更新时间:2025-08-05 GMT+08:00
获取签名策略列表
功能介绍
获取签名策略列表
接口约束
无
调用方法
请参见如何调用API。
URI
GET /v2/{project_id}/instances/{instance_id}/signature/policies
|
参数 |
是否必选 |
参数类型 |
描述 |
|---|---|---|---|
|
project_id |
是 |
String |
项目ID |
|
instance_id |
是 |
String |
企业仓库实例ID |
|
参数 |
是否必选 |
参数类型 |
描述 |
|---|---|---|---|
|
offset |
否 |
Integer |
起始索引,默认值为0。注意:offset和limit参数需要配套使用,offset必须为0或者为limit的倍数。 |
|
limit |
否 |
Integer |
返回条数,默认为10,最大值为100。注意:offset和limit参数需要配套使用,offset必须为0或者为limit的倍数。 |
请求参数
|
参数 |
是否必选 |
参数类型 |
描述 |
|---|---|---|---|
|
X-Auth-Token |
是 |
String |
用户Token。 通过调用IAM服务获取用户Token接口获取(响应消息头中X-Subject-Token的值)。 |
响应参数
状态码:200
|
参数 |
参数类型 |
描述 |
|---|---|---|
|
policies |
Array of SignPolicyDetail objects |
签名策略列表 |
|
total |
Integer |
签名策略总数 |
|
参数 |
参数类型 |
描述 |
|---|---|---|
|
id |
Integer |
签名策略ID |
|
name |
String |
签名策略名称 |
|
description |
String |
签名策略描述 |
|
namespace_id |
Integer |
命名空间ID |
|
namespace_name |
String |
命名空间名 |
|
trigger |
TriggerConfig object |
触发方式 |
|
creator |
String |
创建者 |
|
enabled |
Boolean |
是否 |
|
scope_rules |
Array of SignScopeRule objects |
作用范围规则 |
|
created_at |
String |
创建时间 |
|
updated_at |
String |
更新时间 |
|
signature_algorithm |
String |
加签算法,KMS的密钥算法EC_P256对应着ECDSA_SHA_256,EC_P384对应着ECDSA_SHA_384,SM2对应着SM2DSA_SM3 |
|
signature_key |
String |
签名算法key ID |
|
signature_method |
String |
镜像签名方式 |
|
参数 |
参数类型 |
描述 |
|---|---|---|
|
type |
String |
触发类型,镜像签名、老化规则只支持manual(手动)、scheduled(定时+手动);同步策略支持manual(手动)、scheduled(定时+手动)、event_based(事件触发+手动) |
|
trigger_settings |
TriggerSetting object |
触发设置,只有type为scheduled的时候,才需要设置 |
|
参数 |
参数类型 |
描述 |
|---|---|---|
|
tag_selectors |
Array of SignRuleSelector objects |
制品版本选择器,目前只支持长度为1 |
|
scope_selectors |
Map<String,Array<SignRuleSelector>> |
制品仓库选择器,目前只支持repository且长度为1 |
|
repo_scope_mode |
String |
repository选择方式。可选regular、selection,前端显示需要,api调用时可选regular |
|
参数 |
参数类型 |
描述 |
|---|---|---|
|
kind |
String |
匹配类型,目前只支持doublestar |
|
decoration |
String |
选择器匹配类型,当前支持repoMatches |
|
pattern |
String |
选择器匹配样式,最大长度512。支持正则表达式,正则表达式规则可填写如 nginx-* ,{repo1,repo2} 等,其中:
**:匹配包含 '/' 的任何字段。 ? :匹配任何单个非 '/' 的字符。 {选项1,选项2,...}:同时匹配多个选项。 |
|
extras |
String |
预留字段,镜像签名策略中,对无版本的制品进行签名则传入{"untagged":true} |
状态码:400
|
参数 |
参数类型 |
描述 |
|---|---|---|
|
error_code |
String |
错误码 |
|
error_msg |
String |
错误信息 |
|
encoded_authorization_message |
String |
加密后的详细拒绝原因,用户可以自行调用STS服务的decode-authorization-message接口进行解密。 |
状态码:401
|
参数 |
参数类型 |
描述 |
|---|---|---|
|
error_code |
String |
错误码 |
|
error_msg |
String |
错误信息 |
|
encoded_authorization_message |
String |
加密后的详细拒绝原因,用户可以自行调用STS服务的decode-authorization-message接口进行解密。 |
状态码:403
|
参数 |
参数类型 |
描述 |
|---|---|---|
|
error_code |
String |
错误码 |
|
error_msg |
String |
错误信息 |
|
encoded_authorization_message |
String |
加密后的详细拒绝原因,用户可以自行调用STS服务的decode-authorization-message接口进行解密。 |
状态码:404
|
参数 |
参数类型 |
描述 |
|---|---|---|
|
error_code |
String |
错误码 |
|
error_msg |
String |
错误信息 |
|
encoded_authorization_message |
String |
加密后的详细拒绝原因,用户可以自行调用STS服务的decode-authorization-message接口进行解密。 |
状态码:500
|
参数 |
参数类型 |
描述 |
|---|---|---|
|
error_code |
String |
错误码 |
|
error_msg |
String |
错误信息 |
|
encoded_authorization_message |
String |
加密后的详细拒绝原因,用户可以自行调用STS服务的decode-authorization-message接口进行解密。 |
请求示例
-
创建签名规则,范围包括无版本制品
GET https://{endpoint}/v2/{project_id}/instances/{instance_id}/signature/policies { "name" : "aaa", "enabled" : true, "signature_method" : "KMS", "signature_algorithm" : "ECDSA_SHA_256", "signature_key" : "key-123456", "trigger" : { "type" : "manual" }, "scope_rules" : [ { "tag_selectors" : [ { "kind" : "doublestar", "decoration" : "matches", "pattern" : "**", "extras" : "{\"untagged\":true}" } ], "scope_selectors" : { "repository" : [ { "kind" : "doublestar", "decoration" : "repoMatches", "pattern" : "{repo}" } ] }, "repo_scope_mode" : "selection" } ] } -
创建签名规则,范围不包括无版本制品
GET https://{endpoint}/v2/{project_id}/instances/{instance_id}/signature/policies { "name" : "aaa", "enabled" : true, "signature_method" : "KMS", "signature_algorithm" : "ECDSA_SHA_256", "signature_key" : "key-123456", "trigger" : { "type" : "manual" }, "scope_rules" : [ { "tag_selectors" : [ { "kind" : "doublestar", "decoration" : "matches", "pattern" : "**", "extras" : "" } ], "scope_selectors" : { "repository" : [ { "kind" : "doublestar", "decoration" : "repoMatches", "pattern" : "{repo}" } ] }, "repo_scope_mode" : "selection" } ] }
响应示例
状态码:200
查询签名策略列表成功
{
"total" : 2,
"policies" : [ {
"id" : 1,
"name" : "test-abc",
"description" : "",
"created_at" : "2020-11-19T02:58:54.809Z",
"updated_at" : "2020-11-19T02:58:54.809Z",
"creator" : "admin",
"enabled" : true,
"scope_rules" : [ {
"scope_selectors" : {
"repository" : [ {
"kind" : "doublestar",
"decoration" : "repoMatches",
"pattern" : "**"
} ]
},
"tag_selectors" : [ {
"kind" : "doublestar",
"decoration" : "matches",
"pattern" : "**"
} ]
} ],
"namespace_id" : 1,
"trigger" : {
"type" : "manual"
}
} ]
}
SDK代码示例
SDK代码示例如下。
-
创建签名规则,范围包括无版本制品
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.swr.v2.region.SwrRegion; import com.huaweicloud.sdk.swr.v2.*; import com.huaweicloud.sdk.swr.v2.model.*; public class ListInstanceSignPoliciesSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); String projectId = "{project_id}"; ICredential auth = new BasicCredentials() .withProjectId(projectId) .withAk(ak) .withSk(sk); SwrClient client = SwrClient.newBuilder() .withCredential(auth) .withRegion(SwrRegion.valueOf("<YOUR REGION>")) .build(); ListInstanceSignPoliciesRequest request = new ListInstanceSignPoliciesRequest(); request.withInstanceId("{instance_id}"); try { ListInstanceSignPoliciesResponse response = client.listInstanceSignPolicies(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
-
创建签名规则,范围不包括无版本制品
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.swr.v2.region.SwrRegion; import com.huaweicloud.sdk.swr.v2.*; import com.huaweicloud.sdk.swr.v2.model.*; public class ListInstanceSignPoliciesSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); String projectId = "{project_id}"; ICredential auth = new BasicCredentials() .withProjectId(projectId) .withAk(ak) .withSk(sk); SwrClient client = SwrClient.newBuilder() .withCredential(auth) .withRegion(SwrRegion.valueOf("<YOUR REGION>")) .build(); ListInstanceSignPoliciesRequest request = new ListInstanceSignPoliciesRequest(); request.withInstanceId("{instance_id}"); try { ListInstanceSignPoliciesResponse response = client.listInstanceSignPolicies(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } }
-
创建签名规则,范围包括无版本制品
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
# coding: utf-8 import os from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdkswr.v2.region.swr_region import SwrRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdkswr.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = os.environ["CLOUD_SDK_AK"] sk = os.environ["CLOUD_SDK_SK"] projectId = "{project_id}" credentials = BasicCredentials(ak, sk, projectId) client = SwrClient.new_builder() \ .with_credentials(credentials) \ .with_region(SwrRegion.value_of("<YOUR REGION>")) \ .build() try: request = ListInstanceSignPoliciesRequest() request.instance_id = "{instance_id}" response = client.list_instance_sign_policies(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
-
创建签名规则,范围不包括无版本制品
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
# coding: utf-8 import os from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdkswr.v2.region.swr_region import SwrRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdkswr.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = os.environ["CLOUD_SDK_AK"] sk = os.environ["CLOUD_SDK_SK"] projectId = "{project_id}" credentials = BasicCredentials(ak, sk, projectId) client = SwrClient.new_builder() \ .with_credentials(credentials) \ .with_region(SwrRegion.value_of("<YOUR REGION>")) \ .build() try: request = ListInstanceSignPoliciesRequest() request.instance_id = "{instance_id}" response = client.list_instance_sign_policies(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg)
-
创建签名规则,范围包括无版本制品
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38
package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" swr "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/swr/v2" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/swr/v2/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/swr/v2/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") projectId := "{project_id}" auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). WithProjectId(projectId). Build() client := swr.NewSwrClient( swr.SwrClientBuilder(). WithRegion(region.ValueOf("<YOUR REGION>")). WithCredential(auth). Build()) request := &model.ListInstanceSignPoliciesRequest{} request.InstanceId = "{instance_id}" response, err := client.ListInstanceSignPolicies(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } }
-
创建签名规则,范围不包括无版本制品
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38
package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" swr "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/swr/v2" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/swr/v2/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/swr/v2/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") projectId := "{project_id}" auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). WithProjectId(projectId). Build() client := swr.NewSwrClient( swr.SwrClientBuilder(). WithRegion(region.ValueOf("<YOUR REGION>")). WithCredential(auth). Build()) request := &model.ListInstanceSignPoliciesRequest{} request.InstanceId = "{instance_id}" response, err := client.ListInstanceSignPolicies(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } }
更多编程语言的SDK代码示例,请参见API Explorer的代码示例页签,可生成自动对应的SDK代码示例。
状态码
|
状态码 |
描述 |
|---|---|
|
200 |
查询签名策略列表成功 |
|
400 |
错误的请求 |
|
401 |
鉴权失败 |
|
403 |
禁止访问 |
|
404 |
未找到资源 |
|
500 |
内部错误 |
错误码
请参见错误码。
