Update Guide of Resource Level APIs and Authorization Solution of Personal Edition

Tencent Container Registry

Updates and Announcements

Release Notes

Announcements

Announcement on Merging the Entries of TCR Enterprise and TCR Individual

Product Introduction

Purchase Guide

Quick Start

TCR Individual Getting Started

Operation Guide

Creating an Enterprise Edition Instance

Access Configuration

Credential Access Control

Managing User Accounts

Managing Service Accounts

Network Access Control

Network Access Control Overview

Configuring Public Network Access Control

Private Network Access Control

Access Permission Configuration

Overview

CAM APIs for Enterprise Edition

TCR Enterprise Authorization Management

Access Domain Name Configuration

Configuring Custom Domain Name

Manage Image Repository

Managing Namespaces

Basic Image Repository Operations

Image Distribution

Intra-Instance Multi-Region Image Replication

Cross-Tenant Synchronization

Loading Container Images on Demand

Image Security

Container Image Security Scanning

Configuring Image Tag Immutability

Blocking the Deployment of High-Risk Images

Container Image Signature

Synchronization and Replication

Configuring Instance Synchronization

Configuring Instance Replication

Configuring Image Tag Retention

Image Cleanup

Auto-Deleting Image Tags

Releasing COS Storage Capacity

DevOps

Managing Triggers

OCI Artifacts Management

OCI Artifacts Management Overview

Management Helm Chart

Operation Guide for TCR Individual

Resetting the Login Password

Configuring Access Permission

CAM APIs for Personal Edition

Example of Authorization Solution of TCR Individual

Update Guide of Resource Level APIs and Authorization Solution of Personal Edition

Configuring Garbage Collection

Terminating/Returning Instances

Practical Tutorial

TCR Personal migration

Migration from TCR Individual to TCR Enterprise

Using Personal Edition Domain Name to Access Enterprise Edition Instance

TKE Clusters Use the TCR Addon to Enable Secret-free Pulling of Container Images via Private Network

Synchronizing Images to TCR Enterprise Edition from External Harbor

TKE Serverless Clusters Pull TCR Container Images

Image Data Synchronization and Replication Between Multiple Platforms in Hybrid Cloud

Nearby Access Through Image Synchronization Between Multiple Global Regions

Using Custom Domain Name and CCN to Implement Cross-Region Private Network Access

API Documentation

Making API Requests

Instance Management APIs

CheckInstance

CheckInstanceName

CreateImageAccelerationService

CreateInstanceCustomizedDomain

CreateInstanceToken

DeleteImageAccelerateService

DeleteInstance

DeleteInstanceCustomizedDomain

DeleteInstanceToken

DescribeImageAccelerateService

DescribeInstanceCustomizedDomain

DescribeInstanceStatus

DescribeInstanceToken

Namespace APIs

CreateImmutableTagRules

CreateNamespace

CreateSignaturePolicy

DeleteImmutableTagRules

DeleteNamespace

DeleteSignaturePolicy

DescribeImmutableTagRules

DescribeInstanceAllNamespaces

ModifyImmutableTagRules

ModifyNamespace

DescribeNamespaces

Access Control APIs

CreateMultipleSecurityPolicy

DeleteMultipleSecurityPolicy

DescribeExternalEndpointStatus

DescribeInternalEndpoints

DescribeSecurityPolicies

ManageExternalEndpoint

ManageInternalEndpoint

ModifySecurityPolicy

DeleteSecurityPolicy

Instance Synchronization APIs

CreateReplicationInstance

DeleteReplicationInstance

DescribeReplicationInstanceCreateTasks

DescribeReplicationInstanceSyncStatus

DescribeReplicationInstances

ManageReplication

Tag Retention APIs

CreateTagRetentionExecution

CreateTagRetentionRule

DeleteTagRetentionRule

DescribeTagRetentionExecution

DescribeTagRetentionExecutionTask

DescribeTagRetentionRules

ModifyTagRetentionRule

Trigger APIs

CreateWebhookTrigger

DeleteWebhookTrigger

DescribeWebhookTrigger

DescribeWebhookTriggerLog

ModifyWebhookTrigger

Helm Chart APIs

DescribeChartDownloadInfo

DownloadHelmChart

Image Repository APIs

DescribeImageManifests

Custom Account APIs

ModifyServiceAccountPassword

DescribeServiceAccounts

Data Types

Error Codes

FAQs

TCR Individual Edition

TCR Enterprise Edition

Related Agreement

Service Level Agreement

Glossary

DocumentationTencent Container RegistryOperation GuideOperation Guide for TCR IndividualConfiguring Access PermissionUpdate Guide of Resource Level APIs and Authorization Solution of Personal Edition

Update Guide of Resource Level APIs and Authorization Solution of Personal Edition

Download PDF

Last updated: 2024-12-02 14:30:05

Update Guide of Resource Level APIs and Authorization Solution of Personal Edition

Last updated: 2024-12-02 14:30:05

Download PDF

Overview
TCR provides container image hosting and distribution services to enterprise users and personal users. The Personal Edition provides users with simple and free basic services, that is, the image repository in TKE.
To provide users with more standardized interface definitions and significantly reduced access delay API services, the APIs of the original Personal Edition image repository (CCR) has been upgraded from version 2.0 to the latest version 3.0, and the API name and authorization solutions have updated accordingly. This document describes the mappings between the new and legacy APIs after the upgrade of the APIs that support resource-level authentication and how to use the new authorization solution.
Mappings Between the v2.0 and v3.0 APIs
API Name of v2.0
API Name of v3.0
Description
Latest Resource Description Method
CreateCCRNamespace
CreateNamespacePersonal
Creates a namespace of Personal Edition
qcs::tcr:$region:$account:repo/$namespace
DeleteUserNamespace
DeleteNamespacePersonal
Deletes a namespace of Personal Edition
qcs::tcr:$region:$account:repo/$namespace
GetUserRepositoryList
DescribeRepositoryOwnerPersonal
Queries all repositories of Personal Edition
qcs::tcr:$region:$account:repo/*
CreateRepository
CreateRepositoryPersonal
Creates an image repository of Personal Edition
qcs::tcr:$region:$account:repo/$namespace/$repo
DeleteRepository
DeleteRepositoryPersonal
Deletes an image repository of Personal Edition
qcs::tcr:$region:$account:repo/$namespace/$repo
BatchDeleteRepository
BatchDeleteRepositoryPersonal
Deletes image repositories of Personal Edition in batches
qcs::tcr:$region:$account:repo/$namespace/*
DeleteTag
DeleteImagePersonal
Deletes the repository tag of Personal Edition
qcs::tcr:$region:$account:repo/$namespace/$repo
BatchDeleteTag
BatchDeleteImagePersonal
Deletes the repository tags of Personal Edition in batches
qcs::tcr:$region:$account:repo/$namespace/$repo
pull
PullRepositoryPersonal
Pulls the images in the image repository of Personal Edition
qcs::tcr:$region:$account:repo/$namespace/$repo
push
PushRepositoryPersonal
Pushes the images in the image repository of Personal Edition
qcs::tcr:$region:$account:repo/$namespace/$repo
Mappings Between the legacy and new Authorization Solutions
Due to the upgrade and update of the product name and API version, the original resource description methods and actions of the TCR Personal Edition have been updated accordingly. Please use the latest resources and action authorization solutions while using the v3.0 APIs.
During the upgrade of APIs, CAM APIs will be compatible with both the legacy and new resource description methods and actions to ensure that the custom policies are still effective. To make it easier for you to manage the APIs and authorization solutions uniformly, we recommend that you upgrade the authorization solution to the latest version. For more information, please see Example of Authorization Solution of the Personal Edition.
The legacy resource-level authorization solution
Action: use ccr as the product prefix, and the API name is version 2.0. For example, create a namespace as ccr:CreateCCRNamespace.
Resource description: use ccr as the product name, and there is only a repo resource type. For example, to describe the image repository repo-b under the namespace namespace-a, it would be qcs::ccr:::repo/namespace-a/repo-b. If $region and $account are left empty, all regions will be used by default, and the account will be the root account of the CAM user who created the policy by default.
For more information on authorization solution, see TKE Image Registry Resource-level Permission Settings.
The new resource-level authorization solution
Action: use tcr as the product prefix, and the API name is version 3.0. For example, create a namespace of Personal Edition as tcr:CreateNamespacePersonal.
Resource description: use tcr as the product name, and there are three resource types: instance, repository and repo. Among them, repo is a dedicated resource type of the Personal Edition. For example, to describe the image repository repo-b under the namespace of Personal Edition namespace-a, it would be qcs::tcr:$region:$account:repo/namespace-a/repo-b. If $region and $account are left empty, all regions will be used by default, and the account will be the root account of the CAM user who created the policy by default.
For more information on authorization solution, see CAM APIs for Personal Edition and Example of Authorization Solution of the Personal Edition.
The compatible example of legacy and new authorization solutions
For example, the authorized sub-account can read the image repository of repo-b (an image repository of Personal Edition) under the namespace namespace-a in the default region. Then this account can only query the repository information and pull the image in the repository, but cannot modify the repository attributes, push images, and delete the repository.
Legacy authorization solution:
{
    "version": "2.0",
    "statement": [{
        "action": [
            "ccr:pull"
        ],
        "resource": "qcs::ccr:::repo/namespace-a/repo-b",
        "effect": "allow"
    }]
}
New authorization solution:
{
    "version": "2.0",
    "statement": [{
        "action": [
            "tcr:PullRepositoryPersonal"
        ],
        "resource": "qcs::tcr:::repo/namespace-a/repo-b",
        "effect": "allow"
    }]
}
﻿

Was this page helpful?

You can also Contact Sales or Submit a Ticket for help.

Yes

API Name of v2.0	API Name of v3.0	Description	Latest Resource Description Method
CreateCCRNamespace	CreateNamespacePersonal	Creates a namespace of Personal Edition	`qcs::tcr:$region:$account:repo/$namespace`
DeleteUserNamespace	DeleteNamespacePersonal	Deletes a namespace of Personal Edition	`qcs::tcr:$region:$account:repo/$namespace`
GetUserRepositoryList	DescribeRepositoryOwnerPersonal	Queries all repositories of Personal Edition	`qcs::tcr:$region:$account:repo/*`
CreateRepository	CreateRepositoryPersonal	Creates an image repository of Personal Edition	`qcs::tcr:$region:$account:repo/$namespace/$repo`
DeleteRepository	DeleteRepositoryPersonal	Deletes an image repository of Personal Edition	`qcs::tcr:$region:$account:repo/$namespace/$repo`
BatchDeleteRepository	BatchDeleteRepositoryPersonal	Deletes image repositories of Personal Edition in batches	`qcs::tcr:$region:$account:repo/$namespace/*`
DeleteTag	DeleteImagePersonal	Deletes the repository tag of Personal Edition	`qcs::tcr:$region:$account:repo/$namespace/$repo`
BatchDeleteTag	BatchDeleteImagePersonal	Deletes the repository tags of Personal Edition in batches	`qcs::tcr:$region:$account:repo/$namespace/$repo`
pull	PullRepositoryPersonal	Pulls the images in the image repository of Personal Edition	`qcs::tcr:$region:$account:repo/$namespace/$repo`
push	PushRepositoryPersonal	Pushes the images in the image repository of Personal Edition	`qcs::tcr:$region:$account:repo/$namespace/$repo`

tencent cloud

New User Offers

Next-Generation CDN：EdgeOne

Elasticsearch Service Special Offers

Free Tier

Tencent Cloud Startup Program

Special Offers

Lighthouse Special Offers

Cloud Object Storage Special Offers

Featured Products

New Products

Education

Tencent Cloud Online Education Solutions

Gaming

Gaming Solution

Game Media Solutions

Financial Services

Financial Services Solution

Audio & Video

Audio/Video Solution

LVB Recording Solution

Interactive Classroom Solution

Interactive Live Streaming Solution

Audio Chat Social Networking Solution

Real Estate

Tencent Cloud LinkBase(Weiling)

E-commerce

E-commerce retail solutions

Compute

Cloud Virtual Machine

Auto Scaling

Batch Compute

CVM Dedicated Host

Database

TencentDB for MySQL

TencentDB for Redis®

TencentDB for CTSDB

TDSQL for MySQL

Data Transfer Service

TencentDB for MongoDB

TencentDB for PostgreSQL

TencentDB for SQL Server

TencentDB for TcaplusDB

Video Service

Cloud Streaming Services

Video on Demand

Media Processing Service

Cloud Application Rendering

Cloud Contact Center

Game Multimedia Engine

Chat

Real-time Communication

Tencent Effect SDK

AI and Machine Learning

Image Creation Large Model

Face Fusion

eKYC

Optical Character Recognition

Video Creation Large Model

Industry Applications

Tencent HealthCare Omics Platform

Container and Middleware

TDMQ for CKafka

Serverless Cloud Function

Tencent Kubernetes Engine

Tencent Kubernetes Engine for Serverless

Networking

Cloud Load Balancer

Virtual Private Cloud

Direct Connect

Cloud Connect Network

NAT Gateway

VPN Connection

Bandwidth Package

Anycast Internet Acceleration

Elastic Network Interface

Flow Logs

Global Application Acceleration Platform

Security

Captcha