Gérer votre politique d’accès API

Vous pouvez gérer la politique d’accès API de votre compte pour définir une durée de vie maximale possible qui s’appliquera pour toutes vos access keys. Dans ce cas, chacune de vos access keys doit impérativement avoir une date d’expiration, et aucune durée de vie ne peut dépasser la valeur de la durée de vie maximale possible.

La limite autorisée pour la durée de vie maximale possible est de 3153600000 secondes (100 ans).

Modifier votre politique d’accès API avec OSC CLI

Obtenir des informations sur votre politique d’accès API

À ce jour, cette section est disponible en anglais uniquement.

The ReadApiAccessPolicy command gets information about the API access policy of your account.

For more information, see About Your API Access Policy.

Request sample: Example with access key/secret key authentication
$ osc-cli api ReadApiAccessPolicy --profile "default"
Request sample: Example with login/password authentication
$ osc-cli api ReadApiAccessPolicy --profile "default" --authentication-method "password" --login "$OSC_EMAIL" --password "$OSC_PASSWORD"

This command contains the following attributes that you need to specify:

  • DryRun: (optional) If true, checks whether you have the required permissions to perform the action.

The ReadApiAccessPolicy command returns the following elements:

  • ApiAccessPolicy: Information about the API access policy.

    • MaxAccessKeyExpirationSeconds: The maximum possible lifetime for your access keys, in seconds. If 0, your access keys can have unlimited lifetimes.

    • RequireTrustedEnv: If true, a trusted session is activated, allowing you to bypass Certificate Authorities (CAs) enforcement. For more information, see About Your API Access Policy.
      If this is enabled, it is required that you and all your users log in to Cockpit v2 using the WebAuthn method for multi-factor authentication. For more information, see About Authentication > Multi-Factor Authentication.

  • ResponseContext: Information about the context of the response.

    • RequestId: The ID of the request.

Result sample
{
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  },
  "ApiAccessPolicy": {
    "RequireTrustedEnv": false,
    "MaxAccessKeyExpirationSeconds": 0
  }
}

Modifier votre politique d’accès API

À ce jour, cette section est disponible en anglais uniquement.

The UpdateApiAccessPolicy command updates the API access policy of your account.

Only one API access policy can be associated with your account.

Request sample: Require expiration dates of maximum 1 year
$ osc-cli api UpdateApiAccessPolicy --profile "default" \
    --MaxAccessKeyExpirationSeconds 31536000 \
    --RequireTrustedEnv False
Request sample: Require expiration dates of maximum 100 years and activate a trusted session
$ osc-cli api UpdateApiAccessPolicy --profile "default" \
    --MaxAccessKeyExpirationSeconds 3153600000 \
    --RequireTrustedEnv True
Request sample: Do not require expiration dates and deactivate a trusted session
$ osc-cli api UpdateApiAccessPolicy --profile "default" \
    --MaxAccessKeyExpirationSeconds 0 \
    --RequireTrustedEnv False
Request sample: Example with login/password authentication
$ osc-cli api UpdateApiAccessPolicy --profile "default" --authentication-method "password" --login "$OSC_EMAIL" --password "$OSC_PASSWORD" \
    --MaxAccessKeyExpirationSeconds 0 \
    --RequireTrustedEnv False

This command contains the following attributes that you need to specify:

  • DryRun: (optional) If true, checks whether you have the required permissions to perform the action.

  • MaxAccessKeyExpirationSeconds: The maximum possible lifetime for your access keys, in seconds (between 0 and 3153600000, both included). If set to O, your access keys can have unlimited lifetimes, but a trusted session cannot be activated. Otherwise, all your access keys must have an expiration date. This value must be greater than the remaining lifetime of each access key of your account.

  • RequireTrustedEnv: If true, a trusted session is activated, provided that you specify the MaxAccessKeyExpirationSeconds parameter with a value greater than 0.
    Enabling this will require you and all your users to log in to Cockpit v2 using the WebAuthn method for multi-factor authentication. For more information, see About Authentication > Multi-Factor Authentication.

The UpdateApiAccessPolicy command returns the following elements:

  • ApiAccessPolicy: Information about the API access policy.

    • MaxAccessKeyExpirationSeconds: The maximum possible lifetime for your access keys, in seconds. If 0, your access keys can have unlimited lifetimes.

    • RequireTrustedEnv: If true, a trusted session is activated, allowing you to bypass Certificate Authorities (CAs) enforcement. For more information, see About Your API Access Policy.
      If this is enabled, it is required that you and all your users log in to Cockpit v2 using the WebAuthn method for multi-factor authentication. For more information, see About Authentication > Multi-Factor Authentication.

  • ResponseContext: Information about the context of the response.

    • RequestId: The ID of the request.

Result sample: Require expiration dates of maximum 1 year
{
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  },
  "ApiAccessPolicy": {
    "RequireTrustedEnv": false,
    "MaxAccessKeyExpirationSeconds": 31536000
  }
}
Result sample: Require expiration dates of maximum 100 years and activate a trusted session
{
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  },
  "ApiAccessPolicy": {
    "RequireTrustedEnv": true,
    "MaxAccessKeyExpirationSeconds": 3153600000
  }
}
Result sample: Do not require expiration dates and deactivate a trusted session
{
  "ResponseContext": {
    "RequestId": "0475ca1e-d0c5-441d-712a-da55a4175157"
  },
  "ApiAccessPolicy": {
    "RequireTrustedEnv": false,
    "MaxAccessKeyExpirationSeconds": 0
  }
}

Page connexe

Méthodes API correspondantes