List	√	√
替换Deployment	PUT /apis/apps/v1/namespaces/{namespace}/deployments/{name}	CCI:namespaceSubResource:Update	√	√
替换Deployment伸缩操作	PUT /apis/apps/v1/namespaces/{namespace}/deployments/{name}/scale	CCI:namespaceSubResource:Update	√	√
更新Deployment	PATCH /apis/apps/v1/namespaces/{namespace}/deployments/{name}	CCI:namespaceSubResource:Update	√	√
更新Deployment伸缩操作	PATCH /apis/apps/v1/namespaces/{namespace}/deployments/{name}/scale	CCI:namespaceSubResource:Update	√	√
删除Deployment	DELETE /apis/apps/v1/namespaces/{namespace}/deployments/{name}	CCI:namespaceSubResource:Delete	√	√
删除Namespace下所有Deployment	DELETE /apis/apps/v1/namespaces/{namespace}/deployments	CCI:namespaceSubResource:Delete	√	√

表4 StatefulSet
权限	对应API接口	授权项	IAM项目(Project)	企业项目(Enterprise Project)
创建StatefulSet	POST /apis/apps/v1/namespaces/{namespace}/statefulsets	CCI:namespaceSubResource:Create elb:loadbalancers:create	√	√
查询StatefulSet	GET /apis/apps/v1/namespaces/{namespace}/statefulsets/{name}	CCI:namespaceSubResource:Get	√	√
查询指定Namespace下所有StatefulSet	GET /apis/apps/v1/namespaces/{namespace}/statefulsets	CCI:namespaceSubResource:List	√	√
查询StatefulSet状态	GET /apis/apps/v1/namespaces/{namespace}/statefulsets/{name}/status	CCI:namespaceSubResource:Get	√	√
列出用户所有的Statefulset	GET /apis/apps/v1/statefulsets	CCI:namespaceSubResource:List	√	√
替换StatefulSet	PUT /apis/apps/v1/namespaces/{namespace}/statefulsets/{name}	CCI:namespaceSubResource:Update	√	√
更新StatefulSet	PATCH /apis/apps/v1/namespaces/{namespace}/statefulsets/{name}	CCI:namespaceSubResource:Update	√	√
删除StatefulSet	DELETE /apis/apps/v1/namespaces/{namespace}/statefulsets/{name}	CCI:namespaceSubResource:Delete	√	√
删除所有StatefulSet	DELETE /apis/apps/v1/namespaces/{namespace}/statefulsets	CCI:namespaceSubResource:Delete	√	√

表5 Job
权限	对应API接口	授权项	IAM项目(Project)	企业项目(Enterprise Project)
创建Job	POST /apis/batch/v1/namespaces/{namespace}/jobs	CCI:namespaceSubResource:Create elb:loadbalancers:create	√	√
查询Job	GET /apis/batch/v1/namespaces/{namespace}/jobs/{name}	CCI:namespaceSubResource:Get	√	√
查询指定Namespace下所有Job	GET /apis/batch/v1/namespaces/{namespace}/jobs	CCI:namespaceSubResource:List	√	√
查询Job状态	GET /apis/batch/v1/namespaces/{namespace}/jobs/{name}/status	CCI:namespaceSubResource:Get	√	√
列出用户所有Job	GET /apis/batch/v1/jobs	CCI:namespaceSubResource:List	√	√
替换Job	PUT /apis/batch/v1/namespaces/{namespace}/jobs/{name}	CCI:namespaceSubResource:Update	√	√
更新Job	PATCH /apis/batch/v1/namespaces/{namespace}/jobs/{name}	CCI:namespaceSubResource:Update	√	√
删除Job	DELETE /apis/batch/v1/namespaces/{namespace}/jobs/{name}	CCI:namespaceSubResource:Delete	√	√
删除所有Job	DELETE /apis/batch/v1/namespaces/{namespace}/jobs	CCI:namespaceSubResource:Delete	√	√

表6 Service
权限	对应API接口	授权项	IAM项目(Project)	企业项目(Enterprise Project)
创建Service	POST /api/v1/namespaces/{namespace}/services	CCI:namespaceSubResource:Create elb:loadbalancers:create	√	√
查询Service	GET /api/v1/namespaces/{namespace}/services/{name}	CCI:namespaceSubResource:Get	√	√
查询所有Service	GET /api/v1/namespaces/{namespace}/services	CCI:namespaceSubResource:List	√	√
查询Service状态	GET /api/v1/namespaces/{namespace}/services/{name}/status	CCI:namespaceSubResource:Get	√	√
删除Service	DELETE /api/v1/namespaces/{namespace}/services/{name}	CCI:namespaceSubResource:Delete	√	√

表7 Ingress
权限	对应API接口	授权项	IAM项目(Project)	企业项目(Enterprise Project)
创建Ingress	POST /apis/extensions/v1beta1/namespaces/{namespace}/ingresses	CCI:namespaceSubResource:Create elb:loadbalancers:create	√	√
查询Ingress	GET /apis/extensions/v1beta1/namespaces/{namespace}/ingresses/{name}	CCI:namespaceSubResource:Get	√	√
查询所有Ingress	GET /apis/extensions/v1beta1/namespaces/{namespace}/ingresses	CCI:namespaceSubResource:List	√	√
查询Ingress状态	GET /apis/extensions/v1beta1/namespaces/{namespace}/ingresses/{name}/status	CCI:namespaceSubResource:Get	√	√
替换Ingress	PUT /apis/extensions/v1beta1/namespaces/{namespace}/ingresses/{name}	CCI:namespaceSubResource:Update	√	√
更新Ingress	PATCH /apis/extensions/v1beta1/namespaces/{namespace}/ingresses/{name}	CCI:namespaceSubResource:Update	√	√
删除Ingress	DELETE /apis/extensions/v1beta1/namespaces/{namespace}/ingresses/{name}	CCI:namespaceSubResource:Delete	√	√
删除所有Ingress	DELETE /apis/extensions/v1beta1/namespaces/{namespace}/ingresses	CCI:namespaceSubResource:Delete	√	√

表8 Network
权限	对应API接口	授权项	IAM项目(Project)	企业项目(Enterprise Project)
创建Network	POST /apis/networking.cci.io/v1beta1/namespaces/{namespace}/networks	CCI:network:Create vpc:vpcs:create vpc:ports:create vpc:vpcs:get vpc:subnets:get vpc:publicIps:get vpc:bandwidths:get vpc:ports:get vpc:peerings:get vpc:quotas:list vpc:privateIps:get vpc:securityGroups:get vpc:securityGroupRules:get vpc:networks:get vpc:routers:get vpc:floatingIps:get vpc:firewallRules:get	√	√
查询Network	GET /apis/networking.cci.io/v1beta1/namespaces/{namespace}/networks/{name}	CCI:network:Get	√	√
查询所有Network	GET /apis/networking.cci.io/v1beta1/namespaces/{namespace}/networks	CCI:network:List	√	√
查询Network状态	GET /apis/networking.cci.io/v1beta1/namespaces/{namespace}/networks/{name}/status	CCI:network:Get	√	√
删除Network	DELETE /apis/networking.cci.io/v1beta1/namespaces/{namespace}/networks/{name}	CCI:network:Delete vpc:vpcs:delete vpc:ports:delete	√	√
删除所有Network对象	DELETE /apis/networking.cci.io/v1beta1/namespaces/{namespace}/networks	CCI:network:Delete vpc:vpcs:delete vpc:ports:delete	√	√

表9 PersistentVolumeClaim
权限	对应API接口	授权项	IAM项目(Project)	企业项目(Enterprise Project)
创建PersistentVolumeClaim	POST /api/v1/namespaces/{namespace}/persistentvolumeclaims	CCI:namespaceSubResource:Create 云硬盘存储卷 evs:volumes:create evs:volumes:get evs:types:get 文件存储卷 sfs:shares:createShare sfs:shares:getOSQuotaSets sfs:shares:ShareAction	√	√
查询PersistentVolumeClaim	GET /api/v1/namespaces/{namespace}/persistentvolumeclaims/{name}	CCI:namespaceSubResource:Get 云硬盘存储卷 evs:volumes:get 文件存储卷 sfs:shares:getAllSharesDetail	√	√
查询所有PersistentVolumeClaim	GET /api/v1/namespaces/{namespace}/persistentvolumeclaims	CCI:namespaceSubResource:List 云硬盘存储卷 evs:volumes:list 文件存储卷 sfs:shares:getAllSharesDetail sfs:shares:ShareAction 对象存储卷 obs:bucket:ListAllMyBuckets	√	√
删除PersistentVolumeClaim	DELETE /api/v1/namespaces/{namespace}/persistentvolumeclaims/{name}	CCI:namespaceSubResource:Delete 云硬盘存储卷 evs:volumes:delete evs:volumes:get 文件存储卷 sfs:shares:deleteShare	√	√

**表10** ConfigMap
权限	对应API接口	授权项	IAM项目(Project)	企业项目(Enterprise Project)
创建ConfigMap	POST /api/v1/namespaces/{namespace}/configmaps	CCI:namespaceSubResource:Create	√	√
查询ConfigMap	GET /api/v1/namespaces/{namespace}/configmaps/{name}	CCI:namespaceSubResource:Get	√	√
查询所有ConfigMap	GET /api/v1/namespaces/{namespace}/configmaps	CCI:namespaceSubResource:List	√	√
替换ConfigMap	PUT /api/v1/namespaces/{namespace}/configmaps/{name}	CCI:namespaceSubResource:Update	√	√
更新ConfigMap	PATCH /api/v1/namespaces/{namespace}/configmaps/{name}	CCI:namespaceSubResource:Update	√	√
删除ConfigMap	DELETE /api/v1/namespaces/{namespace}/configmaps/{name}	CCI:namespaceSubResource:Delete	√	√
删除所有ConfigMap	DELETE /api/v1/namespaces/{namespace}/configmaps	CCI:namespaceSubResource:Delete	√	√

**表11** Secret
权限	对应API接口	授权项	IAM项目(Project)	企业项目(Enterprise Project)
创建Secret	POST /api/v1/namespaces/{namespace}/secrets	CCI:namespaceSubResource:Create	√	√
替换Secret	PUT /api/v1/namespaces/{namespace}/secrets/{name}	CCI:namespaceSubResource:Update	√	√
更新Secret	PATCH /api/v1/namespaces/{namespace}/secrets/{name}	CCI:namespaceSubResource:Update	√	√
删除Secret	DELETE /api/v1/namespaces/{namespace}/secrets/{name}	CCI:namespaceSubResource:Delete	√	√
删除所有Secret	DELETE /api/v1/namespaces/{namespace}/secrets	CCI:namespaceSubResource:Delete	√	√

**表12** ClusterRole
权限	对应API接口	授权项	IAM项目(Project)	企业项目(Enterprise Project)
获取指定的ClusterRole	GET /apis/rbac.authorization.k8s.io/v1/clusterroles/{name}	CCI:rbac:Get	√	√
获取ClusterRole列表	GET /apis/rbac.authorization.k8s.io/v1/clusterroles	CCI:rbac:List	√	√

**表13** RoleBinding
权限	对应API接口	授权项	IAM项目(Project)	企业项目(Enterprise Project)
创建RoleBinding	POST /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/rolebindings	CCI:rbac:Create	√	√
更新指定的RoleBinding	PATCH /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/rolebindings/{name}	CCI:rbac:Update	√	√
替换指定的RoleBinding	PUT /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/rolebindings/{name}	CCI:rbac:Update	√	√
删除指定的RoleBinding	DELETE /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/rolebindings/{name}	CCI:rbac:Delete	√	√
获取指定的RoleBinding	GET /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/rolebindings/{name}	CCI:rbac:Get	√	√
获取指定namespace下RoleBinding列表	GET /apis/rbac.authorization.k8s.io/v1/namespaces/{namespace}/rolebindings	CCI:rbac:List	√	√
获取RoleBinding列表	GET /apis/rbac.authorization.k8s.io/v1/rolebindings	CCI:rbac:List	√	√

父主题： 权限和授权项

上一篇：权限及授权项说明

下一篇：附录

意见反馈

文档内容是否对您有帮助？

有帮助没帮助

提供反馈

提交成功！非常感谢您的反馈，我们会继续努力做到更好！

系统繁忙，请稍后重试

在使用文档中是否遇到以下问题

内容与产品页面不一致

内容不易理解

缺失示例代码

步骤不可操作

搜不到想要的内容

缺少最佳实践

意见反馈（选填）

0/500

请至少选择一项反馈信息并填写问题反馈

字符长度不能超过500

直接提交取消