Help Center/ Data Encryption Workshop/ API Reference/ APIs/ Key Management APIs/ Tag Management/ Querying CMK Instances
Updated on 2022-09-15 GMT+08:00
View PDF

Querying CMK Instances

Function

This API allows you to query CMK instances. You can use the tag filtering function to query the detailed information about a specified CMK.

URI

POST /v1.0/{project_id}/kms/resource_instances/action

Table 1 Path parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID.

Request Parameters

Table 2 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

User token. The token can be obtained by calling the IAM API (value of X-Subject-Token in the response header).
Table 3 Request body parameters

Parameter

Mandatory

Type

Description

limit

No

String

Number of records in a query. If action is to count, you do not need to set this parameter. If action is filter, the default value of this parameter is 10. The value of limit is in the ranges 1 to 1,000.

offset

No

String

Index location. The query starts from the next resource of the specified location. When data on a page is queried, the value in the response body of the previous page is transferred to this parameter. (If action is to count, you do not need to set this parameter.) If the action value is filter, the default value is 0. The value of offset must be a number and cannot be negative.

action

No

String

Operation type. It can be:

  • filter: Filter record.

  • count: Count the total number of records.

tags

No

Array of Tag objects

Tag list, which is a collection of key-value pairs.

  • key: Tag key. A CMK can have a maximum of 10 keys, and each of them is unique and cannot be empty. A key cannot have duplicate values. It consists of up to 36 characters.

  • value: Tag value. Each tag value can contain a maximum of 43 characters. The values are in the AND relationship.

matches

No

Array of TagItem objects

Field to be matched.

  • key: The field to be matched, for example, resource_name.

  • value: The value to be matched. It contains a maximum of 255 characters and cannot be empty.

sequence

No

String

36-byte sequence number of a request message. Example: 919c82d4-8046-4722-9094-35c3c6524cff
Table 4 Tag

Parameter

Mandatory

Type

Description

key

No

String

Key. A tag key contains a maximum of 36 Unicode characters. It cannot be left blank. It cannot contain ASCII characters (0–31), asterisks (*), angle brackets (< and >), backslashes (), and equal signs (=).

values

No

Array of strings

Tag value set.
Table 5 TagItem

Parameter

Mandatory

Type

Description

key

No

String

Key. A tag key contains a maximum of 36 Unicode characters. It cannot be left blank. It cannot contain ASCII characters (0–31), asterisks (*), angle brackets (< and >), backslashes (), and equal signs (=).

value

No

String

Value. A tag value can contain a maximum of 43 Unicode characters and can be an empty string. It cannot contain ASCII characters (0–31), asterisks (*), angle brackets (< and >), backslashes (), and equal signs (=).

Response Parameters

Status code: 200

Table 6 Response body parameters

Parameter

Type

Description

resources

Array of ActionResources objects

Resource list.

total_count

Integer

Total number of records.
Table 7 ActionResources

Parameter

Type

Description

resource_id

String

Resource ID.

resource_detail

KeyDetails object

Key details.

resource_name

String

Specifies the resource name. This parameter is an empty string by default.

tags

Array of TagItem objects

Tag list. If there is no tag in the list, an empty array is returned.
Table 8 KeyDetails

Parameter

Type

Description

key_id

String

CMK ID.

domain_id

String

User domain ID.

key_alias

String

Key alias.

realm

String

Key realm.

key_usage

String

CMK usage。

  • ENCRYPT_DECRYPT

  • SIGN_VERIFY

key_description

String

Key description.

creation_date

String

Time when the key was created. The timestamp indicates the total seconds past the start of the epoch date (January 1, 1970).

scheduled_deletion_date

String

Time when the key was scheduled to be deleted. The timestamp indicates the total seconds past the start of the epoch date (January 1, 1970).

key_state

String

Key status, which matches the regular expression ^[1-5]{1}$. It can be:

  • 1: to be activated

  • 2: enabled

  • 3: disabled

  • 4: pending deletion

  • 5: pending import

default_key_flag

String

Master key identifier. The value is 1 for Default Master Keys and 0 for non-default master keys.

key_type

String

Key type.

expiration_time

String

Time when the key material expires. The timestamp indicates the total seconds past the start of the epoch date (January 1, 1970).

origin

String

Key source. It can be:

  • kms: The key material was generated by KMS.

  • external: The key material was imported.

key_rotation_enabled

String

Key rotation status. The default value is false, indicating that key rotation is disabled.

sys_enterprise_project_id

String

Enterprise project ID. Its default value is 0.

  • For users who have enabled the enterprise project function, this value indicates that resources are in the default enterprise project.

  • For users who have not enabled the enterprise project function, this value indicates that resources are not in the default enterprise project.
Table 9 TagItem

Parameter

Type

Description

key

String

Key. A tag key contains a maximum of 36 Unicode characters. It cannot be left blank. It cannot contain ASCII characters (0–31), asterisks (*), angle brackets (< and >), backslashes (), and equal signs (=).

value

String

Value. A tag value can contain a maximum of 43 Unicode characters and can be an empty string. It cannot contain ASCII characters (0–31), asterisks (*), angle brackets (< and >), backslashes (), and equal signs (=).

Status code: 400

Table 10 Response body parameters

Parameter

Type

Description

error

Object

Error message.
Table 11 ErrorDetail

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error information.

Status code: 403

Table 12 Response body parameters

Parameter

Type

Description

error

Object

Error message.
Table 13 ErrorDetail

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error information.

Example Requests

{
  "offset" : "100",
  "limit" : "100",
  "action" : "filter",
  "matches" : [ {
    "key" : "resource_name",
    "value" : "resource1"
  } ],
  "tags" : [ {
    "key" : "key1",
    "values" : [ "value1", "value2" ]
  } ]
}

Example Responses

Status code: 200

Request processing succeeded.

{
  "resources" : [ {
    "resource_id" : "90c03e67-5534-4ed0-acfa-89780e47a535",
    "resource_detail" : [ {
      "key_id" : "90c03e67-5534-4ed0-acfa-89780e47a535",
      "domain_id" : "4B688Fb77412Aee5570E7ecdbeB5afdc",
      "key_alias" : "tagTest_xmdmi",
      "key_description" : "123",
      "creation_date" : 1521449277000,
      "scheduled_deletion_date" : "",
      "key_state" : 2,
      "default_key_flag" : 0,
      "key_type" : 1,
      "key_rotation_enabled" : false,
      "expiration_time" : "",
      "origin" : "kms",
      "sys_enterprise_project_id" : "0",
      "realm" : "test"
    } ],
    "resource_name" : "tagTest_xmdmi",
    "tags" : [ {
      "key" : "key",
      "value" : "testValue!"
    }, {
      "key" : "haha",
      "value" : "testValue"
    } ]
  } ],
  "total_count" : 1
}

Status code: 400

Invalid request parameters.

{
  "error" : {
    "error_code" : "KMS.XXX",
    "error_msg" : "XXX"
  }
}

Status code: 403

Authentication failed.

{
  "error" : {
    "error_code" : "KMS.XXX",
    "error_msg" : "XXX"
  }
}

Status Codes

Status Code

Description

200

Request processing succeeded.

400

Invalid request parameters.

403

Authentication failed.

Error Codes

See Error Codes.

Parent topic: Tag Management