1. 使用CLI管理账号

本节介绍如何使用CLI管理子账号。

1.1. 命令结构

使用CLI管理子账号的命令结构如下:

 ycloud iam <command> [--options]

其中command为必选项,--options为可选项。 ycloud iam 命令支持以下可选项:

可选项 含义 适用的命令
--user-name 用于指定用户名称 create-user
--user-id 用于指定用户账号ID get-user、delete-user、create-access-key、delete-access-key、list-access-keys、enable-access-key、disable-access-key、put-bucket-policy
--access-key-id 用于指定access key id delete-access-key、enable-access-key、disable-access-key
--bucket 用于指定bucket put-bucket-policy、get-bucket-policy、delete-bucket-policy
--resource 用于指定策略文件路径 put-bucket-policy
--policy-type 用于指定策略文件路径 put-bucket-policy

1.2. 管理子账号

1.2.1. 创建子账号

主账号使用create-user命令可以创建用户子账号,传入用户名称,创建成功后返回用户账号的id,名称,状态,email,创建时间。

$ ycloud iam create-user --user-name test

{
    "model": {
        "userName": "test",
        "status": "TO_VERIFY",
        "createDate": "2021-04-26 14:18:10",
        "id": "xxxxxxx",
        "email": "xxx@xxx.com"
    },
    "code": 200,
    "success": true
}

1.2.2. 查看子账号

主账号使用get-user命令可以查看用户子账号,传入用户ID,返回用户账号的id,名称,状态,email,创建时间。

$ ycloud iam get-user --user-id xxxxxx

{
    "model": {
        "userName": "test",
        "status": "TO_VERIFY",
        "createDate": "2021-04-26 14:18:10",
        "id": "xxxxxxx",
        "email": "xxx@xxx.com"
    },
    "code": 200,
    "success": true
}

1.2.3. 列举子账号

使用list-users命令可以列举用户账号信息,列出的信息里包括了用户账号的id,名称,状态,email,创建时间。

$ ycloud iam list-users

{
    "success": true,
    "code": 200,
    "pager": {
        "totalRecords": 3,
        "pageData": [
            {
                "userName": "xxxx",
                "status": "NORMAL",
                "createDate": "2020-07-28 11:32:33",
                "id": "xxxx",
                "email": "xxx@xxx.com"
            },
            {
                "userName": "xxxx",
                "status": "NORMAL",
                "createDate": "2020-11-18 09:41:11",
                "id": "xxx",
                "email": "xxx@xxx.com"
            },
            {
                "userName": "test",
                "status": "TO_VERIFY",
                "createDate": "2021-04-26 14:18:10",
                "id": "xxx",
                "email": "xxx@xxx.com"
            }
        ]
    },
    "requestId": "13a2811d-183c-41cd-acec-0099b162b7f7"
}

1.2.4. 删除子账号

主账号使用delete-user命令,传入用户ID,删除子账号。

$ ycloud iam delete-user --user-id xxxxxx

{
    "success": true,
    "code": 200,
    "requestId": "8ff94579-d980-4988-9105-15419217cbad"
}

1.3. 管理 accesskey

1.3.1. 创建 accesskey

主账号使用create-access-key命令可以创建access key,传入用户Id,创建成功后返回用户账号的userId,名称,状态,accessKeyId,secretAccessKey,创建时间。

$ ycloud iam create-access-key --user-id xxx

{
    "success": true,
    "model": {
        "userName": "xxx",
        "status": "Inactive",
        "createDate": "2021-04-26 14:42:08",
        "userId": "xxx",
        "accessKeyId": "xxx",
        "secretAccessKey": "xxx"
    },
    "code": 200,
    "requestId": "8732d68f-1c67-4ef9-86d9-9f64bbe40466"
}

1.3.2. 删除 accesskey

主账号使用delete-access-key命令,传入access key id和用户Id,删除指定的access key。

$ ycloud iam delete-access-key --access-key-id xxx --user-id xxx

{
    "success": true,
    "code": 200,
    "requestId": "1050c5c6-beeb-4ba9-ab0d-cfbf5bd49da0"
}

1.3.3. 列举 accesskey

主账号使用list-access-keys命令可以列出指定用户ID,列出该用户下access key,返回用户账号的userId,名称,状态,accessKeyId,secretAccessKey,创建时间。

$ ycloud iam list-access-keys --user-id xxx

{
    "success": true,
    "code": 200,
    "pager": {
        "totalRecords": 2,
        "pageData": [
            {
                "userName": "xxx",
                "status": "Inactive",
                "createDate": "2021-04-20 11:26:03",
                "userId": "xxx",
                "accessKeyId": "xxx",
                "secretAccessKey": "xxx"
            },
            {
                "userName": "xxx",
                "status": "Active",
                "createDate": "2020-12-01 09:47:10",
                "userId": "xxx",
                "accessKeyId": "xxx",
                "secretAccessKey": "xxx"
            }
        ]
    },
    "requestId": "70b3e101-dd3a-4414-89c1-7b17404b25e8"
}

1.3.4. 启用 accesskey

主账号使用enable-access-key命令,传入access key id和用户Id,启用指定的access key。

$ ycloud iam enable-access-key --access-key-id xxx --user-id xxx

{
    "success": true,
    "code": 200,
    "requestId": "1050c5c6-beeb-4ba9-ab0d-cfbf5bd49da0"
}

1.3.5. 禁用 accesskey

主账号使用disable-access-key命令,传入access key id和用户Id,禁用指定的access key。

$ ycloud iam disable-access-key --access-key-id xxx --user-id xxx

{
    "success": true,
    "code": 200,
    "requestId": "1050c5c6-beeb-4ba9-ab0d-cfbf5bd49da0"
}

1.4. 管理桶策略

1.4.1. 创建桶策略

主账号使用put-bucket-policy命令可以创建桶策略,传入bucket、resource、policy-type、user-id,policy-type取值范围为read(read-only)只读或write(read-write)读写两种模式之一, 创建成功后返回该bucket下桶策略列表。

$  ycloud iam put-bucket-policy --bucket mybucket --resource /test2 --policy-type read --user-id xxx

{
    "success": true,
    "code": 200,
    "pager": {
        "totalRecords": 3,
        "pageData": [
            {
                "updated": "2021-04-23 09:51:35",
                "resource": "/a",
                "users": [
                    {
                        "userName": "xx",
                        "status": "NORMAL",
                        "createDate": "2020-11-18 09:41:11",
                        "id": "xxx",
                        "email": "xxx@xxx.com"
                    }
                ],
                "created": "2021-04-23 09:51:35",
                "bucket": "mybucket",
                "policyType": "read-only",
                "id": "8a83a00278f8ed4f0178fc6cd91c001b"
            },
            {
                "updated": "2021-04-23 09:52:31",
                "resource": "/b",
                "users": [
                    {
                        "userName": "xxx",
                        "status": "NORMAL",
                        "createDate": "2020-11-18 09:41:11",
                        "id": "xxx",
                        "email": "xxx@xxx.com"
                    }
                ],
                "created": "2021-04-23 09:52:31",
                "bucket": "mybucket",
                "policyType": "read-only",
                "id": "8a83a00278f8ed4f0178fc6db50b0027"
            },
            {
                "updated": "2021-04-26 17:10:42",
                "resource": "/test2",
                "users": [
                    {
                        "userName": "xxx",
                        "status": "NORMAL",
                        "createDate": "2020-07-28 11:32:33",
                        "id": "8a83a002734c3caa0173937a9e830218",
                        "email": "xxx@xxx.com"
                    }
                ],
                "created": "2021-04-26 17:10:42",
                "bucket": "mybucket",
                "policyType": "read-only",
                "id": "8a83a00278f8ed4f01790d71f56b0037"
            }
        ]
    },
    "requestId": "8f7aa2b0-2b3c-4cf2-ba3b-cc91417690de"
}

1.4.2. 查看桶策略

主账号使用get-bucket-policy命令可以列出指定bucket下桶策略。

$ ycloud iam get-bucket-policy --bucket mybucket

{
    "success": true,
    "code": 200,
    "pager": {
        "totalRecords": 3,
        "pageData": [
            {
                "updated": "2021-04-23 09:51:35",
                "resource": "/a",
                "users": [
                    {
                        "userName": "xx",
                        "status": "NORMAL",
                        "createDate": "2020-11-18 09:41:11",
                        "id": "xxx",
                        "email": "xxx@xxx.com"
                    }
                ],
                "created": "2021-04-23 09:51:35",
                "bucket": "mybucket",
                "policyType": "read-only",
                "id": "8a83a00278f8ed4f0178fc6cd91c001b"
            },
            {
                "updated": "2021-04-23 09:52:31",
                "resource": "/b",
                "users": [
                    {
                        "userName": "xxx",
                        "status": "NORMAL",
                        "createDate": "2020-11-18 09:41:11",
                        "id": "xxx",
                        "email": "xxx@xxx.com"
                    }
                ],
                "created": "2021-04-23 09:52:31",
                "bucket": "mybucket",
                "policyType": "read-only",
                "id": "8a83a00278f8ed4f0178fc6db50b0027"
            },
            {
                "updated": "2021-04-26 17:10:42",
                "resource": "/test2",
                "users": [
                    {
                        "userName": "xxx",
                        "status": "NORMAL",
                        "createDate": "2020-07-28 11:32:33",
                        "id": "8a83a002734c3caa0173937a9e830218",
                        "email": "xxx@xxx.com"
                    }
                ],
                "created": "2021-04-26 17:10:42",
                "bucket": "mybucket",
                "policyType": "read-only",
                "id": "8a83a00278f8ed4f01790d71f56b0037"
            }
        ]
    },
    "requestId": "8f7aa2b0-2b3c-4cf2-ba3b-cc91417690de"
}

1.4.3. 删除桶策略

主账号使用delete-bucket-policy命令,传入bucket,删除指定bucket下桶策略。

$ ycloud iam delete-bucket-policy --bucket xxxx

{
    "success": true,
    "code": 200,
    "requestId": "1050c5c6-beeb-4ba9-ab0d-cfbf5bd49da0"
}

results matching ""

    No results matching ""