Image Migration APIs

CCR

  • Enterprise Edition API Reference
    • Appendix
    • Common Headers and Error Code
    • Enterprise Edition Instance APIs
    • Helm Chart Management Interface
    • Image access control APIs
    • Image Access Credential APIs
    • Image API
    • Image Migration APIs
    • Image On-demand Loading APIs
    • Image Registry APIs
    • Image Synchronization APIs
    • Namespace APIs
    • Overview
    • Service domain
    • Trigger APIs
  • Enterprise Edition Go-SDK
    • Enterprise Edition Instance
    • Initialization
    • Install the SDK Package
    • Overview
  • Enterprise Edition Operation Guide
    • Access configuration
      • Configure Access credentials
      • Configure Custom Endpoint
      • Configure IAM Access Control
      • Configure IAM Tag Permission Policy
      • Configure Robot Account
      • Network Access Control
        • Configure public network access control
        • Configure virtual private cloud access control
        • Network Access Control Overview
    • Container DevOps
      • Manage Trigger
    • Create Enterprise Edition Instance
    • Distribution Management
      • Cross-Instance Synchronization of Image
      • On-Demand Loading of Container Image
      • Using P2P Acceleration in CCE Clusters
    • Event notification
      • Configure Event Notification Alert
      • Image Push Failure Error Code and Handling Methods
    • Image Build
      • Build Based on Existing Image
    • Image Cleanup
      • Clean BOS Storage Space
      • Delete image version
      • Version Retention
    • Image Migration
      • Migrate External Image to Enterprise Edition Instance
    • Image security
      • Immutable image version
      • Security Scanning Container Image
    • Manage Namespace
    • OCI Artifact Management
      • Manage Helm Chart
      • Manage Image Registry
      • OCI Artifact Management Overview
  • Function Release Records
  • Personal Edition API Reference
    • Helm API
    • Image API
    • Image Migration APIs
    • Image Version and Image Version Scanning Interface
    • Namespace APIs
    • Overview
    • User APIs
  • Personal Edition Documentation Set
    • Account Permission Management
    • Cloud Container Engine (CCE) migration to CCR
    • Container Image Service Basic Operations
    • How to Perform Image Scanning
    • How to Upload Helm Chart
    • How to use the DockerHub image accelerator
  • Product Announcement
    • CCR Enterprise Edition Pricing Announcement
    • CCR Enterprise Edition Public Beta Announcement
    • CCR Personal Edition Announcement on Closing New Entry
    • CCR Personal Edition Announcement on Disabling Image Scanning Function
  • Product introduction
    • Core concepts
    • Enterprise Edition Different Specifications Differentiation Description
    • Key functions
    • Product advantages
    • Product Introduction
  • Product pricing
    • Billing overview
  • Quick Start
    • Enterprise Edition Quick Start
    • How to Build Docker Image
  • Service Level Agreement (SLA)
    • CCR Enterprise Edition Service Level Agreement
All documents
menu
No results found, please re-enter

CCR

  • Enterprise Edition API Reference
    • Appendix
    • Common Headers and Error Code
    • Enterprise Edition Instance APIs
    • Helm Chart Management Interface
    • Image access control APIs
    • Image Access Credential APIs
    • Image API
    • Image Migration APIs
    • Image On-demand Loading APIs
    • Image Registry APIs
    • Image Synchronization APIs
    • Namespace APIs
    • Overview
    • Service domain
    • Trigger APIs
  • Enterprise Edition Go-SDK
    • Enterprise Edition Instance
    • Initialization
    • Install the SDK Package
    • Overview
  • Enterprise Edition Operation Guide
    • Access configuration
      • Configure Access credentials
      • Configure Custom Endpoint
      • Configure IAM Access Control
      • Configure IAM Tag Permission Policy
      • Configure Robot Account
      • Network Access Control
        • Configure public network access control
        • Configure virtual private cloud access control
        • Network Access Control Overview
    • Container DevOps
      • Manage Trigger
    • Create Enterprise Edition Instance
    • Distribution Management
      • Cross-Instance Synchronization of Image
      • On-Demand Loading of Container Image
      • Using P2P Acceleration in CCE Clusters
    • Event notification
      • Configure Event Notification Alert
      • Image Push Failure Error Code and Handling Methods
    • Image Build
      • Build Based on Existing Image
    • Image Cleanup
      • Clean BOS Storage Space
      • Delete image version
      • Version Retention
    • Image Migration
      • Migrate External Image to Enterprise Edition Instance
    • Image security
      • Immutable image version
      • Security Scanning Container Image
    • Manage Namespace
    • OCI Artifact Management
      • Manage Helm Chart
      • Manage Image Registry
      • OCI Artifact Management Overview
  • Function Release Records
  • Personal Edition API Reference
    • Helm API
    • Image API
    • Image Migration APIs
    • Image Version and Image Version Scanning Interface
    • Namespace APIs
    • Overview
    • User APIs
  • Personal Edition Documentation Set
    • Account Permission Management
    • Cloud Container Engine (CCE) migration to CCR
    • Container Image Service Basic Operations
    • How to Perform Image Scanning
    • How to Upload Helm Chart
    • How to use the DockerHub image accelerator
  • Product Announcement
    • CCR Enterprise Edition Pricing Announcement
    • CCR Enterprise Edition Public Beta Announcement
    • CCR Personal Edition Announcement on Closing New Entry
    • CCR Personal Edition Announcement on Disabling Image Scanning Function
  • Product introduction
    • Core concepts
    • Enterprise Edition Different Specifications Differentiation Description
    • Key functions
    • Product advantages
    • Product Introduction
  • Product pricing
    • Billing overview
  • Quick Start
    • Enterprise Edition Quick Start
    • How to Build Docker Image
  • Service Level Agreement (SLA)
    • CCR Enterprise Edition Service Level Agreement
  • Document center
  • arrow
  • CCR
  • arrow
  • Personal Edition API Reference
  • arrow
  • Image Migration APIs
Table of contents on this page
  • Create registry authorization
  • Update registry authorization
  • Delete registry authorization
  • Registry health check
  • Retrieve registry authorization list
  • Create migration strategy
  • Update migration strategy
  • Delete migration strategy
  • Execute migration strategy immediately
  • Retrieve migration strategy list
  • Get migration task list
  • Stop migration strategy

Image Migration APIs

Updated at:2025-11-03

Create registry authorization

API description

Create registry authorization, currently supporting two options: harbor and docker-registry. Choose docker-registry to transfer CCE images to CCR.

Permission description The Access Key and request signature mechanism are uniformly adopted for all API security authentication. Access Key consists of an Access Key ID and a Secret Access Key, both of which are strings. For each HTTP request, use the algorithm described below to generate a authentication string. Submit the certification string in the Authorization header. The server verifies the correctness of the authentication string based on the generation algorithm. The certification string format is bce-auth-v{version}/{accessKeyId}/{timestamp}/{expirationPeriodInSeconds}/{signedHeaders}/{signature}.

  • The version is a positive integer.
  • The timestamp refers to the UTC time when the signature is created.
  • The expirationPeriodInSeconds specifies the duration during which the signature remains valid.
  • SignedHeaders includes the list of headers involved in the signature algorithm. The headers are separated by semicolons (e.g., host;x-bce-date) and arranged in lexicographical order. (This API signature involves only the host and x-bce-date headers.)
  • The signature is a 256-bit signature represented as a 64-character lowercase hexadecimal digest.

When Baidu AI Cloud receives a user's request, the system uses the same SK and certification mechanism to generate a certification string. This string is then compared with the one included in the user's request. If the two match, the system confirms the user has the required permissions and proceeds with the operation. If they differ, the system cancels the operation and returns an error code.

For detailed information on the authentication mechanism, please refer to [Authentication](Reference/Authentication mechanism/Introduction.md).

Notes

To migrate CCE images to CCR, select docker-registry. Provide the CCE account username and password, and use the following registry address:

Plain Text 
1http://hub.baidubce.com

Request structure

Plain Text 
1POST /v1/ccr/registries  HTTP/1.1
2Host: ccr.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Parameter name Types Whether required Parameter location Description
type String Yes RequestBody Registry type
name String Yes RequestBody Custom registry name
description String No RequestBody Registry description
url String Yes RequestBody Registry hyperlink
credential Object Yes RequestBody Registry verification information
accessKey String Yes RequestBody Username
accessSecret String Yes RequestBody Password
type String Yes RequestBody Currently only support basic, which is the verification methods of user name and password

Response headers

There are no special headers required beyond the common headers.

Response parameters

Parameter name Types Description
action String Operation type: This API returns create
targetName String New registry ID

Error codes

Not available

Request example

Plain Text 
1POST /v1/ccr/registries  HTTP/1.1
2Host: ccr.baidubce.com
3Authorization: authorization string
4{
5    "type": "docker-registry",
6    "name": "test-registry",
7    "description": "test description",
8    "url": "http://hub.baidubce.com",
9    "credential": {
10        "accessKey": "username",
11        "accessSecret": "password",
12        "type": "basic"
13    },
14    "insecure": false
15}

Response example

Plain Text 
1HTTP/1.1 200 OK
2Content-Type: application/json;charset=UTF-8
3Date: Wed, 08 Jul 2015 03:28:11 GMT
4x-bce-request-id: d8752367-38e8-45e4-b4c7-e53be3137ce5
5{
6    "action": "create",
7    "targetName": "1"
8}

Update registry authorization

API description

Update registry authorization

Permission description The Access Key and request signature mechanism are uniformly adopted for all API security authentication. Access Key consists of an Access Key ID and a Secret Access Key, both of which are strings. For each HTTP request, use the algorithm described below to generate a authentication string. Submit the certification string in the Authorization header. The server verifies the correctness of the authentication string based on the generation algorithm. The certification string format is bce-auth-v{version}/{accessKeyId}/{timestamp}/{expirationPeriodInSeconds}/{signedHeaders}/{signature}.

  • The version is a positive integer.
  • The timestamp refers to the UTC time when the signature is created.
  • The expirationPeriodInSeconds specifies the duration during which the signature remains valid.
  • SignedHeaders includes the list of headers involved in the signature algorithm. The headers are separated by semicolons (e.g., host;x-bce-date) and arranged in lexicographical order. (This API signature involves only the host and x-bce-date headers.)
  • The signature is a 256-bit signature represented as a 64-character lowercase hexadecimal digest.

When Baidu AI Cloud receives a user's request, the system uses the same SK and certification mechanism to generate a certification string. This string is then compared with the one included in the user's request. If the two match, the system confirms the user has the required permissions and proceeds with the operation. If they differ, the system cancels the operation and returns an error code.

For detailed information on the authentication mechanism, please refer to [Authentication](Reference/Authentication mechanism/Introduction.md).

Notes

To migrate CCE images to CCR, select docker-registry. Provide the CCE account username and password, and use the following registry address:

Plain Text 
1http://hub.baidubce.com

Request structure

Plain Text 
1PUT /v1/ccr/registries  HTTP/1.1
2Host: ccr.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Parameter name Types Whether required Parameter location Description
id int Yes RequestBody Registry ID
type String Yes RequestBody Registry type
name String Yes RequestBody Custom registry name
description String No RequestBody Registry description
url String Yes RequestBody Registry hyperlink
credential Object Yes RequestBody Registry verification information
accessKey String Yes RequestBody Username
accessSecret String Yes RequestBody Password
type String Yes RequestBody Currently only support basic, which is the verification methods of user name and password

Response headers

There are no special headers required beyond the common headers.

Response parameters

Parameter name Types Description
action String Operation type: This API returns update
targetName String Registry ID

Error codes

Not available

Request example

Plain Text 
1PUT /v1/ccr/registries  HTTP/1.1
2Host: ccr.baidubce.com
3Authorization: authorization string
4{
5    "id":1,
6    "type": "docker-registry",
7    "name": "test-registry",
8    "description": "test description",
9    "url": "http://hub.baidubce.com",
10    "credential": {
11        "accessKey": "username",
12        "accessSecret": "password",
13        "type": "basic"
14    },
15    "insecure": false
16}

Response example

Plain Text 
1HTTP/1.1 200 OK
2Content-Type: application/json;charset=UTF-8
3Date: Wed, 08 Jul 2015 03:28:11 GMT
4x-bce-request-id: d8752367-38e8-45e4-b4c7-e53be3137ce5
5{
6    "action": "update",
7    "targetName": "1"
8}

Delete registry authorization

API description

Delete registry authorization

Permission description The Access Key and request signature mechanism are uniformly adopted for all API security authentication. Access Key consists of an Access Key ID and a Secret Access Key, both of which are strings. For each HTTP request, use the algorithm described below to generate a authentication string. Submit the certification string in the Authorization header. The server verifies the correctness of the authentication string based on the generation algorithm. The certification string format is bce-auth-v{version}/{accessKeyId}/{timestamp}/{expirationPeriodInSeconds}/{signedHeaders}/{signature}.

  • The version is a positive integer.
  • The timestamp refers to the UTC time when the signature is created.
  • The expirationPeriodInSeconds specifies the duration during which the signature remains valid.
  • SignedHeaders includes the list of headers involved in the signature algorithm. The headers are separated by semicolons (e.g., host;x-bce-date) and arranged in lexicographical order. (This API signature involves only the host and x-bce-date headers.)
  • The signature is a 256-bit signature represented as a 64-character lowercase hexadecimal digest.

When Baidu AI Cloud receives a user's request, the system uses the same SK and certification mechanism to generate a certification string. This string is then compared with the one included in the user's request. If the two match, the system confirms the user has the required permissions and proceeds with the operation. If they differ, the system cancels the operation and returns an error code.

For detailed information on the authentication mechanism, please refer to [Authentication](Reference/Authentication mechanism/Introduction.md).

Request structure

Plain Text 
1DELETE /v1/ccr/registries/{registryId}  HTTP/1.1
2Host: ccr.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Parameter name Types Whether required Parameter location Description
registryId int Yes URL parameters Registry ID

Response headers

There are no special headers required beyond the common headers.

Response parameters

Parameter name Types Description
action String Operation type: This API returns delete
targetName String Registry ID

Error codes

Not available

Request example

Plain Text 
1DELETE /v1/ccr/registries/1  HTTP/1.1
2Host: ccr.baidubce.com
3Authorization: authorization string

Response example

Plain Text 
1HTTP/1.1 200 OK
2Content-Type: application/json;charset=UTF-8
3Date: Wed, 08 Jul 2015 03:28:11 GMT
4x-bce-request-id: d8752367-38e8-45e4-b4c7-e53be3137ce5
5{
6    "action": "delete",
7    "targetName": "1"
8}

Registry health check

API description

Check whether the registry is healthy

Permission description The Access Key and request signature mechanism are uniformly adopted for all API security authentication. Access Key consists of an Access Key ID and a Secret Access Key, both of which are strings. For each HTTP request, use the algorithm described below to generate a authentication string. Submit the certification string in the Authorization header. The server verifies the correctness of the authentication string based on the generation algorithm. The certification string format is bce-auth-v{version}/{accessKeyId}/{timestamp}/{expirationPeriodInSeconds}/{signedHeaders}/{signature}.

  • The version is a positive integer.
  • The timestamp refers to the UTC time when the signature is created.
  • The expirationPeriodInSeconds specifies the duration during which the signature remains valid.
  • SignedHeaders includes the list of headers involved in the signature algorithm. The headers are separated by semicolons (e.g., host;x-bce-date) and arranged in lexicographical order. (This API signature involves only the host and x-bce-date headers.)
  • The signature is a 256-bit signature represented as a 64-character lowercase hexadecimal digest.

When Baidu AI Cloud receives a user's request, the system uses the same SK and certification mechanism to generate a certification string. This string is then compared with the one included in the user's request. If the two match, the system confirms the user has the required permissions and proceeds with the operation. If they differ, the system cancels the operation and returns an error code.

For detailed information on the authentication mechanism, please refer to [Authentication](Reference/Authentication mechanism/Introduction.md).

Notes

Request structure

Plain Text 
1POST /v1/ccr/registries  HTTP/1.1
2Host: ccr.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Parameter name Types Whether required Parameter location Description
id int Yes RequestBody Registry ID
type String Yes RequestBody Registry type
name String Yes RequestBody Custom registry name
description String No RequestBody Registry description
url String Yes RequestBody Registry hyperlink
credential Object Yes RequestBody Registry verification information
accessKey String Yes RequestBody Username
accessSecret String Yes RequestBody Password
type String Yes RequestBody Currently only support basic, which is the verification methods of user name and password

Response headers

There are no special headers required beyond the common headers.

Response parameters

Parameter name Types Description
action String Operation type: This API returns checkHealth
targetName String true indicates healthy, false indicates unhealthy

Error codes

Not available

Request example

Created registries

Plain Text 
1POST /v1/ccr/registries  HTTP/1.1
2Host: ccr.baidubce.com
3Authorization: authorization string
4{
5    "id":1
6}

Uncreated registries

Plain Text 
1POST /v1/ccr/registries  HTTP/1.1
2Host: ccr.baidubce.com
3Authorization: authorization string
4{
5    "type": "docker-registry",
6    "name": "test-registry",
7    "description": "test description",
8    "url": "http://hub.baidubce.com",
9    "credential": {
10        "accessKey": "username",
11        "accessSecret": "password",
12        "type": "basic"
13    },
14    "insecure": false
15}

Response example

Plain Text 
1HTTP/1.1 200 OK
2Content-Type: application/json;charset=UTF-8
3Date: Wed, 08 Jul 2015 03:28:11 GMT
4x-bce-request-id: d8752367-38e8-45e4-b4c7-e53be3137ce5
5{
6    "action": "checkHealth",
7    "targetName": "true"
8}

Retrieve registry authorization list

API description

Retrieve the list of created registries

Permission description The Access Key and request signature mechanism are uniformly adopted for all API security authentication. Access Key consists of an Access Key ID and a Secret Access Key, both of which are strings. For each HTTP request, use the algorithm described below to generate a authentication string. Submit the certification string in the Authorization header. The server verifies the correctness of the authentication string based on the generation algorithm. The certification string format is bce-auth-v{version}/{accessKeyId}/{timestamp}/{expirationPeriodInSeconds}/{signedHeaders}/{signature}.

  • The version is a positive integer.
  • The timestamp refers to the UTC time when the signature is created.
  • The expirationPeriodInSeconds specifies the duration during which the signature remains valid.
  • SignedHeaders includes the list of headers involved in the signature algorithm. The headers are separated by semicolons (e.g., host;x-bce-date) and arranged in lexicographical order. (This API signature involves only the host and x-bce-date headers.)
  • The signature is a 256-bit signature represented as a 64-character lowercase hexadecimal digest.

When Baidu AI Cloud receives a user's request, the system uses the same SK and certification mechanism to generate a certification string. This string is then compared with the one included in the user's request. If the two match, the system confirms the user has the required permissions and proceeds with the operation. If they differ, the system cancels the operation and returns an error code.

For detailed information on the authentication mechanism, please refer to [Authentication](Reference/Authentication mechanism/Introduction.md).

Notes

To migrate CCE images to CCR, select docker-registry. Provide the CCE account username and password, and use the following registry address:

Plain Text 
1http://hub.baidubce.com

Request structure

Plain Text 
1GET /v1/ccr/registries  HTTP/1.1
2Host: ccr.baidubce.com
3Authorization: authorization string
4{
5    "type": "docker-registry",
6    "name": "test-registry",
7    "description": "test description",
8    "url": "http://hub.baidubce.com",
9    "credential": {
10        "accessKey": "username",
11        "accessSecret": "password",
12        "type": "basic"
13    },
14    "insecure": false
15}

Request headers

There are no special headers required beyond the common headers.

Request parameters

Parameter name Types Whether required Parameter location Description
keyword String No Query Query keyword
type String No Query Registry type
pageNo int No Query Current page
pageSize int No Query Records count per page, maximum 100

Response headers

There are no special headers required beyond the common headers.

Response parameters

Parameter name Types Description
id int Registry ID
type String Registry type
name String Custom registry name
description String Registry description
url String Registry hyperlink
status String Registry status: normal indicates healthy, abnormal indicates unhealthy, and null indicates unchecked
updateTime String Update time
insecure Boolean false: Do not verify certificate; true: Verify certificate
credential Object Registry verification information
accessKey String Username
accessSecret String Password
type String Currently only support basic, which is the verification methods of user name and password
result List Result list
pageNo int Current page
pageSize int Records count per page
totalCount int Total records
order String Sorting method
orderBy String Sorting field

Error codes

Not available

Request example

Plain Text 
1GET /v1/ccr/registries?pageSize=10&pageNo=1&keyword=test&keywordType=name&type=docker-registry  HTTP/1.1
2Host: ccr.baidubce.com
3Authorization: authorization string

Response example

Plain Text 
1HTTP/1.1 200 OK
2Content-Type: application/json;charset=UTF-8
3Date: Wed, 08 Jul 2015 03:28:11 GMT
4x-bce-request-id: d8752367-38e8-45e4-b4c7-e53be3137ce5
5{
6    "result": [
7        {
8            "id": 1,
9            "url": "https://hub.baidubce.com",
10            "name": "test",
11            "credential": {
12                "type": "basic",
13                "accessKey": null,
14                "accessSecret": null
15            },
16            "type": "docker-registry",
17            "insecure": false,
18            "description": "test",
19            "status": "healthy",
20            "creationTime": "2020-06-19T03:24:18Z",
21            "updateTime": "2020-07-13T08:27:35Z"
22        }
23    ],
24    "orders": null,
25    "orderBy": null,
26    "order": null,
27    "pageNo": 1,
28    "pageSize": 10,
29    "totalCount": 1
30}

Create migration strategy

API description

Create migration strategy

Permission description The Access Key and request signature mechanism are uniformly adopted for all API security authentication. Access Key consists of an Access Key ID and a Secret Access Key, both of which are strings. For each HTTP request, use the algorithm described below to generate a authentication string. Submit the certification string in the Authorization header. The server verifies the correctness of the authentication string based on the generation algorithm. The certification string format is bce-auth-v{version}/{accessKeyId}/{timestamp}/{expirationPeriodInSeconds}/{signedHeaders}/{signature}.

  • The version is a positive integer.
  • The timestamp refers to the UTC time when the signature is created.
  • The expirationPeriodInSeconds specifies the duration during which the signature remains valid.
  • SignedHeaders includes the list of headers involved in the signature algorithm. The headers are separated by semicolons (e.g., host;x-bce-date) and arranged in lexicographical order. (This API signature involves only the host and x-bce-date headers.)
  • The signature is a 256-bit signature represented as a 64-character lowercase hexadecimal digest.

When Baidu AI Cloud receives a user's request, the system uses the same SK and certification mechanism to generate a certification string. This string is then compared with the one included in the user's request. If the two match, the system confirms the user has the required permissions and proceeds with the operation. If they differ, the system cancels the operation and returns an error code.

For detailed information on the authentication mechanism, please refer to [Authentication](Reference/Authentication mechanism/Introduction.md).

Notes

The registry must be set up before creating a migration strategy, and the target namespace should already exist. At present, only single-image migrations are supported for CCE images.

Request structure

Plain Text 
1POST /v1/ccr/policies  HTTP/1.1
2Host: ccr.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Parameter name Types Whether required Parameter location Description
name String Yes RequestBody Custom strategy name
description String No RequestBody Policy description
srcRegistry Object Yes RequestBody Target registry
id int Yes RequestBody Target registry ID
destProjectName String Yes RequestBody Prepare to migrate to the namespace in CCR
override Boolean Yes RequestBody Whether to overwrite: true indicates overwriting existing images; false indicates no overwriting.
accessSecret String Yes RequestBody Password
trigger Object Yes RequestBody Migration method: Currently it only supports the manual type, which means migration is triggered manually
type String Yes RequestBody Currently it only supports the manual type, which means manual migration
filter List Yes RequestBody Image filtering method: Two attributes, type and value. Type: name means filtering by image name, tag means filtering by image tag. Value indicates the specific matching method
type String Yes RequestBody Currently it only supports the manual type, which means manual migration

Response headers

There are no special headers required beyond the common headers.

Response parameters

Parameter name Types Description
action String Operation type: This API returns create
targetName String New strategy ID

Error codes

Not available

Request example

Filter images and simultaneously filter image tags

Plain Text 
1POST /v1/ccr/policies  HTTP/1.1
2Host: ccr.baidubce.com
3Authorization: authorization string
4{
5    "trigger": {
6        "type": "manual"
7    },
8    "name": "test-policy",
9    "description": "test",
10    "srcRegistry": {
11        "id": 1
12    },
13    "destProjectName": "public",
14    "override": true,
15    "filters": [
16        {
17            "type": "name",
18            "value": "cce/image"
19        },
20        {
21            "type": "tag",
22            "value": "latest"
23        }
24    ]
25}

Filter images only

Plain Text 
1POST /v1/ccr/policies  HTTP/1.1
2Host: ccr.baidubce.com
3Authorization: authorization string
4{
5    "trigger": {
6        "type": "manual"
7    },
8    "name": "test-policy",
9    "description": "test",
10    "srcRegistry": {
11        "id": 1
12    },
13    "destProjectName": "public",
14    "override": true,
15    "filters": [
16        {
17            "type": "name",
18            "value": "cce/image"
19        }
20    ]
21}

Response example

Plain Text 
1HTTP/1.1 200 OK
2Content-Type: application/json;charset=UTF-8
3Date: Wed, 08 Jul 2015 03:28:11 GMT
4x-bce-request-id: d8752367-38e8-45e4-b4c7-e53be3137ce5
5{
6    "action": "create",
7    "targetName": "1"
8}

Update migration strategy

API description

Update migration strategy

Permission description The Access Key and request signature mechanism are uniformly adopted for all API security authentication. Access Key consists of an Access Key ID and a Secret Access Key, both of which are strings. For each HTTP request, use the algorithm described below to generate a authentication string. Submit the certification string in the Authorization header. The server verifies the correctness of the authentication string based on the generation algorithm. The certification string format is bce-auth-v{version}/{accessKeyId}/{timestamp}/{expirationPeriodInSeconds}/{signedHeaders}/{signature}.

  • The version is a positive integer.
  • The timestamp refers to the UTC time when the signature is created.
  • The expirationPeriodInSeconds specifies the duration during which the signature remains valid.
  • SignedHeaders includes the list of headers involved in the signature algorithm. The headers are separated by semicolons (e.g., host;x-bce-date) and arranged in lexicographical order. (This API signature involves only the host and x-bce-date headers.)
  • The signature is a 256-bit signature represented as a 64-character lowercase hexadecimal digest.

When Baidu AI Cloud receives a user's request, the system uses the same SK and certification mechanism to generate a certification string. This string is then compared with the one included in the user's request. If the two match, the system confirms the user has the required permissions and proceeds with the operation. If they differ, the system cancels the operation and returns an error code.

For detailed information on the authentication mechanism, please refer to [Authentication](Reference/Authentication mechanism/Introduction.md).

Notes

The registry must be set up before creating a migration strategy, and the target namespace should already exist. At present, only single-image migrations are supported for CCE images.

Request structure

Plain Text 
1PUT /v1/ccr/policies  HTTP/1.1
2Host: ccr.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Parameter name Types Whether required Parameter location Description
id int Yes RequestBody Strategy ID
name String Yes RequestBody Custom strategy name
description String No RequestBody Policy description
srcRegistry Object Yes RequestBody Target registry
id int Yes RequestBody Target registry ID
destProjectName String Yes RequestBody Prepare to migrate to the namespace in CCR
override Boolean Yes RequestBody Whether to overwrite: true indicates overwriting existing images; false indicates no overwriting.
accessSecret String Yes RequestBody Password
trigger Object Yes RequestBody Migration method: Currently it only supports the manual type, which means migration is triggered manually
type String Yes RequestBody Currently it only supports the manual type, which means manual migration
filter List Yes RequestBody Image filtering method: Two attributes, type and value. Type: name means filtering by image name, tag means filtering by image tag. Value indicates the specific matching method
type String Yes RequestBody Currently it only supports the manual type, which means manual migration

Response headers

There are no special headers required beyond the common headers.

Response parameters

Parameter name Types Description
action String Operation type: This API returns create
targetName String New strategy ID

Error codes

Not available

Request example

Filter images and simultaneously filter image tags

Plain Text 
1PUT /v1/ccr/policies  HTTP/1.1
2Host: ccr.baidubce.com
3Authorization: authorization string
4{
5    "id": 1,
6    "trigger": {
7        "type": "manual"
8    },
9    "name": "test-policy",
10    "description": "test",
11    "srcRegistry": {
12        "id": 1
13    },
14    "destProjectName": "public",
15    "override": true,
16    "filters": [
17        {
18            "type": "name",
19            "value": "cce/image"
20        },
21        {
22            "type": "tag",
23            "value": "latest"
24        }
25    ]
26}

Filter images only

Plain Text 
1PUT /v1/ccr/policies  HTTP/1.1
2Host: ccr.baidubce.com
3Authorization: authorization string
4{
5    "id": 1,
6    "trigger": {
7        "type": "manual"
8    },
9    "name": "test-policy",
10    "description": "test",
11    "srcRegistry": {
12        "id": 1
13    },
14    "destProjectName": "public",
15    "override": true,
16    "filters": [
17        {
18            "type": "name",
19            "value": "cce/image"
20        }
21    ]
22}

Response example

Plain Text 
1HTTP/1.1 200 OK
2Content-Type: application/json;charset=UTF-8
3Date: Wed, 08 Jul 2015 03:28:11 GMT
4x-bce-request-id: d8752367-38e8-45e4-b4c7-e53be3137ce5
5{
6    "action": "create",
7    "targetName": "1"
8}

Delete migration strategy

API description

Delete migration strategy

Permission description The Access Key and request signature mechanism are uniformly adopted for all API security authentication. Access Key consists of an Access Key ID and a Secret Access Key, both of which are strings. For each HTTP request, use the algorithm described below to generate a authentication string. Submit the certification string in the Authorization header. The server verifies the correctness of the authentication string based on the generation algorithm. The certification string format is bce-auth-v{version}/{accessKeyId}/{timestamp}/{expirationPeriodInSeconds}/{signedHeaders}/{signature}.

  • The version is a positive integer.
  • The timestamp refers to the UTC time when the signature is created.
  • The expirationPeriodInSeconds specifies the duration during which the signature remains valid.
  • SignedHeaders includes the list of headers involved in the signature algorithm. The headers are separated by semicolons (e.g., host;x-bce-date) and arranged in lexicographical order. (This API signature involves only the host and x-bce-date headers.)
  • The signature is a 256-bit signature represented as a 64-character lowercase hexadecimal digest.

When Baidu AI Cloud receives a user's request, the system uses the same SK and certification mechanism to generate a certification string. This string is then compared with the one included in the user's request. If the two match, the system confirms the user has the required permissions and proceeds with the operation. If they differ, the system cancels the operation and returns an error code.

For detailed information on the authentication mechanism, please refer to [Authentication](Reference/Authentication mechanism/Introduction.md).

Request structure

Plain Text 
1DELETE /v1/ccr/policies/{policyId}  HTTP/1.1
2Host: ccr.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Parameter name Types Whether required Parameter location Description
policyId int Yes URL parameters Strategy ID

Response headers

There are no special headers required beyond the common headers.

Response parameters

Parameter name Types Description
action String Operation type: This API returns delete
targetName String Strategy ID

Error codes

Not available

Request example

Plain Text 
1DELETE /v1/ccr/policies/1  HTTP/1.1
2Host: ccr.baidubce.com
3Authorization: authorization string

Response example

Plain Text 
1HTTP/1.1 200 OK
2Content-Type: application/json;charset=UTF-8
3Date: Wed, 08 Jul 2015 03:28:11 GMT
4x-bce-request-id: d8752367-38e8-45e4-b4c7-e53be3137ce5
5{
6    "action": "delete",
7    "targetName": "1"
8}

Execute migration strategy immediately

API description

Execute migration strategy immediately

Permission description The Access Key and request signature mechanism are uniformly adopted for all API security authentication. Access Key consists of an Access Key ID and a Secret Access Key, both of which are strings. For each HTTP request, use the algorithm described below to generate a authentication string. Submit the certification string in the Authorization header. The server verifies the correctness of the authentication string based on the generation algorithm. The certification string format is bce-auth-v{version}/{accessKeyId}/{timestamp}/{expirationPeriodInSeconds}/{signedHeaders}/{signature}.

  • The version is a positive integer.
  • The timestamp refers to the UTC time when the signature is created.
  • The expirationPeriodInSeconds specifies the duration during which the signature remains valid.
  • SignedHeaders includes the list of headers involved in the signature algorithm. The headers are separated by semicolons (e.g., host;x-bce-date) and arranged in lexicographical order. (This API signature involves only the host and x-bce-date headers.)
  • The signature is a 256-bit signature represented as a 64-character lowercase hexadecimal digest.

When Baidu AI Cloud receives a user's request, the system uses the same SK and certification mechanism to generate a certification string. This string is then compared with the one included in the user's request. If the two match, the system confirms the user has the required permissions and proceeds with the operation. If they differ, the system cancels the operation and returns an error code.

For detailed information on the authentication mechanism, please refer to [Authentication](Reference/Authentication mechanism/Introduction.md).

Request structure

Plain Text 
1POST /v1/ccr/policies/{policyId}/start  HTTP/1.1
2Host: ccr.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Parameter name Types Whether required Parameter location Description
policyId int Yes URL parameters Strategy ID

Response headers

There are no special headers required beyond the common headers.

Response parameters

Parameter name Types Description
action String Operation type: This API returns start
targetName String Strategy ID

Error codes

Not available

Request example

Plain Text 
1POST /v1/ccr/policies/1/start  HTTP/1.1
2Host: ccr.baidubce.com
3Authorization: authorization string

Response example

Plain Text 
1HTTP/1.1 200 OK
2Content-Type: application/json;charset=UTF-8
3Date: Wed, 08 Jul 2015 03:28:11 GMT
4x-bce-request-id: d8752367-38e8-45e4-b4c7-e53be3137ce5
5{
6    "action": "start",
7    "targetName": "1"
8}

Retrieve migration strategy list

API description

Retrieve migration strategy list

Permission description The Access Key and request signature mechanism are uniformly adopted for all API security authentication. Access Key consists of an Access Key ID and a Secret Access Key, both of which are strings. For each HTTP request, use the algorithm described below to generate a authentication string. Submit the certification string in the Authorization header. The server verifies the correctness of the authentication string based on the generation algorithm. The certification string format is bce-auth-v{version}/{accessKeyId}/{timestamp}/{expirationPeriodInSeconds}/{signedHeaders}/{signature}.

  • The version is a positive integer.
  • The timestamp refers to the UTC time when the signature is created.
  • The expirationPeriodInSeconds specifies the duration during which the signature remains valid.
  • SignedHeaders includes the list of headers involved in the signature algorithm. The headers are separated by semicolons (e.g., host;x-bce-date) and arranged in lexicographical order. (This API signature involves only the host and x-bce-date headers.)
  • The signature is a 256-bit signature represented as a 64-character lowercase hexadecimal digest.

When Baidu AI Cloud receives a user's request, the system uses the same SK and certification mechanism to generate a certification string. This string is then compared with the one included in the user's request. If the two match, the system confirms the user has the required permissions and proceeds with the operation. If they differ, the system cancels the operation and returns an error code.

For detailed information on the authentication mechanism, please refer to [Authentication](Reference/Authentication mechanism/Introduction.md).

Notes

To migrate CCE images to CCR, select docker-registry. Provide the CCE account username and password, and use the following registry address:

Plain Text 
1http://hub.baidubce.com

Request structure

Plain Text 
1GET /v1/ccr/policies?pageNo=1&pageSize=1  HTTP/1.1
2Host: ccr.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Parameter name Types Whether required Parameter location Description
pageNo int No Query Current page
pageSize int No Query Records count per page, maximum 100

Response headers

There are no special headers required beyond the common headers.

Response parameters

Parameter name Types Description
id int Strategy ID
name String Strategy name
description String Policy description
pullBase Boolean Migration type: true indicates migration to CCR, and false indicates migration from CCR
srcRegistry String Source registry
destRegistry String Destination registry
destProjectName String Destination namespace
triggerType String Method of triggering migration strategy: Currently it only supports manual, which means manual triggering
override Boolean Overwrite or not
enabled Boolean Whether to enable. It is true by default, indicating enable
executionTimes int Execution count
creationTime String Creation time
updateTime String Update time
result List Result list
pageNo int Current page
pageSize int Records count per page
totalCount int Total records
order String Sorting method
orderBy String Sorting field

Error codes

Not available

Request example

Plain Text 
1GET /v1/ccr/policies?pageNo=1&pageSize=1  HTTP/1.1
2Host: ccr.baidubce.com
3Authorization: authorization string

Response example

Plain Text 
1HTTP/1.1 200 OK
2Content-Type: application/json;charset=UTF-8
3Date: Wed, 08 Jul 2015 03:28:11 GMT
4x-bce-request-id: d8752367-38e8-45e4-b4c7-e53be3137ce5
5{
6    "result": [
7        {
8            "id": 1,
9            "name": "test-policy",
10            "description": "test",
11            "pullBase": true,
12            "srcRegistry": "testRegistry",
13            "destProjectName": "public",
14            "triggerType": "manual",
15            "override": true,
16            "enabled": true,
17            "executionTimes": 4,
18            "creationTime": "2020-06-19T06:12:23Z",
19            "updateTime": "2020-06-19T06:12:23Z"
20        }
21    ],
22    "orders": null,
23    "orderBy": "name",
24    "order": "asc",
25    "pageNo": 1,
26    "pageSize": 1,
27    "totalCount": 14
28}

Get migration task list

API description

Get migration task list

Permission description The Access Key and request signature mechanism are uniformly adopted for all API security authentication. Access Key consists of an Access Key ID and a Secret Access Key, both of which are strings. For each HTTP request, use the algorithm described below to generate a authentication string. Submit the certification string in the Authorization header. The server verifies the correctness of the authentication string based on the generation algorithm. The certification string format is bce-auth-v{version}/{accessKeyId}/{timestamp}/{expirationPeriodInSeconds}/{signedHeaders}/{signature}.

  • The version is a positive integer.
  • The timestamp refers to the UTC time when the signature is created.
  • The expirationPeriodInSeconds specifies the duration during which the signature remains valid.
  • SignedHeaders includes the list of headers involved in the signature algorithm. The headers are separated by semicolons (e.g., host;x-bce-date) and arranged in lexicographical order. (This API signature involves only the host and x-bce-date headers.)
  • The signature is a 256-bit signature represented as a 64-character lowercase hexadecimal digest.

When Baidu AI Cloud receives a user's request, the system uses the same SK and certification mechanism to generate a certification string. This string is then compared with the one included in the user's request. If the two match, the system confirms the user has the required permissions and proceeds with the operation. If they differ, the system cancels the operation and returns an error code.

For detailed information on the authentication mechanism, please refer to [Authentication](Reference/Authentication mechanism/Introduction.md).

Notes

To migrate CCE images to CCR, select docker-registry. Provide the CCE account username and password, and use the following registry address:

Plain Text 
1http://hub.baidubce.com

Request structure

Plain Text 
1GET /v1/ccr/executions?policyId=1&pageNo=1&pageSize=1  HTTP/1.1
2Host: ccr.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Parameter name Types Whether required Parameter location Description
policyId int Yes Query Strategy ID
pageNo int No Query Current page
pageSize int No Query Records count per page, maximum 100

Response headers

There are no special headers required beyond the common headers.

Response parameters

Parameter name Types Description
id int Migration task ID
policyId int Migration strategy ID
status String Migration task status
statusText String Description of migration task status
trigger String Triggering method: Currently it only supports manual, which means manual triggering
total int Total count of execution tasks
failed int Total count of failed execution tasks
succeed int Total count of successful execution tasks
stopped int Total count of stopped execution tasks
startTime String Start time
endTime String End time
result List Result list
pageNo int Current page
pageSize int Records count per page
totalCount int Total records
order String Sorting method
orderBy String Sorting field

Error codes

Not available

Request example

Plain Text 
1GET /v1/ccr//v1/ccr/executions?policyId=1&pageNo=1&pageSize=1  HTTP/1.1
2Host: ccr.baidubce.com
3Authorization: authorization string

Response example

Plain Text 
1HTTP/1.1 200 OK
2Content-Type: application/json;charset=UTF-8
3Date: Wed, 08 Jul 2015 03:28:11 GMT
4x-bce-request-id: d8752367-38e8-45e4-b4c7-e53be3137ce5
5{
6    "result": [
7        {
8            "id": 1,
9            "policyId": 1,
10            "status": "Succeed",
11            "statusText": "",
12            "trigger": "manual",
13            "total": 1,
14            "failed": 0,
15            "succeed": 1,
16            "inProgress": 0,
17            "stopped": 0,
18            "startTime": "2020-07-13T08:52:07Z",
19            "endTime": "2020-07-13T08:52:13Z"
20        }
21    ],
22    "orders": null,
23    "orderBy": null,
24    "order": null,
25    "pageNo": 1,
26    "pageSize": 1,
27    "totalCount": 4
28}

Stop migration strategy

API description

Execute migration strategy immediately

Permission description The Access Key and request signature mechanism are uniformly adopted for all API security authentication. Access Key consists of an Access Key ID and a Secret Access Key, both of which are strings. For each HTTP request, use the algorithm described below to generate a authentication string. Submit the certification string in the Authorization header. The server verifies the correctness of the authentication string based on the generation algorithm. The certification string format is bce-auth-v{version}/{accessKeyId}/{timestamp}/{expirationPeriodInSeconds}/{signedHeaders}/{signature}.

  • The version is a positive integer.
  • The timestamp refers to the UTC time when the signature is created.
  • The expirationPeriodInSeconds specifies the duration during which the signature remains valid.
  • SignedHeaders includes the list of headers involved in the signature algorithm. The headers are separated by semicolons (e.g., host;x-bce-date) and arranged in lexicographical order. (This API signature involves only the host and x-bce-date headers.)
  • The signature is a 256-bit signature represented as a 64-character lowercase hexadecimal digest.

When Baidu AI Cloud receives a user's request, the system uses the same SK and certification mechanism to generate a certification string. This string is then compared with the one included in the user's request. If the two match, the system confirms the user has the required permissions and proceeds with the operation. If they differ, the system cancels the operation and returns an error code.

For detailed information on the authentication mechanism, please refer to [Authentication](Reference/Authentication mechanism/Introduction.md).

Request structure

Plain Text 
1POST /v1/ccr/executions/1/stop  HTTP/1.1
2Host: ccr.baidubce.com
3Authorization: authorization string

Request headers

There are no special headers required beyond the common headers.

Request parameters

Parameter name Types Whether required Parameter location Description
executionId int Yes URL parameters Task ID

Response headers

There are no special headers required beyond the common headers.

Response parameters

Parameter name Types Description
action String Operation type: This API returns stop
targetName String Task ID

Error codes

Not available

Request example

Plain Text 
1POST /v1/ccr/executions/1/stop  HTTP/1.1
2Host: ccr.baidubce.com
3Authorization: authorization string

Response example

Plain Text 
1HTTP/1.1 200 OK
2Content-Type: application/json;charset=UTF-8
3Date: Wed, 08 Jul 2015 03:28:11 GMT
4x-bce-request-id: d8752367-38e8-45e4-b4c7-e53be3137ce5
5{
6    "action": "stop",
7    "targetName": "1"
8}

Previous
Image API
Next
Image Version and Image Version Scanning Interface