本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
SetRepositoryPolicy
搭配 AWS SDK或 使用 CLI
下列程式碼範例示範如何使用 SetRepositoryPolicy
。
動作範例是大型程式的程式碼摘錄,必須在內容中執行。您可以在下列程式碼範例的內容中看到此動作:
- CLI
-
- AWS CLI
-
設定儲存庫的儲存庫政策
下列
set-repository-policy
範例會將檔案中包含的儲存庫政策連接至cluster-autoscaler
儲存庫。aws ecr set-repository-policy \ --repository-name
cluster-autoscaler
\ --policy-textfile://my-policy.json
my-policy.json
的內容:{ "Version" : "2008-10-17", "Statement" : [ { "Sid" : "allow public pull", "Effect" : "Allow", "Principal" : "*", "Action" : [ "ecr:BatchCheckLayerAvailability", "ecr:BatchGetImage", "ecr:GetDownloadUrlForLayer" ] } ] }
輸出:
{ "registryId": "012345678910", "repositoryName": "cluster-autoscaler", "policyText": "{\n \"Version\" : \"2008-10-17\",\n \"Statement\" : [ {\n \"Sid\" : \"allow public pull\",\n \"Effect\" : \"Allow\",\n \"Principal\" : \"*\",\n \"Action\" : [ \"ecr:BatchCheckLayerAvailability\", \"ecr:BatchGetImage\", \"ecr:GetDownloadUrlForLayer\" ]\n } ]\n}" }
-
如需API詳細資訊,請參閱《 AWS CLI 命令參考》SetRepositoryPolicy
中的 。
-
- Java
-
- SDK 適用於 Java 2.x
-
注意
還有更多功能 GitHub。尋找完整範例,並了解如何在 AWS 程式碼範例儲存庫
中設定和執行。 /** * Sets the repository policy for the specified ECR repository. * * @param repoName the name of the ECR repository. * @param iamRole the IAM role to be granted access to the repository. * @throws RepositoryPolicyNotFoundException if the repository policy does not exist. * @throws EcrException if there is an unexpected error setting the repository policy. */ public void setRepoPolicy(String repoName, String iamRole) { /* This example policy document grants the specified AWS principal the permission to perform the `ecr:BatchGetImage` action. This policy is designed to allow the specified principal to retrieve Docker images from the ECR repository. */ String policyDocumentTemplate = """ { "Version" : "2012-10-17", "Statement" : [ { "Sid" : "new statement", "Effect" : "Allow", "Principal" : { "AWS" : "%s" }, "Action" : "ecr:BatchGetImage" } ] } """; String policyDocument = String.format(policyDocumentTemplate, iamRole); SetRepositoryPolicyRequest setRepositoryPolicyRequest = SetRepositoryPolicyRequest.builder() .repositoryName(repoName) .policyText(policyDocument) .build(); CompletableFuture<SetRepositoryPolicyResponse> response = getAsyncClient().setRepositoryPolicy(setRepositoryPolicyRequest); response.whenComplete((resp, ex) -> { if (resp != null) { System.out.println("Repository policy set successfully."); } else { Throwable cause = ex.getCause(); if (cause instanceof RepositoryPolicyNotFoundException) { throw (RepositoryPolicyNotFoundException) cause; } else if (cause instanceof EcrException) { throw (EcrException) cause; } else { String errorMessage = "Unexpected error: " + cause.getMessage(); throw new RuntimeException(errorMessage, cause); } } }); response.join(); }
-
如需API詳細資訊,請參閱 AWS SDK for Java 2.x API 參考SetRepositoryPolicy中的 。
-
- Kotlin
-
- SDK 適用於 Kotlin
-
注意
還有更多功能 GitHub。尋找完整範例,並了解如何在 AWS 程式碼範例儲存庫
中設定和執行。 /** * Sets the repository policy for the specified ECR repository. * * @param repoName the name of the ECR repository. * @param iamRole the IAM role to be granted access to the repository. */ suspend fun setRepoPolicy( repoName: String?, iamRole: String?, ) { val policyDocumentTemplate = """ { "Version" : "2012-10-17", "Statement" : [ { "Sid" : "new statement", "Effect" : "Allow", "Principal" : { "AWS" : "$iamRole" }, "Action" : "ecr:BatchGetImage" } ] } """.trimIndent() val setRepositoryPolicyRequest = SetRepositoryPolicyRequest { repositoryName = repoName policyText = policyDocumentTemplate } EcrClient { region = "us-east-1" }.use { ecrClient -> val response = ecrClient.setRepositoryPolicy(setRepositoryPolicyRequest) if (response != null) { println("Repository policy set successfully.") } } }
-
如需API詳細資訊,請參閱 SetRepositoryPolicy
中的 AWS SDK Kotlin API參考。
-
如需開發人員指南和程式碼範例的完整清單 AWS SDK,請參閱 ECR 搭配 使用 Amazon AWS SDK。本主題也包含入門的相關資訊,以及先前SDK版本的詳細資訊。
PushImageCmd
StartLifecyclePolicyPreview