Help Center/ GaussDB/ API Reference/ APIs (Recommended)/ Database and Account Management/ Querying the Modification History of a Client Access Authentication Configuration
Updated on 2025-10-20 GMT+08:00
View PDF
Share

Querying the Modification History of a Client Access Authentication Configuration

Function

This API is used to query the modification history of the client access authentication configuration of an instance. Before calling this API:

Debugging

You can debug this API in API Explorer.

URI

GET /v3/{project_id}/instances/{instance_id}/hba-info/history

Table 1 Parameter description

Parameter

Mandatory

Type

Description

project_id

Yes

String

Definition

Project ID of a tenant in a region.

To obtain the value, see Obtaining a Project ID.

Constraints

N/A

Range

The value can contain 32 characters. Only letters and digits are allowed.

Default Value

N/A

instance_id

Yes

String

Definition

Instance ID, which uniquely identifies an instance.

Constraints

N/A

Range

The value can contain 36 characters. Only letters and digits are allowed.

Default Value

N/A

start_time

No

String

Definition

Start time of the query period. The format is yyyy-mm-dd hh:mm:ss.

Constraints

N/A

Range

N/A

Default Value

N/A

end_time

No

String

Definition

End time of the query period. The format is yyyy-mm-dd hh:mm:ss.

Constraints

N/A

Range

N/A

Default Value

N/A

offset

No

Integer

Definition

Offset for pagination. The query starts from the next piece of data indexed by this parameter. For example, if this parameter is set to 1 and limit is set to 10, only the 11th to 20th records on the 2nd page are displayed.

Constraints

N/A

Range

[0,2^31-1]

Default Value

0: The query starts from the first data record.

limit

No

Integer

Definition

Number of records displayed per page.

Constraints

N/A

Range

[1,100]

Default Value

10

Request Parameters

None

Response Parameters

Table 2 Parameter description

Parameter

Type

Description

hba_histories

Array of objects

Definition

Historical modification record of a client access authentication configuration represented by each element in the list. For details, see Table 3.

total_count

Integer

Definition

Total number of records.

Range

[0,2^31 – 1]
Table 3 Data structure description of the hba_histories field

Parameter

Type

Description

id

String

Definition

ID of the modification record of a client access authentication configuration.

Range

N/A

status

String

Definition

Status of the client access authentication configuration modification.

Range

  • success: The modification is successful.
  • failed: The modification fails.

fail_reason

String

Definition

Cause of the failure in modifying client access authentication configuration. This parameter is returned only when the modification fails.

Range

N/A

time

String

Definition

Modification time. The format is yyyy-mm-dd hh:mm:ss.

Range

N/A

before_confs

Array of objects

Definition

Client access authentication configuration before the modification.

Client access authentication configuration represented by each record. For details, see Table 4.

after_confs

Array of objects

Definition

Modified client access authentication configuration.

Client access authentication configuration represented by each record. For details, see Table 4.
Table 4 Data structure description of the hba_confs field

Parameter

Type

Description

type

String

Definition

Client connection type.

Range

  • host: The record accepts either a common TCP/IP-socket connection or a TCP/IP-socket connection encrypted through SSL.
  • hostssl: The record accepts only a TCP/IP socket connection encrypted through SSL.
  • hostnossl: The record accepts only a common TCP/IP socket connection.

database

String

Definition

Database that a record matches and can access. In the multi-tenancy scenario, this parameter specifies the PDB that a record matches and can access.

Range

  • all: The record matches all databases.
  • A specific database name or a list of databases separated by commas (,)
    NOTE:
    • replication: If a replication connection is requested, the record matches the connection. But this does not mean that the record matches any specific database. To use a database named replication, specify it in the database column.
    • In a multi-tenant database, the value replication_pdb1 indicates that if a replication connection named pdb1 is requested, the matching is successful. The value replication takes effect only for non-PDBs.
    • The PDB replication connection takes effect in replication_[pdbname] mode. pdbname indicates the name of the created PDB.
    • To use a database named replication_pdb1, specify it in the database column.

user

String

Definition

Users who match the record and are allowed to access databases.

Range

  • all: The record matches all users.
  • A specific database username or a list of users separated by commas (,)

address

String

Definition

Range of IP addresses that match the record and can be accessed.

Range

IPv4 and IPv6 addresses are supported. The IP address range can be expressed in the following format:

IP-address/mask-length Example: 10.10.0.0/24 or 2001:250:250:250:250:250:250:175/128.

method

String

Definition

Authentication mode used for connection.

Range

User APIs support the following authentication modes:

  • reject: A connection is rejected unconditionally. It is often used to filter certain hosts.
  • md5: MD5 has lower security and poses security risks. Therefore, you are advised to use a more secure cryptographic algorithm. md5 is not supported by default. You can configure the password_encryption_type parameter.
  • sha256: The client is required to provide a SHA256-encrypted password for authentication. The password is encrypted based on the unidirectional SHA-256 of salt (a random number sent from the server to the client) when being transmitted, enhancing the security.
  • sm3: The client is required to provide an SM3-encrypted password for authentication. The password is encrypted based on the one-way SM3 of salt (a random number sent from the server to the client) when being transmitted, enhancing the security.
  • cert: A client certificate is used for authentication. In this mode, the SSL connection must be configured and the client must provide a valid SSL certificate. The user password is not required. The cert authentication mode supports only the hostssl client connection type.

Example Request

Querying the modification history of a client access authentication configuration

GET https://gaussdb-opengauss.ap-southeast-1.myhuaweicloud.com/v3/0483b6b16e954cb88930a360d2c4e663/instances/{instance_id}/hba-info/history

Example Response

Succeeded in querying the modification history of the client access authentication configuration.

{
    "hba_histories": [
        {
            "id": "08508b98-2f1d-4f7a-bfbc-d990f69996a1",
            "status": "success",
            "time": "2025-06-13 01:51:44",
            "fail_reason": null,
            "before_confs": [
                {
                    "type": "host",
                    "database": "all",
                    "user": "all",
                    "address": "0.0.0.0/0",
                    "method": "sha256"
                }
            ],
            "after_confs": [
                {
                    "type": "host",
                    "database": "all",
                    "user": "root",
                    "address": "0.0.1.1/24",
                    "method": "sha256"
                },
                {
                    "type": "host",
                    "database": "all",
                    "user": "all",
                    "address": "0.0.0.0/0",
                    "method": "sha256"
                }
            ]
        }],
    "total_count": 1
}

Status Codes

Error Codes

For details, see Error Codes.