Help Center/ Data Encryption Workshop/ API Reference/ APIs/ Key Management APIs/ Authorization Management/ Querying Grants That Can Be Retired

Updated on 2022-09-15 GMT+08:00

View PDF

Querying Grants That Can Be Retired

Function

This API enables you to query grants that can be retired.

URI

POST /v1.0/{project_id}/kms/list-retirable-grants

**Table 1** Path parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID.

Request Parameters

**Table 2** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token. The token can be obtained by calling the IAM API (value of X-Subject-Token in the response header).

**Table 3** Request body parameters
Parameter	Mandatory	Type	Description
limit	No	String	Number of returned records of grants that can be retired. If the number of retrieved results is greater than this value, true is returned for the response parameter truncated, indicating that multiple pages of results are retrieved. The value cannot exceed the maximum number of grants. Example: 100
marker	No	String	Start position of pagination query. If truncated is true in the response, you can send consecutive requests to obtain more records. Set marker to the value of next_marker in the response. Example: 10
sequence	No	String	36-byte sequence number of a request message. Example: 919c82d4-8046-4722-9094-35c3c6524cff

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
grants	Array of Grants objects	Grant list.
next_marker	String	Value of marker used for obtaining the next page of results. If truncated is false, next_marker is left blank.
truncated	String	Whether there is a next page of results: true: There is a next page. false: This is the last page.

**Table 5** Grants
Parameter	Type	Description
key_id	String	CMK ID.
grant_id	String	Grant ID, which contains 64 bytes.
grantee_principal	String	Grantee ID, which contains 1 to 64 bytes and matches the regular expression ^[a-zA-Z0-9]{1, 64}$. Example: 0d0466b00d0466b00d0466b00d0466b0
grantee_principal_type	String	Grant type. Values: user, domain.
operations	Array of strings	List of granted operations. Values: create-datakey, create-datakey-without-plaintext, encrypt-datakey, decrypt-datakey, describe-key, create-grant, retire-grant, encrypt-data, decrypt-data. A value containing only create-grant is invalid.
issuing_principal	String	Grantor ID, which contains 1 to 64 bytes and matches the regular expression ^[a-zA-Z0-9]{1, 64}$. Example: 0d0466b00d0466b00d0466b00d0466b0
creation_date	String	Creation time. The timestamp indicates the total seconds past the start of the epoch date (January 1, 1970). Example: 1497341531000
name	String	Grant name. The value is a string of 1 to 255 characters and matches the regular expression ^[a-zA-Z0-9:/_-]{1,255}$.
retiring_principal	String	ID of the user who can retire a grant. It contains 1 to 64 bytes and matches the regular expression ^[a-zA-Z0-9]{1, 64}$. Example: 0d0466b00d0466b00d0466b00d0466b0

Status code: 400

**Table 6** Response body parameters
Parameter	Type	Description
error	Object	Error message.

**Table 7** ErrorDetail
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error information.

Status code: 403

**Table 8** Response body parameters
Parameter	Type	Description
error	Object	Error message.

**Table 9** ErrorDetail
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error information.

Status code: 404

**Table 10** Response body parameters
Parameter	Type	Description
error	Object	Error message.

**Table 11** ErrorDetail
Parameter	Type	Description
error_code	String	Error code.
error_msg	String	Error information.

Example Requests

{
  "limit" : "1000"
}

Example Responses

Status code: 200

Request processing succeeded.

{
  "grants" : [ {
    "operations" : [ "create-datakey", "describe-key" ],
    "issuing_principal" : "8b961fb414344d59825ba0c8c008c815",
    "key_id" : "737fd52b-36c4-4c91-972e-f6e202de9f6e",
    "grant_id" : "dd3f03e9229a5e47a41be6c27a630e60d5cbdbad2be89465d63109ad034db7d8",
    "grantee_principal" : "13gg44z4g2sglzk0egw0u726zoyzvrs8",
    "name" : "13gg44z4g2sglzk0egw0u726zoyzvrs8",
    "creation_date" : "1597062260000",
    "grantee_principal_type" : "user"
  } ],
  "next_marker" : "",
  "total" : 1,
  "truncated" : "false"
}

Status code: 400

Invalid request parameters.

{
  "error" : {
    "error_code" : "KMS.XXX",
    "error_msg" : "XXX"
  }
}

Status code: 403

Authentication failed.

{
  "error" : {
    "error_code" : "KMS.XXX",
    "error_msg" : "XXX"
  }
}

Status code: 404

The requested resource does not exist or is not found.

{
  "error" : {
    "error_code" : "KMS.XXX",
    "error_msg" : "XXX"
  }
}

Status Codes

Status Code	Description
200	Request processing succeeded.
400	Invalid request parameters.
403	Authentication failed.
404	The requested resource does not exist or is not found.

Error Codes

See Error Codes.

Parent topic: Authorization Management

Previous topic: Querying Grants on a CMK

Next topic: Small Data Encryption & Decryption

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel