Tencent Kubernetes Engine Distributed Cloud Center
Last updated: 2025-12-04 09:14:27
Fundamental information
| Product | Abbreviation in CAM | Console | Authorization by Tag | Authorization Granularity | IP Restriction |
|---|---|---|---|---|---|
| tencent distributed cloud center | tdcc | Supported | Supported | Resource level | Supported |
Note:
The authorization granularity of cloud products is divided into three levels: service level, operation level, and resource level, based on the degree of granularity.
- Service level: It defines whether a user has the permission to access the service as a whole. A user can have either full access or no access to the service. For the authorization granularity of cloud products at service level, the authorization of specific APIs are not supported.
- Operation level: It defines whether a user has the permission to call a specific API of the service. For example, granting an account read-only access to the CVM service is an authorization at the operation level.
- Resource level: It is the finest authorization granularity which defines whether a user has the permission to access specific resources. For example, granting an account read/write access to a specific CVM instance is an authorization at the resource level.
API authorization granularity
Two authorization granularity levels of API are supported: resource level, and operation level.
- Resource level: It supports the authorization of a specific resource.
- Operation level: It does not support the authorization of a specific resource. If the policy syntax restricts a specific resource during authorization, CAM will determine that this API is not within the scope of authorization, and deem it as unauthorized.
Write operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| AcquireClusterAdminRole | acquire cluster admin role | Resource level | qcs::tdcc::uin/${uin}:cluster/${ClusterId} | Supported |
| CreateAnywhereTunnel | create anywhere reverse proxy | Resource level | qcs::tdcc::uin/${uin}:hub/${ClusterId} | Supported |
| CreateExternalCluster | create TDCC external cluster | Operation level | * | Supported |
| CreateHubCluster | create TDCC hub cluster | Operation level | * | Supported |
| DeleteAnywhereTunnel | delete reverse proxy tunnel | Resource level | qcs::tdcc::uin/${uin}:hub/${ClusterId} | Supported |
| DeleteExternalCluster | delete external cluster | Resource level | qcs::tdcc::uin/${uin}:cluster/${ClusterId} | Supported |
| DeleteHubCluster | delete TDCC hub cluster | Resource level | qcs::tdcc::uin/${uin}:cluster/${ClusterId} | Supported |
| InstallLogAgent | install log agent on external cluster | Resource level | qcs::tdcc::uin/:cluster/${ClusterId} | Supported |
| OpenPaasPlatform | Open TDCC PaaS platform | Resource level | qcs::tdcc::uin/:cluster/${ClusterId} | Supported |
| RegisterClusters | auto register tke clusters | Operation level | * | Supported |
| UninstallLogAgent | remove log agent from external cluster | Resource level | qcs::tdcc::uin/:cluster/${ClusterId} | Supported |
| UpdateClusterKubeconfig | update custer kubeconfig | Resource level | qcs::tdcc::uin/${uin}:cluster/${ClusterId} | Supported |
| UpdateExternalCluster | update external cluster | Resource level | qcs::tdcc::uin/${uin}:cluster/${ClusterId} | Supported |
| UpdateHubCluster | update hub cluster | Resource level | qcs::tdcc::uin/${uin}:cluster/${ClusterId} | Supported |
| UpdateServiceVendor | Update the service vendor for the specific cluster | Resource level | qcs::tdcc::uin/:cluster/${ClusterId} | Supported |
Read operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| DescribeAnywhereComponentStatus | describe anywhere component status | Resource level | qcs::tdcc::uin/${uin}:cluster/${ClusterId} | Supported |
| DescribeAnywhereTunnelRegistration | describe anywhere tunnel registration | Resource level | qcs::tdcc::uin/${uin}:hub/${ClusterId} | Supported |
| DescribeAnywhereTunnels | describe reverse proxy tunnels | Resource level | qcs::tdcc::uin/${uin}:hub/${ClusterId} | Supported |
| DescribeAvailableAnywhereVersions | describe avaliable anywhere version info | Resource level | qcs::tdcc::uin/${uin}:cluster/${ClusterId} | Supported |
| DescribeClusterCommonNames | describe cluster common names | Resource level | qcs::tdcc::uin/${uin}:cluster/${ClusterId} | Supported |
| DescribeClusterMetricData | describe external cluster metric data | Operation level | * | Supported |
| DescribeClusterStatus | describe cluster status | Resource level | qcs::tdcc::uin/:cluster/${ClusterId} | Supported |
| DescribeExternalClusterSpec | describe external cluster spec | Resource level | qcs::tdcc::uin/${uin}:cluster/${ClusterId} | Supported |
| DescribeHubClusterCredential | get hub cluster credential detail | Resource level | qcs::tdcc::uin/${uin}:cluster/${ClusterId} | Supported |
| DescribeLogSwitches | list log switchs on external cluster | Resource level | qcs::tdcc::uin/:cluster/${ClusterId} | Supported |
| DescribePolicies | describe policies | Resource level | qcs::tdcc::uin/:hub/${ClusterId} | Supported |
| DescribeRoles | describe roles | Resource level | qcs::tdcc::uin/:hub/${ClusterId} | Supported |
| DescribeServiceInstances | Describe service instances | Resource level | qcs::tdcc::uin/:cluster/${ClusterId} | Supported |
| DescribeServicePlans | Describe service plans from the PaaS platform | Resource level | qcs::tdcc::uin/:cluster/${ClusterId} | Supported |
| DescribeServiceVendors | Describe service vendors from the PaaS platform | Resource level | qcs::tdcc::uin/:cluster/${ClusterId} | Supported |
| DescribeUsers | describe users | Resource level | qcs::tdcc::uin/:hub/${ClusterId} | Supported |
| ListClusterCertificates | List user certificates in cluster | Resource level | qcs::tdcc::uin/${uin}:cluster/${ClusterId} | Supported |
| ValidateAnywhereCluster | validate anywhere cluster | Resource level | qcs::tdcc::uin/:cluster/${ClusterId} | Supported |
List Operations
| API | API Description | Authorization Granularity | Six-segment Resource Description | IP Restriction |
|---|---|---|---|---|
| DescribeExternalClusters | Describe external cluster list | Resource level | qcs::tdcc::uin/${uin}:cluster/${clusterId} | Supported |
| DescribeHubClusters | List all Hub Clusters | Resource level | qcs::tdcc::uin/${uin}:cluster/${ClusterId} | Supported |
| DescribeOpenStatus | DescribeOpenStatus | Operation level | * | Supported |
| ForwardRequestTDCC | ForwardRequestTDCC | Operation level | * | Supported |
| ForwardRequestTDCCApp | ForwardRequestTDCCApp | Operation level | * | Supported |
| GetAppChartList | GetAppChartList | Operation level | * | Supported |
| ListRegion | ListRegion | Operation level | * | Supported |
Was this page helpful?
You can also Contact Sales or Submit a Ticket for help.
Yes
No
Feedback