权限策略 Actions 和 Resources
网关组
Action | Resource | API |
---|---|---|
gateway:DeleteGatewayGroup | arn:api7:gateway:gatewaygroup/%s | DELETE /api/gateway_groups/:gateway_group_id |
gateway:GetGatewayGroup | arn:api7:gateway:gatewaygroup/%s | GET /api/gateway_groups/:gateway_group_id |
gateway:CreateGatewayGroup | arn:api7:gateway:gatewaygroup/* | POST /api/gateway_groups |
gateway:UpdateGatewayGroup | arn:api7:gateway:gatewaygroup/%s | PUT /api/gateway_groups/:gateway_group_id |
gateway:UpdateGatewayGroup | arn:api7:gateway:gatewaygroup/%s | PUT /api/gateway_groups/:gateway_group_id/admin_key |
网关实例
Action | Resource | API |
---|---|---|
gateway:GetGatewayInstance | arn:api7:gateway:gatewaygroup/%s | GET /api/gateway_groups/:gateway_group_id/instances |
gateway:GetGatewayInstanceCore | arn:api7:gateway:gatewaygroup/* | GET /api/instances/cores |
gateway:CreateGatewayInstance | arn:api7:gateway:gatewaygroup/%s | POST /api/gateway_groups/:gateway_group_id/dp_client_certificates |
gateway:CreateGatewayInstance | arn:api7:gateway:gatewaygroup/%s | POST /api/gateway_groups/:gateway_group_id/instance_token |
消费者
Action | Resource | API |
---|---|---|
gateway:GetConsumer | arn:api7:gateway:gatewaygroup/%s | GET /apisix/admin/consumers |
gateway:GetConsumer | arn:api7:gateway:gatewaygroup/%s | GET /apisix/admin/consumers/:consumer_username |
gateway:CreateConsumer | arn:api7:gateway:gatewaygroup/%s | POST /apisix/admin/consumers |
gateway:UpdateConsumer | arn:api7:gateway:gatewaygroup/%s | PATCH /apisix/admin/consumers/:consumer_username |
gateway:UpdateConsumer | arn:api7:gateway:gatewaygroup/%s | PUT /apisix/admin/consumers/:consumer_username |
gateway:DeleteConsumer | arn:api7:gateway:gatewaygroup/%s | DELETE /apisix/admin/consumers/:consumer_username |
SSL 证书
Action | Resource | API |
---|---|---|
gateway:GetSSLCertificate | arn:api7:gateway:gatewaygroup/%s | GET /apisix/admin/ssls |
gateway:GetSSLCertificate | arn:api7:gateway:gatewaygroup/%s | GET /apisix/admin/ssls/:ssl_id |
gateway:CreateSSLCertificate | arn:api7:gateway:gatewaygroup/%s | POST /apisix/admin/ssls |
gateway:UpdateSSLCertificate | arn:api7:gateway:gatewaygroup/%s | PUT /apisix/admin/ssls/:ssl_id |
gateway:DeleteSSLCertificate | arn:api7:gateway:gatewaygroup/%s | DELETE /apisix/admin/ssls/:ssl_id |
插件全局规则
Action | Resource | API |
---|---|---|
gateway:GetGlobalPluginRule | arn:api7:gateway:gatewaygroup/%s | GET /apisix/admin/global_rules |
gateway:GetGlobalPluginRule | arn:api7:gateway:gatewaygroup/%s | GET /apisix/admin/global_rules/:global_rule_id |
gateway:CreateGlobalPluginRule | arn:api7:gateway:gatewaygroup/%s | POST /apisix/admin/global_rules |
gateway:UpdateGlobalPluginRule | arn:api7:gateway:gatewaygroup/%s | PUT /apisix/admin/global_rules/:global_rule_id |
gateway:DeleteGlobalPluginRule | arn:api7:gateway:gatewaygroup/%s | DELETE /apisix/admin/global_rules/:global_rule_id |
插件元数据
Action | Resource | API |
---|---|---|
gateway:GetPluginMetadata | arn:api7:gateway:gatewaygroup/%s | GET /apisix/admin/plugin_metadata |
gateway:GetPluginMetadata | arn:api7:gateway:gatewaygroup/%s | GET /apisix/admin/plugin_metadata/:plugin_name |
gateway:UpdatePluginMetadata | arn:api7:gateway:gatewaygroup/%s | PUT /apisix/admin/plugin_metadata/:plugin_name |
gateway:DeletePluginMetadata | arn:api7:gateway:gatewaygroup/%s | DELETE /apisix/admin/plugin_metadata/:plugin_name |
密钥
Action | Resource | API |
---|---|---|
gateway:GetSecret | arn:api7:gateway:gatewaygroup/%s | GET /apisix/admin/secrets |
gateway:GetSecret | arn:api7:gateway:gatewaygroup/%s | GET /apisix/admin/secrets/:secret_manager/:secret_id |
gateway:PutSecret | arn:api7:gateway:gatewaygroup/%s | PUT /apisix/admin/secrets/:secret_manager/:secret_id |
gateway:DeleteSecret | arn:api7:gateway:gatewaygroup/%s | DELETE /apisix/admin/secrets/:secret_manager/:secret_id |
服务注册中心
Action | Resource | API |
---|---|---|
gateway:GetServiceRegistry | arn:api7:gateway:gatewaygroup/%s | GET /api/gateway_groups/:gateway_group_id/service_registries |
gateway:GetServiceRegistry | arn:api7:gateway:gatewaygroup/%s | GET /api/gateway_groups/:gateway_group_id/service_registries/:service_registry_id |
gateway:GetServiceRegistry | arn:api7:gateway:gatewaygroup/%s | GET /api/gateway_groups/:gateway_group_id/service_registries/:service_registry_id/connected_services |
gateway:GetServiceRegistry | arn:api7:gateway:gatewaygroup/%s | GET /api/gateway_groups/:gateway_group_id/service_registries/:service_registry_id/health_check_history |
gateway:GetServiceRegistry | arn:api7:gateway:gatewaygroup/%s | GET /api/gateway_groups/:gateway_group_id/service_registries/:service_registry_id/kubernetes/internal_services |
gateway:GetServiceRegistry | arn:api7:gateway:gatewaygroup/%s | GET /api/gateway_groups/:gateway_group_id/service_registries/:service_registry_id/nacos/namespaces |
gateway:GetServiceRegistry | arn:api7:gateway:gatewaygroup/%s | GET /api/gateway_groups/:gateway_group_id/service_registries/:service_registry_id/nacos/namespaces/:nacos_namespace/groups |
gateway:GetServiceRegistry | arn:api7:gateway:gatewaygroup/%s | GET /api/gateway_groups/:gateway_group_id/service_registries/:service_registry_id/nacos/namespaces/:nacos_namespace/groups/:nacos_group/services |
gateway:GetServiceRegistry | arn:api7:gateway:gatewaygroup/%s | GET /api/gateway_groups/:gateway_group_id/service_registries/:service_registry_id/nacos/namespaces/:nacos_namespace/groups/:nacos_group/services/:nacos_service/instances_metadata |
gateway:ConnectServiceRegistry | arn:api7:gateway:gatewaygroup/%s | POST /api/gateway_groups/:gateway_group_id/service_registries |
gateway:UpdateServiceRegistry | arn:api7:gateway:gatewaygroup/%s | PUT /api/gateway_groups/:gateway_group_id/service_registries/:service_registry_id |
gateway:DisconnectServiceRegistry | arn:api7:gateway:gatewaygroup/%s | DELETE /api/gateway_groups/:gateway_group_id/service_registries/:service_registry_id |
服务中心(模板)
Action | Resource | API |
---|---|---|
gateway:GetServiceTemplate | arn:api7:gateway:servicetemplate/%s | GET /api/routes/template/:route_id |
gateway:GetServiceTemplate | arn:api7:gateway:servicetemplate/%s | GET /api/service_versions/:service_version_id |
gateway:GetServiceTemplate | arn:api7:gateway:servicetemplate/%s | GET /api/service_versions/:service_version_id/routes |
gateway:GetServiceTemplate | arn:api7:gateway:servicetemplate/%s | GET /api/service_versions/:service_version_id/routes/:route_version_id |
gateway:GetServiceTemplate | arn:api7:gateway:servicetemplate/%s | GET /api/service_versions/:service_version_id/stream_routes |
gateway:GetServiceTemplate | arn:api7:gateway:servicetemplate/%s | GET /api/service_versions/:service_version_id/stream_routes/:stream_route_version_id |
gateway:GetServiceTemplate | arn:api7:gateway:servicetemplate/%s | GET /api/services/:service_id/versions/:version |
gateway:GetServiceTemplate | arn:api7:gateway:servicetemplate/%s | GET /api/services/template/:service_id |
gateway:GetServiceTemplate | arn:api7:gateway:servicetemplate/%s | GET /api/stream_routes/template/:stream_route_id |
gateway:CreateServiceTemplate | arn:api7:gateway:servicetemplate/* | POST /api/import/services/template |
gateway:UpdateServiceTemplate | arn:api7:gateway:servicetemplate/%s | PUT /api/services/template/:service_id |
gateway:UpdateServiceTemplate | arn:api7:gateway:servicetemplate/%s | PATCH /api/services/template/:service_id |
gateway:DeleteServiceTemplate | arn:api7:gateway:servicetemplate/%s | DELETE /api/services/template/:service_id |
gateway:UpdateServiceTemplate | arn:api7:gateway:servicetemplate/%s | POST /api/routes/template |
gateway:UpdateServiceTemplate | arn:api7:gateway:servicetemplate/%s | PATCH /api/routes/template/:route_id |
gateway:UpdateServiceTemplate | arn:api7:gateway:servicetemplate/%s | PUT /api/routes/template/:route_id |
gateway:UpdateServiceTemplate | arn:api7:gateway:servicetemplate/%s | DELETE /api/routes/template/:route_id |
gateway:UpdateServiceTemplate | arn:api7:gateway:servicetemplate/%s | POST /api/stream_routes/template |
gateway:UpdateServiceTemplate | arn:api7:gateway:servicetemplate/%s | PUT /api/stream_routes/template/:stream_route_id |
gateway:UpdateServiceTemplate | arn:api7:gateway:servicetemplate/%s | DELETE /api/stream_routes/template/:stream_route_id |
已发布服务
Action | Resource | API |
---|---|---|
gateway:GetPublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | GET /api/gateway_groups/:gateway_group_id/services/:service_version_service_id |
gateway:GetPublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | GET /api/gateway_groups/:gateway_group_id/services/:service_version_service_id/healthcheck |
gateway:GetPublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | GET /api/gateway_groups/:gateway_group_id/services/:service_version_service_id/runtime_configuration |
gateway:GetPublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | GET /api/gateway_groups/:gateway_group_id/services/:service_version_service_id/versions |
gateway:GetPublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | GET /apisix/admin/routes/:apisix_route_id |
gateway:GetPublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | GET /apisix/admin/services/:apisix_service_id |
gateway:GetPublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | GET /apisix/admin/stream_routes/:apisix_stream_route_id |
gateway:PublishServices | arn:api7:gateway:gatewaygroup/%s/publishedservice/* | POST /api/services/publish |
gateway:CreatePublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | POST /apisix/admin/services |
gateway:UpdatePublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | PATCH /apisix/admin/services/:apisix_service_id |
gateway:UpdatePublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | PUT /apisix/admin/services/:apisix_service_id |
gateway:DeletePublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | DELETE /apisix/admin/services/:apisix_service_id |
gateway:UpdatePublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | PUT /apisix/admin/routes/:apisix_route_id |
gateway:UpdatePublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | PATCH /apisix/admin/routes/:apisix_route_id |
gateway:UpdatePublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | DELETE /apisix/admin/routes/:apisix_route_id |
gateway:UpdatePublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | PUT /apisix/admin/stream_routes/:apisix_stream_route_id |
gateway:UpdatePublishedService | arn:api7:gateway:gatewaygroup/%s/publishedservice/%s | DELETE /apisix/admin/stream_routes/:apisix_stream_route_id |
部署设置
Action | Resource | API |
---|---|---|
gateway:GetDeploymentSetting | arn:api7:gateway:gatewaysetting/* | GET /api/system_settings |
gateway:UpdateDeploymentSetting | arn:api7:gateway:gatewaysetting/* | PUT /api/system_settings |
自定义插件
Action | Resource | API |
---|---|---|
gateway:GetCustomPlugin | arn:api7:gateway:gatewaysetting/* | GET /api/custom_plugins |
gateway:GetCustomPlugin | arn:api7:gateway:gatewaysetting/* | GET /api/custom_plugins/:custom_plugin_id |
gateway:CreateCustomPlugin | arn:api7:gateway:gatewaysetting/* | POST /api/custom_plugins |
gateway:UpdateCustomPlugin | arn:api7:gateway:gatewaysetting/* | PUT /api/custom_plugins/:custom_plugin_id |
gateway:DeleteCustomPlugin | arn:api7:gateway:gatewaysetting/* | DELETE /api/custom_plugins/:custom_plugin_id |
告警
Action | Resource | API |
---|---|---|
gateway:GetAlertPolicy | arn:api7:gateway:alert/* | GET /api/alert/policies |
gateway:GetAlertPolicy | arn:api7:gateway:alert/* | GET /api/alert/policies/:alert_policy_id |
gateway:GetAlertPolicy | arn:api7:gateway:alert/* | GET /api/alert/policies/histories |
gateway:CreateAlertPolicy | arn:api7:gateway:alert/* | POST /api/alert/policies |
gateway:UpdateAlertPolicy | arn:api7:gateway:alert/* | PUT /api/alert/policies/:alert_policy_id |
gateway:UpdateAlertPolicy | arn:api7:gateway:alert/* | PUT /api/alert/policies/:alert_policy_id/triggers |
gateway:UpdateAlertPolicy | arn:api7:gateway:alert/* | PATCH /api/alert/policies/:alert_policy_id |
gateway:DeleteAlertPolicy | arn:api7:gateway:alert/* | DELETE /api/alert/policies/:alert_policy_id |
gateway:GetWebhookTemplate | arn:api7:gateway:alert/* | GET /api/alert/webhook_templates/:webhook_template_id |
gateway:GetWebhookTemplate | arn:api7:gateway:alert/* | GET /api/alert/webhook_templates/:webhook_template_id/refer |
gateway:CreateWebhookTemplate | arn:api7:gateway:alert/* | POST /api/alert/webhook_templates |
gateway:UpdateWebhookTemplate | arn:api7:gateway:alert/* | PUT /api/alert/webhook_templates/:webhook_template_id |
gateway:DeleteWebhookTemplate | arn:api7:gateway:alert/* | DELETE /api/alert/webhook_templates/:webhook_template_id |
权限策略
Action | Resource | API |
---|---|---|
iam:GetPermissionPolicy | arn:api7:iam:permissionpolicy/%s | GET /api/permission_policies/:permission_policy_id |
iam:CreatePermissionPolicy | arn:api7:iam:permissionpolicy/* | POST /api/permission_policies |
iam:UpdatePermissionPolicy | arn:api7:iam:permissionpolicy/%s | PUT /api/permission_policies/:permission_policy_id |
iam:DeletePermissionPolicy | arn:api7:iam:permissionpolicy/%s | DELETE /api/permission_policies/:permission_policy_id |
角色
Action | Resource | API |
---|---|---|
iam:GetRole | arn:api7:iam:role/%s | GET /api/roles/:role_id |
iam:GetRole | arn:api7:iam:role/%s | GET /api/roles/:role_id/permission_policies |
iam:CreateCustomRole | arn:api7:iam:role/* | POST /api/roles |
iam:UpdateCustomRole | arn:api7:iam:role/%s | POST /api/roles/:role_id/attach_permission_policies |
iam:UpdateCustomRole | arn:api7:iam:role/%s | POST /api/roles/:role_id/detach_permission_policies |
iam:UpdateCustomRole | arn:api7:iam:role/%s | PUT /api/roles/:role_id |
iam:DeleteCustomRole | arn:api7:iam:role/%s | DELETE /api/roles/:role_id |
用户
Action | Resource | API |
---|---|---|
iam:GetUser | arn:api7:iam:user/%s | GET /api/users/:user_id |
iam:InviteUser | arn:api7:iam:user/* | POST /api/invites |
iam:UpdateUserRole | arn:api7:iam:user/%s | PUT /api/users/:user_id/assigned_roles |
iam:ResetPassword | arn:api7:iam:user/%s | PUT /api/users/:user_id/password_reset |
iam:DeleteUser | arn:api7:iam:user/%s | DELETE /api/users/:user_id |
证书
Action | Resource | API |
---|---|---|
iam:UpdateLicense | arn:api7:iam:organization/* | PUT /api/license |
审计
Action | Resource | API |
---|---|---|
iam:GetAudit | arn:api7:iam:organization/* | GET /api/audit_logs |
iam:ExportAudits | arn:api7:iam:organization/* | GET /api/audit_logs/export |
设置
Action | Resource | API |
---|---|---|
iam:GetSCIMProvisioning | arn:api7:iam:organization/* | GET /api/system_settings/scim |
iam:UpdateSCIMProvisioning | arn:api7:iam:organization/* | PUT /api/system_settings/scim |
iam:UpdateSCIMProvisioning | arn:api7:iam:organization/* | PUT /api/system_settings/scim/token |
iam:GetLoginOption | arn:api7:iam:organization/* | GET /api/login_options/:login_option_id |
iam:CreateLoginOption | arn:api7:iam:organization/* | POST /api/login_options |
iam:UpdateLoginOption | arn:api7:iam:organization/* | PUT /api/login_options/:login_option_id |
iam:UpdateLoginOption | arn:api7:iam:organization/* | PATCH /api/login_options/:login_option_id |
iam:DeleteLoginOption | arn:api7:iam:organization/* | DELETE /api/login_options/:login_option_id |