子账号权限管理

可授权镜像仓库 Action 和对应资源

ActionAction描述资源
comb:ccr:CreateRepo创建镜像仓库comb:ccr:${region}:*:*
comb:ccr:UpdateRepo更新镜像仓库comb:ccr:${region}:*:${username}/${repoName}
comb:ccr:DeleteRepo删除镜像仓库comb:v:${region}:*:${username}/${repoName}
comb:ccr:GetRepos镜像仓库列表comb:ccr:${region}:*:*
comb:ccr:GetRepo镜像仓库详情comb:ccr:${region}:*:${username}/${repoName}
comb:ccr:DeleteRepo删除镜像仓库comb:ccr:${region}:*:${username}/${repoName}
comb:ccr:BuildImageDockerfileDockerfile构建镜像comb:ccr:${region}:*:${username}/${repoName}
comb:ccr:BuildImageSrc源码构建镜像comb:ccr:${region}:*:${username}/${repoName}
comb:ccr:BuildImageCI支持持续集成从源码构建镜像comb:ccr:${region}:*:${username}/${repoName}
comb:ccr:SaveAs服务容器另存为镜像comb:ccr:${region}:*:${username}/${repoName}
comb:ccr:DeleteImage删除镜像comb:ccr:${region}:*:${username}/${repoName}
comb:ccr:GetRepoImages镜像仓库下的镜像列表comb:ccr:${region}:*:${username}/${repoName}
comb:ccr:RollbackImage镜像回滚comb:ccr:${region}:*:${username}/${repoName}
comb:ccr:GetDockerfile获取Dockerfile内容comb:ccr:${region}:*:${username}/${repoName}
comb:ccr:GetBuildLog获取构建日志comb:ccr:${region}:*:${username}/${repoName}
comb:ccr:GetLatestBuildInfo镜像仓库获取最近一次源码构建信息comb:ccr:${region}:*:${username}/${repoName}
comb:ccr:GetCIInfo获取镜像仓库持续集成信息comb:ccr:${region}:*:${username}/${repoName}
comb:ccr:ListCIUserInfo持续集成获取用户信息comb:ccr:${region}:*:*
comb:ccr:ListCIRepos支持持续集成仓库列表comb:ccr:${region}:*:*
comb:ccr:ListIntegratedRepos支持持续集成刷新重新获取仓库列表comb:ccr:${region}:*:*
comb:ccr:RevokeGrants持续集成解除关联comb:ccr:${region}:*:*
comb:ccr:AuthGitHub持续集成关联GitHubcomb:ccr:${region}:*:*
comb:ccr:AuthGitLab持续集成关联GitLabcomb:ccr:${region}:*:*

Note

1.${region}表示分区名称,目前支持 * 、cn-east-1、cn-north-1,其中 * 表示所有分区,cn-east-1表示杭州分区,cn-north-1表示北京分区

2.${username}与${repoName}分别表示用户名称及仓库名称

镜像仓库 API 接口与对应 Action

APIAPI描述Action
POST /api/v1/repositories创建镜像仓库comb:ccr:CreateRepo
GET /api/v1/repositories镜像仓库列表comb:ccr:GetRepos
GET api/v1/repositories/{id}镜像仓库详情comb:ccr:GetRepo
DELETE /api/v1/repositories/{repoId} 删除镜像仓库comb:ccr:DeleteRepo
POST /api/v1/repositories/v2/imageDockerfile构建镜像comb:ccr:BuildImageDockerfile
DELETE api/v1/repositories/{repoName}/tags/{tag}删除镜像comb:ccr:DeleteImage
GET api/v1/repositories/{id}/tags镜像列表comb:ccr:GetRepoImages
POST /api/v1/microservice/container/{containerId}/image/actions/save服务容器另存为镜像comb:ccr:SaveAs

策略管理

镜像仓库管理权限 (CcrFullAccess) 包括如下 Action:

  • comb:ccr:CreateRepo
  • comb:ccr:UpdateRepo
  • comb:ccr:DeleteRepo
  • comb:ccr:GetRepos
  • comb:ccr:GetRepo
  • comb:ccr:DeleteRepo
  • comb:ccr:BuildImageDockerfile
  • comb:ccr:BuildImageSrc
  • comb:ccr:BuildImageCI
  • comb:ccr:SaveAs
  • comb:ccr:GetRepoImages
  • comb:ccr:DeleteImage
  • comb:ccr:RollbackImage
  • comb:ccr:GetDockerfile
  • comb:ccr:GetBuildLog
  • comb:ccr:GetLatestBuildInfo
  • comb:ccr:GetCIInfo
  • comb:ccr:ListCIUserInfo
  • comb:ccr:ListCIRepos
  • comb:ccr:ListIntegratedRepos
  • comb:ccr:RevokeGrants
  • comb:ccr:AuthGitHub
  • comb:ccr:AuthGitLab

镜像仓库只读权限 (CcrReadOnlyAccess) 包括如下 Action:

  • comb:ccr:GetRepos
  • comb:ccr:GetRepo
  • comb:ccr:GetRepoImages
  • comb:ccr:GetDockerfile
  • comb:ccr:GetBuildLog
  • comb:ccr:GetLatestBuildInfo
  • comb:ccr:GetCIInfo
  • comb:ccr:ListCIUserInfo
  • comb:ccr:ListCIRepos
  • comb:ccr:ListIntegratedRepos