授权项变更公告
公告说明
自2024年9月起,当用户使用以下API的自定义策略授权时,用户需创建或更新自定义策略才可访问。
|
权限描述 |
对应的API |
新增授权项 |
依赖授权项 |
IAM项目(Project) |
企业项目(Enterprise Project) |
|---|---|---|---|---|---|
|
获取SSL证书列表 |
GET /v2/{project_id}/apigw/certificates |
apig:certificate:list |
- |
√ |
√ |
|
创建SSL证书 |
POST /v2/{project_id}/apigw/certificates |
apig:certificate:create |
apig:instances:get |
√ |
请求参数中携带instance_id时支持,否则不支持 |
|
删除SSL证书 |
DELETE /v2/{project_id}/apigw/certificates/{certificate_id} |
apig:certificate:delete |
- |
√ |
× |
|
查看证书详情 |
GET /v2/{project_id}/apigw/certificates/{certificate_id} |
apig:certificate:get |
- |
√ |
× |
|
修改SSL证书 |
PUT /v2/{project_id}/apigw/certificates/{certificate_id} |
apig:certificate:update |
apig:instances:get |
√ |
请求参数中携带instance_id时支持,否则不支持 |
|
获取SSL证书已绑定域名列表 |
GET /v2/{project_id}/apigw/certificates/{certificate_id}/attached-domains |
apig:certificate:listBoundDomain |
- |
√ |
× |
|
SSL证书绑定域名 |
POST /v2/{project_id}/apigw/certificates/{certificate_id}/domains/attach |
apig:certificate:batchBindDomain |
apig:certificate:get apig:groups:get |
√ |
× |
|
SSL证书解绑域名 |
POST /v2/{project_id}/apigw/certificates/{certificate_id}/domains/detach |
apig:certificate:batchUnbindDomain |
apig:certificate:get apig:groups:get |
√ |
× |
|
查询实例终端节点连接列表 |
GET /v2/{project_id}/apigw/instances/{instance_id}/vpc-endpoint/connections |
apig:instance:listVpcEndpoint |
apig:instances:get |
√ |
√ |
|
接受或拒绝终端节点连接 |
POST /v2/{project_id}/apigw/instances/{instance_id}/vpc-endpoint/connections/action |
apig:instance:acceptOrRejectVpcEndpointConnection |
apig:instances:get |
√ |
√ |
|
查询实例的终端节点服务的白名单列表 |
GET /v2/{project_id}/apigw/instances/{instance_id}/vpc-endpoint/permissions |
apig:instance:listVpcEndpointPermission |
apig:instances:get |
√ |
√ |
|
批量添加实例终端节点连接白名单 |
POST/v2/{project_id}/apigw/instances/{instance_id}/vpc-endpoint/permissions/batch-add |
apig:instance:batchAddVpcEndpointPermission |
apig:instances:get |
√ |
√ |
|
批量删除实例终端节点连接白名单 |
POST/v2/{project_id}/apigw/instances/{instance_id}/vpc-endpoint/permissions/batch-delete |
apig:instance:batchDeleteVpcEndpointPermission |
apig:instances:get |
√ |
√ |
|
创建参数编排规则 |
POST /v2/{project_id}/apigw/instances/{instance_id}/orchestration |
apig:orchestration:create |
apig:instances:get |
√ |
√ |
|
查看编排规则列表 |
GET /v2/{project_id}/apigw/instances/{instance_id}/orchestration |
apig:orchestration:list |
apig:instances:get |
√ |
√ |
|
查询编排规则详情 |
GET /v2/{project_id}/apigw/instances/{instance_id}/orchestrations/{orchestration_id} |
apig:orchestration:get |
apig:instances:get |
√ |
√ |
|
更新编排规则 |
PUT /v2/{project_id}/apigw/instances/{instance_id}/orchestrations/{orchestration_id} |
apig:orchestration:update |
apig:instances:get |
√ |
√ |
|
删除编排规则 |
DELETE /v2/{project_id}/apigw/instances/{instance_id}/orchestrations/{orchestration_id} |
apig:orchestration:delete |
apig:instances:get |
√ |
√ |
|
查询编排规则绑定的API |
GET /v2/{project_id}/apigw/instances/{instance_id}/orchestrations/{orchestration_id}/attached-apis |
apig:orchestration:listBoundApis |
apig:instances:get |
√ |
√ |
范围
全部Region。
影响
自定义策略中未包含以上新增的授权项时,用户无权访问以上API。
适配方案
创建或更新自定义策略,添加以上新增的授权项以及依赖授权项,并通过给用户组授予自定义策略来进行精细的访问控制。自定义策略请参考API网关自定义策略。
