文档首页/ 虚拟私有云 VPC/ API参考/ 应用示例/ 示例二:配置云服务器的访问策略
更新时间:2024-10-31 GMT+08:00
在线调试
CLI示例
查看PDF
分享

示例二:配置云服务器的访问策略

操作场景

本章节指导用户通过调用API来为云服务器配置安全组。

前提条件

  • 已创建弹性云服务器,具体请参见创建ECS
  • 当您使用Token认证方式完成认证鉴权时,需要获取用户Token并在调用接口时增加“X-Auth-Token”到业务接口请求消息头中。Token认证,具体操作请参考认证鉴权

通过IAM服务获取到的Token有效期为24小时,需要使用同一个Token鉴权时,可以先将Token缓存,避免频繁调用。

操作步骤

  1. 通过云服务器的ID查询网卡信息。
    1. 发送“GET https://VPC的Endpoint/v1/{project_id}/ports?device_id={ecs_id}”,project_id为项目ID。
    2. 在Request Header中增加“X-Auth-Token”。
    3. 查看请求响应结果。
      • 请求成功时,响应参数如下: 
        {
	"ports": [{
		"id": "02c72193-efec-42fb-853b-c33f2b802467",
		"name": "",
		"status": "ACTIVE",
		"admin_state_up": true,
		"fixed_ips": [{
			"subnet_id": "213cb9d-3122-2ac1-1a29-91ffc1231a12",
			"ip_address": "192.168.0.75"
		}],
		"mac_address": "fa:16:3e:47:5f:c1",
		"network_id": "4779ab1c-7c1a-44b1-a02e-93dfc361b32d",
		"tenant_id": "db82c9e1415a464ea68048baa8acc6b8",
		"project_id": "db82c9e1415a464ea68048baa8acc6b8",
		"device_id": "ea61f836-b52f-41bf-9d06-685644001d6f",
		"device_owner": "compute:br-iaas-odin1a",
		"security_groups": [
			"e0598d96-9451-4f8a-8de0-b8b4d451d9e7"
		],
		"extra_dhcp_opts": [],
		"allowed_address_pairs": [],
		"binding:vnic_type": "normal",
		"binding:vif_details": {
			"primary_interface": true
		},
		"binding:profile": {},
		"port_security_enabled": true,
		"created_at": "2020-06-20T08:07:29",
		"updated_at": "2020-06-20T08:07:29"
	}]
}
      • 请求异常时,错误码请参见错误码
  2. 查询当前已有的安全组信息。
    1. 发送“GET https://VPC的Endpoint/v1/{project_id}/security-groups”,project_id为项目ID。
    2. 在Request Header中增加“X-Auth-Token”。
    3. 查看请求响应结果。
      • 请求成功时,响应参数如下,id就是security_group_id。 
        {
	"security_groups": [{
		"id": "16b6e77a-08fa-42c7-aa8b-106c048884e6",
		"name": "qq",
		"description": "qq",
		"vpc_id": "3ec3b33f-ac1c-4630-ad1c-7dba1ed79d85",
		"enterprise_project_id ": "0aad99bc-f5f6-4f78-8404-c598d76b0ed2",
		"security_group_rules": [{
			"direction": "egress",
			"ethertype": "IPv4",
			"id": "369e6499-b2cb-4126-972a-97e589692c62",
			"description": "",
			"security_group_id": "16b6e77a-08fa-42c7-aa8b-106c048884e6"
		}, {
			"direction": "ingress",
			"ethertype": "IPv4",
			"id": "0222556c-6556-40ad-8aac-9fd5d3c06171",
			"description": "",
			"remote_group_id": "16b6e77a-08fa-42c7-aa8b-106c048884e6",
			"security_group_id": "16b6e77a-08fa-42c7-aa8b-106c048884e6"
		}]
	}, {
		"id": "9c0f56be-a9ac-438c-8c57-fce62de19419",
		"name": "default",
		"description": "qq",
		"vpc_id": "13551d6b-755d-4757-b956-536f674975c0",
		"enterprise_project_id ": "0",
		"security_group_rules": [{
			"direction": "egress",
			"ethertype": "IPv4",
			"id": "95479e0a-e312-4844-b53d-a5e4541b783f",
			"description": "",
			"security_group_id": "9c0f56be-a9ac-438c-8c57-fce62de19419"
		}, {
			"direction": "ingress",
			"ethertype": "IPv4",
			"id": "0c4a2336-b036-4fa2-bc3c-1a291ed4c431",
			"description": "",
			"remote_group_id": "9c0f56be-a9ac-438c-8c57-fce62de19419",
			"security_group_id": "9c0f56be-a9ac-438c-8c57-fce62de19419"
		}]
	}]
}
      • 请求异常时,错误码请参见错误码
  3. 为弹性云服务器添加安全组。
    1. 发送“PUT https://VPC的Endpoint/v1/{project_id}/ports/{port_id}”,project_id为项目ID。
    2. 在Request Header中增加“X-Auth-Token”。
    3. 在Request Body中传入参数如下: 
      {
    "port": {
        "security_groups": ["9c0f56be-a9ac-438c-8c57-fce62de19419","16b6e77a-08fa-42c7-aa8b-106c048884e6"]
    }
}
    4. 查看请求响应结果。
      • 请求成功时,响应参数如下,id就是port_id。 
        {
	"port": {
		"id": "02c72193-efec-42fb-853b-c33f2b802467",
		"name": "",
		"status": "ACTIVE",
		"admin_state_up": true,
		"fixed_ips": [{
			"subnet_id": "213cb9d-3122-2ac1-1a29-91ffc1231a12",
			"ip_address": "192.168.0.75"
		}],
		"mac_address": "fa:16:3e:47:5f:c1",
		"network_id": "4779ab1c-7c1a-44b1-a02e-93dfc361b32d",
		"tenant_id": "db82c9e1415a464ea68048baa8acc6b8",
		"project_id": "db82c9e1415a464ea68048baa8acc6b8",
		"device_id": "ea61f836-b52f-41bf-9d06-685644001d6f",
		"device_owner": "compute:br-iaas-odin1a",
		"security_groups": ["9c0f56be-a9ac-438c-8c57-fce62de19419", "16b6e77a-08fa-42c7-aa8b-106c048884e6"],
		"extra_dhcp_opts": [],
		"allowed_address_pairs": [{
			"ip_address": "1.1.1.1/0"
		}],
		"binding:vnic_type": "normal",
		"binding:vif_details": {
			"primary_interface": true
		},
		"binding:profile": {},
		"port_security_enabled": true,
		"created_at": "2020-06-20T08:07:29",
		"updated_at": "2020-06-20T08:07:29"
	}
}
      • 请求异常时,错误码请参见错误码
父主题: 应用示例