华为云用户手册

Java 创建流日志 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.er.v3.region.ErRegion; import com.huaweicloud.sdk.er.v3.*; import com.huaweicloud.sdk.er.v3.model.*; public class CreateFlowLogSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); ErClient client = ErClient.newBuilder() .withCredential(auth) .withRegion(ErRegion.valueOf("cn-north-4")) .build(); CreateFlowLogRequest request = new CreateFlowLogRequest(); CreateFlowLogRequestBody body = new CreateFlowLogRequestBody(); FlowLogRequest flowLogbody = new FlowLogRequest(); flowLogbody.withName("flow-log") .withDescription("flow log test") .withResourceType(FlowLogRequest.ResourceTypeEnum.fromValue("attachment")) .withResourceId("6f83b848-8331-4271-ac0c-ef94b7686402") .withLogGroupId("0139393c-eeb2-49f0-bbd4-c5faec6b1497") .withLogStreamId("d22c3b44-2f71-470f-83f3-96a8af6956ad") .withLogStoreType(FlowLogRequest.LogStoreTypeEnum.fromValue("LTS")); body.withFlowLog(flowLogbody); request.withBody(body); try { CreateFlowLogResponse response = client.createFlowLog(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }

Go 创建流日志 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" er "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/er/v3" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/er/v3/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/er/v3/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). Build() client := er.NewErClient( er.ErClientBuilder(). WithRegion(region.ValueOf("cn-north-4")). WithCredential(auth). Build()) request := &model.CreateFlowLogRequest{} descriptionFlowLog:= "flow log test" flowLogbody := &model.FlowLogRequest{ Name: "flow-log", Description: &descriptionFlowLog, ResourceType: model.GetFlowLogRequestResourceTypeEnum().ATTACHMENT, ResourceId: "6f83b848-8331-4271-ac0c-ef94b7686402", LogGroupId: "0139393c-eeb2-49f0-bbd4-c5faec6b1497", LogStreamId: "d22c3b44-2f71-470f-83f3-96a8af6956ad", LogStoreType: model.GetFlowLogRequestLogStoreTypeEnum().LTS, } request.Body = &model.CreateFlowLogRequestBody{ FlowLog: flowLogbody, } response, err := client.CreateFlowLog(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } }

请求示例 创建流日志 POST https://{erouter_endpoint}/v3/0605767a9980d5762fbcc00b3537e757/enterprise-router/a43c55e9-4911-4030-90e1-5c2bf6ae6fe2/flow-logs { "flow_log" : { "name" : "flow-log", "description" : "flow log test", "resource_type" : "attachment", "resource_id" : "6f83b848-8331-4271-ac0c-ef94b7686402", "log_group_id" : "0139393c-eeb2-49f0-bbd4-c5faec6b1497", "log_stream_id" : "d22c3b44-2f71-470f-83f3-96a8af6956ad", "log_store_type" : "LTS" } }

响应示例 状态码： 202 Accepted { "flow_log" : { "id" : "b216bc1d-5963-41a7-89f9-779a5128c5ac", "name" : "flow_log", "project_id" : "0605767a9980d5762fbcc00b3537e757", "resource_type" : "attachment", "resource_id" : "6f83b848-8331-4271-ac0c-ef94b7686402", "log_group_id" : "0139393c-eeb2-49f0-bbd4-c5faec6b1497", "log_stream_id" : "d22c3b44-2f71-470f-83f3-96a8af6956ad", "log_store_type" : "LTS", "log_aggregation_interval" : 600, "created_at" : "2020-03-11T15:13:31Z", "updated_at" : "2022-03-11T15:13:31Z", "state" : "available", "enabled" : true, "description" : "ER流日志" }, "request_id" : "915a14a6-867b-4af7-83d1-70efceb146f9" }

Python 创建流日志 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 # coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdker.v3.region.er_region import ErRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdker.v3 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = os.getenv("CLOUD_SDK_AK") sk = os.getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = ErClient.new_builder() \ .with_credentials(credentials) \ .with_region(ErRegion.value_of("cn-north-4")) \ .build() try: request = CreateFlowLogRequest() flowLogbody = FlowLogRequest( name="flow-log", description="flow log test", resource_type="attachment", resource_id="6f83b848-8331-4271-ac0c-ef94b7686402", log_group_id="0139393c-eeb2-49f0-bbd4-c5faec6b1497", log_stream_id="d22c3b44-2f71-470f-83f3-96a8af6956ad", log_store_type="LTS" ) request.body = CreateFlowLogRequestBody( flow_log=flowLogbody ) response = client.create_flow_log(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)

请求参数 表2 请求Header参数 参数 是否必选 参数类型 描述 X-Client-Token 否 String 幂等性标识 最小长度：1 最大长度：64 表3 请求Body参数 参数 是否必选 参数类型 描述 flow_log 是 FlowLogRequest object 创建流日志请求体 表4 FlowLogRequest 参数 是否必选 参数类型 描述 name 是 String 流日志名称 最小长度：1 最大长度：64 description 否 String 流日志描述 最小长度：0 最大长度：255 resource_type 是 String 流日志采集的资源类型: VPC连接 虚拟网关连接 对等连接 resource_id 是 String 要采集的资源ID log_group_id 是 String 日志组ID。请在 云日志 服务中获取，详情请参见《云日志服务用户指南》。 log_stream_id 是 String 日志主题ID。请在云日志服务中获取，详情请参见《云日志服务用户指南》。 log_store_type 是 String 流日志的存储类型: LTS: 云日志服务器存储

响应参数 状态码： 202 表5 响应Header参数 参数 参数类型 描述 X-Client-Token - 幂等性标识 表6 响应Body参数 参数 参数类型 描述 flow_log FlowLog object 流日志详情 request_id String 请求id 表7 FlowLog 参数 参数类型 描述 id String 流日志ID name String 流日志名称 description String 流日志描述 project_id String 流日志任务创建者项目ID resource_type String 采集的资源类型:attachment resource_id String 采集的资源ID log_group_id String 日志组ID log_stream_id String 日志流ID log_store_type String 流日志存储类型:LTS log_aggregation_interval Integer 日志聚合时间，单位s，取值范围：60-600 created_at String 创建时间,格式:YYYY-MM-DDTHH:mm:ss.sssZ updated_at String 更新时间,格式:YYYY-MM-DDTHH:mm:ss.sssZ state String 日志资源状态:pending|available|modifying|deleting|deleted|failed enabled Boolean 日志开关:true|false

支持的授权项 策略包含系统策略和自定义策略，如果系统策略不满足授权要求，管理员可以创建自定义策略，并通过给用户组授予自定义策略来进行精细的访问控制。策略支持的操作与API相对应，授权项列表说明如下： 权限：允许或拒绝对指定资源在特定条件下进行某项操作。 对应API接口：自定义策略实际调用的API接口。 授权项：自定义策略中支持的Action，在自定义策略中的Action中写入授权项，可以实现授权项对应的权限功能。 依赖的授权项：部分Action存在对其他Action的依赖，需要将依赖的Action同时写入授权项，才能实现对应的权限功能。 IAM 项目(Project)/企业项目(Enterprise Project)：自定义策略的授权范围，包括IAM项目与企业项目。授权范围如果同时支持IAM项目和企业项目，表示此授权项对应的自定义策略，可以在IAM和企业管理两个服务中给用户组授权并生效。如果仅支持IAM项目，不支持企业项目，表示仅能在IAM中给用户组授权并生效，如果在企业管理中授权，则该自定义策略不生效。管理员可以在授权项列表中查看授权项是否支持IAM项目或企业项目，“√”表示支持，“×”表示暂不支持。关于IAM项目与企业项目的区别，详情请参见：IAM与企业管理的区别。 ER的支持自定义策略授权项如下所示： 企业路由器 VPC连接 其他连接 路由表 关联 传播 路由 流日志 标签 配额管理

响应示例 状态码： 200 OK { "associations" : [ { "id" : "915a14a6-867b-4af7-83d1-70efceb146f9", "route_table_id" : "91c013e2-d65a-474e-9177-c3e1799ca726", "attachment_id" : "a5b7d209-dc02-4c46-a51f-805eadd3de64", "resource_type" : "vpc", "resource_id" : "4e5fe97c-82bc-432e-87d8-06d7e157dffa", "state" : "pending", "created_at" : "2020-03-11T15:13:31", "updated_at" : "2020-03-11T15:13:31", "route_policy" : { "export_policy_id" : "" } } ], "page_info" : { "next_marker" : "1", "current_count" : 1 }, "request_id" : "915a14a6-867b-4af7-83d1-70efceb146f9" }

请求示例 查询路由表的关联信息 GET https://{erouter_endpoint}/v3/08d5a9564a704afda6039ae2babbef3c/enterprise-router/915a14a6-867b-4af7-83d1-70efceb146f5/route-tables/915a14a6-867b-4af7-83d1-70efceb146f9/associations

响应参数 状态码： 200 表3 响应Body参数 参数 参数类型 描述 associations Array of Association objects 路由表关联列表 数组长度：0 - 2000 request_id String 请求ID page_info PageInfo object 分页查询的信息 表4 Association 参数 参数类型 描述 id String 关联唯一标识 最大长度：36 route_table_id String 路由表唯一标识 最大长度：36 attachment_id String 连接唯一标识 最大长度：36 resource_type String vpc：虚拟私有云 vpn：vpn网关 vgw：云专线的虚拟网关 peering：对等连接，通过云连接CC加载不同区域的企业路由器来创建“对等连接（Peering）”连接 resource_id String 连接的资源唯一标识 state String 状态:pending|available|modifying|deleting|deleted|failed created_at String 资源创建时间 采用UTC时间 格式：YYYY-MM-DDTHH:mm:ss.sssZ updated_at String 资源更新时间 采用UTC时间 格式：YYYY-MM-DDTHH:mm:ss.sssZ route_policy ExportRoutePolicy object 出方向路由策略 表5 ExportRoutePolicy 参数 参数类型 描述 export_policy_id String 出方向Ipv4协议路由策略id 最小长度：0 最大长度：36 表6 PageInfo 参数 参数类型 描述 next_marker String 下一个marker标识，为空时表示最后一页 current_count Integer 当前列表中资源数量

URI GET /v3/{project_id}/enterprise-router/{er_id}/route-tables/{route_table_id}/associations 表1 路径参数 参数 是否必选 参数类型 描述 project_id 是 String 项目ID er_id 是 String 企业路由器实例ID route_table_id 是 String 路由表ID 表2 Query参数 参数 是否必选 参数类型 描述 limit 否 Integer 每页返回的个数。 取值范围：0~2000。 最小值：0 最大值：2000 marker 否 String 查询的页码id，为空时为查询第一页。 使用说明：必须与limit一起使用。 最小长度：1 最大长度：128 attachment_id 否 Array 连接ID resource_type 否 Array vpc：虚拟私有云 vpn：vpn网关 vgw：云专线的虚拟网关 peering：对等连接，通过云连接CC加载不同区域的企业路由器来创建“对等连接（Peering）”连接 state 否 Array 状态:pending|available|modifying|deleting|deleted|failed sort_key 否 Array 按关键字排序，默认按照id排序，可选值:id|name|state sort_dir 否 Array 返回结果按照升序或降序排列，默认为asc,降序为desc

Go 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" er "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/er/v3" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/er/v3/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/er/v3/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). Build() client := er.NewErClient( er.ErClientBuilder(). WithRegion(region.ValueOf("cn-north-4")). WithCredential(auth). Build()) request := &model.DisableFlowLogRequest{} response, err := client.DisableFlowLog(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } }

Java 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.er.v3.region.ErRegion; import com.huaweicloud.sdk.er.v3.*; import com.huaweicloud.sdk.er.v3.model.*; public class DisableFlowLogSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); ErClient client = ErClient.newBuilder() .withCredential(auth) .withRegion(ErRegion.valueOf("cn-north-4")) .build(); DisableFlowLogRequest request = new DisableFlowLogRequest(); try { DisableFlowLogResponse response = client.disableFlowLog(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }

响应示例 状态码： 202 Accepted { "flow_log" : { "id" : "b216bc1d-5963-41a7-89f9-779a5128c5ac", "name" : "flow_log_update", "project_id" : "0605767a9980d5762fbcc00b3537e757", "resource_type" : "attachment", "resource_id" : "6f83b848-8331-4271-ac0c-ef94b7686402", "log_group_id" : "0139393c-eeb2-49f0-bbd4-c5faec6b1497", "log_stream_id" : "d22c3b44-2f71-470f-83f3-96a8af6956ad", "log_store_type" : "LTS", "log_aggregation_interval" : 600, "created_at" : "2020-03-11T15:13:31Z", "updated_at" : "2022-03-11T15:13:31Z", "state" : "available", "enabled" : true, "description" : "ER流日志" }, "request_id" : "915a14a6-867b-4af7-83d1-70efceb146f9" }

响应参数 状态码： 202 表2 响应Body参数 参数 参数类型 描述 flow_log FlowLog object 流日志详情 request_id String 请求id 表3 FlowLog 参数 参数类型 描述 id String 流日志ID name String 流日志名称 description String 流日志描述 project_id String 流日志任务创建者项目ID resource_type String 采集的资源类型:attachment resource_id String 采集的资源ID log_group_id String 日志组ID log_stream_id String 日志流ID log_store_type String 流日志存储类型:LTS log_aggregation_interval Integer 日志聚合时间，单位s，取值范围：60-600 created_at String 创建时间,格式:YYYY-MM-DDTHH:mm:ss.sssZ updated_at String 更新时间,格式:YYYY-MM-DDTHH:mm:ss.sssZ state String 日志资源状态:pending|available|modifying|deleting|deleted|failed enabled Boolean 日志开关:true|false

Python 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 # coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdker.v3.region.er_region import ErRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdker.v3 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = os.getenv("CLOUD_SDK_AK") sk = os.getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = ErClient.new_builder() \ .with_credentials(credentials) \ .with_region(ErRegion.value_of("cn-north-4")) \ .build() try: request = DisableFlowLogRequest() response = client.disable_flow_log(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)

请求示例 删除路由表关联 POST https://{erouter_endpoint}/v3/08d5a9564a704afda6039ae2babbef3c/enterprise-router/915a14a6-867b-4af7-83d1-70efceb146f8/route-tables/915a14a6-867b-4af7-83d1-70efceb146f9/disassociate { "attachment_id" : "2609ec92-ac19-4467-a527-7f9e690e7836" }

Python 删除路由表关联 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 # coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdker.v3.region.er_region import ErRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdker.v3 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = os.getenv("CLOUD_SDK_AK") sk = os.getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = ErClient.new_builder() \ .with_credentials(credentials) \ .with_region(ErRegion.value_of("cn-north-4")) \ .build() try: request = DisassociateRouteTableRequest() request.body = AssociationRequestBody( attachment_id="2609ec92-ac19-4467-a527-7f9e690e7836" ) response = client.disassociate_route_table(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)

Go 删除路由表关联 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" er "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/er/v3" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/er/v3/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/er/v3/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). Build() client := er.NewErClient( er.ErClientBuilder(). WithRegion(region.ValueOf("cn-north-4")). WithCredential(auth). Build()) request := &model.DisassociateRouteTableRequest{} attachmentIdAssociationRequestBody:= "2609ec92-ac19-4467-a527-7f9e690e7836" request.Body = &model.AssociationRequestBody{ AttachmentId: &attachmentIdAssociationRequestBody, } response, err := client.DisassociateRouteTable(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } }

请求参数 表2 请求Body参数 参数 是否必选 参数类型 描述 attachment_id 否 String 连接唯一标识 最大长度：36 route_policy 否 ExportRoutePolicy object 出方向路由策略 表3 ExportRoutePolicy 参数 是否必选 参数类型 描述 export_policy_id 否 String 出方向Ipv4协议路由策略id 最小长度：0 最大长度：36

Java 删除路由表关联 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.er.v3.region.ErRegion; import com.huaweicloud.sdk.er.v3.*; import com.huaweicloud.sdk.er.v3.model.*; public class DisassociateRouteTableSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); ErClient client = ErClient.newBuilder() .withCredential(auth) .withRegion(ErRegion.valueOf("cn-north-4")) .build(); DisassociateRouteTableRequest request = new DisassociateRouteTableRequest(); AssociationRequestBody body = new AssociationRequestBody(); body.withAttachmentId("2609ec92-ac19-4467-a527-7f9e690e7836"); request.withBody(body); try { DisassociateRouteTableResponse response = client.disassociateRouteTable(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }

权限及授权项说明 权限根据授权的精细程度，分为角色和策略。角色以服务为粒度，是IAM最初提供的一种根据用户的工作职能定义权限的粗粒度授权机制。策略以API接口为粒度进行权限拆分，授权更加精细，可以精确到某个操作、资源和条件，能够满足企业对权限最小化的安全管控要求。 如果您要允许或是禁止某个接口的操作权限，请使用策略。 如果您需要对您所拥有的企业路由器ER进行精细的权限管理，您可以使用 统一身份认证 服务（Identity and Access Management，简称IAM），如果华为帐号所具备的权限功能已经能满足您的要求，您可以跳过本章节，不影响您使用ER服务的其它功能。 通过IAM，您可以通过授权控制主体（IAM用户、用户组、IAM委托）对华为云资源的访问范围。权限根据授权的精细程度，分为角色和策略。角色以服务为粒度，是IAM最初提供的一种根据用户的工作职能定义权限的粗粒度授权机制。策略以API接口为粒度进行权限拆分，授权更加精细，可以精确到某个操作、资源和条件，能够满足企业对权限最小化的安全管控要求。 目前IAM支持两类授权模型，一类是经典授权（RBAC）模型，称为角色授权。 默认情况下，新建的主体没有任何权限，需要为主体授予系统角色、系统策略或自定义策略，并选择授权范围，才能使主体获得相应的权限。 另一类是基于ABAC的新模型，称为策略授权。管理员可根据业务需求定制不同的访问控制策略，将策略附加主体或为主体授予该策略即可获得相应权限，能够做到更细粒度更灵活的权限控制。授权后，主体就可以基于已有权限对云服务进行操作。 两者有如下的区别和关系： 表1 角色授权与策略授权的区别 名称 核心关系 涉及的权限 授权方式 适用场景 角色授权 用户-角色-权限 系统角色 系统策略 自定义策略 为主体授予角色或策略 每个用户可以根据被分配的角色相对快速的被授予相关权限，但灵活性较差，难以满足细粒度精确权限控制需求，更适用于对维护角色和授权关系工作量较小的中小企业用户。 策略授权 用户-策略 系统策略 自定义策略 为主体授予策略 策略附加至主体 新增资源时，对比角色授权需要维护所有相关角色，基于策略的授权模型仅需要维护较少的资源，可扩展性更强，更方便。但相对应的，整体模型构建更加复杂，对相关人员专业能力要求更高，因此更适用于中大型企业。 例如：如果需要对IAM用户授予可以创建华北-北京四区域的ER和华南-广州区域的ER的权限，基于角色授权的场景中，管理员需要创建两个自定义策略，并且为IAM用户同时授予这两个自定义策略才可以实现权限控制。在基于策略授权的场景中，管理员仅需要创建一个自定义策略，在策略中通过条件键“g:RequestedRegion”的配置即可达到策略对于授权区域的控制。将策略附加主体或为主体授予该策略即可获得相应权限，权限配置方式更细粒度更灵活。 ER目前仅支持角色授权模型，该场景下支持的策略授权项请参考基于角色授权的服务授权项。 例如，用户要调用接口来查询企业路由器列表，那么这个IAM用户被授予的策略中必须包含允许“er:instances:list”的授权项，该接口才能调用成功。 父主题： 权限和授权项

Go 为企业路由器资源添加标签，标签值为key1，标签键为value1 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" er "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/er/v3" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/er/v3/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/er/v3/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). Build() client := er.NewErClient( er.ErClientBuilder(). WithRegion(region.ValueOf("cn-north-4")). WithCredential(auth). Build()) request := &model.CreateResourceTagRequest{} keyTag:= "key1" valueTag:= "value1" tagbody := &model.Tag{ Key: &keyTag, Value: &valueTag, } request.Body = &model.CreateResourceTagRequestBody{ Tag: tagbody, } response, err := client.CreateResourceTag(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } }

Python 为企业路由器资源添加标签，标签值为key1，标签键为value1 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 # coding: utf-8 from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdker.v3.region.er_region import ErRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdker.v3 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = os.getenv("CLOUD_SDK_AK") sk = os.getenv("CLOUD_SDK_SK") credentials = BasicCredentials(ak, sk) \ client = ErClient.new_builder() \ .with_credentials(credentials) \ .with_region(ErRegion.value_of("cn-north-4")) \ .build() try: request = CreateResourceTagRequest() tagbody = Tag( key="key1", value="value1" ) request.body = CreateResourceTagRequestBody( tag=tagbody ) response = client.create_resource_tag(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)

URI POST /v3/{project_id}/{resource_type}/{resource_id}/tags 表1 路径参数 参数 是否必选 参数类型 描述 project_id 是 String 项目ID resource_id 是 String 资源ID resource_type 是 String 标签资源类型: instance: 企业路由器实例 route-table: 路由表 vpc-attachment: VPC连接 vgw-attachment: 虚拟网关连接 peering-attachment: 对等连接（Peering）连接 vpn-attachment: VPN网关连接 attachments: 所有连接类型

Java 为企业路由器资源添加标签，标签值为key1，标签键为value1 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.er.v3.region.ErRegion; import com.huaweicloud.sdk.er.v3.*; import com.huaweicloud.sdk.er.v3.model.*; public class CreateResourceTagSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); ErClient client = ErClient.newBuilder() .withCredential(auth) .withRegion(ErRegion.valueOf("cn-north-4")) .build(); CreateResourceTagRequest request = new CreateResourceTagRequest(); CreateResourceTagRequestBody body = new CreateResourceTagRequestBody(); Tag tagbody = new Tag(); tagbody.withKey("key1") .withValue("value1"); body.withTag(tagbody); request.withBody(body); try { CreateResourceTagResponse response = client.createResourceTag(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }

请求示例 为企业路由器资源添加标签，标签值为key1，标签键为value1 POST https://{erouter-endpoint}/v3/cfa563efb77d4b6d9960781d82530fd8/instance/3320166e-b937-40cc-a35c-02cd3f2b3ee2/tags { "tag" : { "key" : "key1", "value" : "value1" } }

请求参数 表2 请求Body参数 参数 是否必选 参数类型 描述 tag 是 Tag object 资源标签 表3 Tag 参数 是否必选 参数类型 描述 key 否 String 标签键，规则： 1.可用 UTF-8 格式表示的字母(包含中文)、数字和空格，以及字符：下划线“_”，点“.”，冒号“:”，等号“=”，加号“+”，中划线“-”，“@”。 2._sys_开头属于系统标签，租户不能输入。 3.标签key不能为空（长度不能为0）。 4.长度在1-128之间。 最小长度：1 最大长度：128 value 否 String 标签值，规则： 1.可用 UTF-8 格式表示的字母(包含中文)、数字和空格，以及字符：下划线“_”，点“.”，冒号“:”，等号“=”，加号“+”，中划线“-”，“@”。 2.资源标签值可以为空（empty or null）。 3.长度在0-255之间。 最小长度：0 最大长度：255

Go 更新流日志b216bc1d-5963-41a7-89f9-779a5128c5ac的名称为flow_log_update,描述为flow log update test 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" er "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/er/v3" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/er/v3/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/er/v3/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). Build() client := er.NewErClient( er.ErClientBuilder(). WithRegion(region.ValueOf("cn-north-4")). WithCredential(auth). Build()) request := &model.UpdateFlowLogRequest{} descriptionUpdateFlowLogRequestBody:= "flow log update test" nameUpdateFlowLogRequestBody:= "flow_log_update" request.Body = &model.UpdateFlowLogRequestBody{ Description: &descriptionUpdateFlowLogRequestBody, Name: &nameUpdateFlowLogRequestBody, } response, err := client.UpdateFlowLog(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } }