tccli 3.0.1409.1__py2.py3-none-any.whl → 3.0.1410.1__py2.py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (27) hide show
  1. tccli/__init__.py +1 -1
  2. tccli/services/cdwdoris/v20211228/api.json +11 -1
  3. tccli/services/es/v20180416/api.json +2 -2
  4. tccli/services/live/v20180801/api.json +1 -1
  5. tccli/services/oceanus/v20190422/api.json +2 -2
  6. tccli/services/ocr/ocr_client.py +110 -57
  7. tccli/services/ocr/v20181119/api.json +90 -1
  8. tccli/services/ocr/v20181119/examples.json +8 -0
  9. tccli/services/organization/v20210331/api.json +10 -0
  10. tccli/services/teo/v20220901/api.json +1041 -97
  11. tccli/services/teo/v20220901/examples.json +2 -2
  12. tccli/services/tke/v20180525/api.json +4 -4
  13. tccli/services/tke/v20180525/examples.json +1 -1
  14. tccli/services/tms/tms_client.py +106 -0
  15. tccli/services/tms/v20201229/api.json +227 -0
  16. tccli/services/tms/v20201229/examples.json +16 -0
  17. tccli/services/tsf/v20180326/api.json +60 -0
  18. tccli/services/tsf/v20180326/examples.json +2 -2
  19. tccli/services/vclm/v20240523/api.json +145 -0
  20. tccli/services/vclm/v20240523/examples.json +16 -0
  21. tccli/services/vclm/vclm_client.py +106 -0
  22. tccli/services/waf/v20180125/api.json +1 -1
  23. {tccli-3.0.1409.1.dist-info → tccli-3.0.1410.1.dist-info}/METADATA +6 -5
  24. {tccli-3.0.1409.1.dist-info → tccli-3.0.1410.1.dist-info}/RECORD +27 -27
  25. {tccli-3.0.1409.1.dist-info → tccli-3.0.1410.1.dist-info}/WHEEL +0 -0
  26. {tccli-3.0.1409.1.dist-info → tccli-3.0.1410.1.dist-info}/entry_points.txt +0 -0
  27. {tccli-3.0.1409.1.dist-info → tccli-3.0.1410.1.dist-info}/license_files/LICENSE +0 -0
tccli/services/teo/v20220901/examples.json CHANGED
@@ -1244,7 +1244,7 @@
1244
1244
  {
1245
1245
  "document": "查询安全防护配置",
1246
1246
  "input": "POST / HTTP/1.1\nHost: teo.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: DescribeSecurityPolicy\n<公共请求参数>\n\n{\n \"Entity\": \"Host\",\n \"Host\": \"www.example.com\",\n \"ZoneId\": \"zone-xxqr76cy\"\n}",
1247
- "output": "{\n \"Response\": {\n \"RequestId\": \"cb5d2c0e-295e-412a-891a-9f8ab6057b4a\",\n \"SecurityPolicy\": {\n \"ExceptionRules\": {\n \"Rules\": [\n {\n \"Id\": \"1492837231\",\n \"Name\": \"ExampleSkipModule\",\n \"Condition\": \"${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] and ${http.request.method} in ['POST']\",\n \"SkipScope\": \"WebSecurityModules\",\n \"WebSecurityModulesForException\": [\n \"websec-mod-custom-rules\",\n \"websec-mod-rate-limiting\"\n ],\n \"Enabled\": \"On\"\n },\n {\n \"Id\": \"1492837231\",\n \"Name\": \"SampleSkipManagedRule\",\n \"Condition\": \"${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] and ${http.request.method} in ['POST']\",\n \"SkipScope\": \"ManagedRules\",\n \"SkipOption\": \"SkipOnAllRequestFields\",\n \"ManagedRulesForException\": [\n \"4401215074\",\n \"4368124487\"\n ],\n \"Enabled\": \"On\"\n },\n {\n \"Id\": \"1492837231\",\n \"Name\": \"SampleSkipManagedRule\",\n \"Condition\": \"${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] and ${http.request.method} in ['POST']\",\n \"SkipScope\": \"ManagedRules\",\n \"SkipOption\": \"SkipOnAllRequestFields\",\n \"ManagedRuleGroupsForException\": [\n \"wafgroup-sql-injection-attacks\"\n ],\n \"Enabled\": \"On\"\n },\n {\n \"Id\": \"1492837231\",\n \"Name\": \"SampleSkipManagedRuleForField\",\n \"Condition\": \"${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] and ${http.request.method} in ['POST']\",\n \"SkipScope\": \"ManagedRules\",\n \"ManagedRulesForException\": [\n \"4401215074\",\n \"4368124487\"\n ],\n \"SkipOption\": \"SkipOnSpecifiedRequestFields\",\n \"RequestFieldsForException\": [\n {\n \"Scope\": \"cookie\",\n \"Condition\": \"\",\n \"TargetField\": \"key\"\n },\n {\n \"Scope\": \"cookie\",\n \"Condition\": \"${key} in ['session-id']\",\n \"TargetField\": \"value\"\n },\n {\n \"Scope\": \"cookie\",\n \"Condition\": \"${key} in ['account-id'] and ${value} like ['prefix-*']\",\n \"TargetField\": \"value\"\n },\n {\n \"Scope\": \"header\",\n \"Condition\": \"\",\n \"TargetField\": \"key\"\n },\n {\n \"Scope\": \"header\",\n \"Condition\": \"${key} in ['x-trace-id']\",\n \"TargetField\": \"value\"\n },\n {\n \"Scope\": \"header\",\n \"Condition\": \"${key} like ['x-auth-*'] and ${value} like ['Bearer *']\",\n \"TargetField\": \"value\"\n },\n {\n \"Scope\": \"uri.query\",\n \"Condition\": \"\",\n \"TargetField\": \"key\"\n },\n {\n \"Scope\": \"uri.query\",\n \"Condition\": \"${key} in ['action']\",\n \"TargetField\": \"value\"\n },\n {\n \"Scope\": \"uri.query\",\n \"Condition\": \"${key} in ['action'] and ${value} in ['upload', 'delete']\",\n \"TargetField\": \"value\"\n },\n {\n \"Scope\": \"uri\",\n \"Condition\": \"\",\n \"TargetField\": \"query\"\n },\n {\n \"Scope\": \"uri\",\n \"Condition\": \"\",\n \"TargetField\": \"path\"\n },\n {\n \"Scope\": \"uri\",\n \"Condition\": \"\",\n \"TargetField\": \"fullpath\"\n },\n {\n \"Scope\": \"body.json\",\n \"Condition\": \"\",\n \"TargetField\": \"key\"\n },\n {\n \"Scope\": \"body.json\",\n \"Condition\": \"${key} in ['user.id']\",\n \"TargetField\": \"value\"\n },\n {\n \"Scope\": \"body.json\",\n \"Condition\": \"${key} in ['user.id'] and ${value} in ['1234', '5678']\",\n \"TargetField\": \"value\"\n },\n {\n \"Scope\": \"body\",\n \"Condition\": \"\",\n \"TargetField\": \"fullbody\"\n },\n {\n \"Scope\": \"body\",\n \"Condition\": \"\",\n \"TargetField\": \"multipart\"\n }\n ],\n \"Enabled\": \"On\"\n }\n ]\n },\n \"CustomRules\": {\n \"Rules\": [\n {\n \"Id\": \"1492837231\",\n \"Name\": \"ASimpleIPRule\",\n \"Condition\": \"${http.request.ip} in ['1.1.1.1', '10.10.10.0/24'] or ${http.request.ip.asn} in ['132203']\",\n \"Action\": {\n \"Name\": \"Deny\"\n },\n \"Enabled\": \"on\",\n \"RuleType\": \"PreciseMatchRule\",\n \"Priority\": 50\n }\n ]\n },\n \"HttpDDoSProtection\": {\n \"AdaptiveFrequencyControl\": {\n \"Enabled\": \"on\",\n \"Sensitivity\": \"Loose\",\n \"Action\": {\n \"Name\": \"Monitor\"\n }\n },\n \"ClientFiltering\": {\n \"Enabled\": \"on\",\n \"Action\": {\n \"Name\": \"Monitor\"\n }\n },\n \"BandwidthAbuseDefense\": {\n \"Enabled\": \"on\",\n \"Action\": {\n \"Name\": \"Monitor\"\n }\n },\n \"SlowAttackDefense\": {\n \"Enabled\": \"on\",\n \"Action\": {\n \"Name\": \"Monitor\"\n },\n \"MinimalRequestBodyTransferRate\": {\n \"MinimalAvgTransferRateThreshold\": \"50bps\",\n \"CountingPeriod\": \"60s\"\n },\n \"RequestBodyTransferTimeout\": {\n \"IdleTimeout\": \"5s\"\n }\n }\n },\n \"RateLimitingRules\": {\n \"Rules\": [\n {\n \"Enabled\": \"on\",\n \"Name\": \"SampleHttpDdosRule\",\n \"Condition\": \"${http.request.uri.path} in ['/api/v3/test','/api/v3/submit']\",\n \"CountBy\": [\n \"http.request.ip\",\n \"http.request.cookies['UserSession']\"\n ],\n \"MaxRequestThreshold\": 1000,\n \"CountingPeriod\": \"2m\",\n \"ActionDuration\": \"20h\",\n \"Action\": {\n \"Name\": \"ManagedChallenge\"\n },\n \"Id\": \"2181399690\",\n \"Priority\": 100\n }\n ]\n },\n \"ManagedRules\": {\n \"Enabled\": \"on\",\n \"AutoUpdate\": {\n \"AutoUpdateToLatestVersion\": \"off\",\n \"RulesetVersion\": \"2023-12-21T12:00:32Z\"\n },\n \"SemanticAnalysis\": \"on\",\n \"DetectionOnly\": \"on\",\n \"ManagedRuleGroups\": [\n {\n \"GroupId\": \"wafmanagedrulegroup-vulnerability-scanners\",\n \"SensitivityLevel\": \"loose\",\n \"Action\": {\n \"Name\": \"Monitor\"\n },\n \"MetaData\": {\n \"GroupDetail\": \"扫描器攻击漏洞防护\",\n \"GroupName\": \"扫描器攻击漏洞防护\",\n \"RuleDetails\": [\n {\n \"RuleId\": \"4401215444\",\n \"RiskLevel\": \"extreme\",\n \"Description\": \"针对dedecms历史sql注入漏洞的防护规则\",\n \"Tags\": [],\n \"RuleVersion\": \"2023-12-21T12:00:32Z\"\n },\n {\n \"RuleId\": \"4401214877\",\n \"RiskLevel\": \"medium\",\n \"Description\": \"拦截常见扫描器的xss验证payload\",\n \"Tags\": [],\n \"RuleVersion\": \"2023-12-21T12:00:32Z\"\n }\n ]\n }\n }\n ]\n }\n }\n }\n}",
1247
+ "output": "{\n \"Response\": {\n \"RequestId\": \"cb5d2c0e-295e-412a-891a-9f8ab6057b4a\",\n \"SecurityPolicy\": {\n \"ExceptionRules\": {\n \"Rules\": [\n {\n \"Id\": \"1492837231\",\n \"Name\": \"ExampleSkipModule\",\n \"Condition\": \"${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] and ${http.request.method} in ['POST']\",\n \"SkipScope\": \"WebSecurityModules\",\n \"WebSecurityModulesForException\": [\n \"websec-mod-custom-rules\",\n \"websec-mod-rate-limiting\"\n ],\n \"Enabled\": \"On\"\n },\n {\n \"Id\": \"1492837231\",\n \"Name\": \"SampleSkipManagedRule\",\n \"Condition\": \"${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] and ${http.request.method} in ['POST']\",\n \"SkipScope\": \"ManagedRules\",\n \"SkipOption\": \"SkipOnAllRequestFields\",\n \"ManagedRulesForException\": [\n \"4401215074\",\n \"4368124487\"\n ],\n \"Enabled\": \"On\"\n },\n {\n \"Id\": \"1492837231\",\n \"Name\": \"SampleSkipManagedRule\",\n \"Condition\": \"${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] and ${http.request.method} in ['POST']\",\n \"SkipScope\": \"ManagedRules\",\n \"SkipOption\": \"SkipOnAllRequestFields\",\n \"ManagedRuleGroupsForException\": [\n \"wafgroup-sql-injection-attacks\"\n ],\n \"Enabled\": \"On\"\n },\n {\n \"Id\": \"1492837231\",\n \"Name\": \"SampleSkipManagedRuleForField\",\n \"Condition\": \"${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] and ${http.request.method} in ['POST']\",\n \"SkipScope\": \"ManagedRules\",\n \"ManagedRulesForException\": [\n \"4401215074\",\n \"4368124487\"\n ],\n \"SkipOption\": \"SkipOnSpecifiedRequestFields\",\n \"RequestFieldsForException\": [\n {\n \"Scope\": \"cookie\",\n \"Condition\": \"\",\n \"TargetField\": \"key\"\n },\n {\n \"Scope\": \"cookie\",\n \"Condition\": \"${key} in ['session-id']\",\n \"TargetField\": \"value\"\n },\n {\n \"Scope\": \"cookie\",\n \"Condition\": \"${key} in ['account-id'] and ${value} like ['prefix-*']\",\n \"TargetField\": \"value\"\n },\n {\n \"Scope\": \"header\",\n \"Condition\": \"\",\n \"TargetField\": \"key\"\n },\n {\n \"Scope\": \"header\",\n \"Condition\": \"${key} in ['x-trace-id']\",\n \"TargetField\": \"value\"\n },\n {\n \"Scope\": \"header\",\n \"Condition\": \"${key} like ['x-auth-*'] and ${value} like ['Bearer *']\",\n \"TargetField\": \"value\"\n },\n {\n \"Scope\": \"uri.query\",\n \"Condition\": \"\",\n \"TargetField\": \"key\"\n },\n {\n \"Scope\": \"uri.query\",\n \"Condition\": \"${key} in ['action']\",\n \"TargetField\": \"value\"\n },\n {\n \"Scope\": \"uri.query\",\n \"Condition\": \"${key} in ['action'] and ${value} in ['upload', 'delete']\",\n \"TargetField\": \"value\"\n },\n {\n \"Scope\": \"uri\",\n \"Condition\": \"\",\n \"TargetField\": \"query\"\n },\n {\n \"Scope\": \"uri\",\n \"Condition\": \"\",\n \"TargetField\": \"path\"\n },\n {\n \"Scope\": \"uri\",\n \"Condition\": \"\",\n \"TargetField\": \"fullpath\"\n },\n {\n \"Scope\": \"body.json\",\n \"Condition\": \"\",\n \"TargetField\": \"key\"\n },\n {\n \"Scope\": \"body.json\",\n \"Condition\": \"${key} in ['user.id']\",\n \"TargetField\": \"value\"\n },\n {\n \"Scope\": \"body.json\",\n \"Condition\": \"${key} in ['user.id'] and ${value} in ['1234', '5678']\",\n \"TargetField\": \"value\"\n },\n {\n \"Scope\": \"body\",\n \"Condition\": \"\",\n \"TargetField\": \"fullbody\"\n },\n {\n \"Scope\": \"body\",\n \"Condition\": \"\",\n \"TargetField\": \"multipart\"\n }\n ],\n \"Enabled\": \"On\"\n }\n ]\n },\n \"CustomRules\": {\n \"Rules\": [\n {\n \"Id\": \"1492837231\",\n \"Name\": \"ASimpleIPRule\",\n \"Condition\": \"${http.request.ip} in ['1.1.1.1', '10.10.10.0/24'] or ${http.request.ip.asn} in ['132203']\",\n \"Action\": {\n \"Name\": \"Deny\"\n },\n \"Enabled\": \"on\",\n \"RuleType\": \"PreciseMatchRule\",\n \"Priority\": 50\n }\n ]\n },\n \"HttpDDoSProtection\": {\n \"AdaptiveFrequencyControl\": {\n \"Enabled\": \"on\",\n \"Sensitivity\": \"Loose\",\n \"Action\": {\n \"Name\": \"Monitor\"\n }\n },\n \"ClientFiltering\": {\n \"Enabled\": \"on\",\n \"Action\": {\n \"Name\": \"Monitor\"\n }\n },\n \"BandwidthAbuseDefense\": {\n \"Enabled\": \"on\",\n \"Action\": {\n \"Name\": \"Monitor\"\n }\n },\n \"SlowAttackDefense\": {\n \"Enabled\": \"on\",\n \"Action\": {\n \"Name\": \"Monitor\"\n },\n \"MinimalRequestBodyTransferRate\": {\n \"MinimalAvgTransferRateThreshold\": \"50bps\",\n \"CountingPeriod\": \"60s\"\n },\n \"RequestBodyTransferTimeout\": {\n \"IdleTimeout\": \"5s\"\n }\n }\n },\n \"RateLimitingRules\": {\n \"Rules\": [\n {\n \"Enabled\": \"on\",\n \"Name\": \"SampleHttpDdosRule\",\n \"Condition\": \"${http.request.uri.path} in ['/api/v3/test','/api/v3/submit']\",\n \"CountBy\": [\n \"http.request.ip\",\n \"http.request.cookies['UserSession']\"\n ],\n \"MaxRequestThreshold\": 1000,\n \"CountingPeriod\": \"2m\",\n \"ActionDuration\": \"20h\",\n \"Action\": {\n \"Name\": \"ManagedChallenge\"\n },\n \"Id\": \"2181399690\",\n \"Priority\": 100\n }\n ]\n },\n \"ManagedRules\": {\n \"Enabled\": \"on\",\n \"AutoUpdate\": {\n \"AutoUpdateToLatestVersion\": \"off\",\n \"RulesetVersion\": \"2023-12-21T12:00:32Z\"\n },\n \"SemanticAnalysis\": \"on\",\n \"DetectionOnly\": \"on\",\n \"ManagedRuleGroups\": [\n {\n \"GroupId\": \"wafmanagedrulegroup-vulnerability-scanners\",\n \"SensitivityLevel\": \"loose\",\n \"Action\": {\n \"Name\": \"Monitor\"\n },\n \"MetaData\": {\n \"GroupDetail\": \"扫描器攻击漏洞防护\",\n \"GroupName\": \"扫描器攻击漏洞防护\",\n \"RuleDetails\": [\n {\n \"RuleId\": \"4401215444\",\n \"RiskLevel\": \"extreme\",\n \"Description\": \"针对dedecms历史sql注入漏洞的防护规则\",\n \"Tags\": [],\n \"RuleVersion\": \"2023-12-21T12:00:32Z\"\n },\n {\n \"RuleId\": \"4401214877\",\n \"RiskLevel\": \"medium\",\n \"Description\": \"拦截常见扫描器的xss验证payload\",\n \"Tags\": [],\n \"RuleVersion\": \"2023-12-21T12:00:32Z\"\n }\n ]\n }\n }\n ],\n \"FrequentScanningProtection\": {\n \"Enabled\": \"on\",\n \"Action\": {\n \"Name\": \"Deny\"\n },\n \"CountBy\": \"http.request.ip\",\n \"BlockThreshold\": 100,\n \"CountingPeriod\": \"10s\",\n \"ActionDuration\": \"60s\"\n }\n },\n \"BotManagement\": {\n \"Enabled\": \"on\",\n \"CustomRules\": {\n \"Rules\": [\n {\n \"Id\": \"2181407895\",\n \"Name\": \"Bot自定义规则##1\",\n \"Condition\": \"${http.request.bot.search_engine_bot_id} in ['1843332521']\",\n \"Enabled\": \"on\",\n \"Action\": [\n {\n \"SecurityAction\": {\n \"Name\": \"Deny\"\n },\n \"Weight\": 20\n },\n {\n \"SecurityAction\": {\n \"Name\": \"Monitor\"\n },\n \"Weight\": 80\n }\n ],\n \"Priority\": 30\n },\n {\n \"Id\": \"2181407896\",\n \"Name\": \"Bot自定义规则##2\",\n \"Condition\": \"${http.request.bot.user_agent_feature_id} in ['1843332521'] and ${http.request.bot.client_reputation_name} in ['cyber-attack@low']\",\n \"Enabled\": \"on\",\n \"Action\": [\n {\n \"SecurityAction\": {\n \"ChallengeActionParameters\": {\n \"ChallengeOption\": \"JSChallenge\"\n },\n \"Name\": \"Challenge\"\n },\n \"Weight\": 70\n },\n {\n \"SecurityAction\": {\n \"Name\": \"Monitor\"\n },\n \"Weight\": 30\n }\n ],\n \"Priority\": 40\n }\n ]\n },\n \"BasicBotSettings\": {\n \"SourceIDC\": {\n \"BaseAction\": {\n \"Name\": \"Deny\"\n },\n \"BotManagementActionOverrides\": [\n {\n \"Action\": {\n \"Name\": \"Allow\"\n },\n \"Ids\": [\n \"8868370050\",\n \"8868370049\"\n ]\n },\n {\n \"Action\": {\n \"Name\": \"Disabled\"\n },\n \"Ids\": [\n \"8868370054\",\n \"8868370055\"\n ]\n }\n ]\n },\n \"SearchEngineBots\": {\n \"BaseAction\": {\n \"ChallengeActionParameters\": {\n \"ChallengeOption\": \"JSChallenge\"\n },\n \"Name\": \"Challenge\"\n },\n \"BotManagementActionOverrides\": [\n {\n \"Action\": {\n \"Name\": \"Allow\"\n },\n \"Ids\": [\n \"9126905505\",\n \"9126905506\"\n ]\n },\n {\n \"Action\": {\n \"Name\": \"Disabled\"\n },\n \"Ids\": [\n \"9126905514\",\n \"9126905515\"\n ]\n }\n ]\n },\n \"KnownBotCategories\": {\n \"BaseAction\": {\n \"Name\": \"Disabled\"\n },\n \"BotManagementActionOverrides\": [\n {\n \"Action\": {\n \"Name\": \"Allow\"\n },\n \"Ids\": [\n \"9395241960\"\n ]\n },\n {\n \"Action\": {\n \"Name\": \"Monitor\"\n },\n \"Ids\": [\n \"9395241965\",\n \"9395241966\"\n ]\n }\n ]\n },\n \"IPReputation\": {\n \"Enabled\": \"on\",\n \"IPReputationGroup\": {\n \"BaseAction\": {\n \"Name\": \"Deny\"\n },\n \"BotManagementActionOverrides\": [\n {\n \"Ids\": [\n \"IPREP_WEB_AND_DDOS_ATTACKERS_LOW\",\n \"IPREP_PROXIES_AND_ANONYMIZERS_HIGH\",\n \"IPREP_WEB_SCRAPERS_AND_TRAFFIC_BOTS_MID\"\n ],\n \"Action\": {\n \"Name\": \"Disabled\"\n }\n },\n {\n \"Ids\": [\n \"IPREP_WEB_AND_DDOS_ATTACKERS_HIGH\",\n \"IPREP_ATO_ATTACKERS_MID\",\n \"IPREP_WEB_SCRAPERS_AND_TRAFFIC_BOTS_LOW\"\n ],\n \"Action\": {\n \"ChallengeActionParameters\": {\n \"ChallengeOption\": \"ManagedChallenge\"\n },\n \"Name\": \"Challenge\"\n }\n }\n ]\n }\n },\n \"BotIntelligence\": {\n \"BotRatings\": {\n \"HighRiskBotRequestsAction\": {\n \"Name\": \"Deny\"\n },\n \"LikelyBotRequestsAction\": {\n \"Name\": \"Monitor\"\n },\n \"HumanRequestsAction\": {\n \"Name\": \"Allow\"\n },\n \"VerifiedBotRequestsAction\": {\n \"ChallengeActionParameters\": {\n \"ChallengeOption\": \"JSChallenge\"\n },\n \"Name\": \"Challenge\"\n }\n }\n }\n },\n \"BrowserImpersonationDetection\": {\n \"Rules\": [\n {\n \"Id\": \"2181409112\",\n \"Name\": \"Bot主动特征识别##1\",\n \"Condition\": \"${http.request.method} in ['POST']\",\n \"Enabled\": \"on\",\n \"Action\": {\n \"BotSessionValidation\": {\n \"MaxNewSessionTriggerConfig\": {\n \"MaxNewSessionCountInterval\": \"10s\",\n \"MaxNewSessionCountThreshold\": 300\n },\n \"IssueNewBotSessionCookie\": \"on\",\n \"SessionExpiredAction\": {\n \"DenyActionParameters\": {\n \"Stall\": \"on\"\n },\n \"Name\": \"Deny\"\n },\n \"SessionInvalidAction\": {\n \"AllowActionParameters\": {\n \"MinDelayTime\": \"5s\"\n },\n \"Name\": \"Allow\"\n },\n \"SessionRateControl\": {\n \"Enabled\": \"on\",\n \"HighRateSessionAction\": {\n \"Name\": \"Deny\"\n },\n \"LowRateSessionAction\": {\n \"Name\": \"Allow\",\n \"AllowActionParameters\": {\n \"MaxDelayTime\": \"5s\"\n }\n },\n \"MidRateSessionAction\": {\n \"Name\": \"Monitor\"\n }\n }\n },\n \"ClientBehaviorDetection\": {\n \"BotClientAction\": {\n \"Name\": \"Allow\",\n \"AllowActionParameters\": {\n \"MinDelayTime\": \"5s\"\n }\n },\n \"ChallengeNotFinishedAction\": {\n \"Name\": \"Deny\"\n },\n \"ChallengeTimeoutAction\": {\n \"Name\": \"Monitor\"\n },\n \"CryptoChallengeDelayBefore\": \"500ms\",\n \"CryptoChallengeIntensity\": \"medium\",\n \"MaxChallengeCountInterval\": \"10s\",\n \"MaxChallengeCountThreshold\": 1000\n }\n }\n },\n {\n \"Id\": \"2181409113\",\n \"Name\": \"Bot主动特征识别##2\",\n \"Condition\": \"${http.request.uri.path} match ['zzz']\",\n \"Enabled\": \"on\",\n \"Action\": {\n \"BotSessionValidation\": {\n \"IssueNewBotSessionCookie\": \"off\",\n \"SessionExpiredAction\": {\n \"DenyActionParameters\": {\n \"Stall\": \"on\"\n },\n \"Name\": \"Deny\"\n },\n \"SessionInvalidAction\": {\n \"AllowActionParameters\": {\n \"MaxDelayTime\": \"5s\"\n },\n \"Name\": \"Allow\"\n },\n \"SessionRateControl\": {\n \"Enabled\": \"off\"\n }\n }\n }\n }\n ]\n },\n \"ClientAttestationRules\": {\n \"Rules\": [\n {\n \"AttesterId\": \"attest-0000326616\",\n \"Condition\": \"${http.request.api_resource} in [${api_resource['apires-0000323976'@'zone-364last8ueun']}]\",\n \"DeviceProfiles\": [\n {\n \"ClientType\": \"Android\",\n \"HighRiskMinScore\": 50,\n \"HighRiskRequestAction\": {\n \"Name\": \"Monitor\"\n },\n \"MediumRiskMinScore\": 15,\n \"MediumRiskRequestAction\": {\n \"AllowActionParameters\": {\n \"MaxDelayTime\": \"10s\",\n \"MinDelayTime\": \"5s\"\n },\n \"Name\": \"Allow\"\n }\n }\n ],\n \"Enabled\": \"on\",\n \"Id\": \"2181412270\",\n \"InvalidAttestationAction\": {\n \"Name\": \"Monitor\"\n },\n \"Name\": \"qwe\",\n \"Priority\": 50\n }\n ]\n }\n }\n }\n }\n}",
1248
1248
  "title": "查询安全防护配置"
1249
1249
  }
1250
1250
  ],
@@ -1931,7 +1931,7 @@
1931
1931
  "ModifySecurityPolicy": [
1932
1932
  {
1933
1933
  "document": "修改eotest.com站点下a.eotest.com域名策略",
1934
- "input": "POST / HTTP/1.1\nHost: teo.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: ModifySecurityPolicy\n<公共请求参数>\n\n{\n \"ZoneId\": \"zone-fa89j239a\",\n \"Entity\": \"Host\",\n \"Host\": \"a.eotest.com\",\n \"SecurityConfig\": {},\n \"SecurityPolicy\": {\n \"ExceptionRules\": {\n \"Rules\": [\n {\n \"Id\": \"1492837231\",\n \"Name\": \"ExampleSkipModule\",\n \"Condition\": \"${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] and ${http.request.method} in ['POST']\",\n \"SkipScope\": \"WebSecurityModules\",\n \"WebSecurityModulesForException\": [\n \"websec-mod-custom-rules\",\n \"websec-mod-rate-limiting\"\n ],\n \"Enabled\": \"On\"\n },\n {\n \"Id\": \"1492837231\",\n \"Name\": \"SampleSkipManagedRule\",\n \"Condition\": \"${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] and ${http.request.method} in ['POST']\",\n \"SkipScope\": \"ManagedRules\",\n \"SkipOption\": \"SkipOnAllRequestFields\",\n \"ManagedRulesForException\": [\n \"4401215074\",\n \"4368124487\"\n ],\n \"Enabled\": \"On\"\n },\n {\n \"Id\": \"1492837231\",\n \"Name\": \"SampleSkipManagedRule\",\n \"Condition\": \"${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] and ${http.request.method} in ['POST']\",\n \"SkipScope\": \"ManagedRules\",\n \"SkipOption\": \"SkipOnAllRequestFields\",\n \"ManagedRuleGroupsForException\": [\n \"wafgroup-sql-injection-attacks\"\n ],\n \"Enabled\": \"On\"\n },\n {\n \"Id\": \"1492837231\",\n \"Name\": \"SampleSkipManagedRuleForField\",\n \"Condition\": \"${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] and ${http.request.method} in ['POST']\",\n \"SkipScope\": \"ManagedRules\",\n \"ManagedRulesForException\": [\n \"4401215074\",\n \"4368124487\"\n ],\n \"SkipOption\": \"SkipOnSpecifiedRequestFields\",\n \"RequestFieldsForException\": [\n {\n \"Scope\": \"cookie\",\n \"Condition\": \"\",\n \"TargetField\": \"key\"\n },\n {\n \"Scope\": \"cookie\",\n \"Condition\": \"${key} in ['session-id']\",\n \"TargetField\": \"value\"\n },\n {\n \"Scope\": \"cookie\",\n \"Condition\": \"${key} in ['account-id'] and ${value} like ['prefix-*']\",\n \"TargetField\": \"value\"\n },\n {\n \"Scope\": \"header\",\n \"Condition\": \"\",\n \"TargetField\": \"key\"\n },\n {\n \"Scope\": \"header\",\n \"Condition\": \"${key} in ['x-trace-id']\",\n \"TargetField\": \"value\"\n },\n {\n \"Scope\": \"header\",\n \"Condition\": \"${key} like ['x-auth-*'] and ${value} like ['Bearer *']\",\n \"TargetField\": \"value\"\n },\n {\n \"Scope\": \"uri.query\",\n \"Condition\": \"\",\n \"TargetField\": \"key\"\n },\n {\n \"Scope\": \"uri.query\",\n \"Condition\": \"${key} in ['action']\",\n \"TargetField\": \"value\"\n },\n {\n \"Scope\": \"uri.query\",\n \"Condition\": \"${key} in ['action'] and ${value} in ['upload', 'delete']\",\n \"TargetField\": \"value\"\n },\n {\n \"Scope\": \"uri\",\n \"Condition\": \"\",\n \"TargetField\": \"query\"\n },\n {\n \"Scope\": \"uri\",\n \"Condition\": \"\",\n \"TargetField\": \"path\"\n },\n {\n \"Scope\": \"uri\",\n \"Condition\": \"\",\n \"TargetField\": \"fullpath\"\n },\n {\n \"Scope\": \"body.json\",\n \"Condition\": \"\",\n \"TargetField\": \"key\"\n },\n {\n \"Scope\": \"body.json\",\n \"Condition\": \"${key} in ['user.id']\",\n \"TargetField\": \"value\"\n },\n {\n \"Scope\": \"body.json\",\n \"Condition\": \"${key} in ['user.id'] and ${value} in ['1234', '5678']\",\n \"TargetField\": \"value\"\n },\n {\n \"Scope\": \"body\",\n \"Condition\": \"\",\n \"TargetField\": \"fullbody\"\n },\n {\n \"Scope\": \"body\",\n \"Condition\": \"\",\n \"TargetField\": \"multipart\"\n }\n ],\n \"Enabled\": \"On\"\n }\n ]\n },\n \"CustomRules\": {\n \"Rules\": [\n {\n \"Id\": \"1492837231\",\n \"Name\": \"SampleBasicACLRule\",\n \"Condition\": \"${http.request.ip} in ['1.1.1.1', '10.10.10.0/24', ${security.ip_group['123'@'zone-2xsnpvkhdjes']} ]\",\n \"Action\": {\n \"Name\": \"Deny\"\n },\n \"Priority\": 10,\n \"Enabled\": \"on\"\n }\n ]\n },\n \"HttpDDoSProtection\": {\n \"AdaptiveFrequencyControl\": {\n \"Enabled\": \"on\",\n \"Sensitivity\": \"Loose\",\n \"Action\": {\n \"Name\": \"Monitor\"\n }\n },\n \"ClientFiltering\": {\n \"Enabled\": \"on\",\n \"Action\": {\n \"Name\": \"Monitor\"\n }\n },\n \"BandwidthAbuseDefense\": {\n \"Enabled\": \"on\",\n \"Action\": {\n \"Name\": \"Monitor\"\n }\n },\n \"SlowAttackDefense\": {\n \"Enabled\": \"on\",\n \"Action\": {\n \"Name\": \"Monitor\"\n },\n \"MinimalRequestBodyTransferRate\": {\n \"Enabled\": \"on\",\n \"MinimalAvgTransferRateThreshold\": \"50bps\",\n \"CountingPeriod\": \"60s\"\n },\n \"RequestBodyTransferTimeout\": {\n \"Enabled\": \"on\",\n \"IdleTimeout\": \"5s\"\n }\n }\n },\n \"RateLimitingRules\": {\n \"Rules\": [\n {\n \"Enabled\": \"on\",\n \"Name\": \"SampleHttpDdosRule\",\n \"Condition\": \"${http.request.uri.path} in ['/api/v3/test','/api/v3/submit']\",\n \"CountBy\": [\n \"http.request.ip\",\n \"http.request.cookies['UserSession']\"\n ],\n \"MaxRequestThreshold\": 1000,\n \"CountingPeriod\": \"2m\",\n \"ActionDuration\": \"20h\",\n \"Action\": {\n \"Name\": \"ManagedChallenge\"\n },\n \"Id\": \"2181399690\",\n \"Priority\": 100\n }\n ]\n },\n \"ManagedRules\": {\n \"Enabled\": \"on\",\n \"AutoUpdate\": {\n \"AutoUpdateToLatestVersion\": \"off\",\n \"RulesetVersion\": \"2023-12-21T12:00:32Z\"\n },\n \"SemanticAnalysis\": \"on\",\n \"DetectionOnly\": \"on\",\n \"ManagedRuleGroups\": [\n {\n \"GroupId\": \"wafmanagedrulegroup-vulnerability-scanners\",\n \"SensitivityLevel\": \"wafmanagedrule-sensitivity-level-extreme\",\n \"Action\": {\n \"Name\": \"Monitor\"\n }\n }\n ]\n }\n }\n}",
1934
+ "input": "POST / HTTP/1.1\nHost: teo.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: ModifySecurityPolicy\n<公共请求参数>\n\n{\n \"ZoneId\": \"zone-fa89j239a\",\n \"Entity\": \"Host\",\n \"Host\": \"a.eotest.com\",\n \"SecurityConfig\": {},\n \"SecurityPolicy\": {\n \"ExceptionRules\": {\n \"Rules\": [\n {\n \"Id\": \"1492837231\",\n \"Name\": \"ExampleSkipModule\",\n \"Condition\": \"${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] and ${http.request.method} in ['POST']\",\n \"SkipScope\": \"WebSecurityModules\",\n \"WebSecurityModulesForException\": [\n \"websec-mod-custom-rules\",\n \"websec-mod-rate-limiting\"\n ],\n \"Enabled\": \"On\"\n },\n {\n \"Id\": \"1492837231\",\n \"Name\": \"SampleSkipManagedRule\",\n \"Condition\": \"${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] and ${http.request.method} in ['POST']\",\n \"SkipScope\": \"ManagedRules\",\n \"SkipOption\": \"SkipOnAllRequestFields\",\n \"ManagedRulesForException\": [\n \"4401215074\",\n \"4368124487\"\n ],\n \"Enabled\": \"On\"\n },\n {\n \"Id\": \"1492837231\",\n \"Name\": \"SampleSkipManagedRule\",\n \"Condition\": \"${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] and ${http.request.method} in ['POST']\",\n \"SkipScope\": \"ManagedRules\",\n \"SkipOption\": \"SkipOnAllRequestFields\",\n \"ManagedRuleGroupsForException\": [\n \"wafgroup-sql-injection-attacks\"\n ],\n \"Enabled\": \"On\"\n },\n {\n \"Id\": \"1492837231\",\n \"Name\": \"SampleSkipManagedRuleForField\",\n \"Condition\": \"${http.request.uri.path} in ['/api/v3/test','/api/v3/submit'] and ${http.request.method} in ['POST']\",\n \"SkipScope\": \"ManagedRules\",\n \"ManagedRulesForException\": [\n \"4401215074\",\n \"4368124487\"\n ],\n \"SkipOption\": \"SkipOnSpecifiedRequestFields\",\n \"RequestFieldsForException\": [\n {\n \"Scope\": \"cookie\",\n \"Condition\": \"\",\n \"TargetField\": \"key\"\n },\n {\n \"Scope\": \"cookie\",\n \"Condition\": \"${key} in ['session-id']\",\n \"TargetField\": \"value\"\n },\n {\n \"Scope\": \"cookie\",\n \"Condition\": \"${key} in ['account-id'] and ${value} like ['prefix-*']\",\n \"TargetField\": \"value\"\n },\n {\n \"Scope\": \"header\",\n \"Condition\": \"\",\n \"TargetField\": \"key\"\n },\n {\n \"Scope\": \"header\",\n \"Condition\": \"${key} in ['x-trace-id']\",\n \"TargetField\": \"value\"\n },\n {\n \"Scope\": \"header\",\n \"Condition\": \"${key} like ['x-auth-*'] and ${value} like ['Bearer *']\",\n \"TargetField\": \"value\"\n },\n {\n \"Scope\": \"uri.query\",\n \"Condition\": \"\",\n \"TargetField\": \"key\"\n },\n {\n \"Scope\": \"uri.query\",\n \"Condition\": \"${key} in ['action']\",\n \"TargetField\": \"value\"\n },\n {\n \"Scope\": \"uri.query\",\n \"Condition\": \"${key} in ['action'] and ${value} in ['upload', 'delete']\",\n \"TargetField\": \"value\"\n },\n {\n \"Scope\": \"uri\",\n \"Condition\": \"\",\n \"TargetField\": \"query\"\n },\n {\n \"Scope\": \"uri\",\n \"Condition\": \"\",\n \"TargetField\": \"path\"\n },\n {\n \"Scope\": \"uri\",\n \"Condition\": \"\",\n \"TargetField\": \"fullpath\"\n },\n {\n \"Scope\": \"body.json\",\n \"Condition\": \"\",\n \"TargetField\": \"key\"\n },\n {\n \"Scope\": \"body.json\",\n \"Condition\": \"${key} in ['user.id']\",\n \"TargetField\": \"value\"\n },\n {\n \"Scope\": \"body.json\",\n \"Condition\": \"${key} in ['user.id'] and ${value} in ['1234', '5678']\",\n \"TargetField\": \"value\"\n },\n {\n \"Scope\": \"body\",\n \"Condition\": \"\",\n \"TargetField\": \"fullbody\"\n },\n {\n \"Scope\": \"body\",\n \"Condition\": \"\",\n \"TargetField\": \"multipart\"\n }\n ],\n \"Enabled\": \"On\"\n }\n ]\n },\n \"CustomRules\": {\n \"Rules\": [\n {\n \"Id\": \"1492837231\",\n \"Name\": \"SampleBasicACLRule\",\n \"Condition\": \"${http.request.ip} in ['1.1.1.1', '10.10.10.0/24', ${security.ip_group['123'@'zone-2xsnpvkhdjes']} ]\",\n \"Action\": {\n \"Name\": \"Deny\"\n },\n \"Priority\": 10,\n \"Enabled\": \"on\"\n }\n ]\n },\n \"HttpDDoSProtection\": {\n \"AdaptiveFrequencyControl\": {\n \"Enabled\": \"on\",\n \"Sensitivity\": \"Loose\",\n \"Action\": {\n \"Name\": \"Monitor\"\n }\n },\n \"ClientFiltering\": {\n \"Enabled\": \"on\",\n \"Action\": {\n \"Name\": \"Monitor\"\n }\n },\n \"BandwidthAbuseDefense\": {\n \"Enabled\": \"on\",\n \"Action\": {\n \"Name\": \"Monitor\"\n }\n },\n \"SlowAttackDefense\": {\n \"Enabled\": \"on\",\n \"Action\": {\n \"Name\": \"Monitor\"\n },\n \"MinimalRequestBodyTransferRate\": {\n \"Enabled\": \"on\",\n \"MinimalAvgTransferRateThreshold\": \"50bps\",\n \"CountingPeriod\": \"60s\"\n },\n \"RequestBodyTransferTimeout\": {\n \"Enabled\": \"on\",\n \"IdleTimeout\": \"5s\"\n }\n }\n },\n \"RateLimitingRules\": {\n \"Rules\": [\n {\n \"Enabled\": \"on\",\n \"Name\": \"SampleHttpDdosRule\",\n \"Condition\": \"${http.request.uri.path} in ['/api/v3/test','/api/v3/submit']\",\n \"CountBy\": [\n \"http.request.ip\",\n \"http.request.cookies['UserSession']\"\n ],\n \"MaxRequestThreshold\": 1000,\n \"CountingPeriod\": \"2m\",\n \"ActionDuration\": \"20h\",\n \"Action\": {\n \"Name\": \"ManagedChallenge\"\n },\n \"Id\": \"2181399690\",\n \"Priority\": 100\n }\n ]\n },\n \"ManagedRules\": {\n \"Enabled\": \"on\",\n \"AutoUpdate\": {\n \"AutoUpdateToLatestVersion\": \"off\",\n \"RulesetVersion\": \"2023-12-21T12:00:32Z\"\n },\n \"SemanticAnalysis\": \"on\",\n \"DetectionOnly\": \"on\",\n \"ManagedRuleGroups\": [\n {\n \"GroupId\": \"wafmanagedrulegroup-vulnerability-scanners\",\n \"SensitivityLevel\": \"wafmanagedrule-sensitivity-level-extreme\",\n \"Action\": {\n \"Name\": \"Monitor\"\n }\n }\n ],\n \"FrequentScanningProtection\": {\n \"Enabled\": \"on\",\n \"Action\": {\n \"Name\": \"Deny\"\n },\n \"CountBy\": \"http.request.ip\",\n \"BlockThreshold\": 100,\n \"CountingPeriod\": \"10s\",\n \"ActionDuration\": \"60s\"\n }\n },\n \"BotManagement\": {\n \"Enabled\": \"on\",\n \"CustomRules\": {\n \"Rules\": [\n {\n \"Name\": \"Bot自定义规则##1\",\n \"Condition\": \"${http.request.bot.search_engine_bot_id} in ['1843332521']\",\n \"Enabled\": \"on\",\n \"Action\": [\n {\n \"SecurityAction\": {\n \"Name\": \"Deny\"\n },\n \"Weight\": 20\n },\n {\n \"SecurityAction\": {\n \"Name\": \"Monitor\"\n },\n \"Weight\": 80\n }\n ],\n \"Priority\": 30\n },\n {\n \"Name\": \"Bot自定义规则##2\",\n \"Condition\": \"${http.request.bot.user_agent_feature_id} in ['1843332521'] and ${http.request.bot.client_reputation_name} in ['cyber-attack@low']\",\n \"Enabled\": \"on\",\n \"Action\": [\n {\n \"SecurityAction\": {\n \"ChallengeActionParameters\": {\n \"ChallengeOption\": \"JSChallenge\"\n },\n \"Name\": \"Challenge\"\n },\n \"Weight\": 70\n },\n {\n \"SecurityAction\": {\n \"Name\": \"Monitor\"\n },\n \"Weight\": 30\n }\n ],\n \"Priority\": 40\n }\n ]\n },\n \"BasicBotSettings\": {\n \"SourceIDC\": {\n \"BaseAction\": {\n \"Name\": \"Deny\"\n },\n \"BotManagementActionOverrides\": [\n {\n \"Action\": {\n \"Name\": \"Allow\"\n },\n \"Ids\": [\n \"8868370050\",\n \"8868370049\"\n ]\n },\n {\n \"Action\": {\n \"Name\": \"Disabled\"\n },\n \"Ids\": [\n \"8868370054\",\n \"8868370055\"\n ]\n }\n ]\n },\n \"SearchEngineBots\": {\n \"BaseAction\": {\n \"ChallengeActionParameters\": {\n \"ChallengeOption\": \"JSChallenge\"\n },\n \"Name\": \"Challenge\"\n },\n \"BotManagementActionOverrides\": [\n {\n \"Action\": {\n \"Name\": \"Allow\"\n },\n \"Ids\": [\n \"9126905505\",\n \"9126905506\"\n ]\n },\n {\n \"Action\": {\n \"Name\": \"Disabled\"\n },\n \"Ids\": [\n \"9126905514\",\n \"9126905515\"\n ]\n }\n ]\n },\n \"KnownBotCategories\": {\n \"BaseAction\": {\n \"Name\": \"Disabled\"\n },\n \"BotManagementActionOverrides\": [\n {\n \"Action\": {\n \"Name\": \"Allow\"\n },\n \"Ids\": [\n \"9395241960\"\n ]\n },\n {\n \"Action\": {\n \"Name\": \"Monitor\"\n },\n \"Ids\": [\n \"9395241965\",\n \"9395241966\"\n ]\n }\n ]\n },\n \"IPReputation\": {\n \"Enabled\": \"on\",\n \"IPReputationGroup\": {\n \"BaseAction\": {\n \"Name\": \"Deny\"\n },\n \"BotManagementActionOverrides\": [\n {\n \"Ids\": [\n \"IPREP_WEB_AND_DDOS_ATTACKERS_LOW\",\n \"IPREP_PROXIES_AND_ANONYMIZERS_HIGH\",\n \"IPREP_WEB_SCRAPERS_AND_TRAFFIC_BOTS_MID\"\n ],\n \"Action\": {\n \"Name\": \"Disabled\"\n }\n },\n {\n \"Ids\": [\n \"IPREP_WEB_AND_DDOS_ATTACKERS_HIGH\",\n \"IPREP_ATO_ATTACKERS_MID\",\n \"IPREP_WEB_SCRAPERS_AND_TRAFFIC_BOTS_LOW\"\n ],\n \"Action\": {\n \"ChallengeActionParameters\": {\n \"ChallengeOption\": \"ManagedChallenge\"\n },\n \"Name\": \"Challenge\"\n }\n }\n ]\n }\n },\n \"BotIntelligence\": {\n \"Enabled\": \"on\",\n \"BotRatings\": {\n \"HighRiskBotRequestsAction\": {\n \"Name\": \"Deny\"\n },\n \"LikelyBotRequestsAction\": {\n \"Name\": \"Monitor\"\n },\n \"HumanRequestsAction\": {\n \"Name\": \"Allow\"\n },\n \"VerifiedBotRequestsAction\": {\n \"ChallengeActionParameters\": {\n \"ChallengeOption\": \"JSChallenge\"\n },\n \"Name\": \"Challenge\"\n }\n }\n }\n },\n \"BrowserImpersonationDetection\": {\n \"Rules\": [\n {\n \"Id\": \"2181409112\",\n \"Name\": \"Bot主动特征识别##1\",\n \"Condition\": \"${http.request.method} in ['POST']\",\n \"Enabled\": \"on\",\n \"Action\": {\n \"BotSessionValidation\": {\n \"MaxNewSessionTriggerConfig\": {\n \"MaxNewSessionCountInterval\": \"10s\",\n \"MaxNewSessionCountThreshold\": 300\n },\n \"IssueNewBotSessionCookie\": \"on\",\n \"SessionExpiredAction\": {\n \"DenyActionParameters\": {\n \"Stall\": \"on\"\n },\n \"Name\": \"Deny\"\n },\n \"SessionInvalidAction\": {\n \"AllowActionParameters\": {\n \"MinDelayTime\": \"5s\"\n },\n \"Name\": \"Allow\"\n },\n \"SessionRateControl\": {\n \"Enabled\": \"on\",\n \"HighRateSessionAction\": {\n \"Name\": \"Deny\"\n },\n \"LowRateSessionAction\": {\n \"Name\": \"Allow\",\n \"AllowActionParameters\": {\n \"MaxDelayTime\": \"5s\"\n }\n },\n \"MidRateSessionAction\": {\n \"Name\": \"Monitor\"\n }\n }\n },\n \"ClientBehaviorDetection\": {\n \"BotClientAction\": {\n \"Name\": \"Allow\",\n \"AllowActionParameters\": {\n \"MinDelayTime\": \"5s\"\n }\n },\n \"ChallengeNotFinishedAction\": {\n \"Name\": \"Deny\"\n },\n \"ChallengeTimeoutAction\": {\n \"Name\": \"Monitor\"\n },\n \"CryptoChallengeDelayBefore\": \"500ms\",\n \"CryptoChallengeIntensity\": \"medium\",\n \"MaxChallengeCountInterval\": \"10s\",\n \"MaxChallengeCountThreshold\": 1000\n }\n }\n },\n {\n \"Id\": \"2181409113\",\n \"Name\": \"Bot主动特征识别##2\",\n \"Condition\": \"${http.request.uri.path} match ['zzz']\",\n \"Enabled\": \"on\",\n \"Action\": {\n \"BotSessionValidation\": {\n \"IssueNewBotSessionCookie\": \"off\",\n \"SessionExpiredAction\": {\n \"DenyActionParameters\": {\n \"Stall\": \"on\"\n },\n \"Name\": \"Deny\"\n },\n \"SessionInvalidAction\": {\n \"AllowActionParameters\": {\n \"MaxDelayTime\": \"5s\"\n },\n \"Name\": \"Allow\"\n },\n \"SessionRateControl\": {\n \"Enabled\": \"off\"\n }\n }\n }\n }\n ]\n }\n }\n }\n}",
1935
1935
  "output": "{\n \"Response\": {\n \"RequestId\": \"08b32010-ab25-42a4-b923-777c481da684\"\n }\n}",
1936
1936
  "title": "修改域名策略"
1937
1937
  },
tccli/services/tke/v20180525/api.json CHANGED
@@ -12107,8 +12107,8 @@
12107
12107
  "members": [
12108
12108
  {
12109
12109
  "disabled": false,
12110
- "document": "集群ID",
12111
- "example": "cls-abcd1234",
12110
+ "document": "集群ID,请从容器服务集群列表获取(https://console.cloud.tencent.com/tke2/cluster)",
12111
+ "example": "cls-afd3ns1c",
12112
12112
  "member": "string",
12113
12113
  "name": "ClusterId",
12114
12114
  "required": true,
@@ -20760,8 +20760,8 @@
20760
20760
  },
20761
20761
  {
20762
20762
  "disabled": false,
20763
- "document": "策略模板类型",
20764
- "example": "BlockCrdDeletion",
20763
+ "document": "策略模板类型,支持的类型如下:\n优选策略:\nblocknamespacedeletion:存在pod的命名空间不允许删除\nblockcrddeletion:存在cr的crd不允许删除\nblockmountablevolumetype:禁止挂载指定的volume类型\ndisallowalwayspullimage:禁止镜像拉取策略使用Always\ntkeallowedrepos:容器镜像来源限制\nblockunknowndaemonset:禁止未知的DaemonSet部署\nblockpvdeletion:PV处于绑定状态则不允许删除\ncorednsprotect:CoreDNS组件删除保护\nblockschedulablenodedelete:非封锁状态的Node不允许删除\nresourcesdeletionprotection:资源删除保护\ntkeenirequest:弹性网卡资源配置限制\nblockworkloadcrossversionupgrade:工作负载镜像版本升级策略管控\nblockserviceaccountgranthighprivilegepermission:ServiceAccount权限管控\nblockclusteripserviceexist:不允许Service为ClusterIP类型\nblockinternetaccess:禁止公网访问\nassign:禁止访问Metadata Server\nblockhostnetworkpod:禁止创建HostNetwork类型Pod\n\n可选策略:\nblockvolumemountpath:禁止容器挂载指定的目录\nk8sallowedrepos:容器镜像必须以指定字符串列表中的字符串开头\nk8sblockendpointeditdefaultrole:禁止默认ClusterRole修改Endpoints\nk8sblockloadbalancer:不允许Service为LoadBalancer类型\nk8sblocknodeport:不允许Service为NodePort类型\nk8sblockwildcardingress:禁止ingress配置空白或通配符类型的hostname\nk8scontainerlimits:限制容器必须设置CPU和内存Limit\nk8scontainerratios:限制CPU和内存的Request与Limit的最大比率\nk8scontainerrequests:限制CPU和内存的Request必须设置且小于配置的最大值\nk8srequiredresources:必须配置内存的Limit,CPU和内存的Request\nk8sdisallowanonymous:不允许将白名单以外的ClusterRole和Role关联到system:anonymous User和system:unauthenticated Group\nk8sdisallowedtags:约束容器镜像tag\nk8sexternalips:限制服务externalIP仅为允许的IP地址列表\nk8simagedigests:容器镜像必须包含digest\nnoupdateserviceaccount:拒绝白名单外的资源更新ServiceAccount\nk8sreplicalimits:要求具有spec.replicas字段的对象(Deployments、ReplicaSets等)在定义的范围内\nk8srequiredannotations:要求资源包含指定的annotations,其值与提供的正则表达式匹配\nk8srequiredlabels:要求资源包含指定的标签,其值与提供的正则表达式匹配\nk8srequiredprobes:要求Pod具有Readiness或Liveness Probe\nk8spspautomountserviceaccounttokenpod:约束容器不能设置automountServiceAccountToken为true\nk8spspallowprivilegeescalationcontainer:约束PodSecurityPolicy中的allowPrivilegeEscalation字段为false\nk8spspapparmor:约束AppArmor字段列表\nk8spspcapabilities:限制PodSecurityPolicy中的allowedCapabilities和requiredDropCapabilities字段\nk8spspflexvolumes:约束PodSecurityPolicy中的allowedFlexVolumes字段类型\nk8spspforbiddensysctls:约束PodSecurityPolicy中的sysctls字段不能使用的name\nk8spspfsgroup:控制PodSecurityPolicy中的fsGroup字段在限制范围内\nk8spsphostfilesystem:约束PodSecurityPolicy中的hostPath字段的参数\nk8spsphostnamespace:限制PodSecurityPolicy中的hostPID和hostIPC字段\nk8spsphostnetworkingports:约束PodSecurityPolicy中的hostNetwork和hostPorts字段\nk8spspprivilegedcontainer:禁止PodSecurityPolicy中的privileged字段为true\nk8spspprocmount:约束PodSecurityPolicy中的allowedProcMountTypes字段\nk8spspreadonlyrootfilesystem:约束PodSecurityPolicy中的readOnlyRootFilesystem字段\nk8spspseccomp:约束PodSecurityPolicy上的seccomp.security.alpha.kubernetes.io/allowedProfileNames注解\nk8spspselinuxv2:约束Pod定义SELinux配置的允许列表\nk8spspallowedusers:约束PodSecurityPolicy中的runAsUser、runAsGroup、supplementalGroups和fsGroup字段\nk8spspvolumetypes:约束PodSecurityPolicy中的volumes字段类型",
20764
+ "example": "blockcrddeletion",
20765
20765
  "member": "string",
20766
20766
  "name": "Kind",
20767
20767
  "output_required": true,
tccli/services/tke/v20180525/examples.json CHANGED
@@ -1040,7 +1040,7 @@
1040
1040
  {
1041
1041
  "document": "",
1042
1042
  "input": "POST / HTTP/1.1\nHost: tke.tencentcloudapi.com\nContent-Type: application/json\nX-TC-Action: DescribeOpenPolicyList\n<公共请求参数>\n\n{\n \"ClusterId\": \"cls-gzzr1v5t\",\n \"Category\": \"baseline\"\n}",
1043
- "output": "{\n \"Response\": {\n \"OpenPolicyInfoList\": [\n {\n \"EnforcementAction\": \"deny\",\n \"EventNums\": 0,\n \"Kind\": \"blockclusterdeletion\",\n \"Name\": \"block-cluster-deletion-rule\",\n \"PolicyCategory\": \"cluster\",\n \"PolicyDesc\": \"集群中存在任意节点(普通节点、原生节点、注册节点),需先下线节点后方可删除\",\n \"PolicyName\": \"存在节点的集群不允许删除\"\n },\n {\n \"EnforcementAction\": \"dryrun\",\n \"EventNums\": 0,\n \"Kind\": \"blocknamespacedeletion\",\n \"Name\": \"block-namespace-deletion-rule\",\n \"PolicyCategory\": \"namespace\",\n \"PolicyDesc\": \"命名空间内如果存在pod、service、ingress、pvc,需清空上述资源后方可删除\",\n \"PolicyName\": \"存在workload、服务与路由、存储对象的命名空间不允许删除\"\n },\n {\n \"EnforcementAction\": \"dryrun\",\n \"EventNums\": 0,\n \"Kind\": \"blockcrddeletion\",\n \"Name\": \"block-crd-deletion-rule\",\n \"PolicyCategory\": \"configuration\",\n \"PolicyDesc\": \"crd定义的apiversion下如果有创建cr资源,则清空cr后方可删除crd\",\n \"PolicyName\": \"存在cr的crd不允许删除\"\n },\n {\n \"EnforcementAction\": \"dryrun\",\n \"EventNums\": 0,\n \"Kind\": \"blockpvdeletion\",\n \"Name\": \"block-pv-deletion-rule\",\n \"PolicyCategory\": \"storage\",\n \"PolicyDesc\": \"pv如果处于bound状态,则不允许被删除\",\n \"PolicyName\": \"绑定状态的pv不允许删除\"\n },\n {\n \"EnforcementAction\": \"dryrun\",\n \"EventNums\": 0,\n \"Kind\": \"blockservicewithingressdeletion\",\n \"Name\": \"block-service-with-ingress-deletion-rule\",\n \"PolicyCategory\": \"network\",\n \"PolicyDesc\": \"ingress-controller前端svc,如果存在ingress配置,则svc不允许删除\",\n \"PolicyName\": \"应用了ingress规则的svc不允许删除\"\n }\n ],\n \"RequestId\": \"224782f1-c990-4383-8f21-bb369c9ca396\"\n }\n}",
1043
+ "output": "{\n \"Response\": {\n \"GatekeeperStatus\": 1,\n \"OpenPolicyInfoList\": [\n {\n \"ConstraintYamlExample\": \"\",\n \"EnabledStatus\": \"open\",\n \"EnforcementAction\": \"deny\",\n \"EventNums\": 0,\n \"Kind\": \"blockclusterdeletion\",\n \"Name\": \"block-cluster-deletion-rule\",\n \"OpenConstraintInfoList\": [\n {\n \"EventNums\": 0,\n \"Name\": \"block-cluster-deletion-rule\",\n \"YamlDetail\": \"\"\n }\n ],\n \"PolicyCategory\": \"cluster\",\n \"PolicyDesc\": \"集群中存在任意节点(普通节点、原生节点、注册节点),需先下线节点后方可删除\",\n \"PolicyName\": \"存在节点的集群不允许删除\"\n }\n ],\n \"RequestId\": \"224782f1-c990-4383-8f21-bb369c9ca396\"\n }\n}",
1044
1044
  "title": "查询策略列表"
1045
1045
  }
1046
1046
  ],
tccli/services/tms/tms_client.py CHANGED
@@ -175,6 +175,110 @@ def doTextModeration(args, parsed_globals):
175
175
  FormatOutput.output("action", json_obj, g_param[OptionsDefine.Output], g_param[OptionsDefine.Filter])
176
176
 
177
177
 
178
+ def doGetFinancialLLMTaskResult(args, parsed_globals):
179
+ g_param = parse_global_arg(parsed_globals)
180
+
181
+ if g_param[OptionsDefine.UseCVMRole.replace('-', '_')]:
182
+ cred = credential.CVMRoleCredential()
183
+ elif g_param[OptionsDefine.RoleArn.replace('-', '_')] and g_param[OptionsDefine.RoleSessionName.replace('-', '_')]:
184
+ cred = credential.STSAssumeRoleCredential(
185
+ g_param[OptionsDefine.SecretId], g_param[OptionsDefine.SecretKey], g_param[OptionsDefine.RoleArn.replace('-', '_')],
186
+ g_param[OptionsDefine.RoleSessionName.replace('-', '_')], endpoint=g_param["sts_cred_endpoint"]
187
+ )
188
+ elif os.getenv(OptionsDefine.ENV_TKE_REGION) and os.getenv(OptionsDefine.ENV_TKE_PROVIDER_ID) and os.getenv(OptionsDefine.ENV_TKE_WEB_IDENTITY_TOKEN_FILE) and os.getenv(OptionsDefine.ENV_TKE_ROLE_ARN):
189
+ cred = credential.DefaultTkeOIDCRoleArnProvider().get_credentials()
190
+ else:
191
+ cred = credential.Credential(
192
+ g_param[OptionsDefine.SecretId], g_param[OptionsDefine.SecretKey], g_param[OptionsDefine.Token]
193
+ )
194
+ http_profile = HttpProfile(
195
+ reqTimeout=60 if g_param[OptionsDefine.Timeout] is None else int(g_param[OptionsDefine.Timeout]),
196
+ reqMethod="POST",
197
+ endpoint=g_param[OptionsDefine.Endpoint],
198
+ proxy=g_param[OptionsDefine.HttpsProxy.replace('-', '_')]
199
+ )
200
+ profile = ClientProfile(httpProfile=http_profile, signMethod="HmacSHA256")
201
+ if g_param[OptionsDefine.Language]:
202
+ profile.language = g_param[OptionsDefine.Language]
203
+ mod = CLIENT_MAP[g_param[OptionsDefine.Version]]
204
+ client = mod.TmsClient(cred, g_param[OptionsDefine.Region], profile)
205
+ client._sdkVersion += ("_CLI_" + __version__)
206
+ models = MODELS_MAP[g_param[OptionsDefine.Version]]
207
+ model = models.GetFinancialLLMTaskResultRequest()
208
+ model.from_json_string(json.dumps(args))
209
+ start_time = time.time()
210
+ while True:
211
+ rsp = client.GetFinancialLLMTaskResult(model)
212
+ result = rsp.to_json_string()
213
+ try:
214
+ json_obj = json.loads(result)
215
+ except TypeError as e:
216
+ json_obj = json.loads(result.decode('utf-8')) # python3.3
217
+ if not g_param[OptionsDefine.Waiter] or search(g_param['OptionsDefine.WaiterInfo']['expr'], json_obj) == g_param['OptionsDefine.WaiterInfo']['to']:
218
+ break
219
+ cur_time = time.time()
220
+ if cur_time - start_time >= g_param['OptionsDefine.WaiterInfo']['timeout']:
221
+ raise ClientError('Request timeout, wait `%s` to `%s` timeout, last request is %s' %
222
+ (g_param['OptionsDefine.WaiterInfo']['expr'], g_param['OptionsDefine.WaiterInfo']['to'],
223
+ search(g_param['OptionsDefine.WaiterInfo']['expr'], json_obj)))
224
+ else:
225
+ print('Inquiry result is %s.' % search(g_param['OptionsDefine.WaiterInfo']['expr'], json_obj))
226
+ time.sleep(g_param['OptionsDefine.WaiterInfo']['interval'])
227
+ FormatOutput.output("action", json_obj, g_param[OptionsDefine.Output], g_param[OptionsDefine.Filter])
228
+
229
+
230
+ def doCreateFinancialLLMTask(args, parsed_globals):
231
+ g_param = parse_global_arg(parsed_globals)
232
+
233
+ if g_param[OptionsDefine.UseCVMRole.replace('-', '_')]:
234
+ cred = credential.CVMRoleCredential()
235
+ elif g_param[OptionsDefine.RoleArn.replace('-', '_')] and g_param[OptionsDefine.RoleSessionName.replace('-', '_')]:
236
+ cred = credential.STSAssumeRoleCredential(
237
+ g_param[OptionsDefine.SecretId], g_param[OptionsDefine.SecretKey], g_param[OptionsDefine.RoleArn.replace('-', '_')],
238
+ g_param[OptionsDefine.RoleSessionName.replace('-', '_')], endpoint=g_param["sts_cred_endpoint"]
239
+ )
240
+ elif os.getenv(OptionsDefine.ENV_TKE_REGION) and os.getenv(OptionsDefine.ENV_TKE_PROVIDER_ID) and os.getenv(OptionsDefine.ENV_TKE_WEB_IDENTITY_TOKEN_FILE) and os.getenv(OptionsDefine.ENV_TKE_ROLE_ARN):
241
+ cred = credential.DefaultTkeOIDCRoleArnProvider().get_credentials()
242
+ else:
243
+ cred = credential.Credential(
244
+ g_param[OptionsDefine.SecretId], g_param[OptionsDefine.SecretKey], g_param[OptionsDefine.Token]
245
+ )
246
+ http_profile = HttpProfile(
247
+ reqTimeout=60 if g_param[OptionsDefine.Timeout] is None else int(g_param[OptionsDefine.Timeout]),
248
+ reqMethod="POST",
249
+ endpoint=g_param[OptionsDefine.Endpoint],
250
+ proxy=g_param[OptionsDefine.HttpsProxy.replace('-', '_')]
251
+ )
252
+ profile = ClientProfile(httpProfile=http_profile, signMethod="HmacSHA256")
253
+ if g_param[OptionsDefine.Language]:
254
+ profile.language = g_param[OptionsDefine.Language]
255
+ mod = CLIENT_MAP[g_param[OptionsDefine.Version]]
256
+ client = mod.TmsClient(cred, g_param[OptionsDefine.Region], profile)
257
+ client._sdkVersion += ("_CLI_" + __version__)
258
+ models = MODELS_MAP[g_param[OptionsDefine.Version]]
259
+ model = models.CreateFinancialLLMTaskRequest()
260
+ model.from_json_string(json.dumps(args))
261
+ start_time = time.time()
262
+ while True:
263
+ rsp = client.CreateFinancialLLMTask(model)
264
+ result = rsp.to_json_string()
265
+ try:
266
+ json_obj = json.loads(result)
267
+ except TypeError as e:
268
+ json_obj = json.loads(result.decode('utf-8')) # python3.3
269
+ if not g_param[OptionsDefine.Waiter] or search(g_param['OptionsDefine.WaiterInfo']['expr'], json_obj) == g_param['OptionsDefine.WaiterInfo']['to']:
270
+ break
271
+ cur_time = time.time()
272
+ if cur_time - start_time >= g_param['OptionsDefine.WaiterInfo']['timeout']:
273
+ raise ClientError('Request timeout, wait `%s` to `%s` timeout, last request is %s' %
274
+ (g_param['OptionsDefine.WaiterInfo']['expr'], g_param['OptionsDefine.WaiterInfo']['to'],
275
+ search(g_param['OptionsDefine.WaiterInfo']['expr'], json_obj)))
276
+ else:
277
+ print('Inquiry result is %s.' % search(g_param['OptionsDefine.WaiterInfo']['expr'], json_obj))
278
+ time.sleep(g_param['OptionsDefine.WaiterInfo']['interval'])
279
+ FormatOutput.output("action", json_obj, g_param[OptionsDefine.Output], g_param[OptionsDefine.Filter])
280
+
281
+
178
282
  def doDescribeTextLib(args, parsed_globals):
179
283
  g_param = parse_global_arg(parsed_globals)
180
284
 
@@ -243,6 +347,8 @@ ACTION_MAP = {
243
347
  "DescribeTextStat": doDescribeTextStat,
244
348
  "AccountTipoffAccess": doAccountTipoffAccess,
245
349
  "TextModeration": doTextModeration,
350
+ "GetFinancialLLMTaskResult": doGetFinancialLLMTaskResult,
351
+ "CreateFinancialLLMTask": doCreateFinancialLLMTask,
246
352
  "DescribeTextLib": doDescribeTextLib,
247
353
 
248
354
  }