IBM Cloud:需要更新代码引擎应用程序的服务 ID 的最低权限?
[英]IBM Cloud: Least privileges for service ID that needs to update a Code Engine app?
问题描述
I am using IBM Cloud Code Engine to deploy my containerized apps.
我正在使用 IBM Cloud Code Engine 来部署我的容器化应用程序。 Now, I would like to use a service ID (or its API key) to run a toolchain and within to update an already existing app.现在,我想使用服务 ID(或其 API 密钥)来运行工具链并在其中更新现有的应用程序。 What privileges are needed to push the new container image to a private registry and to update the app from that image?将新容器镜像推送到私有注册表并从该镜像更新应用程序需要哪些权限?
1 个解决方案
解决方案1
0 已采纳 2022-04-06 14:15:11
It seems the following privileges are needed.似乎需要以下权限。 They can be created as access policies within an IBM Cloud IAM access group .它们可以创建为IBM Cloud IAM 访问组中的访问策略。 The service ID is then added to that access group.然后将服务 ID 添加到该访问组。
- Viewer on resources limited to the resource group with the Code Engine project.资源的查看者仅限于代码引擎项目的资源组。 That way, the resource group can be set and the project be seen.这样,就可以设置资源组并查看项目。
- Operator and Writer for Container Registry, to be able to push a new container image. Container Registry 的 Operator 和 Writer,以便能够推送新的容器映像。
- Operator and Writer for Code Engine , scoped to just the project, to be able to update the app. 代码引擎的操作员和编写器,范围仅限于项目,以便能够更新应用程序。
With the above privileges my pipeline could run successfully.有了以上权限,我的管道就可以成功运行了。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.