权限策略 Actions 和 Resources
网关组
| Action | Resource | API |
|---|---|---|
| gateway:DeleteGatewayGroup | arn:api7:gateway:gatewaygroup/%s | DELETE /api/gateway_groups/:gateway_group_id |
| gateway:GetGatewayGroup | arn:api7:gateway:gatewaygroup/%s | GET /api/gateway_groups/:gateway_group_id |
| gateway:CreateGatewayGroup | arn:api7:gateway:gatewaygroup/* | POST /api/gateway_groups |
| gateway:UpdateGatewayGroup | arn:api7:gateway:gatewaygroup/%s | PUT /api/gateway_groups/:gateway_group_id |
| gateway:UpdateGatewayGroup | arn:api7:gateway:gatewaygroup/%s | PUT /api/gateway_groups/:gateway_group_id/admin_key |
网关实例
| Action | Resource | API |
|---|---|---|
| gateway:GetGatewayInstance | arn:api7:gateway:gatewaygroup/%s | GET /api/gateway_groups/:gateway_group_id/instances |
| gateway:GetGatewayInstanceCore | arn:api7:gateway:gatewaygroup/* | GET /api/instances/cores |
| gateway:CreateGatewayInstance | arn:api7:gateway:gatewaygroup/%s | POST /api/gateway_groups/:gateway_group_id/dp_client_certificates |
| gateway:CreateGatewayInstance | arn:api7:gateway:gatewaygroup/%s | POST /api/gateway_groups/:gateway_group_id/instance_token |
消费者
| Action | Resource | API |
|---|---|---|
| gateway:GetConsumer | arn:api7:gateway:gatewaygroup/%s | GET /apisix/admin/consumers |
| gateway:GetConsumer | arn:api7:gateway:gatewaygroup/%s | GET /apisix/admin/consumers/:consumer_username |
| gateway:CreateConsumer | arn:api7:gateway:gatewaygroup/%s | POST /apisix/admin/consumers |
| gateway:UpdateConsumer | arn:api7:gateway:gatewaygroup/%s | PATCH /apisix/admin/consumers/:consumer_username |
| gateway:UpdateConsumer | arn:api7:gateway:gatewaygroup/%s | PUT /apisix/admin/consumers/:consumer_username |
| gateway:DeleteConsumer | arn:api7:gateway:gatewaygroup/%s | DELETE /apisix/admin/consumers/:consumer_username |
SSL 证书
| Action | Resource | API |
|---|---|---|
| gateway:GetSSLCertificate | arn:api7:gateway:gatewaygroup/%s | GET /apisix/admin/ssls |
| gateway:GetSSLCertificate | arn:api7:gateway:gatewaygroup/%s | GET /apisix/admin/ssls/:ssl_id |
| gateway:CreateSSLCertificate | arn:api7:gateway:gatewaygroup/%s | POST /apisix/admin/ssls |
| gateway:UpdateSSLCertificate | arn:api7:gateway:gatewaygroup/%s | PUT /apisix/admin/ssls/:ssl_id |
| gateway:DeleteSSLCertificate | arn:api7:gateway:gatewaygroup/%s | DELETE /apisix/admin/ssls/:ssl_id |
插件全局规则
| Action | Resource | API |
|---|---|---|
| gateway:GetGlobalPluginRule | arn:api7:gateway:gatewaygroup/%s | GET /apisix/admin/global_rules |
| gateway:GetGlobalPluginRule | arn:api7:gateway:gatewaygroup/%s | GET /apisix/admin/global_rules/:global_rule_id |
| gateway:CreateGlobalPluginRule | arn:api7:gateway:gatewaygroup/%s | POST /apisix/admin/global_rules |
| gateway:UpdateGlobalPluginRule | arn:api7:gateway:gatewaygroup/%s | PUT /apisix/admin/global_rules/:global_rule_id |
| gateway:DeleteGlobalPluginRule | arn:api7:gateway:gatewaygroup/%s | DELETE /apisix/admin/global_rules/:global_rule_id |
插件元数据
| Action | Resource | API |
|---|---|---|
| gateway:GetPluginMetadata | arn:api7:gateway:gatewaygroup/%s | GET /apisix/admin/plugin_metadata |
| gateway:GetPluginMetadata | arn:api7:gateway:gatewaygroup/%s | GET /apisix/admin/plugin_metadata/:plugin_name |
| gateway:UpdatePluginMetadata | arn:api7:gateway:gatewaygroup/%s | PUT /apisix/admin/plugin_metadata/:plugin_name |
| gateway:DeletePluginMetadata | arn:api7:gateway:gatewaygroup/%s | DELETE /apisix/admin/plugin_metadata/:plugin_name |
密钥
| Action | Resource | API |
|---|---|---|
| gateway:GetSecret | arn:api7:gateway:gatewaygroup/%s | GET /apisix/admin/secrets |
| gateway:GetSecret | arn:api7:gateway:gatewaygroup/%s | GET /apisix/admin/secrets/:secret_manager/:secret_id |
| gateway:PutSecret | arn:api7:gateway:gatewaygroup/%s | PUT /apisix/admin/secrets/:secret_manager/:secret_id |
| gateway:DeleteSecret | arn:api7:gateway:gatewaygroup/%s | DELETE /apisix/admin/secrets/:secret_manager/:secret_id |
服务注册中心
| Action | Resource | API |
|---|---|---|
| gateway:GetServiceRegistry | arn:api7:gateway:gatewaygroup/%s | GET /api/gateway_groups/:gateway_group_id/service_registries |
| gateway:GetServiceRegistry | arn:api7:gateway:gatewaygroup/%s | GET /api/gateway_groups/:gateway_group_id/service_registries/:service_registry_id |
| gateway:GetServiceRegistry | arn:api7:gateway:gatewaygroup/%s | GET /api/gateway_groups/:gateway_group_id/service_registries/:service_registry_id/connected_services |
| gateway:GetServiceRegistry | arn:api7:gateway:gatewaygroup/%s | GET /api/gateway_groups/:gateway_group_id/service_registries/:service_registry_id/health_check_history |
| gateway:GetServiceRegistry | arn:api7:gateway:gatewaygroup/%s | GET /api/gateway_groups/:gateway_group_id/service_registries/:service_registry_id/kubernetes/internal_services |
| gateway:GetServiceRegistry | arn:api7:gateway:gatewaygroup/%s | GET /api/gateway_groups/:gateway_group_id/service_registries/:service_registry_id/nacos/namespaces |
| gateway:GetServiceRegistry | arn:api7:gateway:gatewaygroup/%s | GET /api/gateway_groups/:gateway_group_id/service_registries/:service_registry_id/nacos/namespaces/:nacos_namespace/groups |
| gateway:GetServiceRegistry | arn:api7:gateway:gatewaygroup/%s | GET /api/gateway_groups/:gateway_group_id/service_registries/:service_registry_id/nacos/namespaces/:nacos_namespace/groups/:nacos_group/services |
| gateway:GetServiceRegistry | arn:api7:gateway:gatewaygroup/%s | GET /api/gateway_groups/:gateway_group_id/service_registries/:service_registry_id/nacos/namespaces/:nacos_namespace/groups/:nacos_group/services/:nacos_service/instances_metadata |
| gateway:ConnectServiceRegistry | arn:api7:gateway:gatewaygroup/%s | POST /api/gateway_groups/:gateway_group_id/service_registries |
| gateway:UpdateServiceRegistry | arn:api7:gateway:gatewaygroup/%s | PUT /api/gateway_groups/:gateway_group_id/service_registries/:service_registry_id |
| gateway:DisconnectServiceRegistry | arn:api7:gateway:gatewaygroup/%s | DELETE /api/gateway_groups/:gateway_group_id/service_registries/:service_registry_id |
服务中心(模板)
| Action | Resource | API |
|---|---|---|
| gateway:GetServiceTemplate | arn:api7:gateway:servicetemplate/%s | GET /api/routes/template/:route_id |
| gateway:GetServiceTemplate | arn:api7:gateway:servicetemplate/%s | GET /api/service_versions/:service_version_id |
| gateway:GetServiceTemplate | arn:api7:gateway:servicetemplate/%s | GET /api/service_versions/:service_version_id/routes |
| gateway:GetServiceTemplate | arn:api7:gateway:servicetemplate/%s | GET /api/service_versions/:service_version_id/routes/:route_version_id |
| gateway:GetServiceTemplate | arn:api7:gateway:servicetemplate/%s | GET /api/service_versions/:service_version_id/stream_routes |
| gateway:GetServiceTemplate | arn:api7:gateway:servicetemplate/%s | GET /api/service_versions/:service_version_id/stream_routes/:stream_route_version_id |
| gateway:GetServiceTemplate | arn:api7:gateway:servicetemplate/%s | GET /api/services/:service_id/versions/:version |
| gateway:GetServiceTemplate | arn:api7:gateway:servicetemplate/%s | GET /api/services/template/:service_id |
| gateway:GetServiceTemplate | arn:api7:gateway:servicetemplate/%s | GET /api/stream_routes/template/:stream_route_id |
| gateway:CreateServiceTemplate | arn:api7:gateway:servicetemplate/* | POST /api/import/services/template |
| gateway:UpdateServiceTemplate | arn:api7:gateway:servicetemplate/%s | PUT /api/services/template/:service_id |
| gateway:UpdateServiceTemplate | arn:api7:gateway:servicetemplate/%s | PATCH /api/services/template/:service_id |
| gateway:DeleteServiceTemplate | arn:api7:gateway:servicetemplate/%s | DELETE /api/services/template/:service_id |
| gateway:UpdateServiceTemplate | arn:api7:gateway:servicetemplate/%s | POST /api/routes/template |
| gateway:UpdateServiceTemplate | arn:api7:gateway:servicetemplate/%s | PATCH /api/routes/template/:route_id |
| gateway:UpdateServiceTemplate | arn:api7:gateway:servicetemplate/%s | PUT /api/routes/template/:route_id |
| gateway:UpdateServiceTemplate | arn:api7:gateway:servicetemplate/%s | DELETE /api/routes/template/:route_id |
| gateway:UpdateServiceTemplate | arn:api7:gateway:servicetemplate/%s | POST /api/stream_routes/template |
| gateway:UpdateServiceTemplate | arn:api7:gateway:servicetemplate/%s | PUT /api/stream_routes/template/:stream_route_id |
| gateway:UpdateServiceTemplate | arn:api7:gateway:servicetemplate/%s | DELETE /api/stream_routes/template/:stream_route_id |
已发布服务
| Action | Resource | API |
|---|---|---|
| gateway:GetPublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | GET /api/gateway_groups/:gateway_group_id/services/:service_version_service_id |
| gateway:GetPublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | GET /api/gateway_groups/:gateway_group_id/services/:service_version_service_id/healthcheck |
| gateway:GetPublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | GET /api/gateway_groups/:gateway_group_id/services/:service_version_service_id/runtime_configuration |
| gateway:GetPublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | GET /api/gateway_groups/:gateway_group_id/services/:service_version_service_id/versions |
| gateway:GetPublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | GET /apisix/admin/routes/:apisix_route_id |
| gateway:GetPublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | GET /apisix/admin/services/:apisix_service_id |
| gateway:GetPublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | GET /apisix/admin/stream_routes/:apisix_stream_route_id |
| gateway:PublishServices | arn:api7:gateway:gatewaygroup/%s/publishedservice/* | POST /api/services/publish |
| gateway:CreatePublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | POST /apisix/admin/services |
| gateway:UpdatePublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | PATCH /apisix/admin/services/:apisix_service_id |
| gateway:UpdatePublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | PUT /apisix/admin/services/:apisix_service_id |
| gateway:DeletePublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | DELETE /apisix/admin/services/:apisix_service_id |
| gateway:UpdatePublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | PUT /apisix/admin/routes/:apisix_route_id |
| gateway:UpdatePublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | PATCH /apisix/admin/routes/:apisix_route_id |
| gateway:UpdatePublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | DELETE /apisix/admin/routes/:apisix_route_id |
| gateway:UpdatePublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | PUT /apisix/admin/stream_routes/:apisix_stream_route_id |
| gateway:UpdatePublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | DELETE /apisix/admin/stream_routes/:apisix_stream_route_id |
部署设置
| Action | Resource | API |
|---|---|---|
| gateway:GetDeploymentSetting | arn:api7:gateway:gatewaysetting/* | GET /api/system_settings |
| gateway:UpdateDeploymentSetting | arn:api7:gateway:gatewaysetting/* | PUT /api/system_settings |
自定义插件
| Action | Resource | API |
|---|---|---|
| gateway:GetCustomPlugin | arn:api7:gateway:gatewaysetting/* | GET /api/custom_plugins |
| gateway:GetCustomPlugin | arn:api7:gateway:gatewaysetting/* | GET /api/custom_plugins/:custom_plugin_id |
| gateway:CreateCustomPlugin | arn:api7:gateway:gatewaysetting/* | POST /api/custom_plugins |
| gateway:UpdateCustomPlugin | arn:api7:gateway:gatewaysetting/* | PUT /api/custom_plugins/:custom_plugin_id |
| gateway:DeleteCustomPlugin | arn:api7:gateway:gatewaysetting/* | DELETE /api/custom_plugins/:custom_plugin_id |
告警
| Action | Resource | API |
|---|---|---|
| gateway:GetAlertPolicy | arn:api7:gateway:alert/* | GET /api/alert/policies |
| gateway:GetAlertPolicy | arn:api7:gateway:alert/* | GET /api/alert/policies/:alert_policy_id |
| gateway:GetAlertPolicy | arn:api7:gateway:alert/* | GET /api/alert/policies/histories |
| gateway:CreateAlertPolicy | arn:api7:gateway:alert/* | POST /api/alert/policies |
| gateway:UpdateAlertPolicy | arn:api7:gateway:alert/* | PUT /api/alert/policies/:alert_policy_id |
| gateway:UpdateAlertPolicy | arn:api7:gateway:alert/* | PUT /api/alert/policies/:alert_policy_id/triggers |
| gateway:UpdateAlertPolicy | arn:api7:gateway:alert/* | PATCH /api/alert/policies/:alert_policy_id |
| gateway:DeleteAlertPolicy | arn:api7:gateway:alert/* | DELETE /api/alert/policies/:alert_policy_id |
| gateway:GetWebhookTemplate | arn:api7:gateway:alert/* | GET /api/alert/webhook_templates/:webhook_template_id |
| gateway:GetWebhookTemplate | arn:api7:gateway:alert/* | GET /api/alert/webhook_templates/:webhook_template_id/refer |
| gateway:CreateWebhookTemplate | arn:api7:gateway:alert/* | POST /api/alert/webhook_templates |
| gateway:UpdateWebhookTemplate | arn:api7:gateway:alert/* | PUT /api/alert/webhook_templates/:webhook_template_id |
| gateway:DeleteWebhookTemplate | arn:api7:gateway:alert/* | DELETE /api/alert/webhook_templates/:webhook_template_id |
权限策略
| Action | Resource | API |
|---|---|---|
| iam:GetPermissionPolicy | arn:api7:iam:permissionpolicy/%s | GET /api/permission_policies/:permission_policy_id |
| iam:CreatePermissionPolicy | arn:api7:iam:permissionpolicy/* | POST /api/permission_policies |
| iam:UpdatePermissionPolicy | arn:api7:iam:permissionpolicy/%s | PUT /api/permission_policies/:permission_policy_id |
| iam:DeletePermissionPolicy | arn:api7:iam:permissionpolicy/%s | DELETE /api/permission_policies/:permission_policy_id |
角色
| Action | Resource | API |
|---|---|---|
| iam:GetRole | arn:api7:iam:role/%s | GET /api/roles/:role_id |
| iam:GetRole | arn:api7:iam:role/%s | GET /api/roles/:role_id/permission_policies |
| iam:CreateCustomRole | arn:api7:iam:role/* | POST /api/roles |
| iam:UpdateCustomRole | arn:api7:iam:role/%s | POST /api/roles/:role_id/attach_permission_policies |
| iam:UpdateCustomRole | arn:api7:iam:role/%s | POST /api/roles/:role_id/detach_permission_policies |
| iam:UpdateCustomRole | arn:api7:iam:role/%s | PUT /api/roles/:role_id |
| iam:DeleteCustomRole | arn:api7:iam:role/%s | DELETE /api/roles/:role_id |
用户
| Action | Resource | API |
|---|---|---|
| iam:GetUser | arn:api7:iam:user/%s | GET /api/users/:user_id |
| iam:InviteUser | arn:api7:iam:user/* | POST /api/invites |
| iam:UpdateUserRole | arn:api7:iam:user/%s | PUT /api/users/:user_id/assigned_roles |
| iam:ResetPassword | arn:api7:iam:user/%s | PUT /api/users/:user_id/password_reset |
| iam:DeleteUser | arn:api7:iam:user/%s | DELETE /api/users/:user_id |
证书
| Action | Resource | API |
|---|---|---|
| iam:UpdateLicense | arn:api7:iam:organization/* | PUT /api/license |
审计
| Action | Resource | API |
|---|---|---|
| iam:GetAudit | arn:api7:iam:organization/* | GET /api/audit_logs |
| iam:ExportAudits | arn:api7:iam:organization/* | GET /api/audit_logs/export |
设置
| Action | Resource | API |
|---|---|---|
| iam:GetSCIMProvisioning | arn:api7:iam:organization/* | GET /api/system_settings/scim |
| iam:UpdateSCIMProvisioning | arn:api7:iam:organization/* | PUT /api/system_settings/scim |
| iam:UpdateSCIMProvisioning | arn:api7:iam:organization/* | PUT /api/system_settings/scim/token |
| iam:GetLoginOption | arn:api7:iam:organization/* | GET /api/login_options/:login_option_id |
| iam:CreateLoginOption | arn:api7:iam:organization/* | POST /api/login_options |
| iam:UpdateLoginOption | arn:api7:iam:organization/* | PUT /api/login_options/:login_option_id |
| iam:UpdateLoginOption | arn:api7:iam:organization/* | PATCH /api/login_options/:login_option_id |
| iam:DeleteLoginOption | arn:api7:iam:organization/* | DELETE /api/login_options/:login_option_id |