Updated on 2024-11-04 GMT+08:00

Querying Security Group Rules

Function

This API is used to query all security group rules accessible to the tenant submitting the request. A maximum of 2,000 records can be returned for each query operation. If the number of records exceeds 2,000, the pagination marker will be returned.

URI

GET /v2.0/security-group-rules

Example:

GET https://{Endpoint}/v2.0/security-group-rules?security_group_id={security_group_id}&remote_group_id={remote_group_id}&direction={direction}&remote_ip_prefix={remote_ip_prefix}&protocol={protocol}&port_range_max={port_range_max}&port_range_min={port_range_min}&ethertype={ethertype}&tenant_id ={tenant_id}

Example of querying security group rules by page

GET https://{Endpoint}/v2.0/networks?limit=2&marker=07adc044-3f21-4eeb-bd57-5e5eb6024b7f&page_reverse=False

Table 1 describes the parameters.

Table 1 Parameter description

Parameter

Mandatory

Type

Description

id

No

String

Specifies that the security group rule ID is used as the filtering condition.

description

No

String

Specifies that the description is used as the filtering condition.

remote_group_id

No

String

Specifies the ID of the remote security group associated with the security group rule is used as the filtering condition.

security_group_id

No

String

Specifies the ID of the corresponding security group is used as the filtering condition.

direction

No

String

Specifies the security group rule direction is used as the filtering condition. The value can be ingress or egress.

protocol

No

String

Specifies that the IP protocol is used as the filtering condition.

remote_ip_prefix

No

String

Specifies the remote IP address range matching the security group rule is used as the filtering condition.

ethertype

No

String

Specifies that the network type is used as the filtering condition.

port_range_max

No

Integer

Specifies that the maximum port is used as the filtering condition.

port_range_min

No

Integer

Specifies that the minimum port is used as the filtering condition.

tenant_id

No

String

Specifies that the project ID is used as the filtering condition.

marker

No

String

Specifies a resource ID for pagination query, indicating that the query starts from the next record of the specified resource ID.

This parameter can work together with the parameter limit.

  • If parameters marker and limit are not passed, resource records on the first page will be returned.
  • If the parameter marker is not passed and the value of parameter limit is set to 10, the first 10 resource records will be returned.
  • If the value of the parameter marker is set to the resource ID of the 10th record and the value of parameter limit is set to 10, the 11th to 20th resource records will be returned.
  • If the value of the parameter marker is set to the resource ID of the 10th record and the parameter limit is not passed, 11th to 2,000th resource records will be returned. The default value of limit is 2000.

limit

No

Integer

Specifies the number of records that will be returned on each page. The value is from 0 to intmax (2^31-1). The default value is 2000.

limit can be used together with marker. For details, see the parameter description of marker.

Request Parameters

None

Example Request

GET https://{Endpoint}/v2.0/security-group-rules

Response Parameters

Table 2 Response parameter

Parameter

Type

Description

security_group_rules

Array of Security Group Rule objects

Specifies the security group rule list. For details, see Table 3.

security_group_rules_links

Array of SecurityGroupRulesLink objects

Shows pagination information about security group rules.

Only when limit is used for filtering and the number of resources exceeds the value of limit or 2000 (default value of limit), value next will be returned for rel and a link for href.

Table 3 Security Group Rule objects

Attribute

Type

Description

id

String

Specifies the security group rule ID.

This parameter is not mandatory when you query security group rules.

description

String

Provides supplementary information about the security group rule.

security_group_id

String

Specifies the ID of the belonged security group.

remote_group_id

String

Specifies the peer ID of the belonged security group.

direction

String

Specifies the direction of the traffic for which the security group rule takes effect.

remote_ip_prefix

String

Specifies the peer IP address segment.

protocol

String

Specifies the protocol type or the IP protocol number.

port_range_max

Integer

Specifies the maximum port number. When ICMP is used, the value is the ICMP code.

port_range_min

Integer

Specifies the minimum port number. If the ICMP protocol is used, this parameter indicates the ICMP type.

When the TCP or UDP protocol is used, both port_range_max and port_range_min must be specified, and the port_range_max value must be greater than the port_range_min value.

When the ICMP protocol is used, if you specify the ICMP code (port_range_max), you must also specify the ICMP type (port_range_min).

ethertype

String

Specifies the network type.

IPv4 and IPv6 are supported.

tenant_id

String

Specifies the project ID.

remote_address_group_id

String

  • Specifies the remote IP address group ID.
  • The parameter is mutually exclusive with parameters remote_ip_prefix and remote_group_id.

project_id

String

Specifies the project ID. For details about how to obtain a project ID, see Obtaining a Project ID.

created_at

String

Specifies the time (UTC) when the security group rule is created.

Format: yyyy-MM-ddTHH:mm:ss

updated_at

String

Specifies the time (UTC) when the security group rule is updated.

Format: yyyy-MM-ddTHH:mm:ss

Table 4 SecurityGroupRulesLink objects

Parameter

Type

Description

href

String

Specifies the API link.

rel

String

Specifies the relationship between the API link and the API version.

Example Response

{
    "security_group_rules": [
        {
            "remote_group_id": "1d8b19c7-7c56-48f7-a99b-4b40eb390967", 
            "direction": "ingress", 
            "remote_ip_prefix": null, 
            "protocol": null, 
            "tenant_id": "6c9298ec8c874f7f99688489ab65f90e", 
            "port_range_max": null, 
            "security_group_id": "1d8b19c7-7c56-48f7-a99b-4b40eb390967", 
            "port_range_min": null, 
            "ethertype": "IPv6", 
            "description": null, 
            "id": "07adc044-3f21-4eeb-bd57-5e5eb6024b7f",
            "project_id": "6c9298ec8c874f7f99688489ab65f90e", 
            "created_at": "2018-09-20T02:15:34",
            "updated_at": "2018-09-20T02:15:34",
            "remote_address_group_id": null
        }, 
        {
            "remote_group_id": null, 
            "direction": "egress", 
            "remote_ip_prefix": null, 
            "protocol": null, 
            "tenant_id": "6c9298ec8c874f7f99688489ab65f90e", 
            "port_range_max": null, 
            "security_group_id": "328fb454-a2ee-4a11-bdb1-ee19bbdfde43", 
            "port_range_min": null, 
            "ethertype": "IPv6", 
            "description": null, 
            "id": "09358f83-f4a5-4386-9563-a1e3c373d655",
            "project_id": "6c9298ec8c874f7f99688489ab65f90e", 
            "created_at": "2018-09-20T02:15:34",
            "updated_at": "2018-09-20T02:15:34",
            "remote_address_group_id": null
        }, 
        {
            "remote_group_id": "4c763030-366e-428c-be2b-d48f6baf5297", 
            "direction": "ingress", 
            "remote_ip_prefix": null, 
            "protocol": null, 
            "tenant_id": "6c9298ec8c874f7f99688489ab65f90e", 
            "port_range_max": null, 
            "security_group_id": "4c763030-366e-428c-be2b-d48f6baf5297", 
            "port_range_min": null, 
            "ethertype": "IPv6", 
            "description": null, 
            "id": "219a6f56-1069-458b-bec0-df9270e7a074",
            "project_id": "6c9298ec8c874f7f99688489ab65f90e", 
            "created_at": "2018-09-20T02:15:34",
            "updated_at": "2018-09-20T02:15:34",
            "remote_address_group_id": null
        }
    ],
    "security_group_rules_links": [
       {    "rel": "previous", 
            "href": "https://{Endpoint}/v2.0/
security-group-rules?marker=07adc044-3f21-4eeb-bd57-5e5eb6024b7f&page_reverse=True"
        }
    ]
}

Status Code

See Status Codes.

Error Code

See Error Codes.