All Products
Search
Document Center

Enterprise Distributed Application Service:Configure permissions for service testing in the RAM console

Last Updated:Aug 17, 2023

To test a service, you must create a service consumer (client-side application), and use the service consumer to call the service provider (server-side application) that is deployed in your virtual private cloud (VPC). This topic describes how to grant a Resource Access Management (RAM) user the permissions that are required to test a service.

Before you begin

When you test a service as a RAM user, Alibaba Cloud performs RAM authentication to check whether the RAM user is granted the required permissions. Therefore, you must replace the permissions defined by Enterprise Distributed Application Service (EDAS) with RAM permissions. For more information, see Replace EDAS-defined permissions with RAM policies.

Create a custom policy in the RAM console and attach the policy to a RAM user

To test a service, a RAM user must be granted the following permissions: edas:ReadService and edas:TestService.

  1. Log on to the RAM console with an Alibaba Cloud account.

  2. In the left-side navigation pane, choose Permissions > Policies.

  3. On the Policies page, click Create Policy.

  4. On the Create Policy page, click the JSON tab.
  5. In the code editor, enter a custom policy and click Next to edit policy information.

    The following example shows the code of a sample policy:

    {
        "Statement": [
            {
                "Action": [
                    "edas:ReadService"
                ],
                "Effect": "Allow",
                "Resource": [
                    "acs:edas:$regionid:*:namespace/$namespace/application/$applicationId"
                ]
            },
            {
                "Action": [
                    "edas:TestService"
                ],
                "Effect": "Allow",
                "Resource": [
                    "acs:edas:$regionid:*:namespace/$namespace/application/$applicationId"
                ]
            }
        ],
        "Version": "1"
    }
    Note

    Replace $namespace and $applicationId with the microservices namespace and ID of the application that you want to test. To test applications in all microservices namespaces, replace both $namespace and $applicationId with an asterisk (*).

  6. Edit the basic information and click OK.

    If the Created message appears, the custom policy is created.

  7. Attach the custom policy to a RAM user. For more information, see Grant permissions to RAM users.