更新时间:2024-07-05 GMT+08:00

API网关 APIG

SCP不直接进行授权,只划定权限边界。将SCP绑定到组织单元或者成员账号时,并没有直接对组织单元或成员账号授予操作权限,而是规定了成员账号或组织单元包含的成员账号的授权范围。

本章节介绍组织服务中SCP使用的元素,这些元素包含了操作(Action)、资源(Resource)和条件(Condition)。

如何使用这些元素编辑SCP自定义策略,请参考创建SCP

操作(Action)

操作(Action)即为SCP中支持的授权项。

  • “访问级别”列描述如何对操作进行分类(list、read和write等)。此分类可帮助您了解在SCP中相应操作对应的访问级别。
  • “资源类型”列指每个操作是否支持资源级权限。
    • 资源类型支持通配符号*表示所有。如果此列没有值(-),则必须在SCP语句的Resource元素中指定所有资源类型(“*”)。
    • 如果该列包含资源类型,则必须在具有该操作的语句中指定该资源的URN。
    • 资源类型列中必需资源在表中用星号(*)标识,表示使用此操作必须指定该资源类型。

    关于apig定义的资源类型的详细信息请参见资源类型(Resource)

  • “条件键”列包括了可以在SCP语句的Condition元素中支持指定的键值。
    • 如果该授权项资源类型列存在值,则表示条件键仅对列举的资源类型生效。
    • 如果该授权项资源类型列没有值(-),则表示条件键对整个授权项生效。
    • 如果此列条件键没有值(-),表示此操作不支持指定条件键。

    关于apig定义的条件键的详细信息请参见条件(Condition)

您可以在SCP语句的Action元素中指定以下apig的相关操作。

表1 apig支持的授权项

授权项

描述

访问级别

资源类型(*为必须)

条件键

别名

apig:acl:list

授予权限以查看ACL策略列表。

list

instance *

g:ResourceTag/<tag-key>

apig:acls:list

apig:acl:create

授予权限以创建ACL策略。

write

instance *

g:ResourceTag/<tag-key>

apig:acls:create

apig:acl:batchDelete

授予权限以批量删除ACL策略。

write

instance *

g:ResourceTag/<tag-key>

apig:acls:delete

apig:acl:delete

授予权限以删除ACL策略。

write

instance *

g:ResourceTag/<tag-key>

apig:acls:delete

apig:acl:get

授予权限以查看ACL策略详情。

read

instance *

g:ResourceTag/<tag-key>

apig:acls:get

apig:acl:update

授予权限以修改ACL策略。

write

instance *

g:ResourceTag/<tag-key>

apig:acls:update

apig:api:bindAcl

授予权限以绑定API和ACL策略。

write

instance *

g:ResourceTag/<tag-key>

apig:apis:bindAcls

apig:api:batchUnbindAcl

授予权限以批量解除API和ACL策略的绑定关系。

write

instance *

g:ResourceTag/<tag-key>

apig:apis:unbindAcls

apig:api:unbindAcl

授予权限以解除API和ACL策略的绑定关系。

write

instance *

g:ResourceTag/<tag-key>

apig:apis:unbindAcls

apig:api:listBoundAcl

授予权限以获取API绑定的ACL策略列表。

list

instance *

g:ResourceTag/<tag-key>

apig:apis:listBindedAcls

apig:acl:listBoundApi

授予权限以获取ACL策略绑定的API列表。

list

instance *

g:ResourceTag/<tag-key>

apig:acls:listBindedApis

apig:acl:listUnboundApi

授予权限以获取ACL策略未绑定的API列表。

list

instance *

g:ResourceTag/<tag-key>

apig:acls:listUnbindedApis

apig:api:bindRequestThrottling

授予权限以绑定API和流控策略。

write

instance *

g:ResourceTag/<tag-key>

apig:apis:bindThrottles

apig:api:batchUnbindRequestThrottling

授予权限以批量解除API和流控策略的绑定关系。

write

instance *

g:ResourceTag/<tag-key>

apig:apis:unbindThrottles

apig:api:unbindRequestThrottling

授予权限以解除API和流控策略的绑定关系。

write

instance *

g:ResourceTag/<tag-key>

apig:apis:unbindThrottles

apig:requestThrottling:listBoundApi

授予权限以获取流控策略绑定的API列表。

list

instance *

g:ResourceTag/<tag-key>

apig:throttles:listBindedApis

apig:api:listBoundRequestThrottling

授予权限以获取API绑定的流控策略列表。

list

instance *

g:ResourceTag/<tag-key>

apig:apis:listBindedThrottles

apig:requestThrottling:listUnboundApi

授予权限以获取流控策略未绑定的API列表。

list

instance *

g:ResourceTag/<tag-key>

apig:throttles:listUnbindedApis

apig:apiGroup:list

授予权限以获取API分组列表。

list

instance *

g:ResourceTag/<tag-key>

apig:groups:list

apig:apiGroup:create

授予权限以创建API分组。

write

instance *

g:ResourceTag/<tag-key>

apig:groups:create

apig:apiGroup:delete

授予权限以删除API分组。

write

instance *

g:ResourceTag/<tag-key>

apig:groups:delete

apig:apiGroup:get

授予权限以查询API分组详情。

read

instance *

g:ResourceTag/<tag-key>

apig:groups:get

apig:apiGroup:update

授予权限以修改API分组。

write

instance *

g:ResourceTag/<tag-key>

apig:groups:update

apig:apiGroup:checkApiGroupNameExistOrNot

授予权限以校验API分组名称是否存在。

read

instance *

g:ResourceTag/<tag-key>

apig:groups:get

apig:api:list

授予权限以获取API列表。

list

instance *

g:ResourceTag/<tag-key>

apig:apis:list

apig:api:create

授予权限以创建API。

write

instance *

g:ResourceTag/<tag-key>

apig:apis:create

apig:api:delete

授予权限以删除API。

write

instance *

g:ResourceTag/<tag-key>

apig:apis:delete

apig:api:get

授予权限以查询API详情。

read

instance *

g:ResourceTag/<tag-key>

apig:apis:get

apig:api:update

授予权限以修改API。

write

instance *

g:ResourceTag/<tag-key>

apig:apis:update

apig:api:onlineOrOffline

授予权限以发布或下线API。

write

instance *

g:ResourceTag/<tag-key>

apig:apis:publish

apig:api:batchDelete

授予权限以批量删除API。

write

instance *

g:ResourceTag/<tag-key>

apig:apis:delete

apig:api:checkApiPathOrApiNameExistOrNot

授予权限以校验API定义。

read

instance *

g:ResourceTag/<tag-key>

apig:apis:get

apig:api:debug

授予权限以调试API。

write

instance *

g:ResourceTag/<tag-key>

apig:apis:debug

apig:api:batchOnlineOrOffline

授予权限以批量发布或下线API。

write

instance *

g:ResourceTag/<tag-key>

apig:apis:publish

apig:api:listHistoryVersion

授予权限以查询API历史版本列表。

list

instance *

g:ResourceTag/<tag-key>

apig:apis:get

apig:api:switchVersion

授予权限以切换API版本。

write

instance *

g:ResourceTag/<tag-key>

apig:apis:publish

apig:api:getRuntimeDefinition

授予权限以查询API运行时定义。

read

instance *

g:ResourceTag/<tag-key>

apig:apis:get

apig:api:deleteHistoryVersion

授予权限以根据版本编号下线API。

write

instance *

g:ResourceTag/<tag-key>

apig:apis:offline

apig:api:getHistoryVersion

授予权限以获取版本详情。

read

instance *

g:ResourceTag/<tag-key>

apig:apis:get

apig:app:list

授予权限以获取APP列表。

list

instance *

g:ResourceTag/<tag-key>

apig:apps:list

apig:app:create

授予权限以创建APP。

write

instance *

g:ResourceTag/<tag-key>

apig:apps:create

apig:app:delete

授予权限以删除APP。

write

instance *

g:ResourceTag/<tag-key>

apig:apps:delete

apig:app:get

授予权限以查看APP详情。

read

instance *

g:ResourceTag/<tag-key>

apig:apps:get

apig:app:update

授予权限以修改APP信息。

write

instance *

g:ResourceTag/<tag-key>

apig:apis:update

apig:app:listAppCode

授予权限以查询APP Code列表。

list

instance *

g:ResourceTag/<tag-key>

apig:appCodes:list

apig:app:createAppCode

授予权限以创建APP Code。

write

instance *

g:ResourceTag/<tag-key>

apig:appCodes:create

apig:app:generateAppCode

授予权限以自动生成APP Code。

write

instance *

g:ResourceTag/<tag-key>

apig:appCodes:update

apig:app:deleteAppCode

授予权限以删除APP Code。

write

instance *

g:ResourceTag/<tag-key>

apig:appCodes:delete

apig:app:getAppCode

授予权限以获取APP Code详情。

read

instance *

g:ResourceTag/<tag-key>

apig:appCodes:get

apig:app:resetSecret

授予权限以重置APP的密钥。

write

instance *

g:ResourceTag/<tag-key>

apig:apps:update

apig:app:validate

授予权限以校验APP是否存在。

read

instance *

g:ResourceTag/<tag-key>

apig:apps:get

apig:app:getBoundQuota

授予权限以查询APP关联的凭据配额策略。

read

instance *

g:ResourceTag/<tag-key>

apig:apps:get

apig:app:bindApi

授予权限以绑定API和APP。

write

instance *

g:ResourceTag/<tag-key>

apig:apis:grantAppAccess

apig:app:unbindApi

授予权限以解除API和APP的绑定关系。

write

instance *

g:ResourceTag/<tag-key>

apig:apis:relieveAppAccess

apig:app:listBoundApi

授予权限以查看APP已绑定的API列表。

list

instance *

g:ResourceTag/<tag-key>

apig:apps:listBindedApis

apig:api:listBoundApp

授予权限以查看API已绑定的APP列表。

list

instance *

g:ResourceTag/<tag-key>

apig:apis:listBindedApps

apig:app:listUnboundApi

授予权限以查看APP未绑定的API列表。

list

instance *

g:ResourceTag/<tag-key>

apig:apps:listUnbindedApis

apig:api:export

授予权限以导出API。

read

instance *

g:ResourceTag/<tag-key>

apig:apis:export

apig:api:import

授予权限以导入API。

write

instance *

g:ResourceTag/<tag-key>

apig:apis:import

apig:asyncTask:get

授予权限以查看异步任务结果详情。

read

instance *

g:ResourceTag/<tag-key>

apig:apis:export

apig:certificate:list

授予权限以获取SSL证书列表。

list

instance

g:ResourceTag/<tag-key>

-

apig:certificate:create

授予权限以创建SSL证书。

write

instance

g:ResourceTag/<tag-key>

-

apig:certificate:delete

授予权限以删除SSL证书。

write

instance

g:ResourceTag/<tag-key>

-

apig:certificate:get

授予权限以获取SSL证书详情。

read

instance

g:ResourceTag/<tag-key>

-

apig:certificate:update

授予权限以修改SSL证书。

write

instance

g:ResourceTag/<tag-key>

-

apig:certificate:listBoundDomain

授予权限以获取SSL证书已绑定的域名列表。

list

instance

g:ResourceTag/<tag-key>

-

apig:certificate:batchBindDomain

授予权限以绑定域名到SSL证书。

write

instance

g:ResourceTag/<tag-key>

-

apig:certificate:batchUnbindDomain

授予权限以解绑SSL证书绑定的域名。

write

instance

g:ResourceTag/<tag-key>

-

apig:apiGroup:batchBindCertificateToDomain

授予权限以绑定SSL证书到域名。

write

instance *

g:ResourceTag/<tag-key>

apig:domains:bindCertificate

apig:apiGroup:batchUnbindCertificateFromDomain

授予权限以解绑域名绑定的证书。

write

instance *

g:ResourceTag/<tag-key>

apig:domains:unbindCertificate

apig:loadBalanceChannel:list

授予权限以获取负载通道列表。

list

instance *

g:ResourceTag/<tag-key>

apig:vpcChannels:list

apig:loadBalanceChannel:create

授予权限以创建负载通道。

write

instance *

g:ResourceTag/<tag-key>

apig:vpcChannels:create

apig:loadBalanceChannel:delete

授予权限以删除负载通道。

write

instance *

g:ResourceTag/<tag-key>

apig:vpcChannels:delete

apig:loadBalanceChannel:get

授予权限以获取负载通道详情。

read

instance *

g:ResourceTag/<tag-key>

apig:vpcChannels:get

apig:loadBalanceChannel:update

授予权限以更新负载通道。

write

instance *

g:ResourceTag/<tag-key>

apig:vpcChannels:update

apig:loadBalanceChannel:updateHealthCheckConfig

授予权限以修改负载通道健康检查配置。

write

instance *

g:ResourceTag/<tag-key>

apig:vpcChannels:update

apig:loadBalanceChannel:listServerGroup

授予权限以查询负载通道后端服务器组列表。

list

instance *

g:ResourceTag/<tag-key>

apig:vpcChannels:get

apig:loadBalanceChannel:createServerGroup

授予权限以添加或更新VPC通道后端服务器组。

write

instance *

g:ResourceTag/<tag-key>

apig:vpcChannels:addOrUpdateMemberGroups

apig:loadBalanceChannel:deleteServerGroup

授予权限以删除VPC通道后端服务器组。

write

instance *

g:ResourceTag/<tag-key>

apig:vpcChannels:deleteMemberGroup

apig:loadBalanceChannel:getServerGroup

授予权限以查看指定的VPC通道后端服务器组详情。

read

instance *

g:ResourceTag/<tag-key>

apig:vpcChannels:get

apig:loadBalanceChannel:updateServerGroup

授予权限以更新VPC通道后端服务器组。

write

instance *

g:ResourceTag/<tag-key>

apig:vpcChannels:updateMemberGroup

apig:loadBalanceChannel:listBackendServerAddress

授予权限以获取负载通道后端实例列表。

list

instance *

g:ResourceTag/<tag-key>

apig:vpcChannels:get

apig:loadBalanceChannel:createBackendServerAddress

授予权限以添加或更新负载通道后端实例。

write

instance *

g:ResourceTag/<tag-key>

apig:vpcChannels:addInstance

apig:loadBalanceChannel:updateBackendServerAddress

授予权限以更新负载通道后端实例。

write

instance *

g:ResourceTag/<tag-key>

apig:vpcChannels:addInstance

apig:loadBalanceChannel:deleteBackendServerAddress

授予权限以删除负载通道后端实例。

write

instance *

g:ResourceTag/<tag-key>

apig:vpcChannels:deleteInstance

apig:loadBalanceChannel:batchDisableBackendServerAddress

授予权限以批量修改后端服务器状态不可用。

write

instance *

g:ResourceTag/<tag-key>

apig:vpcChannels:batchDisableInstance

apig:loadBalanceChannel:batchEnableBackendServerAddress

授予权限以批量修改后端服务器状态可用。

write

instance *

g:ResourceTag/<tag-key>

apig:vpcChannels:batchEnableInstance

apig:instance:listTag

授予权限以获取标签列表。

list

instance *

g:ResourceTag/<tag-key>

apig:tags:list

apig:api:listUnboundPlugin

授予权限以获取API可绑定的插件列表。

list

instance *

g:ResourceTag/<tag-key>

apig:apis:listBindedPlugins

apig:api:listBoundPlugin

授予权限以获取API已绑定的插件列表。

list

instance *

g:ResourceTag/<tag-key>

apig:apis:listBindedPlugins

apig:api:bindPlugin

授予权限以绑定插件到API。

write

instance *

g:ResourceTag/<tag-key>

apig:apis:bindPlugins

apig:api:unbindPlugin

授予权限以解绑API绑定的插件。

write

instance *

g:ResourceTag/<tag-key>

apig:apis:unbindPlugins

apig:plugin:list

授予权限以获取插件列表。

list

instance *

g:ResourceTag/<tag-key>

apig:plugins:list

apig:plugin:create

授予权限以创建插件。

write

instance *

g:ResourceTag/<tag-key>

apig:plugins:create

apig:plugin:delete

授予权限以删除插件。

write

instance *

g:ResourceTag/<tag-key>

apig:plugins:delete

apig:plugin:get

授予权限以获取插件详情。

read

instance *

g:ResourceTag/<tag-key>

apig:plugins:get

apig:plugin:update

授予权限以修改插件。

write

instance *

g:ResourceTag/<tag-key>

apig:plugins:update

apig:plugin:bindApi

授予权限以绑定API到插件。

write

instance *

g:ResourceTag/<tag-key>

apig:apis:bindPlugins

apig:plugin:listUnbindApi

授予权限以获取插件可绑定的API列表。

list

instance *

g:ResourceTag/<tag-key>

apig:plugins:listUnbindedApis

apig:plugin:listBoundApi

授予权限以获取插件已绑定的API列表。

list

instance *

g:ResourceTag/<tag-key>

apig:plugins:listBindedApis

apig:plugin:unbindApi

授予权限以解绑插件绑定的API。

write

instance *

g:ResourceTag/<tag-key>

apig:apis:unbindPlugins

apig:apiGroup:listGatewayResponse

授予权限以获取分组自定义响应列表。

list

instance *

g:ResourceTag/<tag-key>

apig:gatewayResponses:list

apig:apiGroup:createGatewayResponse

授予权限以创建分组自定义响应。

write

instance *

g:ResourceTag/<tag-key>

apig:gatewayResponses:create

apig:apiGroup:deleteGatewayResponse

授予权限以删除分组自定义响应。

write

instance *

g:ResourceTag/<tag-key>

apig:gatewayResponses:delete

apig:apiGroup:getGatewayResponse

授予权限以获取分组自定义响应详情。

read

instance *

g:ResourceTag/<tag-key>

apig:gatewayResponses:get

apig:apiGroup:updateGatewayResponse

授予权限以修改分组自定义响应。

write

instance *

g:ResourceTag/<tag-key>

apig:gatewayResponses:updat

apig:apiGroup:deleteGatewayResponseType

授予权限以删除分组指定错误类型的自定义响应配置。

write

instance *

g:ResourceTag/<tag-key>

apig:gatewayResponses:update

apig:apiGroup:getGatewayResponseType

授予权限以获取分组下指定错误类型的自定义响应。

read

instance *

g:ResourceTag/<tag-key>

apig:gatewayResponses:get

apig:apiGroup:updateGatewayResponseType

授予权限以修改分组下指定错误类型的自定义响应。

write

instance *

g:ResourceTag/<tag-key>

apig:gatewayResponses:update

apig:instance:listApiOutline

授予权限以获取API概况。

list

instance *

g:ResourceTag/<tag-key>

apig:apis:get

apig:instance:listAppOutline

授予权限以获取APP概况。

list

instance *

g:ResourceTag/<tag-key>

apig:apps:get

apig:instance:listApiGroupOutline

授予权限以获取API分组概况。

list

instance *

g:ResourceTag/<tag-key>

apig:groups:get

apig:environmentVariable:list

授予权限以查询环境变量列表。

list

instance *

g:ResourceTag/<tag-key>

apig:variables:list

apig:environmentVariable:create

授予权限以新建环境变量。

write

instance *

g:ResourceTag/<tag-key>

apig:variables:create

apig:environmentVariable:delete

授予权限以删除环境变量。

write

instance *

g:ResourceTag/<tag-key>

apig:variables:delete

apig:environmentVariable:get

授予权限以获取环境变量详情。

read

instance *

g:ResourceTag/<tag-key>

apig:variables:get

apig:environmentVariable:update

授予权限以修改环境变量。

write

instance *

g:ResourceTag/<tag-key>

apig:variables:update

apig:environment:list

授予权限以获取环境列表。

list

instance *

g:ResourceTag/<tag-key>

apig:envs:list

apig:environment:create

授予权限以创建环境。

write

instance *

g:ResourceTag/<tag-key>

apig:envs:create

apig:environment:delete

授予权限以删除环境。

write

instance *

g:ResourceTag/<tag-key>

apig:envs:delete

apig:environment:update

授予权限以修改环境。

write

instance *

g:ResourceTag/<tag-key>

apig:envs:update

apig:instance:listMetricData

授予权限以查询实例监控数据。

list

instance *

g:ResourceTag/<tag-key>

apig:metricData:get

apig:instance:listApiMonitoring

授予权限以查询最近一段时间API的统计信息。

list

instance *

g:ResourceTag/<tag-key>

apig:apis:get

apig:instance:listApiGroupMonitoring

授予权限以查询最近一小时内API分组的统计信息。

list

instance *

g:ResourceTag/<tag-key>

apig:groups:get

apig:requestThrottling:list

授予权限以获取流控策略列表。

list

instance *

g:ResourceTag/<tag-key>

apig:throttles:list

apig:requestThrottling:create

授予权限以创建流控策略。

write

instance *

g:ResourceTag/<tag-key>

apig:throttles:create

apig:requestThrottling:delete

授予权限以删除流控策略。

write

instance *

g:ResourceTag/<tag-key>

apig:throttles:delete

apig:requestThrottling:get

授予权限以获取流控策略详情。

read

instance *

g:ResourceTag/<tag-key>

apig:throttles:get

apig:requestThrottling:update

授予权限以修改流控策略。

write

instance *

g:ResourceTag/<tag-key>

apig:throttles:update

apig:requestThrottling:batchDelete

授予权限以批量删除流控策略。

write

instance *

g:ResourceTag/<tag-key>

apig:throttles:delete

apig:api:bindSignatureKey

授予权限以绑定签名密钥和API。

write

instance *

g:ResourceTag/<tag-key>

apig:apis:bindSigns

apig:api:unbindSignatureKey

授予权限以解除签名密钥和API的绑定关系。

write

instance *

g:ResourceTag/<tag-key>

apig:apis:unbindSigns

apig:signatureKey:listBoundApi

授予权限以获取签名密钥绑定的API列表。

list

instance *

g:ResourceTag/<tag-key>

apig:signs:listBindedApis

apig:api:listBoundSignatureKey

授予权限以获取API绑定的签名密钥列表。

list

instance *

g:ResourceTag/<tag-key>

apig:apis:listBindedSigns

apig:signatureKey:listUnboundApi

授予权限以查询所有未绑定到该签名密钥上的API列表。

list

instance *

g:ResourceTag/<tag-key>

apig:signs:listUnbindedApis

apig:signatureKey:list

授予权限以获取签名密钥列表。

list

instance *

g:ResourceTag/<tag-key>

apig:signs:list

apig:signatureKey:create

授予权限以创建签名密钥。

write

instance *

g:ResourceTag/<tag-key>

apig:signs:create

apig:signatureKey:delete

授予权限以删除签名密钥。

write

instance *

g:ResourceTag/<tag-key>

apig:signs:delete

apig:signatureKey:update

授予权限以修改签名密钥。

write

instance *

g:ResourceTag/<tag-key>

apig:signs:update

apig:requestThrottling:listSpecial

授予权限以获取流控特殊设置列表。

list

instance *

g:ResourceTag/<tag-key>

apig:specialThrottles:get

apig:requestThrottling:createSpecial

授予权限以创建流控特殊设置。

write

instance *

g:ResourceTag/<tag-key>

apig:specialThrottles:create

apig:requestThrottling:deleteSpecial

授予权限以删除流控特殊设置。

write

instance *

g:ResourceTag/<tag-key>

apig:specialThrottles:delete

apig:requestThrottling:updateSpecial

授予权限以修改某个流控策略下的某个特殊设置。

write

instance *

g:ResourceTag/<tag-key>

apig:specialThrottles:update

apig:instance:listSingleInstanceTag

授予权限以查询指定的实例标签列表。

list

instance *

  • g:ResourceTag/<tag-key>
  • g:EnterpriseProjectId

apig:instanceTags:list

apig:instance:batchCreateOrDeleteTag

授予权限以实现批量添加或删除实例标签的功能。

write

instance *

  • g:ResourceTag/<tag-key>
  • g:EnterpriseProjectId

apig:instanceTags:create

-

  • g:RequestTag/<tag-key>
  • g:TagKeys

apig::listTag

授予权限以获取项目下所有实例标签。

list

-

-

apig:instanceTags:list

apig:instance:getNumByTags

授予权限以实现通过标签查询实例数量的功能。

read

instance *

-

-

-

g:TagKeys

apig:instance:listByTags

授予权限以实现通过标签查询实例列表的功能。

list

instance *

-

-

-

g:TagKeys

apig:instance:list

授予权限以获取专享版实例列表。

list

-

-

apig:instances:list

apig:instance:create

授予权限以创建专享版实例。

write

-

  • g:RequestTag/<tag-key>
  • g:TagKeys

apig:instances:create

apig:instance:delete

授予权限以删除专享版实例。

write

instance *

  • g:ResourceTag/<tag-key>
  • g:EnterpriseProjectId

apig:instances:delete

apig:instance:get

授予权限以查看专享版实例详情。

read

instance *

  • g:ResourceTag/<tag-key>
  • g:EnterpriseProjectId

apig:instances:get

apig:instance:update

授予权限以更新专享版实例。

write

instance *

  • g:ResourceTag/<tag-key>
  • g:EnterpriseProjectId

apig:instances:update

apig:instance:unbindEip

授予权限以解绑专享版实例的EIP。

write

instance *

  • g:ResourceTag/<tag-key>
  • g:EnterpriseProjectId

apig:instances:update

apig:instance:bindOrChangeEip

授予权限以添加或更换专享版实例的EIP。

write

instance *

  • g:ResourceTag/<tag-key>
  • g:EnterpriseProjectId

apig:instances:update

apig:instance:deleteOutboundEip

授予权限以关闭专享版实例的公网出口。

write

instance *

  • g:ResourceTag/<tag-key>
  • g:EnterpriseProjectId

apig:instances:update

apig:instance:createOutboundEip

授予权限以开启专享版实例的公网出口。

write

instance *

  • g:ResourceTag/<tag-key>
  • g:EnterpriseProjectId

apig:instances:update

apig:instance:changeOutboundEipBandwidth

授予权限以修改专享版实例公网出口的带宽。

write

instance *

  • g:ResourceTag/<tag-key>
  • g:EnterpriseProjectId

apig:instances:update

apig:instance:getCreateProgress

授予权限以获取专享版实例的创建进度。

read

instance *

  • g:ResourceTag/<tag-key>
  • g:EnterpriseProjectId

-

apig:instance:deleteIngressEip

授予权限以关闭专享版实例的公网入口。

write

instance *

  • g:ResourceTag/<tag-key>
  • g:EnterpriseProjectId

apig:instances:update

apig:instance:createIngressEip

授予权限以开启专享版实例的公网入口。

write

instance *

  • g:ResourceTag/<tag-key>
  • g:EnterpriseProjectId

apig:instances:update

apig:instance:changeIngressEipBindwidth

授予权限以更新专享版实例的入公网带宽。

write

instance *

  • g:ResourceTag/<tag-key>
  • g:EnterpriseProjectId

apig:instances:update

apig:instance:resize

授予权限以创建按需专享版实例规格变更订单。

write

instance *

  • g:ResourceTag/<tag-key>
  • g:EnterpriseProjectId

-

apig:instance:getRestriction

授予权限以获取实例约束信息。

read

instance *

  • g:ResourceTag/<tag-key>
  • g:EnterpriseProjectId

apig:instances:get

apig:instance:listParameter

授予权限以获取实例参数列表。

list

instance *

  • g:ResourceTag/<tag-key>
  • g:EnterpriseProjectId

apig:features:list

apig:instance:updateParameter

授予权限以编辑实例参数。

write

instance *

  • g:ResourceTag/<tag-key>
  • g:EnterpriseProjectId

apig:features:create

apig:instance:listFeature

授予权限以获取实例支持的特性列表。

list

instance *

  • g:ResourceTag/<tag-key>
  • g:EnterpriseProjectId

-

apig:instance:importMicroservice

授予权限以导入微服务到专享版实例。

write

instance *

g:ResourceTag/<tag-key>

apig:apis:import

apig:apiGroup:bindDomain

授予权限以绑定独立域名。

write

instance *

g:ResourceTag/<tag-key>

apig:domains:create

apig:apiGroup:unbindDomain

授予权限以解绑独立域名。

write

instance *

g:ResourceTag/<tag-key>

apig:domains:delete

apig:apiGroup:updateDomainConfig

授予权限以修改独立域名。

write

instance *

g:ResourceTag/<tag-key>

apig:domains:update

apig:apiGroup:createAndBindCertificateToDomain

授予权限以创建并绑定证书到独立域名。

write

instance *

g:ResourceTag/<tag-key>

apig:domains:bindCertificate

apig:apiGroup:unbindAndDeleteCertificateFromDomain

授予权限以解绑并删除独立域名的证书。

write

instance *

g:ResourceTag/<tag-key>

apig:domains:unbindCertificate

apig:apiGroup:getCertificateOfDomain

授予权限以查看独立域名的证书。

read

instance *

g:ResourceTag/<tag-key>

apig:domains:getCertificate

apig:apiGroup:updateSLDomainSetting

授予权限以设置调试域名是否可以访问。

write

instance *

g:ResourceTag/<tag-key>

apig:domains:updateSLDomainSetting

apig:customAuthorizer:list

授予权限以获取自定义认证列表。

list

instance *

g:ResourceTag/<tag-key>

apig:authorizers:list

apig:customAuthorizer:create

授予权限以创建自定义认证。

write

instance *

g:ResourceTag/<tag-key>

apig:authorizers:create

apig:customAuthorizer:delete

授予权限以删除自定义认证。

write

instance *

g:ResourceTag/<tag-key>

apig:authorizers:delete

apig:customAuthorizer:get

授予权限以获取自定义认证详情。

read

instance *

g:ResourceTag/<tag-key>

apig:authorizers:get

apig:customAuthorizer:update

授予权限以修改自定义认证。

write

instance *

g:ResourceTag/<tag-key>

apig:authorizers:update

apig:instance:listVpcEndpoint

授予权限以获取实例终端节点列表。

list

instance *

  • g:ResourceTag/<tag-key>
  • g:EnterpriseProjectId

-

apig:instance:acceptOrRejectVpcEndpointConnection

授予权限以接受或拒绝终端节点连接。

write

instance *

  • g:ResourceTag/<tag-key>
  • g:EnterpriseProjectId

-

apig:instance:listVpcEndpointPermission

授予权限以获取实例终端节点服务的白名单列表。

list

instance *

  • g:ResourceTag/<tag-key>
  • g:EnterpriseProjectId

-

apig:instance:batchAddVpcEndpointPermission

授予权限以批量添加实例终端节点连接白名单。

write

instance *

  • g:ResourceTag/<tag-key>
  • g:EnterpriseProjectId

-

apig:instance:batchDeleteVpcEndpointPermission

授予权限以批量删除实例终端节点连接白名单。

write

instance *

  • g:ResourceTag/<tag-key>
  • g:EnterpriseProjectId

-

apig:app:deleteAcl

授予权限以删除凭据的访问控制规则。

write

instance *

g:ResourceTag/<tag-key>

apig:apps:get

apig:app:getAcl

授予权限以获取凭据的访问控制规则。

read

instance *

g:ResourceTag/<tag-key>

apig:apps:get

apig:app:updateAcl

授予权限以设置凭据的访问控制规则。

write

instance *

g:ResourceTag/<tag-key>

apig:apps:get

apig:clientQuota:list

授予权限以获取凭据配额策略列表。

list

instance *

g:ResourceTag/<tag-key>

-

apig:clientQuota:create

授予权限以创建凭据配额策略。

write

instance *

g:ResourceTag/<tag-key>

-

apig:clientQuota:delete

授予权限以删除凭据配额策略。

write

instance *

g:ResourceTag/<tag-key>

-

apig:clientQuota:get

授予权限以获取凭据配额策略详情。

read

instance *

g:ResourceTag/<tag-key>

-

apig:clientQuota:update

授予权限以修改凭据配额策略。

write

instance *

g:ResourceTag/<tag-key>

-

apig:clientQuota:listBoundApp

授予权限以查询凭据配额策略已绑定的凭据列表。

list

instance *

g:ResourceTag/<tag-key>

-

apig:clientQuota:bindApp

授予权限以绑定凭据配额和凭据。

write

instance *

g:ResourceTag/<tag-key>

-

apig:clientQuota:unbindApp

授予权限以解除凭据配额和凭据的绑定关系。

write

instance *

g:ResourceTag/<tag-key>

-

apig:clientQuota:listUnboundApp

授予权限以查询凭据配额可绑定的凭据列表。

list

instance *

g:ResourceTag/<tag-key>

-

apig:instance:listFeatureHistory

授予权限以查询特性的历史记录列表。

list

instance *

g:ResourceTag/<tag-key>

-

apig:instance:addCustomIngressPort

授予权限以新增实例自定义入方向端口。

write

instance *

  • g:ResourceTag/<tag-key>
  • g:EnterpriseProjectId

-

apig:instance:listCustomIngressPort

授予权限以获取实例自定义入方向端口列表。

list

instance *

  • g:ResourceTag/<tag-key>
  • g:EnterpriseProjectId

-

apig:instance:deleteCustomIngressPort

授予权限以删除实例自定义入方向端口。

write

instance *

  • g:ResourceTag/<tag-key>
  • g:EnterpriseProjectId

-

apig:instance:listCustomIngressPortDomain

授予权限以获取实例自定义入方向端口绑定的域名信息列表。

list

instance *

  • g:ResourceTag/<tag-key>
  • g:EnterpriseProjectId

-

apig的API通常对应着一个或多个授权项。表2展示了API与授权项的关系,以及该API需要依赖的授权项。

表2 API与授权项的关系

API

对应的授权项

依赖的授权项

GET /{project_id}/apigw/instances/{instance_id}/acls

apig:acl:list

apig:instance:get

POST /{project_id}/apigw/instances/{instance_id}/acls

apig:acl:create

apig:instance:get

PUT /{project_id}/apigw/instances/{instance_id}/acls

apig:acl:batchDelete

apig:instance:get

DELETE /{project_id}/apigw/instances/{instance_id}/acls/{acl_id}

apig:acl:delete

apig:instance:get

GET /{project_id}/apigw/instances/{instance_id}/acls/{acl_id}

apig:acl:get

apig:instance:get

PUT /{project_id}/apigw/instances/{instance_id}/acls/{acl_id}

apig:acl:update

apig:instance:get

POST /{project_id}/apigw/instances/{instance_id}/acl-bindings

apig:api:bindAcl

  • apig:instance:get
  • apig:api:get
  • apig:acl:get

PUT /{project_id}/apigw/instances/{instance_id}/acl-bindings

apig:api:batchUnbindAcl

  • apig:instance:get
  • apig:api:get
  • apig:acl:get

DELETE /{project_id}/apigw/instances/{instance_id}/acl-bindings/{acl_bindings_id}

apig:api:unbindAcl

  • apig:instance:get
  • apig:api:get
  • apig:acl:get

GET /{project_id}/apigw/instances/{instance_id}/acl-bindings/binded-acls

apig:api:listBoundAcl

  • apig:instance:get
  • apig:api:get

GET /{project_id}/apigw/instances/{instance_id}/acl-bindings/binded-apis

apig:acl:listBoundApi

  • apig:instance:get
  • apig:acl:get

GET /{project_id}/apigw/instances/{instance_id}/acl-bindings/unbinded-apis

apig:acl:listUnboundApi

  • apig:instance:get
  • apig:acl:get

POST /{project_id}/apigw/instances/{instance_id}/throttle-bindings

apig:api:bindRequestThrottling

  • apig:instance:get
  • apig:api:get
  • apig:requestThrottling:get

PUT /{project_id}/apigw/instances/{instance_id}/throttle-bindings

apig:api:batchUnbindRequestThrottling

  • apig:instance:get
  • apig:api:get
  • apig:requestThrottling:get

DELETE /{project_id}/apigw/instances/{instance_id}/throttle-bindings/{throttle_binding_id}

apig:api:unbindRequestThrottling

  • apig:instance:get
  • apig:api:get
  • apig:requestThrottling:get

GET /{project_id}/apigw/instances/{instance_id}/throttle-bindings/binded-apis

apig:requestThrottling:listBoundApi

  • apig:instance:get
  • apig:requestThrottling:get

GET /{project_id}/apigw/instances/{instance_id}/throttle-bindings/binded-throttles

apig:api:listBoundRequestThrottling

  • apig:instance:get
  • apig:api:get

GET /{project_id}/apigw/instances/{instance_id}/throttle-bindings/unbinded-apis

apig:requestThrottling:listUnboundApi

  • apig:instance:get
  • apig:requestThrottling:get

GET /{project_id}/apigw/instances/{instance_id}/api-groups

apig:apiGroup:list

apig:instance:get

POST /{project_id}/apigw/instances/{instance_id}/api-groups

apig:apiGroup:create

apig:instance:get

DELETE /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}

apig:apiGroup:delete

apig:instance:get

GET /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}

apig:apiGroup:get

apig:instance:get

PUT /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}

apig:apiGroup:update

apig:instance:get

POST /{project_id}/apigw/instances/{instance_id}/api-groups/check

apig:apiGroup:checkApiGroupNameExistOrNot

apig:instance:get

GET /{project_id}/apigw/instances/{instance_id}/apis

apig:api:list

  • apig:instance:get
  • apig:apiGroup:get

POST /{project_id}/apigw/instances/{instance_id}/apis

apig:api:create

  • apig:instance:get
  • apig:apiGroup:get
  • apig:loadBalanceChannel:get
  • apig:customAuthorizer:get
  • functiongraph:function:getFunctionConfig

DELETE /{project_id}/apigw/instances/{instance_id}/apis/{api_id}

apig:api:delete

  • apig:instance:get
  • apig:apiGroup:get

GET /{project_id}/apigw/instances/{instance_id}/apis/{api_id}

apig:api:get

  • apig:instance:get
  • apig:apiGroup:get

PUT /{project_id}/apigw/instances/{instance_id}/apis/{api_id}

apig:api:update

  • apig:instance:get
  • apig:apiGroup:get
  • apig:loadBalanceChannel:get
  • apig:customAuthorizer:get
  • functiongraph:function:getFunctionConfig

POST /{project_id}/apigw/instances/{instance_id}/apis/action

apig:api:onlineOrOffline

  • apig:instance:get
  • apig:apiGroup:get
  • apig:environment:list

-

apig:api:batchDelete

  • apig:instance:get
  • apig:apiGroup:get

POST /{project_id}/apigw/instances/{instance_id}/apis/check

apig:api:checkApiPathOrApiNameExistOrNot

  • apig:instance:get
  • apig:apiGroup:get

POST /{project_id}/apigw/instances/{instance_id}/apis/debug/{api_id}

apig:api:debug

  • apig:instance:get
  • apig:apiGroup:get

POST /{project_id}/apigw/instances/{instance_id}/apis/publish

apig:api:batchOnlineOrOffline

  • apig:instance:get
  • apig:apiGroup:get
  • apig:environment:list

GET /{project_id}/apigw/instances/{instance_id}/apis/publish/{api_id}

apig:api:listHistoryVersion

apig:instance:get

PUT /{project_id}/apigw/instances/{instance_id}/apis/publish/{api_id}

apig:api:switchVersion

  • apig:instance:get
  • apig:api:get

GET /{project_id}/apigw/instances/{instance_id}/apis/runtime/{api_id}

apig:api:getRuntimeDefinition

  • apig:instance:get
  • apig:environment:list

DELETE /{project_id}/apigw/instances/{instance_id}/apis/versions/{version_id}

apig:api:deleteHistoryVersion

  • apig:instance:get
  • apig:apiGroup:get
  • apig:environment:list

GET /{project_id}/apigw/instances/{instance_id}/apis/versions/{version_id}

apig:api:getHistoryVersion

apig:instance:get

GET /{project_id}/apigw/instances/{instance_id}/apps

apig:app:list

apig:instance:get

POST /{project_id}/apigw/instances/{instance_id}/apps

apig:app:create

apig:instance:get

DELETE /{project_id}/apigw/instances/{instance_id}/apps/{app_id}

apig:app:delete

apig:instance:get

GET /{project_id}/apigw/instances/{instance_id}/apps/{app_id}

apig:app:get

apig:instance:get

PUT /{project_id}/apigw/instances/{instance_id}/apps/{app_id}

apig:app:update

apig:instance:get

GET /{project_id}/apigw/instances/{instance_id}/apps/{app_id}/app-codes

apig:app:listAppCode

  • apig:instance:get
  • apig:app:get

POST /{project_id}/apigw/instances/{instance_id}/apps/{app_id}/app-codes

apig:app:createAppCode

  • apig:instance:get
  • apig:app:get

PUT /{project_id}/apigw/instances/{instance_id}/apps/{app_id}/app-codes

apig:app:generateAppCode

  • apig:instance:get
  • apig:app:get

DELETE /{project_id}/apigw/instances/{instance_id}/apps/{app_id}/app-codes/{app_code_id}

apig:app:deleteAppCode

  • apig:instance:get
  • apig:app:get

GET /{project_id}/apigw/instances/{instance_id}/apps/{app_id}/app-codes/{app_code_id}

apig:app:getAppCode

  • apig:instance:get
  • apig:app:get

PUT /{project_id}/apigw/instances/{instance_id}/apps/secret/{app_id}

apig:app:resetSecret

  • apig:instance:get
  • apig:app:get

GET /{project_id}/apigw/instances/{instance_id}/apps/validation/{app_id}

apig:app:validate

  • apig:instance:get
  • apig:app:get

GET /{project_id}/apigw/instances/{instance_id}/apps/{app_id}/bound-quota

apig:app:getBoundQuota

  • apig:instance:get
  • apig:app:get

POST /{project_id}/apigw/instances/{instance_id}/app-auths

apig:app:bindApi

  • apig:instance:get
  • apig:app:get
  • apig:api:get

DELETE /{project_id}/apigw/instances/{instance_id}/app-auths/{app_auth_id}

apig:app:unbindApi

  • apig:instance:get
  • apig:app:get
  • apig:api:get

GET /{project_id}/apigw/instances/{instance_id}/app-auths/binded-apis

apig:app:listBoundApi

  • apig:instance:get
  • apig:app:get

GET /{project_id}/apigw/instances/{instance_id}/app-auths/binded-apps

apig:api:listBoundApp

  • apig:instance:get
  • apig:api:get

GET /{project_id}/apigw/instances/{instance_id}/app-auths/unbinded-apis

apig:app:listUnboundApi

  • apig:instance:get
  • apig:app:get

POST /{project_id}/apigw/instances/{instance_id}/openapi/export

apig:api:export

  • apig:instance:get
  • apig:api:list
  • apig:api:get
  • apig:api:listBoundAcl
  • apig:acl:get
  • apig:api:listBoundRequestThrottling
  • apig:requestThrottling:get
  • apig:apiGroup:get
  • apig:apiGroup:getGatewayResponse
  • apig:environment:list
  • apig:api:listBoundPlugin
  • apig:plugin:get

POST /{project_id}/apigw/instances/{instance_id}/openapi/async-export

apig:api:export

  • apig:instance:get
  • apig:api:list
  • apig:api:get
  • apig:api:listBoundAcl
  • apig:acl:get
  • apig:api:listBoundRequestThrottling
  • apig:requestThrottling:get
  • apig:apiGroup:get
  • apig:apiGroup:getGatewayResponse
  • apig:environment:list
  • apig:api:listBoundPlugin
  • apig:plugin:get

POST /{project_id}/apigw/instances/{instance_id}/openapi/import

apig:api:import

  • apig:instance:get
  • apig:api:get
  • apig:acl:get
  • apig:requestThrottling:get
  • apig:apiGroup:get
  • apig:apiGroup:getGatewayResponse
  • apig:environment:list
  • apig:plugin:get

POST /{project_id}/apigw/instances/{instance_id}/openapi/async-import

apig:api:import

  • apig:instance:get
  • apig:api:get
  • apig:acl:get
  • apig:requestThrottling:get
  • apig:apiGroup:get
  • apig:apiGroup:getGatewayResponse
  • apig:environment:list
  • apig:plugin:get

GET /{project_id}/apigw/instances/{instance_id}/async-tasks/{task_id}

apig:asyncTask:get

apig:instance:get

GET /{project_id}/apigw/certificates

apig:certificate:list

-

POST /{project_id}/apigw/certificates

apig:certificate:create

apig:instance:get

DELETE /{project_id}/apigw/certificates/{certificate_id}

apig:certificate:delete

-

GET /{project_id}/apigw/certificates/{certificate_id}

apig:certificate:get

-

PUT /{project_id}/apigw/certificates/{certificate_id}

apig:certificate:update

apig:instance:get

GET /{project_id}/apigw/certificates/{certificate_id}/attached-domains

apig:certificate:listBoundDomain

-

POST /{project_id}/apigw/certificates/{certificate_id}/domains/attach

apig:certificate:batchBindDomain

  • apig:certificate:get
  • apig:apiGroup:get

POST /{project_id}/apigw/certificates/{certificate_id}/domains/detach

apig:certificate:batchUnbindDomain

  • apig:certificate:get
  • apig:apiGroup:get

POST /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/domains/{domain_id}/certificates/attach

apig:apiGroup:batchBindCertificateToDomain

  • apig:instance:get
  • apig:apiGroup:get
  • apig:certificate:get

POST /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/domains/{domain_id}/certificates/detach

apig:apiGroup:batchUnbindCertificateFromDomain

  • apig:instance:get
  • apig:apiGroup:get
  • apig:certificate:get

GET /{project_id}/apigw/instances/{instance_id}/vpc-channels

apig:loadBalanceChannel:list

apig:instance:get

POST /{project_id}/apigw/instances/{instance_id}/vpc-channels

apig:loadBalanceChannel:create

  • apig:instance:get
  • cce:cluster:getCluster
  • ecs:cloudServers:showServer
  • cce:cluster:generateClientCredential

DELETE /{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id}

apig:loadBalanceChannel:delete

apig:instance:get

GET /{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id}

apig:loadBalanceChannel:get

apig:instance:get

PUT /{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id}

apig:loadBalanceChannel:update

  • apig:instance:get
  • cce:cluster:getCluster
  • ecs:cloudServers:showServer
  • cce:cluster:generateClientCredential

PUT /{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id}/health-config

apig:loadBalanceChannel:updateHealthCheckConfig

  • apig:instance:get
  • apig:loadBalanceChannel:get

GET /{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id}/member-groups

apig:loadBalanceChannel:listServerGroup

  • apig:instance:get
  • apig:loadBalanceChannel:get

POST /{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id}/member-groups

apig:loadBalanceChannel:createServerGroup

  • apig:instance:get
  • apig:loadBalanceChannel:get

DELETE /{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id}/member-groups/{member_group_id}

apig:loadBalanceChannel:deleteServerGroup

  • apig:instance:get
  • apig:loadBalanceChannel:get

GET /{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id}/member-groups/{member_group_id}

apig:loadBalanceChannel:getServerGroup

  • apig:instance:get
  • apig:loadBalanceChannel:get

PUT /{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id}/member-groups/{member_group_id}

apig:loadBalanceChannel:updateServerGroup

  • apig:instance:get
  • apig:loadBalanceChannel:get

GET /{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id}/members

apig:loadBalanceChannel:listBackendServerAddress

  • apig:instance:get
  • apig:loadBalanceChannel:get

POST /{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id}/members

apig:loadBalanceChannel:createBackendServerAddress

  • apig:instance:get
  • apig:loadBalanceChannel:get
  • ecs:cloudServers:showServer

PUT /{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id}/members

apig:loadBalanceChannel:updateBackendServerAddress

  • apig:instance:get
  • apig:loadBalanceChannel:get
  • ecs:cloudServers:showServer

DELETE /{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id}/members/{member_id}

apig:loadBalanceChannel:deleteBackendServerAddress

  • apig:instance:get
  • apig:loadBalanceChannel:get

POST /{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id}/members/batch-disable

apig:loadBalanceChannel:batchDisableBackendServerAddress

  • apig:instance:get
  • apig:loadBalanceChannel:get

POST /{project_id}/apigw/instances/{instance_id}/vpc-channels/{vpc_channel_id}/members/batch-enable

apig:loadBalanceChannel:batchEnableBackendServerAddress

  • apig:instance:get
  • apig:loadBalanceChannel:get

GET /{project_id}/apigw/instances/{instance_id}/tags

apig:instance:listTag

apig:instance:get

GET /{project_id}/apigw/instances/{instance_id}/apis/{api_id}/attachable-plugins

apig:api:listUnboundPlugin

  • apig:instance:get
  • apig:api:get

GET /{project_id}/apigw/instances/{instance_id}/apis/{api_id}/attached-plugins

apig:api:listBoundPlugin

  • apig:instance:get
  • apig:api:get

POST /{project_id}/apigw/instances/{instance_id}/apis/{api_id}/plugins/attach

apig:api:bindPlugin

  • apig:instance:get
  • apig:api:get
  • apig:plugin:get

PUT /{project_id}/apigw/instances/{instance_id}/apis/{api_id}/plugins/detach

apig:api:unbindPlugin

  • apig:instance:get
  • apig:api:get
  • apig:plugin:get

GET /{project_id}/apigw/instances/{instance_id}/plugins

apig:plugin:list

apig:instance:get

POST /{project_id}/apigw/instances/{instance_id}/plugins

apig:plugin:create

  • apig:instance:get
  • apig:loadBalanceChannel:get
  • functiongraph:function:getFunctionConfig

DELETE /{project_id}/apigw/instances/{instance_id}/plugins/{plugin_id}

apig:plugin:delete

apig:instance:get

GET /{project_id}/apigw/instances/{instance_id}/plugins/{plugin_id}

apig:plugin:get

apig:instance:get

PUT /{project_id}/apigw/instances/{instance_id}/plugins/{plugin_id}

apig:plugin:update

  • apig:instance:get
  • apig:loadBalanceChannel:get
  • functiongraph:function:getFunctionConfig

POST /{project_id}/apigw/instances/{instance_id}/plugins/{plugin_id}/attach

apig:plugin:bindApi

  • apig:instance:get
  • apig:api:get
  • apig:plugin:get

GET /{project_id}/apigw/instances/{instance_id}/plugins/{plugin_id}/attachable-apis

apig:plugin:listUnbindApi

  • apig:instance:get
  • apig:plugin:get

GET /{project_id}/apigw/instances/{instance_id}/plugins/{plugin_id}/attached-apis

apig:plugin:listBoundApi

  • apig:instance:get
  • apig:plugin:get

PUT /{project_id}/apigw/instances/{instance_id}/plugins/{plugin_id}/detach

apig:plugin:unbindApi

  • apig:instance:get
  • apig:api:get
  • apig:plugin:get

GET /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/gateway-responses

apig:apiGroup:listGatewayResponse

  • apig:instance:get
  • apig:apiGroup:get

POST /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/gateway-responses

apig:apiGroup:createGatewayResponse

  • apig:instance:get
  • apig:apiGroup:get

DELETE /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/gateway-responses/{response_id}

apig:apiGroup:deleteGatewayResponse

  • apig:instance:get
  • apig:apiGroup:get

GET /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/gateway-responses/{response_id}

apig:apiGroup:getGatewayResponse

  • apig:instance:get
  • apig:apiGroup:get

PUT /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/gateway-responses/{response_id}

apig:apiGroup:updateGatewayResponse

  • apig:instance:get
  • apig:apiGroup:get

DELETE /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/gateway-responses/{response_id}/{response_type}

apig:apiGroup:deleteGatewayResponseType

  • apig:instance:get
  • apig:apiGroup:get

GET /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/gateway-responses/{response_id}/{response_type}

apig:apiGroup:getGatewayResponseType

  • apig:instance:get
  • apig:apiGroup:get

PUT /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/gateway-responses/{response_id}/{response_type}

apig:apiGroup:updateGatewayResponseType

  • apig:instance:get
  • apig:apiGroup:get

GET /{project_id}/apigw/instances/{instance_id}/resources/outline/apis

apig:instance:listApiOutline

apig:instance:get

GET /{project_id}/apigw/instances/{instance_id}/resources/outline/apps

apig:instance:listAppOutline

apig:instance:get

GET /{project_id}/apigw/instances/{instance_id}/resources/outline/groups

apig:instance:listApiGroupOutline

apig:instance:get

GET /{project_id}/apigw/instances/{instance_id}/env-variables

apig:environmentVariable:list

  • apig:instance:get
  • apig:apiGroup:get
  • apig:environment:list

POST /{project_id}/apigw/instances/{instance_id}/env-variables

apig:environmentVariable:create

  • apig:instance:get
  • apig:apiGroup:get
  • apig:environment:list

DELETE /{project_id}/apigw/instances/{instance_id}/env-variables/{env_variable_id}

apig:environmentVariable:delete

  • apig:instance:get
  • apig:apiGroup:get
  • apig:environment:list

GET /{project_id}/apigw/instances/{instance_id}/env-variables/{env_variable_id}

apig:environmentVariable:get

  • apig:instance:get
  • apig:apiGroup:get
  • apig:environment:list

PUT /{project_id}/apigw/instances/{instance_id}/env-variables/{env_variable_id}

apig:environmentVariable:update

  • apig:instance:get
  • apig:apiGroup:get
  • apig:environment:list

GET /{project_id}/apigw/instances/{instance_id}/envs

apig:environment:list

apig:instance:get

POST /{project_id}/apigw/instances/{instance_id}/envs

apig:environment:create

apig:instance:get

DELETE /{project_id}/apigw/instances/{instance_id}/envs/{env_id}

apig:environment:delete

apig:instance:get

PUT /{project_id}/apigw/instances/{instance_id}/envs/{env_id}

apig:environment:update

apig:instance:get

GET /{project_id}/apigw/instances/{instance_id}/metric-data

apig:instance:listMetricData

apig:instance:get

GET /{project_id}/apigw/instances/{instance_id}/statistics/api/latest

apig:instance:listApiMonitoring

apig:instance:get

GET /{project_id}/apigw/instances/{instance_id}/statistics/group/latest

apig:instance:listApiGroupMonitoring

apig:instance:get

GET /{project_id}/apigw/instances/{instance_id}/throttles

apig:requestThrottling:list

apig:instance:get

POST /{project_id}/apigw/instances/{instance_id}/throttles

apig:requestThrottling:create

apig:instance:get

DELETE /{project_id}/apigw/instances/{instance_id}/throttles/{throttle_id}

apig:requestThrottling:delete

apig:instance:get

GET /{project_id}/apigw/instances/{instance_id}/throttles/{throttle_id}

apig:requestThrottling:get

apig:instance:get

PUT /{project_id}/apigw/instances/{instance_id}/throttles/{throttle_id}

apig:requestThrottling:update

apig:instance:get

-

apig:requestThrottling:batchDelete

apig:instance:get

POST /{project_id}/apigw/instances/{instance_id}/sign-bindings

apig:api:bindSignatureKey

  • apig:instance:get
  • apig:api:get
  • apig:signatureKey:list

DELETE /{project_id}/apigw/instances/{instance_id}/sign-bindings/{sign_bindings_id}

apig:api:unbindSignatureKey

  • apig:instance:get
  • apig:api:get
  • apig:signatureKey:list

GET /{project_id}/apigw/instances/{instance_id}/sign-bindings/binded-apis

apig:signatureKey:listBoundApi

  • apig:instance:get
  • apig:signatureKey:list

GET /{project_id}/apigw/instances/{instance_id}/sign-bindings/binded-signs

apig:api:listBoundSignatureKey

  • apig:instance:get
  • apig:api:get

GET /{project_id}/apigw/instances/{instance_id}/sign-bindings/unbinded-apis

apig:signatureKey:listUnboundApi

  • apig:instance:get
  • apig:signatureKey:list

GET /{project_id}/apigw/instances/{instance_id}/signs

apig:signatureKey:list

apig:instance:get

POST /{project_id}/apigw/instances/{instance_id}/signs

apig:signatureKey:create

apig:instance:get

DELETE /{project_id}/apigw/instances/{instance_id}/signs/{sign_id}

apig:signatureKey:delete

apig:instance:get

PUT /{project_id}/apigw/instances/{instance_id}/signs/{sign_id}

apig:signatureKey:update

apig:instance:get

GET /{project_id}/apigw/instances/{instance_id}/throttles/{throttle_id}/throttle-specials

apig:requestThrottling:listSpecial

  • apig:instance:get
  • apig:requestThrottling:get

POST /{project_id}/apigw/instances/{instance_id}/throttles/{throttle_id}/throttle-specials

apig:requestThrottling:createSpecial

  • apig:instance:get
  • apig:requestThrottling:get

DELETE /{project_id}/apigw/instances/{instance_id}/throttles/{throttle_id}/throttle-specials/{strategy_id}

apig:requestThrottling:deleteSpecial

  • apig:instance:get
  • apig:requestThrottling:get

PUT /{project_id}/apigw/instances/{instance_id}/throttles/{throttle_id}/throttle-specials/{strategy_id}

apig:requestThrottling:updateSpecial

  • apig:instance:get
  • apig:requestThrottling:get

GET /{project_id}/apigw/instances/{instance_id}/instance-tags

apig:instance:listSingleInstanceTag

apig:instance:get

POST /{project_id}/apigw/instances/{instance_id}/instance-tags/action

apig:instance:batchCreateOrDeleteTag

apig:instance:get

GET /{project_id}/apigw/instance-tags

apig::listTag

apig:instance:get

POST /{project_id}/apigw/resource-instances/count

apig:instance:getNumByTags

-

POST /{project_id}/apigw/resource-instances/filter

apig:instance:listByTags

-

GET /{project_id}/apigw/instances

apig:instance:list

-

POST /{project_id}/apigw/instances

apig:instance:create

  • vpc:securityGroups:get
  • vpc:ports:create
  • vpc:ports:update
  • eip:publicIps:get
  • eip:publicIps:update
  • eps:enterpriseProjects:list

DELETE /{project_id}/apigw/instances/{instance_id}

apig:instance:delete

  • eip:publicIps:get
  • eip:publicIps:update
  • vpc:ports:delete

GET /{project_id}/apigw/instances/{instance_id}

apig:instance:get

-

PUT /{project_id}/apigw/instances/{instance_id}

apig:instance:update

  • vpc:securityGroups:get
  • vpc:ports:update

DELETE /{project_id}/apigw/instances/{instance_id}/eip

apig:instance:unbindEip

  • apig:instance:get
  • eip:publicIps:update

PUT /{project_id}/apigw/instances/{instance_id}/eip

apig:instance:bindOrChangeEip

  • apig:instance:get
  • eip:publicIps:update

DELETE /{project_id}/apigw/instances/{instance_id}/nat-eip

apig:instance:deleteOutboundEip

apig:instance:get

POST /{project_id}/apigw/instances/{instance_id}/nat-eip

apig:instance:createOutboundEip

  • apig:instance:get
  • vpc:ports:get

PUT /{project_id}/apigw/instances/{instance_id}/nat-eip

apig:instance:changeOutboundEipBandwidth

apig:instance:get

GET /{project_id}/apigw/instances/{instance_id}/progress

apig:instance:getCreateProgress

-

DELETE /{project_id}/apigw/instances/{instance_id}/ingress-eip

apig:instance:deleteIngressEip

apig:instance:get

POST /{project_id}/apigw/instances/{instance_id}/ingress-eip

apig:instance:createIngressEip

apig:instance:get

PUT /{project_id}/apigw/instances/{instance_id}/ingress-eip

apig:instance:changeIngressEipBindwidth

apig:instance:get

POST /{project_id}/apigw/instances/{instance_id}/postpaid-resize

apig:instance:resize

apig:instance:get

GET /{project_id}/apigw/instances/{instance_id}/restriction

apig:instance:getRestriction

apig:instance:get

GET /{project_id}/apigw/instances/{instance_id}/features

apig:instance:listParameter

apig:instance:get

POST /{project_id}/apigw/instances/{instance_id}/features

apig:instance:updateParameter

apig:instance:get

GET /{project_id}/apigw/instances/{instance_id}/instance-features

apig:instance:listFeature

apig:instance:get

POST /{project_id}/apigw/instances/{instance_id}/microservice/import

apig:instance:importMicroservice

  • apig:instance:get
  • apig:api:create
  • apig:apiGroup:get
  • apig:apiGroup:create
  • apig:loadBalanceChannel:get
  • apig:loadBalanceChannel:create
  • cce:cluster:getCluster
  • cce:cluster:generateClientCredential

POST /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/domains

apig:apiGroup:bindDomain

  • apig:instance:get
  • apig:apiGroup:get

DELETE /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/domains/{domain_id}

apig:apiGroup:unbindDomain

  • apig:instance:get
  • apig:apiGroup:get

PUT /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/domains/{domain_id}

apig:apiGroup:updateDomainConfig

  • apig:instance:get
  • apig:apiGroup:get

POST /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/domains/{domain_id}/certificate

apig:apiGroup:createAndBindCertificateToDomain

  • apig:instance:get
  • apig:apiGroup:get
  • apig:certificate:get

DELETE /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/domains/{domain_id}/certificate/{certificate_id}

apig:apiGroup:unbindAndDeleteCertificateFromDomain

  • apig:instance:get
  • apig:apiGroup:get
  • apig:certificate:get

GET /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/domains/{domain_id}/certificate/{certificate_id}

apig:apiGroup:getCertificateOfDomain

  • apig:instance:get
  • apig:apiGroup:get
  • apig:certificate:get

PUT /{project_id}/apigw/instances/{instance_id}/api-groups/{group_id}/sl-domain-access-settings

apig:apiGroup:updateSLDomainSetting

  • apig:instance:get
  • apig:apiGroup:get

GET /{project_id}/apigw/instances/{instance_id}/authorizers

apig:customAuthorizer:list

apig:instance:get

POST /{project_id}/apigw/instances/{instance_id}/authorizers

apig:customAuthorizer:create

  • apig:instance:get
  • functiongraph:function:getFunctionConfig

DELETE /{project_id}/apigw/instances/{instance_id}/authorizers/{authorizer_id}

apig:customAuthorizer:delete

apig:instance:get

GET /{project_id}/apigw/instances/{instance_id}/authorizers/{authorizer_id}

apig:customAuthorizer:get

apig:instance:get

PUT /{project_id}/apigw/instances/{instance_id}/authorizers/{authorizer_id}

apig:customAuthorizer:update

  • apig:instance:get
  • functiongraph:function:getFunctionConfig

GET /{project_id}/apigw/instances/{instance_id}/vpc-endpoint/connections

apig:instance:listVpcEndpoint

apig:instance:get

POST /{project_id}/apigw/instances/{instance_id}/vpc-endpoint/connections/action

apig:instance:acceptOrRejectVpcEndpointConnection

apig:instance:get

GET /{project_id}/apigw/instances/{instance_id}/vpc-endpoint/permissions

apig:instance:listVpcEndpointPermission

apig:instance:get

POST /{project_id}/apigw/instances/{instance_id}/vpc-endpoint/permissions/batch-add

apig:instance:batchAddVpcEndpointPermission

apig:instance:get

POST /{project_id}/apigw/instances/{instance_id}/vpc-endpoint/permissions/batch-delete

apig:instance:batchDeleteVpcEndpointPermission

apig:instance:get

DELETE /{project_id}/apigw/instances/{instance_id}/apps/{app_id}/app-acl

apig:app:deleteAcl

  • apig:instance:get
  • apig:app:get

GET /{project_id}/apigw/instances/{instance_id}/apps/{app_id}/app-acl

apig:app:getAcl

  • apig:instance:get
  • apig:app:get

PUT /{project_id}/apigw/instances/{instance_id}/apps/{app_id}/app-acl

apig:app:updateAcl

  • apig:instance:get
  • apig:app:get

GET /{project_id}/apigw/instances/{instance_id}/app-quotas

apig:clientQuota:list

apig:instance:get

POST /{project_id}/apigw/instances/{instance_id}/app-quotas

apig:clientQuota:create

apig:instance:get

DELETE /{project_id}/apigw/instances/{instance_id}/app-quotas/{app_quota_id}

apig:clientQuota:delete

apig:instance:get

GET /{project_id}/apigw/instances/{instance_id}/app-quotas/{app_quota_id}

apig:clientQuota:get

apig:instance:get

PUT /{project_id}/apigw/instances/{instance_id}/app-quotas/{app_quota_id}

apig:clientQuota:update

apig:instance:get

GET /{project_id}/apigw/instances/{instance_id}/app-quotas/{app_quota_id}/bound-apps

apig:clientQuota:listBoundApp

apig:instance:get

POST /{project_id}/apigw/instances/{instance_id}/app-quotas/{app_quota_id}/binding-apps

apig:clientQuota:bindApp

  • apig:instance:get
  • apig:clientQuota:get

DELETE /{project_id}/apigw/instances/{instance_id}/app-quotas/{app_quota_id}/bound-apps/{app_id}

apig:clientQuota:unbindApp

  • apig:instance:get
  • apig:app:get
  • apig:clientQuota:get

GET /{project_id}/apigw/instances/{instance_id}/app-quotas/{app_quota_id}/bindable-apps

apig:clientQuota:listUnboundApp

  • apig:instance:get
  • apig:clientQuota:get

-

apig:instance:listFeatureHistory

  • apig:instance:get
  • apig:instance:listFeature

POST /{project_id}/apigw/instances/{instance_id}/custom-ingress-ports

apig:instance:addCustomIngressPort

apig:instance:get

GET /{project_id}/apigw/instances/{instance_id}/custom-ingress-ports

apig:instance:listCustomIngressPort

apig:instance:get

DELETE /{project_id}/apigw/instances/{instance_id}/custom-ingress-ports/{ingress_port_id}

apig:instance:deleteCustomIngressPort

  • apig:instance:get
  • apig:instance:listCustomIngressPort

GET /{project_id}/apigw/instances/{instance_id}/custom-ingress-ports/{ingress_port_id}/domains

apig:instance:listCustomIngressPortDomain

  • apig:instance:get
  • apig:apiGroup:get
  • apig:instance:listCustomIngressPort

资源类型(Resource)

资源类型(Resource)表示SCP所作用的资源。如表3中的某些操作指定了可以在该操作指定的资源类型,则必须在具有该操作的SCP语句中指定该资源的URN,SCP仅作用于此资源;如未指定,Resource默认为“*”,则SCP将应用到所有资源。您也可以在SCP中设置条件,从而指定资源类型。

apig定义了以下可以在自定义SCP的Resource元素中使用的资源类型。

表3 apig支持的资源类型

资源类型

URN

instance

apig:<region>:<account-id>:instance:<instance-id>

条件(Condition)

apig服务不支持在SCP中的条件键中配置服务级的条件键。apig可以使用适用于所有服务的全局条件键,请参考全局条件键