统一身份认证服务 IAM-获取委托Token:响应示例
响应示例
状态码为 201 时:
创建成功。
示例1:由被委托方B(账号名为 IAM DomainB)中的IAM用户B(用户名IAMUserB,请求头中的X-Auth-Token字段需要填写IAMUserB的用户token,且该token需要具有Agent Operator权限),获取委托方A(账号名为IAMDomainA)创建的委托名为IAMAgency,作用范围为委托方A整个账号的token。
示例2:由被委托方B(账号名为IAMDomainB)中的IAM用户B(用户名IAMUserB,请求头中的X-Auth-Token字段需要填写IAMUserB的用户token,且该token需要具有Agent Operator权限),获取委托方A(账号名为IAMDomainA)创建的委托名为IAMAgency,作用范围为委托方A的项目“cn-north-1”,且返回的响应体中将不显示catalog信息的token。
- 示例 1
响应Header参数: X-Subject-Token:MIIatAYJKoZIhvcNAQcCoIIapTCCGqECAQExDTALB...
响应Body参数: { "token": { "expires_at": "2020-01-05T05:05:17.429000Z", "methods": [ "assume_role" ], "catalog": [ { "endpoints": [ { "id": "33e1cbdd86d34e89a63cf8ad16a5f49f", "interface": "public", "region": "*", "region_id": "*", "url": "https://iam.myhuaweicloud.com/v3.0" } ], "id": "100a6a3477f1495286579b819d399e36", "name": "iam", "type": "iam" } ], "domain": { "id": "d78cbac186b744899480f25bd022f468", "name": "IAMDomainA" }, "roles": [ { "id": "0", "name": "op_gated_eip_ipv6" }, { "id": "0", "name": "op_gated_rds_mcs" } ], "issued_at": "2020-01-04T05:05:17.429000Z", "user": { "domain": { "id": "d78cbac186b744899480f25bd022f468", "name": "IAMDomainA" }, "id": "0760a9e2a60026664f1fc0031f9f205e", "name": "IAMDomainA/IAMAgency" }, "assumed_by": { "user": { "domain": { "id": "a2cd82a33fb043dc9304bf72a0f38f00", "name": "IAMDomainB" }, "id": "0760a0bdee8026601f44c006524b17a9", "name": "IAMUserB", "password_expires_at": "" } } } }
- 示例 2
响应Header参数: X-Subject-Token:MIIatAYJKoZIhvcNAQcCoIIapTCCGqECAQExDTALB...
响应Body参数: { "token": { "expires_at": "2020-01-05T06:49:28.094000Z", "methods": [ "assume_role" ], "catalog": [], "roles": [ { "id": "0", "name": "op_gated_eip_ipv6" }, { "id": "0", "name": "op_gated_rds_mcs" } ], "project": { "domain": { "id": "d78cbac186b744899480f25bd022f468", "name": "IAMDomainA" }, "id": "aa2d97d7e62c4b7da3ffdfc11551f878", "name": "cn-north-1" }, "issued_at": "2020-01-04T06:49:28.094000Z", "user": { "domain": { "id": "d78cbac186b744899480f25bd022f468", "name": "IAMDomainA" }, "id": "0760a9e2a60026664f1fc0031f9f205e", "name": "IAMDomainA/IAMAgency" }, "assumed_by": { "user": { "domain": { "id": "a2cd82a33fb043dc9304bf72a0f38f00", "name": "IAMDomainB" }, "id": "0760a0bdee8026601f44c006524b17a9", "name": "IAMUserB", "password_expires_at": "" } } } }
状态码为 400 时:
参数无效。
{ "error": { "code": 400, "message": "The request body is invalid", "title": "Bad Request" } }
状态码为 401 时:
认证失败。
{ "error": { "code": 401, "message": "The X-Auth-Token is invalid!", "title": "Unauthorized" } }
状态码为 403 时:
没有操作权限。
- 可能原因:被委托方B中用户B的用户token(即X-Auth-Token填写的token)缺少Agent Operator权限,请添加权限。
{ "error": { "code": 403, "message": "You have no right to do this action", "title": "Forbidden" } }