To test a service, you must create a service consumer (client-side application), and use the service consumer to call the service provider (server-side application) that is deployed in your virtual private cloud (VPC). This topic describes how to grant a RAM user the permissions that are required to test a service.

Prerequisites

When you test a service, Alibaba Cloud performs RAM authentication to check whether the RAM user is authorized. Therefore, you must replace the built-in permissions provided by Enterprise Distributed Application Service (EDAS) with RAM permissions. For more information, see Replace EDAS-defined permissions with RAM policies.

Create a custom policy in the RAM console and attach the policy to a RAM user

To test a service, a RAM user must be granted the following permissions: edas:ReadService and edas:TestService.

  1. Log on to the RAM console.
  2. In the left-side navigation pane, choose Permissions > Policies.
  3. On the Policies page, click Create Policy.
  4. On the Create Custom Policy page, set the Policy Name parameter, select Script for the Configuration Mode parameter, enter the policy content in the Policy Document field, and then click OK.
    Create a custom policy

    In this example, the following custom policy is created for service testing:

    {
        "Statement": [
            {
                "Action": [
                    "edas:ReadService"
                ],
                "Effect": "Allow",
                "Resource": [
                    "acs:edas:$regionid:*:namespace/$namespace/application/$applicationId"
                ]
            },
            {
                "Action": [
                    "edas:TestService"
                ],
                "Effect": "Allow",
                "Resource": [
                    "acs:edas:$regionid:*:namespace/$namespace/application/$applicationId"
                ]
            }
        ],
        "Version": "1"
    }
    Note Replace $namespace and $applicationId with the ID and microservice namespace of the application that you want to test. To test applications in all microservice namespaces, replace both $namespace and $applicationId with an asterisk (*).
    If the message The custom policy has been created appears, the custom policy is created.
  5. For more information about how to attach the custom policy to a RAM user, see Grant permissions to a RAM user.