检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Log In to a CBH Instance Console as an IAM User Function This API is used to log in to a CBH instance console as an IAM user.
Does CBH Support IAM Fine-Grained Management? Yes. Identity and Access Management (IAM) is a basic service for permission management. By default, new IAM users do not have any permissions. You need to grant different permissions to IAM users based on their duties.
IAM Identity and Access Management (IAM) helps you to manage permissions and identity authentication for users of CBH instances. For more details, see Permissions Management.
You can log in to the bastion host using IAM Login or Admin Login without entering a password. However, you must use an account or key to log in to the bastion host using Local Login.
Request Parameters Table 2 Request header parameters Parameter Mandatory Type Description X-Auth-Token Yes String User token It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is the user token.
Create a user group on the IAM console, and attach the CBH ReadOnlyAccess policy to the group. Creating an IAM User. Create a user on the IAM console and add the user to the group created in 1. Log in and verify permissions.
Incorrect server ID. 401 CBH.10020100 Invalid IAM token. IAM authentication failed. Check the token. 403 CBH.10020002 Tenant has no permissions. Permissions required. The tenant does not have the permission. Check the user permission on IAM. 500 CBH.10020000 Unknown error.
For details, see "Obtaining the Token of an IAM User." Table 3 Request body parameters Parameter Mandatory Type Description server_id Yes String Instance ID.
POST /v2/{project_id}/cbs/agency/authorization cbh::operateAuthorization iam:agencies:listAgencies iam:permissions:listRolesForAgencyOnProject iam:agencies:createAgency iam:agencies:deleteAgency iam:permissions:grantRoleToAgencyOnProject iam:permissions:revokeRoleFromAgencyOnProject
IAM_USER_CONFLICT(1016): There were IAM user conflicts. HOST_NOT_MANAGE(1): The server requested has not be managed by CBH. HOST_ACCOUNT_NOT_EXIST(553): The account for logging in to the server is unavailable.
For details, see "Obtaining the Token of an IAM User." Table 3 Request body parameters Parameter Mandatory Type Description publicip_id Yes String EIP ID, in UUID format.
For details, see "Obtaining the Token of an IAM User." Table 3 Request body parameters Parameter Mandatory Type Description server_id Yes String ID of the instance you want to roll back.
For details, see "Obtaining the Token of an IAM User."
For details, see "Obtaining the Token of an IAM User." Table 3 Request body parameters Parameter Mandatory Type Description server_id Yes String Instance ID.
During remote logins, you can select local, IAM, or admin login mode. In local or IAM login mode, use the accounts as required. In admin login mode, you can log in to a bastion host as user admin without entering passwords.
For details, see "Obtaining the Token of an IAM User." Table 3 Request body parameters Parameter Mandatory Type Description server_id Yes String Instance ID.
Replace the italic fields in bold with the actual values. accountid: ID of the account to which the IAM user belongs. username: IAM username to be created. email: email address of the IAM user. **********: password of the IAM user.
For details, see "Obtaining the Token of an IAM User." Table 3 Request body parameters Parameter Mandatory Type Description server_id Yes String CBH instance ID, in UUID format. reboot_type Yes String Restart mode, which is case insensitive.
For details, see "Obtaining the Token of an IAM User." Response Parameters Status code: 200 Table 3 Response body parameters Parameter Type Description authorization AgencyAuthorizeInfoRsp object Response body for the request for querying CBH agencies.
Grants the permission to associate the IAM agency with a role. iam:roles:createRole Grants the permission to create an IAM agency role. iam:agencies:deleteAgency Grants the permission to delete an IAM agency.
