Help Center> Data Encryption Workshop> API Reference> APIs> Key Management APIs> Authorization Management> Querying Grants That Can Be Retired

View PDF

Querying Grants That Can Be Retired

Function

This API enables you to query grants that can be retired.

URI

POST /v1.0/{project_id}/kms/list-retirable-grants

**Table 1** Path parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID.

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token. The token can be obtained by calling the IAM API (value of X-Subject-Token in the response header).

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
limit	No	String	Number of returned records of grants that can be retired. If the number of retrieved results is greater than this value, true is returned for the response parameter truncated, indicating that multiple pages of results are retrieved. The value cannot exceed the maximum number of grants. Example: 100
marker	No	String	Start position of pagination query. If truncated is true in the response, you can send consecutive requests to obtain more records. Set marker to the value of next_marker in the response. Example: 10
sequence	No	String	36-byte sequence number of a request message. Example: 919c82d4-8046-4722-9094-35c3c6524cff

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
grants	Array of Grants objects	Grant list.
next_marker	String	Value of marker used for obtaining the next page of results. If truncated is false, next_marker is left blank.
truncated	String	Whether there is a next page of results: true: There is a next page. false: This is the last page.

**Table 5** Grants
Parameter	Type	Description
key_id	String	CMK ID.
grant_id	String	Grant ID, which contains 64 bytes.
grantee_principal	String	Grantee ID, which contains 1 to 64 bytes and matches the regular expression ^[a-zA-Z0-9]{1, 64}$. Example: 0d0466b00d0466b00d0466b00d0466b0
grantee_principal_type	String	Grant type. Values: user, domain.
operations	Array of strings	List of granted operations. Values: create-datakey, create-datakey-without-plaintext, encrypt-datakey, decrypt-datakey, describe-key, create-grant, retire-grant, encrypt-data, decrypt-data. A value containing only create-grant is invalid.
issuing_principal	String	Grantor ID, which contains 1 to 64 bytes and matches the regular expression ^[a-zA-Z0-9]{1, 64}$. Example: 0d0466b00d0466b00d0466b00d0466b0
creation_date	String	Creation time. The timestamp indicates the total seconds past the start of the epoch date (January 1, 1970). Example: 1497341531000
name	String	Grant name. The value is a string of 1 to 255 characters and matches the regular expression ^[a-zA-Z0-9:/_-]{1,255}$.
retiring_principal	String	ID of the user who can retire a grant. It contains 1 to 64 bytes and matches the regular expression ^[a-zA-Z0-9]{1, 64}$. Example: 0d0466b00d0466b00d0466b00d0466b0

Status code: 400

**Table 6** Response body parameters
Parameter	Type	Description
error	Object	Error message.

**Table 7** ErrorDetail
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error information.

Status code: 403

**Table 8** Response body parameters
Parameter	Type	Description
error	Object	Error message.

**Table 9** ErrorDetail
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error information.

Status code: 404

**Table 10** Response body parameters
Parameter	Type	Description
error	Object	Error message.

**Table 11** ErrorDetail
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error information.

Example Requests

{
  "limit" : "1000"
}

Example Responses

Status code: 200

Request processing succeeded.

{
  "grants" : [ {
    "operations" : [ "create-datakey", "describe-key" ],
    "issuing_principal" : "8b961fb414344d59825ba0c8c008c815",
    "key_id" : "737fd52b-36c4-4c91-972e-f6e202de9f6e",
    "grant_id" : "dd3f03e9229a5e47a41be6c27a630e60d5cbdbad2be89465d63109ad034db7d8",
    "grantee_principal" : "13gg44z4g2sglzk0egw0u726zoyzvrs8",
    "name" : "13gg44z4g2sglzk0egw0u726zoyzvrs8",
    "creation_date" : "1597062260000",
    "grantee_principal_type" : "user"
  } ],
  "next_marker" : "",
  "total" : 1,
  "truncated" : "false"
}

Status code: 400

Invalid request parameters.

{
  "error" : {
    "error_code" : "KMS.XXX",
    "error_msg" : "XXX"
  }
}

Status code: 403

Authentication failed.

{
  "error" : {
    "error_code" : "KMS.XXX",
    "error_msg" : "XXX"
  }
}

Status code: 404

The requested resource does not exist or is not found.

{
  "error" : {
    "error_code" : "KMS.XXX",
    "error_msg" : "XXX"
  }
}

Status Codes

Status Code	Description
200	Request processing succeeded.
400	Invalid request parameters.
403	Authentication failed.
404	The requested resource does not exist or is not found.

Error Codes

See Error Codes.

Parent topic: Authorization Management

Last Article: Querying Grants on a CMK

Next Article: Small Data Encryption & Decryption

Did this article solve your problem?

Thank you for your score！Your feedback would help us improve the website.

Products

Compute

Application

Dedicated Cloud

Storage

Management & Deployment

Migration

Network

Enterprise Intelligence

Video

Database

Edge Cloud Services

DevCloud

Security

Cloud Communications

Internet of Things

Solutions

Industry-Specific Solutions

General-Purpose Solutions

Security

DevOps

Enterprise Intelligence

Essential Platform

Big Data

Visual Cognition

Speech and Semantics

Support

Help Center

Customer Services

Developers

Console

语言 - Language

中国站 - 简体中文

中国站 - English

International - 简体中文

International - English