Security Rules
The interfaces of Security Rules can be called via commonService .
Permission Categories (The first 4 types below are simple permissions, while CUSTOM is specific to security rules)
- READONLY: Readable by all users, writable only by the creator and administrators
- PRIVATE: Readable and writable only by the creator and administrators
- ADMINWRITE: Readable by all users, writable only by administrators
- ADMINONLY: Readable and writable only by administrators
- CUSTOM: Custom security rules
Get database simple permissions
1. Interface Description
Interface function: Get database simple permissions
Interface declaration: manager.commonService().call({Action: 'DescribeDatabaseACL',Param: {}}): Promise<Object>
⚠️ Starting from version 3.0.0, commonService is used as a method with request parameters (service?: string, version?: string), which constitutes a breaking change.
2. Input Parameters
| Field | Required | Type | Description |
|---|---|---|---|
| Action | Yes | String | Interface name |
| Param | Yes | Object | Interface parameters |
Param Field Description
| Field | Required | Type | Description |
|---|---|---|---|
| CollectionName | Yes | String | Collection name |
| EnvId | Yes | String | Environment ID |
3. Response
| Field | Required | Type | Description |
|---|---|---|---|
| RequestId | Yes | String | Request unique identifier |
| AclTag | No | String | Permission category |
4. Sample Code
const cloudbaseConfig = {
secretId: "Your SecretId",
secretKey: "Your SecretKey",
envId: "Your envId", // CloudBase environment ID, obtain from the Tencent CloudBase Console
};
let manager = new CloudBase(cloudbaseConfig);
async function test() {
const res = await manager.commonService().call({
Action: "DescribeDatabaseACL",
Param: {
CollectionName: "xxx",
EnvId: cloudbaseConfig.envId,
},
});
console.log(res.AclTag); // Print permission category
}
test();
Update database simple permissions
1. Interface Description
Interface function: Update database simple permissions
Interface declaration: manager.commonService().call({Action: 'ModifyDatabaseACL',Param: {}}): Promise<Object>
⚠️ Starting from version 3.0.0, commonService is used as a method with request parameters (service?: string, version?: string), which constitutes a breaking change.
2. Input Parameters
| Field | Required | Type | Description |
|---|---|---|---|
| Action | Yes | String | Interface name |
| Param | Yes | Object | Interface parameters |
Param Field Description
| Field | Required | Type | Description |
|---|---|---|---|
| CollectionName | Yes | String | Collection name |
| AclTag | Yes | String | Simple database permissions: READONLY, PRIVATE, ADMINWRITE, ADMINONLY |
| EnvId | Yes | String | Environment ID |
3. Response
| Field | Required | Type | Description |
|---|---|---|---|
| RequestId | String | Yes | Request unique identifier |
4. Sample Code
const cloudbaseConfig = {
secretId: "Your SecretId",
secretKey: "Your SecretKey",
envId: "Your envId", // CloudBase environment ID, obtain from the Tencent CloudBase Console
};
let manager = new CloudBase(cloudBaseConfig);
async function test() {
const res = await manager.commonService().call({
Action: "ModifyDatabaseACL",
Param: {
CollectionName: "xxx",
EnvId: cloudbaseConfig.envId,
AclTag: "PRIVATE",
},
});
console.log(res);
}
test();
Set up Database Security Rules
1. Interface Description
Function: Set database security rules
Interface declaration: manager.commonService().call({Action: 'ModifySafeRule',Param: {}}): Promise<Object>
⚠️ Starting from version 3.0.0, commonService is used as a method with request parameters (service?: string, version?: string), which constitutes a breaking change.
2. Input Parameters
| Field | Required | Type | Description |
|---|---|---|---|
| Action | Yes | String | Interface name |
| Param | Yes | Object | Interface parameters |
Param Field Description
| Field | Required | Type | Description |
|---|---|---|---|
| CollectionName | Yes | String | Collection name |
| EnvId | Yes | String | Environment ID |
| AclTag | Yes | String | Permission category |
| Rule | No | String | Required when the permission category is set to CUSTOM (Database Security Rules Document) |
3. Response
| Field | Required | Type | Description |
|---|---|---|---|
| RequestId | Yes | String | Request unique identifier |
4. Sample Code
const cloudbaseConfig = {
secretId: "Your SecretId",
secretKey: "Your SecretKey",
envId: "Your envId", // CloudBase environment ID, obtain from the Tencent CloudBase Console
};
let manager = new CloudBase(cloudBaseConfig);
async function test() {
const res = await manager.commonService().call({
Action: "ModifySafeRule",
Param: {
CollectionName: "coll-1",
AclTag: "CUSTOM",
EnvId: "xxx",
Rule: JSON.stringify({
read: true,
write: "doc._openid == auth.openid",
}),
},
});
console.log(res);
}
test();
Query Database Security Rules
1. Interface Description
Function: Query database security rules
Interface declaration: manager.commonService().call({Action: 'DescribeSafeRule',Param: {}}): Promise<Object>
⚠️ Starting from version 3.0.0, commonService is used as a method with request parameters (service?: string, version?: string), which constitutes a breaking change.
2. Input Parameters
| Field | Required | Type | Description |
|---|---|---|---|
| Action | Yes | String | Interface name |
| Param | Yes | Object | Interface parameters |
Param Field Description
| Field | Required | Type | Description |
|---|---|---|---|
| CollectionName | Yes | String | Collection name |
| EnvId | Yes | String | Environment ID |
3. Response
| Field | Required | Type | Description |
|---|---|---|---|
| RequestId | Yes | String | Request unique identifier |
| AclTag | Yes | String | Permission category |
| Rule | Yes | String or null | Security rule |
4. Sample Code
const cloudbaseConfig = {
secretId: "Your SecretId",
secretKey: "Your SecretKey",
envId: "Your envId", // CloudBase environment ID, obtain from the Tencent CloudBase Console
};
let manager = new CloudBase(cloudBaseConfig);
async function test() {
const res = await manager.commonService().call({
Action: "DescribeSafeRule",
Param: {
CollectionName: "coll-1",
EnvId: cloudbaseConfig.envId,
},
});
console.log(res.AclTag);
console.log(res.Rule);
}
test();
Set up Cloud Function Security Rules
1. Interface Description
Function: Set up Cloud Function Security Rules
Interface declaration: manager.commonService().call({Action: 'ModifySecurityRule',Param: {}}): Promise<Object>
⚠️ Starting from version 3.0.0, commonService is used as a method with request parameters (service?: string, version?: string), which constitutes a breaking change.
2. Input Parameters
| Field | Required | Type | Description |
|---|---|---|---|
| Action | Yes | String | Interface name |
| Param | Yes | Object | Interface parameters |
Param Field Description
| Field | Required | Type | Description |
|---|---|---|---|
| AclTag | Yes | String | Enter CUSTOM here |
| EnvId | Yes | String | Environment ID |
| ResourceType | Yes | String | Enter FUNCTION here |
| Rule | Yes | String | Refer to the Cloud Function Security Rules Documentation |
3. Response
| Field | Required | Type | Description |
|---|---|---|---|
| RequestId | Yes | String | Request unique identifier |
4. Sample Code
const manager = new CloudBase({
secretId: "Your SecretId",
secretKey: "Your SecretKey",
envId: "Your envId", // CloudBase environment ID, obtain from the Tencent CloudBase Console
});
const { env } = manager;
async function test() {
const res = await manager.commonService().call({
Action: "ModifySecurityRule",
Param: {
AclTag: "CUSTOM",
EnvId: envId,
ResourceType: "FUNCTION",
Rule: JSON.stringify({
"*": {
invoke: true,
},
}),
},
});
console.log(res);
}
test();
Query Cloud Function Security Rules
1. Interface Description
Function: Query Cloud Function Security Rules
Interface declaration: manager.commonService().call({Action: 'DescribeSecurityRule',Param: {}}): Promise<Object>
⚠️ Starting from version 3.0.0, commonService is used as a method with request parameters (service?: string, version?: string), which constitutes a breaking change.
2. Input Parameters
| Field | Required | Type | Description |
|---|---|---|---|
| Action | Yes | String | Interface name |
| Param | Yes | Object | Interface parameters |
Param Field Description
| Field | Required | Type | Description |
|---|---|---|---|
| ResourceType | Yes | String | Enter FUNCTION here |
| EnvId | Yes | String | Environment ID |
3. Response
| Field | Required | Type | Description |
|---|---|---|---|
| RequestId | Yes | String | Request unique identifier |
| AclTag | Yes | String | Permission category |
| Rule | Yes | String or null | Security rule |
4. Sample Code
const cloudbaseConfig = {
secretId: "Your SecretId",
secretKey: "Your SecretKey",
envId: "Your envId", // CloudBase environment ID, obtain from the Tencent CloudBase Console
};
let manager = new CloudBase(cloudBaseConfig);
async function test() {
const res = await manager.commonService().call({
Action: "DescribeSecurityRule",
Param: {
EnvId: "hello-tcb-9glo12vd5bd3bd0d",
ResourceType: "FUNCTION",
},
});
console.log(res.AclTag);
console.log(res.Rule);
}
test();
Set up Storage Security Rules
1. Interface Description
Function: Set storage security rules
Interface declaration: manager.commonService().call({Action: 'ModifyStorageSafeRule',Param: {}}): Promise<Object>
⚠️ Starting from version 3.0.0, commonService is used as a method with request parameters (service?: string, version?: string), which constitutes a breaking change.
2. Input Parameters
| Field | Required | Type | Description |
|---|---|---|---|
| Action | Yes | String | Interface name |
| Param | Yes | Object | Interface parameters |
Param Field Description
| Field | Required | Type | Description |
|---|---|---|---|
| Bucket | Yes | String | Bucket name |
| AclTag | Yes | String | Permission category |
| EnvId | Yes | String | Environment ID |
| Rule | No | String | Set this field when the permission category is CUSTOM. Storage Security Rules Documentation |
3. Response
| Field | Required | Type | Description |
|---|---|---|---|
| RequestId | Yes | String | Request unique identifier |
4. Sample Code
const manager = new CloudBase({
secretId: "Your SecretId",
secretKey: "Your SecretKey",
envId: "Your envId", // CloudBase environment ID, obtain from the Tencent CloudBase Console
});
const { env } = manager;
// First get the bucket name
const {
EnvInfo: { Storages },
} = await env.getEnvInfo();
const { Bucket } = Storages[0];
async function test() {
const res = await manager.commonService().call({
Action: "ModifyStorageSafeRule",
Param: {
Bucket,
AclTag: "CUSTOM",
EnvId: envId,
Rule: JSON.stringify({
read: true,
write: "resource.openid == auth.uid",
}),
},
});
console.log(res);
}
test();
Query Storage Security Rules
1. Interface Description
Function: Query storage security rules
Interface declaration: manager.commonService().call({Action: 'DescribeStorageSafeRule',Param: {}}): Promise<Object>
⚠️ Starting from version 3.0.0, commonService is used as a method with request parameters (service?: string, version?: string), which constitutes a breaking change.
2. Input Parameters
| Field | Required | Type | Description |
|---|---|---|---|
| Action | Yes | String | Interface name |
| Param | Yes | Object | Interface parameters |
Param Field Description
| Field | Required | Type | Description |
|---|---|---|---|
| Bucket | Yes | String | Bucket name |
| EnvId | Yes | String | Environment ID |
3. Response
| Field | Required | Type | Description |
|---|---|---|---|
| RequestId | Yes | String | Request unique identifier |
| AclTag | Yes | String | Permission category |
| Rule | Yes | String or null | Security rule |
4. Sample Code
const cloudbaseConfig = {
secretId: "Your SecretId",
secretKey: "Your SecretKey",
envId: "Your envId", // CloudBase environment ID, obtain from the Tencent CloudBase Console
};
let manager = new CloudBase(cloudBaseConfig);
async function test() {
const res = await manager.commonService().call({
Action: "DescribeStorageSafeRule",
Param: {
Bucket: "xxx",
EnvId: cloudBaseConfig.envId,
},
});
console.log(res.AclTag);
console.log(res.Rule);
}
test();
Querying the Status of Asynchronous Tasks for Modifying Storage Security Rules
1. Interface Description
Function: Query the status of asynchronous tasks for modifying storage security rules
Interface declaration: manager.commonService().call({Action: 'DescribeCDNChainTask',Param: {}}): Promise<Object>
⚠️ Starting from version 3.0.0, commonService is used as a method with request parameters (service?: string, version?: string), which constitutes a breaking change.
2. Input Parameters
| Field | Required | Type | Description |
|---|---|---|---|
| Action | Yes | String | Interface name |
| Param | Yes | Object | Interface parameters |
Param Field Description
| Field | Required | Type | Description |
|---|---|---|---|
| Bucket | Yes | String | Bucket name |
| EnvId | Yes | String | Environment ID |
3. Response
| Field | Required | Type | Description |
|---|---|---|---|
| RequestId | Yes | String | Request unique identifier |
| Status | Required | String | Status of the enable/disable hotlink protection task. Values: WAITING, PENDING, FINISHED, ERROR |
4. Sample Code
const cloudbaseConfig = {
secretId: "Your SecretId",
secretKey: "Your SecretKey",
envId: "Your envId", // CloudBase environment ID, obtain from the Tencent CloudBase Console
};
let manager = new CloudBase(cloudBaseConfig);
async function test() {
// Get environment information Retrieve bucket
const {
EnvInfo: { Storages },
} = await env.getEnvInfo();
console.log(Storages);
const { Bucket } = Storages[0];
const res = await manager.commonService().call({
Action: "ModifyStorageSafeRule",
Param: {
Bucket,
AclTag: "CUSTOM",
EnvId: envId,
Rule: JSON.stringify({
read: true,
write: "resource.openid == auth.uid",
}),
},
});
console.log(res);
expect(res.RequestId !== undefined).toBe(true);
let status = "";
do {
status = (
await commonService.call({
Action: "DescribeCDNChainTask",
Param: {
Bucket,
EnvId: envId,
},
})
).Status;
console.log(status);
} while (status !== "FINISHED" && status !== "ERROR");
}
test();