ALIYUN::ROCKETMQ5::Acl类型用于创建访问权限。
语法
{
"Type": "ALIYUN::ROCKETMQ5::Acl",
"Properties": {
"Actions": List,
"Decision": String,
"InstanceId": String,
"ResourceName": String,
"ResourceType": String,
"Username": String,
"IpWhitelists": List
}
}属性
|
属性名称 |
类型 |
必须 |
允许更新 |
描述 |
约束 |
|
Actions |
List |
是 |
是 |
授权的操作类型。 |
无 |
|
Decision |
String |
是 |
是 |
授权的决定结果。 |
取值:
|
|
InstanceId |
String |
是 |
否 |
RocketMQ实例的ID。 |
无 |
|
ResourceName |
String |
是 |
否 |
要授予权限的资源名称。 |
无 |
|
ResourceType |
String |
是 |
否 |
要授予权限的资源类型。 |
取值:
|
|
Username |
String |
是 |
否 |
账号的用户名。 |
无 |
|
IpWhitelists |
List |
否 |
是 |
白名单中的IP地址。 |
无 |
返回值
Fn::GetAtt
-
Username:账号的用户名。
-
InstanceId:RocketMQ实例的ID。
-
Actions:授权的操作类型。
-
ResourceName:要授予权限的资源名称。
-
IpWhitelists:白名单中的IP地址。
-
ResourceType:要授予权限的资源类型。
-
Decision:授权的决定结果。
示例
ROSTemplateFormatVersion: '2015-09-01'
Parameters:
Username:
Type: String
Description:
en: The username of the account.
Required: true
InstanceId:
Type: String
Description:
en: The ID of the RocketMQ instance.
Required: true
Decision:
Type: String
Description:
en: |-
The decision result of the authorization. Valid values:
* Deny: Access is denied.
* Allow: Allow access.
AllowedValues:
- Deny
- Allow
Required: true
Actions:
Description:
en: The type of operation authorized.
Required: true
Type: Json
AssociationProperty: List[Parameter]
AssociationPropertyMetadata:
Parameter:
Type: String
Description:
en: |-
The type of operations that can be performed on the resource.
The following operations are supported for different resource types:
* Topics: Pub, Sub
* Consumer Group: Sub
* Sub: Subscribe.
* Pub: Send.
Required: true
IpWhitelists:
Description:
en: The IP addresses in the whitelist.
Required: false
Default: Null
Type: Json
AssociationProperty: List[Parameter]
AssociationPropertyMetadata:
Parameter:
Type: String
Description:
en: The IP address in the whitelist. IP addresses and CIDR blocks are supported.
Default: Null
Required: false
ResourceType:
Type: String
Description:
en: |-
The type of the resource on which you want to grant permissions. Valid values:
* Group: consumer Group.
* Topic: Topic.
AllowedValues:
- Group
- Topic
Required: true
ResourceName:
Type: String
Description:
en: The name of the resource on which you want to grant permissions.
Required: true
Resources:
ExtensionResource:
Type: ALIYUN::ROCKETMQ5::Acl
Properties:
Username:
Ref: Username
InstanceId:
Ref: InstanceId
Decision:
Ref: Decision
Actions:
Ref: Actions
IpWhitelists:
Ref: IpWhitelists
ResourceType:
Ref: ResourceType
ResourceName:
Ref: ResourceName
Outputs:
Username:
Value:
Fn::GetAtt:
- ExtensionResource
- Username
Description: The username of the account.
InstanceId:
Value:
Fn::GetAtt:
- ExtensionResource
- InstanceId
Description: The ID of the RocketMQ instance.
Decision:
Value:
Fn::GetAtt:
- ExtensionResource
- Decision
Description: 'The decision result of the authorization. '
Actions:
Value:
Fn::GetAtt:
- ExtensionResource
- Actions
Description: The type of operation authorized.
IpWhitelists:
Value:
Fn::GetAtt:
- ExtensionResource
- IpWhitelists
Description: The IP addresses in the whitelist.
ResourceType:
Value:
Fn::GetAtt:
- ExtensionResource
- ResourceType
Description: The type of the resource on which you want to grant permissions.
ResourceName:
Value:
Fn::GetAtt:
- ExtensionResource
- ResourceName
Description: The name of the resource on which you want to grant permissions.
{
"ROSTemplateFormatVersion": "2015-09-01",
"Parameters": {
"Username": {
"Type": "String",
"Description": {
"en": "The username of the account."
},
"Required": true
},
"InstanceId": {
"Type": "String",
"Description": {
"en": "The ID of the RocketMQ instance."
},
"Required": true
},
"Decision": {
"Type": "String",
"Description": {
"en": "The decision result of the authorization. Valid values:\n* Deny: Access is denied.\n* Allow: Allow access."
},
"AllowedValues": [
"Deny",
"Allow"
],
"Required": true
},
"Actions": {
"Description": {
"en": "The type of operation authorized."
},
"Required": true,
"Type": "Json",
"AssociationProperty": "List[Parameter]",
"AssociationPropertyMetadata": {
"Parameter": {
"Type": "String",
"Description": {
"en": "The type of operations that can be performed on the resource.\nThe following operations are supported for different resource types:\n* Topics: Pub, Sub\n* Consumer Group: Sub\n* Sub: Subscribe.\n* Pub: Send."
},
"Required": true
}
}
},
"IpWhitelists": {
"Description": {
"en": "The IP addresses in the whitelist."
},
"Required": false,
"Default": null,
"Type": "Json",
"AssociationProperty": "List[Parameter]",
"AssociationPropertyMetadata": {
"Parameter": {
"Type": "String",
"Description": {
"en": "The IP address in the whitelist. IP addresses and CIDR blocks are supported."
},
"Default": null,
"Required": false
}
}
},
"ResourceType": {
"Type": "String",
"Description": {
"en": "The type of the resource on which you want to grant permissions. Valid values:\n* Group: consumer Group.\n* Topic: Topic."
},
"AllowedValues": [
"Group",
"Topic"
],
"Required": true
},
"ResourceName": {
"Type": "String",
"Description": {
"en": "The name of the resource on which you want to grant permissions."
},
"Required": true
}
},
"Resources": {
"ExtensionResource": {
"Type": "ALIYUN::ROCKETMQ5::Acl",
"Properties": {
"Username": {
"Ref": "Username"
},
"InstanceId": {
"Ref": "InstanceId"
},
"Decision": {
"Ref": "Decision"
},
"Actions": {
"Ref": "Actions"
},
"IpWhitelists": {
"Ref": "IpWhitelists"
},
"ResourceType": {
"Ref": "ResourceType"
},
"ResourceName": {
"Ref": "ResourceName"
}
}
}
},
"Outputs": {
"Username": {
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"Username"
]
},
"Description": "The username of the account."
},
"InstanceId": {
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"InstanceId"
]
},
"Description": "The ID of the RocketMQ instance."
},
"Decision": {
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"Decision"
]
},
"Description": "The decision result of the authorization. "
},
"Actions": {
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"Actions"
]
},
"Description": "The type of operation authorized."
},
"IpWhitelists": {
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"IpWhitelists"
]
},
"Description": "The IP addresses in the whitelist."
},
"ResourceType": {
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"ResourceType"
]
},
"Description": "The type of the resource on which you want to grant permissions."
},
"ResourceName": {
"Value": {
"Fn::GetAtt": [
"ExtensionResource",
"ResourceName"
]
},
"Description": "The name of the resource on which you want to grant permissions."
}
}
}该文章对您有帮助吗?