修改网关型终端节点policy
功能介绍
修改网关型终端节点policy。
调用方法
请参见如何调用API。
URI
PUT /v1/{project_id}/vpc-endpoints/{vpc_endpoint_id}/policy
参数 |
是否必选 |
参数类型 |
描述 |
---|---|---|---|
project_id |
是 |
String |
项目ID 最小长度:1 最大长度:64 |
vpc_endpoint_id |
是 |
String |
终端节点的ID。 最小长度:1 最大长度:64 |
请求参数
参数 |
是否必选 |
参数类型 |
描述 |
---|---|---|---|
X-Auth-Token |
是 |
String |
用户Token。通过调用IAM服务获取用户Token接口获取(响应消息头中X-Subject-Token的值)。 |
Content-Type |
否 |
String |
发送的实体的MIME类型。推荐用户默认使用application/json, 如果API是对象、镜像上传等接口,媒体类型可按照流类型的不同进行确定。 缺省值:application/json |
参数 |
是否必选 |
参数类型 |
描述 |
---|---|---|---|
policy_statement |
是 |
Array of PolicyStatement objects |
只涉及开启双端固定的网关型终端节点 |
响应参数
状态码: 200
参数 |
参数类型 |
描述 |
---|---|---|
id |
String |
终端节点的ID,唯一标识。 最小长度:1 最大长度:64 |
service_type |
String |
终端节点连接的终端节点服务类型。
|
status |
String |
终端节点的连接状态。
|
active_status |
Array of strings |
账号状态。
|
endpoint_service_name |
String |
终端节点服务的名称。 |
marker_id |
Integer |
终端节点的报文标识。 |
endpoint_service_id |
String |
终端节点服务的ID。 最小长度:1 最大长度:64 |
ip |
String |
访问所连接的终端节点服务的IP。 仅当同时满足如下条件时,返回该参数: 当查询连接interface类型终端节点服务的终端节点时。 终端节点服务启用“连接审批”功能,且已经“接受”连接审批。 “status”可以是“accepted”或者“rejected(仅支持“接受”连接审批后再“拒绝”的情况)”。 最小长度:1 最大长度:64 |
vpc_id |
String |
终端节点所在的VPC的ID。 最小长度:1 最大长度:64 |
created_at |
String |
终端节点的创建时间。 采用UTC时间格式,格式为:YYYY-MM-DDTHH:MM:SSZ |
updated_at |
String |
终端节点的更新时间。 采用UTC时间格式,格式为:YYYY-MM-DDTHH:MM:SSZ |
project_id |
String |
项目ID,获取方法请参见获取项目ID。 最小长度:1 最大长度:64 |
tags |
Array of TagList objects |
标签列表,没有标签默认为空数组。 |
error |
Array of QueryError objects |
错误信息。 当终端节点状态异常,即“status”的值为“failed”时,会返回该字段。 |
whitelist |
Array of strings |
控制访问终端节点的白名单。 若未创建,则返回空列表。 创建连接Interface类型终端节点服务的终端节点时,显示此参数。 最小长度:0 最大长度:32 |
enable_whitelist |
Boolean |
是否开启网络ACL隔离。
|
routetables |
Array of strings |
路由表ID列表。 若未指定,返回默认VPC下路由表ID。 创建连接Gateway类型终端节点服务的终端节点时,显示此参数。 最小长度:0 最大长度:64 |
description |
String |
描述字段,支持中英文字母、数字等字符,不支持“<”或“>”字符。 最小长度:0 最大长度:512 |
policy_statement |
Array of PolicyStatement objects |
只涉及开启双端固定的网关型终端节点,响应体展示此字段 数组长度:0 - 10 |
endpoint_pool_id |
String |
待废弃,实例相关联的集群ID 最小长度:1 最大长度:64 |
public_border_group |
String |
终端节点关联的Public Border Group信息,只有当终端节点和边缘Pool相关联时才会返回改字段 |
参数 |
参数类型 |
描述 |
---|---|---|
key |
String |
键。 最大长度36个unicode字符。 key不能为空。不能包含“=”、“*”、“<”、“>”、“\”、“,”、“|”和“/”,且首尾字符不能为空格。 最小长度:1 最大长度:36 |
value |
String |
值。 每个值最大长度43个unicode字符,可以为空字符串。 不能包含“=”、“*”、“<”、“>”、“\”、“,”、“|”和“/”,且首尾字符不能为空格。 最小长度:1 最大长度:43 |
请求示例
修改网关型终端节点policy,设置OBS访问权限和OBS对象并允许访问。
PUT https://{endpoint}/v1/{project_id}/vpc-endpoints/938c8167-631e-40a4-99f9-493753fbd16b/policy { "policy_statement" : [ { "Action" : [ "obs:*:*" ], "Resource" : [ "obs:*:*:*:*/*", "obs:*:*:*:*" ], "Effect" : "Allow" } ] }
响应示例
状态码: 200
服务器已成功处理了请求
{ "id" : "938c8167-631e-40a4-99f9-493753fbd16b", "status" : "accepted", "tags" : [ ], "marker_id" : 302035929, "active_status" : [ "active" ], "vpc_id" : "0da03835-1dcf-4361-9b87-34139d58dd59", "service_type" : "gateway", "project_id" : "0605767a3300d5762fb7c0186d9e1779", "routetables" : [ "99477d3b-87f6-49d2-8f3b-2ffc72731a38" ], "created_at" : "2022-08-03T03:03:54Z", "updated_at" : "2022-08-03T03:03:57Z", "endpoint_service_id" : "4651bc78-5cec-41b7-b448-f77326ebbed0", "endpoint_service_name" : "br-abc-aaa1.obs_test.4651bc78-5cec-41b7-b448-f77326ebbed0", "policy_statement" : [ { "Action" : [ "obs:*:*" ], "Resource" : [ "obs:*:*:*:*/*", "obs:*:*:*:*" ], "Effect" : "Allow" } ], "description" : "", "endpoint_pool_id" : "b0ad6a4f-55c0-43f1-a26d-278639661fc2" }
SDK代码示例
SDK代码示例如下。
修改网关型终端节点policy,设置OBS访问权限和OBS对象并允许访问。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 |
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.vpcep.v1.region.VpcepRegion; import com.huaweicloud.sdk.vpcep.v1.*; import com.huaweicloud.sdk.vpcep.v1.model.*; import java.util.List; import java.util.ArrayList; public class UpdateEndpointPolicySolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); VpcepClient client = VpcepClient.newBuilder() .withCredential(auth) .withRegion(VpcepRegion.valueOf("<YOUR REGION>")) .build(); UpdateEndpointPolicyRequest request = new UpdateEndpointPolicyRequest(); UpdateEndpointPolicyRequestBody body = new UpdateEndpointPolicyRequestBody(); []string listPolicyStatementResource = new ArrayList<>(); listPolicyStatementResource.add("obs:*:*:*:*/*"); listPolicyStatementResource.add("obs:*:*:*:*"); []string listPolicyStatementAction = new ArrayList<>(); listPolicyStatementAction.add("obs:*:*"); [](model.PolicyStatement) listbodyPolicyStatement = new ArrayList<>(); listbodyPolicyStatement.add( new PolicyStatement() .withEffect(PolicyStatement.EffectEnum.fromValue("Allow")) .withAction(listPolicyStatementAction) .withResource(listPolicyStatementResource) ); body.withPolicyStatement(listbodyPolicyStatement); request.withBody(body); try { UpdateEndpointPolicyResponse response = client.updateEndpointPolicy(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } } |
修改网关型终端节点policy,设置OBS访问权限和OBS对象并允许访问。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
# coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdkvpcep.v1.region.vpcep_region import VpcepRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdkvpcep.v1 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = __import__('os').getenv("CLOUD_SDK_AK") sk = __import__('os').getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = VpcepClient.new_builder() \ .with_credentials(credentials) \ .with_region(VpcepRegion.value_of("<YOUR REGION>")) \ .build() try: request = UpdateEndpointPolicyRequest() listResourcePolicyStatement = [ "obs:*:*:*:*/*", "obs:*:*:*:*" ] listActionPolicyStatement = [ "obs:*:*" ] listPolicyStatementbody = [ PolicyStatement( effect="Allow", action=listActionPolicyStatement, resource=listResourcePolicyStatement ) ] request.body = UpdateEndpointPolicyRequestBody( policy_statement=listPolicyStatementbody ) response = client.update_endpoint_policy(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg) |
修改网关型终端节点policy,设置OBS访问权限和OBS对象并允许访问。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 |
package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" vpcep "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpcep/v1" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpcep/v1/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpcep/v1/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). Build() client := vpcep.NewVpcepClient( vpcep.VpcepClientBuilder(). WithRegion(region.ValueOf("<YOUR REGION>")). WithCredential(auth). Build()) request := &model.UpdateEndpointPolicyRequest{} var listResourcePolicyStatement = []string{ "obs:*:*:*:*/*", "obs:*:*:*:*", } var listActionPolicyStatement = []string{ "obs:*:*", } var listPolicyStatementbody = []model.PolicyStatement{ { Effect: model.GetPolicyStatementEffectEnum().ALLOW, Action: listActionPolicyStatement, Resource: listResourcePolicyStatement, }, } request.Body = &model.UpdateEndpointPolicyRequestBody{ PolicyStatement: listPolicyStatementbody, } response, err := client.UpdateEndpointPolicy(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } } |
更多编程语言的SDK代码示例,请参见API Explorer的代码示例页签,可生成自动对应的SDK代码示例。
状态码
状态码 |
描述 |
---|---|
200 |
服务器已成功处理了请求 |
错误码
请参见错误码。