使用cli管理账号
使用CLI管理账号
本节介绍如何使用CLI管理子账号。
1. 命令结构
使用CLI管理子账号的命令结构如下:
ycloud iam <command> [--options]
其中command为必选项,--options为可选项。 ycloud iam 命令支持以下可选项:
| 可选项 | 含义 | 适用的命令 |
|---|---|---|
| --user-name | 用于指定用户名称 | create-user |
| --user-id | 用于指定用户账号ID | get-user、delete-user、create-access-key、delete-access-key、list-access-keys、enable-access-key、disable-access-key、put-bucket-policy |
| --access-key-id | 用于指定access key id | delete-access-key、enable-access-key、disable-access-key |
| --bucket | 用于指定bucket | put-bucket-policy、get-bucket-policy、delete-bucket-policy |
| --resource | 用于指定策略文件路径 | put-bucket-policy |
| --policy-type | 用于指定策略文件路径 | put-bucket-policy |
2. 管理子账号
2.1. 创建子账号
主账号使用create-user命令可以创建用户子账号,传入用户名称,创建成功后返回用户账号的id,名称,状态,email,创建时间。
$ ycloud iam create-user --user-name test
{
"model": {
"userName": "test",
"status": "TO_VERIFY",
"createDate": "2021-04-26 14:18:10",
"id": "xxxxxxx",
"email": "xxx@xxx.com"
},
"code": 200,
"success": true
}
2.2. 查看子账号
主账号使用get-user命令可以查看用户子账号,传入用户ID,返回用户账号的id,名称,状态,email,创建时间。
$ ycloud iam get-user --user-id xxxxxx
{
"model": {
"userName": "test",
"status": "TO_VERIFY",
"createDate": "2021-04-26 14:18:10",
"id": "xxxxxxx",
"email": "xxx@xxx.com"
},
"code": 200,
"success": true
}
2.3. 列举子账号
使用list-users命令可以列举用户账号信息,列出的信息里包括了用户账号的id,名称,状态,email,创建时间。
$ ycloud iam list-users
{
"success": true,
"code": 200,
"pager": {
"totalRecords": 3,
"pageData": [
{
"userName": "xxxx",
"status": "NORMAL",
"createDate": "2020-07-28 11:32:33",
"id": "xxxx",
"email": "xxx@xxx.com"
},
{
"userName": "xxxx",
"status": "NORMAL",
"createDate": "2020-11-18 09:41:11",
"id": "xxx",
"email": "xxx@xxx.com"
},
{
"userName": "test",
"status": "TO_VERIFY",
"createDate": "2021-04-26 14:18:10",
"id": "xxx",
"email": "xxx@xxx.com"
}
]
},
"requestId": "13a2811d-183c-41cd-acec-0099b162b7f7"
}
2.4. 删除子账号
主账号使用delete-user命令,传入用户ID,删除子账号。
$ ycloud iam delete-user --user-id xxxxxx
{
"success": true,
"code": 200,
"requestId": "8ff94579-d980-4988-9105-15419217cbad"
}
3. 管理 accesskey
3.1. 创建 accesskey
主账号使用create-access-key命令可以创建access key,传入用户Id,创建成功后返回用户账号的userId,名称,状态,accessKeyId,secretAccessKey,创建时间。
$ ycloud iam create-access-key --user-id xxx
{
"success": true,
"model": {
"userName": "xxx",
"status": "Inactive",
"createDate": "2021-04-26 14:42:08",
"userId": "xxx",
"accessKeyId": "xxx",
"secretAccessKey": "xxx"
},
"code": 200,
"requestId": "8732d68f-1c67-4ef9-86d9-9f64bbe40466"
}
3.2. 删除 accesskey
主账号使用delete-access-key命令,传入access key id和用户Id,删除指定的access key。
$ ycloud iam delete-access-key --access-key-id xxx --user-id xxx
{
"success": true,
"code": 200,
"requestId": "1050c5c6-beeb-4ba9-ab0d-cfbf5bd49da0"
}
3.3. 列举 accesskey
主账号使用list-access-keys命令可以列出指定用户ID,列出该用户下access key,返回用户账号的userId,名称,状态,accessKeyId,secretAccessKey,创建时间。
$ ycloud iam list-access-keys --user-id xxx
{
"success": true,
"code": 200,
"pager": {
"totalRecords": 2,
"pageData": [
{
"userName": "xxx",
"status": "Inactive",
"createDate": "2021-04-20 11:26:03",
"userId": "xxx",
"accessKeyId": "xxx",
"secretAccessKey": "xxx"
},
{
"userName": "xxx",
"status": "Active",
"createDate": "2020-12-01 09:47:10",
"userId": "xxx",
"accessKeyId": "xxx",
"secretAccessKey": "xxx"
}
]
},
"requestId": "70b3e101-dd3a-4414-89c1-7b17404b25e8"
}
3.4. 启用 accesskey
主账号使用enable-access-key命令,传入access key id和用户Id,启用指定的access key。
$ ycloud iam enable-access-key --access-key-id xxx --user-id xxx
{
"success": true,
"code": 200,
"requestId": "1050c5c6-beeb-4ba9-ab0d-cfbf5bd49da0"
}
3.5. 禁用 accesskey
主账号使用disable-access-key命令,传入access key id和用户Id,禁用指定的access key。
$ ycloud iam disable-access-key --access-key-id xxx --user-id xxx
{
"success": true,
"code": 200,
"requestId": "1050c5c6-beeb-4ba9-ab0d-cfbf5bd49da0"
}
4. 管理桶策略
4.1. 创建桶策略
主账号使用put-bucket-policy命令可以创建桶策略,传入bucket、resource、policy-type、user-id,policy-type取值范围为read(read-only)只读或write(read-write)读写两种模式之一, 创建成功后返回该bucket下桶策略列表。
$ ycloud iam put-bucket-policy --bucket mybucket --resource /test2 --policy-type read --user-id xxx
{
"success": true,
"code": 200,
"pager": {
"totalRecords": 3,
"pageData": [
{
"updated": "2021-04-23 09:51:35",
"resource": "/a",
"users": [
{
"userName": "xx",
"status": "NORMAL",
"createDate": "2020-11-18 09:41:11",
"id": "xxx",
"email": "xxx@xxx.com"
}
],
"created": "2021-04-23 09:51:35",
"bucket": "mybucket",
"policyType": "read-only",
"id": "8a83a00278f8ed4f0178fc6cd91c001b"
},
{
"updated": "2021-04-23 09:52:31",
"resource": "/b",
"users": [
{
"userName": "xxx",
"status": "NORMAL",
"createDate": "2020-11-18 09:41:11",
"id": "xxx",
"email": "xxx@xxx.com"
}
],
"created": "2021-04-23 09:52:31",
"bucket": "mybucket",
"policyType": "read-only",
"id": "8a83a00278f8ed4f0178fc6db50b0027"
},
{
"updated": "2021-04-26 17:10:42",
"resource": "/test2",
"users": [
{
"userName": "xxx",
"status": "NORMAL",
"createDate": "2020-07-28 11:32:33",
"id": "8a83a002734c3caa0173937a9e830218",
"email": "xxx@xxx.com"
}
],
"created": "2021-04-26 17:10:42",
"bucket": "mybucket",
"policyType": "read-only",
"id": "8a83a00278f8ed4f01790d71f56b0037"
}
]
},
"requestId": "8f7aa2b0-2b3c-4cf2-ba3b-cc91417690de"
}
4.2. 查看桶策略
主账号使用get-bucket-policy命令可以列出指定bucket下桶策略。
$ ycloud iam get-bucket-policy --bucket mybucket
{
"success": true,
"code": 200,
"pager": {
"totalRecords": 3,
"pageData": [
{
"updated": "2021-04-23 09:51:35",
"resource": "/a",
"users": [
{
"userName": "xx",
"status": "NORMAL",
"createDate": "2020-11-18 09:41:11",
"id": "xxx",
"email": "xxx@xxx.com"
}
],
"created": "2021-04-23 09:51:35",
"bucket": "mybucket",
"policyType": "read-only",
"id": "8a83a00278f8ed4f0178fc6cd91c001b"
},
{
"updated": "2021-04-23 09:52:31",
"resource": "/b",
"users": [
{
"userName": "xxx",
"status": "NORMAL",
"createDate": "2020-11-18 09:41:11",
"id": "xxx",
"email": "xxx@xxx.com"
}
],
"created": "2021-04-23 09:52:31",
"bucket": "mybucket",
"policyType": "read-only",
"id": "8a83a00278f8ed4f0178fc6db50b0027"
},
{
"updated": "2021-04-26 17:10:42",
"resource": "/test2",
"users": [
{
"userName": "xxx",
"status": "NORMAL",
"createDate": "2020-07-28 11:32:33",
"id": "8a83a002734c3caa0173937a9e830218",
"email": "xxx@xxx.com"
}
],
"created": "2021-04-26 17:10:42",
"bucket": "mybucket",
"policyType": "read-only",
"id": "8a83a00278f8ed4f01790d71f56b0037"
}
]
},
"requestId": "8f7aa2b0-2b3c-4cf2-ba3b-cc91417690de"
}
4.3. 删除桶策略
主账号使用delete-bucket-policy命令,传入bucket,删除指定bucket下桶策略。
$ ycloud iam delete-bucket-policy --bucket xxxx
{
"success": true,
"code": 200,
"requestId": "1050c5c6-beeb-4ba9-ab0d-cfbf5bd49da0"
}