forked from kubernetes/cloud-provider-alibaba-cloud
-
Notifications
You must be signed in to change notification settings - Fork 0
/
master.policy
163 lines (163 loc) · 5.64 KB
/
master.policy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
{
"Version": "1",
"Statement": [
{
"Action": [
"ecs:Describe*",
"ecs:CreateRouteEntry",
"ecs:DeleteRouteEntry",
"ecs:CreateNetworkInterface",
"ecs:DeleteNetworkInterface",
"ecs:CreateNetworkInterfacePermission",
"ecs:DeleteNetworkInterfacePermission",
"ecs:ModifyInstanceAttribute",
"ecs:AttachKeyPair",
"ecs:StopInstance",
"ecs:StartInstance",
"ecs:ReplaceSystemDisk"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": "nlb:*",
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"slb:Describe*",
"slb:CreateLoadBalancer",
"slb:DeleteLoadBalancer",
"slb:ModifyLoadBalancerInternetSpec",
"slb:RemoveBackendServers",
"slb:AddBackendServers",
"slb:RemoveTags",
"slb:AddTags",
"slb:StopLoadBalancerListener",
"slb:StartLoadBalancerListener",
"slb:SetLoadBalancerHTTPListenerAttribute",
"slb:SetLoadBalancerHTTPSListenerAttribute",
"slb:SetLoadBalancerTCPListenerAttribute",
"slb:SetLoadBalancerUDPListenerAttribute",
"slb:CreateLoadBalancerHTTPSListener",
"slb:CreateLoadBalancerHTTPListener",
"slb:CreateLoadBalancerTCPListener",
"slb:CreateLoadBalancerUDPListener",
"slb:DeleteLoadBalancerListener",
"slb:CreateVServerGroup",
"slb:DescribeVServerGroups",
"slb:DeleteVServerGroup",
"slb:SetVServerGroupAttribute",
"slb:DescribeVServerGroupAttribute",
"slb:ModifyVServerGroupBackendServers",
"slb:AddVServerGroupBackendServers",
"slb:ModifyLoadBalancerInstanceSpec",
"slb:ModifyLoadBalancerInternetSpec",
"slb:SetLoadBalancerModificationProtection",
"slb:SetLoadBalancerDeleteProtection",
"slb:SetLoadBalancerName",
"slb:RemoveVServerGroupBackendServers"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"vpc:Describe*",
"vpc:DeleteRouteEntry",
"vpc:CreateRouteEntry"
],
"Resource": [
"*"
],
"Effect": "Allow"
},
{
"Action": [
"log:AnalyzeProductLog",
"log:CreateIndex",
"log:UpdateIndex",
"log:DeleteIndex",
"log:CreateLogStore",
"log:UpdateLogStore",
"log:DeleteLogStore",
"log:CreateDashboard",
"log:UpdateDashboard",
"log:DeleteDashboard"
],
"Resource": [
"acs:log:*:*:project/*/logstore/alb_*",
"acs:log:*:*:project/*/dashboard/*"
],
"Effect": "Allow"
},
{
"Action": [
"alb:TagResources",
"alb:UnTagResources",
"alb:ListServerGroups",
"alb:ListServerGroupServers",
"alb:AddServersToServerGroup",
"alb:RemoveServersFromServerGroup",
"alb:ReplaceServersInServerGroup",
"alb:CreateLoadBalancer",
"alb:DeleteLoadBalancer",
"alb:UpdateLoadBalancerAttribute",
"alb:UpdateLoadBalancerEdition",
"alb:EnableLoadBalancerAccessLog",
"alb:DisableLoadBalancerAccessLog",
"alb:EnableDeletionProtection",
"alb:DisableDeletionProtection",
"alb:ListLoadBalancers",
"alb:GetLoadBalancerAttribute",
"alb:ListListeners",
"alb:CreateListener",
"alb:GetListenerAttribute",
"alb:UpdateListenerAttribute",
"alb:ListListenerCertificates",
"alb:AssociateAdditionalCertificatesWithListener",
"alb:DissociateAdditionalCertificatesFromListener",
"alb:DeleteListener",
"alb:CreateRule",
"alb:DeleteRule",
"alb:UpdateRuleAttribute",
"alb:CreateRules",
"alb:UpdateRulesAttribute",
"alb:DeleteRules",
"alb:ListRules",
"alb:CreateServerGroup",
"alb:DeleteServerGroup",
"alb:UpdateServerGroupAttribute",
"alb:DescribeZones"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:CreateServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": [
"alb.aliyuncs.com",
"logdelivery.alb.aliyuncs.com"
]
}
}
},
{
"Action": [
"yundun-cert:DescribeSSLCertificateList",
"yundun-cert:DescribeSSLCertificatePublicKeyDetail"
],
"Resource": "*",
"Effect": "Allow"
}
]
}