- Product Overview
- Purchase Guide
- Quick Start
- Operation Guide
- Fault Action Library
- Compute
- JVM Process CPU at Full Load
- Cross-AZ Experiment in CVM
- CVM DNS Unavailability Experiment
- CVM Domain Name Parsing Tampering Experiment
- CVM System Time Skew
- CVM Disk IO Hang Fault Experiment
- CVM Memory OOM and Disk IO Load
- Experiments on CVM Intra-host Network Disorder
- CVM Kernel Faults
- Experiments on CVM Intra-host Network Latency
- High Utilization of CVM Resources (CPU, Memory, and Disk)
- Experiments on CVM Intra-host Network Corruption
- Experiments on CVM Intra-host Network Duplication
- Experiments on CVM Intra-host Network Occupation
- CVM Network Interruption
- CVM Ping Unreachable
- Cloud API Ban in CVM
- Database
- Primary-secondary Switch in TencentDB for PostgreSQL
- MySQL Instance Overall Unavailable
- Primary-secondary Switch in MySQL
- Setting Maximum Number of Connections in MySQL
- Primary Node Fault Experiment on TencentDB for MySQL
- TencentDB for MySQL Read-only Instance Group Unavailable
- Primary-secondary Switch in TDSQL for MySQM
- Primary-secondary Switch in MariaDB
- Primary-secondary Switch in TDSQL-C
- Practice of TencentDB for Redis Proxy Node Faults
- TencentDB for Redis Primary Node Fault
- Primary-secondary Nodes in TencentDB for Redis Instance Unavailable
- Simulating Primary-secondary Switch in Redis
- Simulating MongoDB Storage Node Fault
- Simulating Self-Built MySQL Crash Through Network Blocking
- Restarting TencentDB for MySQL
- Primary-secondary Switch in SQL Server
- Network
- Container
- Simulating Container Resource Network Faults
- Experiment on Container Resource Pod Operation Faults
- Experiment on Container Resource Node Faults
- Experiment on Container Resource Application Process Faults
- Standard Cluster and Serverless Cluster Super Node Faults
- Serverless Pod Fault Experiment Case
- Cluster Node Resource (CPU, Memory, Disk) Stress Test Faults
- Serverless Pod Virtual Node Shutdown Faults
- Simulating Serverless Cluster Pod Network Faults
- High Cluster Pod Resource (CPU, Memory, and Disk) Utilization Rate
- Cluster Pod TencentCloud API Ban
- Big Data
- Cloud Load Balancer
- Message Queue
- Direct Connect
- Custom Actions
- Cloud Streaming Services (CSS)
- Compute
- Permission Management Guide
- API Documentation
- FAQs
- Related Protocol
- Contact Us
- Product Overview
- Purchase Guide
- Quick Start
- Operation Guide
- Fault Action Library
- Compute
- JVM Process CPU at Full Load
- Cross-AZ Experiment in CVM
- CVM DNS Unavailability Experiment
- CVM Domain Name Parsing Tampering Experiment
- CVM System Time Skew
- CVM Disk IO Hang Fault Experiment
- CVM Memory OOM and Disk IO Load
- Experiments on CVM Intra-host Network Disorder
- CVM Kernel Faults
- Experiments on CVM Intra-host Network Latency
- High Utilization of CVM Resources (CPU, Memory, and Disk)
- Experiments on CVM Intra-host Network Corruption
- Experiments on CVM Intra-host Network Duplication
- Experiments on CVM Intra-host Network Occupation
- CVM Network Interruption
- CVM Ping Unreachable
- Cloud API Ban in CVM
- Database
- Primary-secondary Switch in TencentDB for PostgreSQL
- MySQL Instance Overall Unavailable
- Primary-secondary Switch in MySQL
- Setting Maximum Number of Connections in MySQL
- Primary Node Fault Experiment on TencentDB for MySQL
- TencentDB for MySQL Read-only Instance Group Unavailable
- Primary-secondary Switch in TDSQL for MySQM
- Primary-secondary Switch in MariaDB
- Primary-secondary Switch in TDSQL-C
- Practice of TencentDB for Redis Proxy Node Faults
- TencentDB for Redis Primary Node Fault
- Primary-secondary Nodes in TencentDB for Redis Instance Unavailable
- Simulating Primary-secondary Switch in Redis
- Simulating MongoDB Storage Node Fault
- Simulating Self-Built MySQL Crash Through Network Blocking
- Restarting TencentDB for MySQL
- Primary-secondary Switch in SQL Server
- Network
- Container
- Simulating Container Resource Network Faults
- Experiment on Container Resource Pod Operation Faults
- Experiment on Container Resource Node Faults
- Experiment on Container Resource Application Process Faults
- Standard Cluster and Serverless Cluster Super Node Faults
- Serverless Pod Fault Experiment Case
- Cluster Node Resource (CPU, Memory, Disk) Stress Test Faults
- Serverless Pod Virtual Node Shutdown Faults
- Simulating Serverless Cluster Pod Network Faults
- High Cluster Pod Resource (CPU, Memory, and Disk) Utilization Rate
- Cluster Pod TencentCloud API Ban
- Big Data
- Cloud Load Balancer
- Message Queue
- Direct Connect
- Custom Actions
- Cloud Streaming Services (CSS)
- Compute
- Permission Management Guide
- API Documentation
- FAQs
- Related Protocol
- Contact Us
Authorization Policy Syntax
Last updated: 2024-09-26 15:34:19
Policy Syntax
CAM policy:
{"version":"2.0","statement":[{"effect":"effect","action":["action"],"resource":["resource"],}]}
version: Required. Currently, only the value 2.0 is allowed.
statement: It is used to describe the detailed information of one or more permissions. This element covers permissions or permission sets of several other elements such as effect, action, resource, and condition. A policy has only one statement element.
effect: Required. This element describes the statement results. Value options: allow (allow) and deny (explicitly deny).
action: Required. This element describes the allowing or denial actions. Actions can be APIs (prefixed with cfg:).
resource: Required. This element describes the specific data of authorization. The resources are described in a six-segment format, and the resource definition details of each product are different.
Tencent Smart Advisor-Chaotic Fault Generator (CFG) Operations
In the CFG policy statement, you can specify any API operation from any service that supports Tencent Smart Advisor-Chaotic Fault Generator. For CFG, use the API prefixed with cfg:. Example: cfg:CreateTask or cfg:CreateTemplate.
To specify multiple operations in one statement, separate them with commas as follows:
"action":["cfg:action1","cfg:action2"]
You can also use wildcards to specify multiple operations. For example, you can specify all operations that begin with the word "Describe" as follows:
"action":["cfg:Describe*"]
If you want to specify all operations in the cloud database, use the * wildcard character as follows:
"action": ["cfg:*"]
CFG Resources
Each CAM policy statement is applicable to specific resources. The general format of resources is as follows:
qcs:project_id:service_type:region:account:resource
project_id: Describe the project information. It is only for compatibility with early CAM logic and does not need to be filled in.
service_type: product abbreviation, such as cfg
region : regional information, such as ap-guangzhou
account: root account of the resource owner, such as uin/653339763
resource: specific resource details of each product, such as instanceId/instance_id1 or instanceId/*
For example, you can specify the specific task ID (1) in the statement as follows:
"resource":[ "qcs::cfg:ap-guangzhou:uin/11111:taskid/1"]
You can also use the * wildcard character to specify all instances belonging to a specific account, as follows:
"resource":[ "qcs::cfg:ap-guangzhou:uin/11111:taskid/*"]
If you want to specify all resources, or if a particular API action does not support resource-level permissions, use the * wildcard character in the Resource element, as follows:
"resource": ["*"]
To specify multiple resources in one instruction, separate them with a comma. The following is an example of specifying two resources:
"resource":["resource1","resource2"]
The following table describes the resources that can be used by CFG and the corresponding resource description methods. The word prefixed by $ is an alias, region refers to the target region, and account refers to the account ID.
Resource | Resource Description Method in Authorization Policy |
Experiment | qcs::cfg:$region:$account:taskid/$TaskId |
Template library | qcs::cfg::$account:templateid/$TemplateId |
Custom action | qcs::cfg::$account:actionid/$ActionId |
Yes
No
Was this page helpful?