Querying Compliance Summary by User
Function
This API is used to query compliance summary by user.
Calling Method
For details, see Calling APIs.
Authorization Information
Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.
- If you are using role/policy-based authorization, see Permissions Policies and Supported Actions for details on the required permissions.
- If you are using identity policy-based authorization, the following identity policy-based permissions are required.
Action
Access Level
Resource Type (*: required)
Condition Key
Alias
Dependencies
rms:policyStates:get
Read
policyAssignments
g:ResourceTag/<tag-key>
-
-
URI
GET /v1/resource-manager/domains/{domain_id}/policy-states/summary
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
domain_id |
Yes |
String |
Specifies the account ID. Maximum: 36 |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
tags |
No |
Array of strings |
Tag list. Array Length: 1 - 5 |
Request Parameters
None
Response Parameters
Status code: 200
|
Parameter |
Type |
Description |
|---|---|---|
|
results |
Specifies the results of compliance summaries. |
|
|
policy_assignments |
Array of PolicyAssignmentComplianceSummary objects |
Specifies the compliance summaries based on rules. |
|
Parameter |
Type |
Description |
|---|---|---|
|
compliance_state |
String |
Specifies the rule status. |
|
policy_assignment |
PolicyAssignment object |
Specifies the rule. |
|
results |
Specifies the results of compliance summaries. |
|
Parameter |
Type |
Description |
|---|---|---|
|
policy_assignment_type |
String |
Specifies the rule type, which can be builtin or custom. |
|
id |
String |
Specifies the rule ID. |
|
name |
String |
Specifies the rule name. |
|
description |
String |
Specifies the rule description. |
|
policy_filter |
PolicyFilterDefinition object |
Specifies the policy filter of a rule. |
|
policy_filter_v2 |
PolicyFilterDefinitionV2 object |
Specifies the policy filter of a rule. |
|
period |
String |
Specifies how often the rule is triggered, which can be One_Hour, Three_Hours, Six_Hours, Twelve_Hours, or TwentyFour_Hours. |
|
state |
String |
Specifies the rule status. |
|
created |
String |
Specifies the time when the rule was added. |
|
updated |
String |
Specifies the time when the rule was modified. |
|
policy_definition_id |
String |
Specifies the ID of the policy associated with a rule. |
|
custom_policy |
CustomPolicy object |
Specifies the custom rule. |
|
parameters |
Map<String,PolicyParameterValue> |
Specifies rule parameters. |
|
tags |
Array of ResourceTag objects |
Tags |
|
created_by |
String |
Specifies the rule creator. |
|
target_type |
String |
Execution method of remediation. |
|
target_id |
String |
The ID of a remediation object. |
|
Parameter |
Type |
Description |
|---|---|---|
|
region_id |
String |
Specifies the region ID. Maximum: 128 |
|
resource_provider |
String |
Specifies the cloud service name. Maximum: 128 |
|
resource_type |
String |
Specifies the resource type. Maximum: 128 |
|
resource_id |
String |
Specifies the resource ID. Maximum: 512 |
|
tag_key |
String |
Specifies the tag key. Maximum: 128 |
|
tag_value |
String |
Specifies the tag value. Maximum: 256 |
|
Parameter |
Type |
Description |
|---|---|---|
|
region_ids |
Array of strings |
Specifies the region IDs. |
|
resource_types |
Array of strings |
Specifies the cloud services. |
|
resource_ids |
Array of strings |
Specifies the resource list. |
|
tag_key_logic |
String |
The logical relationship when parameter tags takes multiple values, for example: When the tags is "tags.1.key":"a", "tags.1.values":"a", "tags.2.key":"b", "tags.2.values":"b", if this parameter is set to AND, it means that the rule only applies to resources bound with both tags a:a and b:b. If not specified, the default logic is OR. Default: OR |
|
tags |
Array of FilterTagDetail objects |
Tags. |
|
exclude_tag_key_logic |
String |
The logical relationship when parameter exclude_tags takes multiple values, for example: When the exclude_tags is "exclude_tags.1.key":"a", "exclude_tags.1.values":"a", "exclude_tags.2.key":"b", "exclude_tags.2.values":"b", if this parameter is set to AND, it means that the rule excludes resources that are bound with the tags a:a and b:b. If not specified, the default logic is OR. Default: OR |
|
exclude_tags |
Array of FilterTagDetail objects |
Exclude Tags. |
|
Parameter |
Type |
Description |
|---|---|---|
|
key |
String |
Specifies the tag key. |
|
values |
Array of strings |
Specifies tag values. |
|
Parameter |
Type |
Description |
|---|---|---|
|
function_urn |
String |
Specifies the URN of a custom function. Maximum: 1024 |
|
auth_type |
String |
Specifies the method used by a custom rule to call a function. |
|
auth_value |
Map<String,Object> |
Specifies the value of the method used by a custom rule to call a function. |
|
Parameter |
Type |
Description |
|---|---|---|
|
value |
Object |
Specifies the value of the rule parameter. |
|
Parameter |
Type |
Description |
|---|---|---|
|
key |
String |
Tag key. A tag key can contain up to 128 Unicode characters and must comply with the character set specifications in section 3.1. Minimum: 1 Maximum: 128 |
|
value |
String |
Tag value. A tag value can contain up to 255 Unicode characters and must comply with the character set specifications in section 3.2. Minimum: 0 Maximum: 255 |
|
Parameter |
Type |
Description |
|---|---|---|
|
resource_details |
Resource compliance summary details. |
|
|
assignment_details |
PolicyComplianceSummaryUnit object |
Specifies the compliance summary details. |
|
Parameter |
Type |
Description |
|---|---|---|
|
compliant_count |
Integer |
Specifies the number of compliant resources. |
|
non_compliant_count |
Integer |
Specifies the number of non-compliant resources. |
|
Parameter |
Type |
Description |
|---|---|---|
|
compliant_count |
Integer |
Specifies the number of compliant resources. |
|
non_compliant_count |
Integer |
Specifies the number of non-compliant resources. |
Status code: 400
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Specifies the error code. |
|
error_msg |
String |
Specifies the error message. |
Status code: 403
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Specifies the error code. |
|
error_msg |
String |
Specifies the error message. |
Status code: 404
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Specifies the error code. |
|
error_msg |
String |
Specifies the error message. |
Status code: 500
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Specifies the error code. |
|
error_msg |
String |
Specifies the error message. |
Example Requests
None
Example Responses
Status code: 200
Query results
{
"results" : {
"resource_details" : {
"compliant_count" : 503,
"non_compliant_count" : 527
},
"assignment_details" : {
"compliant_count" : 1,
"non_compliant_count" : 1
}
},
"policy_assignments" : [ {
"compliance_state" : "NonCompliant",
"policy_assignment" : {
"policy_assignment_type" : "builtin",
"id" : "68511e12374e70675172b9c1",
"name" : "cts-obs-bucket-track2-Q2E4Mw",
"description" : "The evaluation based on this rule is triggered upon configuration changes. Evaluation result: non-compliant; All CTS trackers in the account failed to track the specified OBS buckets.",
"policy_filter" : {
"region_id" : null,
"resource_provider" : null,
"resource_type" : null,
"resource_id" : null,
"tag_key" : null,
"tag_value" : null
},
"policy_filter_v2" : null,
"period" : "TwentyFour_Hours",
"state" : "Enabled",
"created" : "2025-06-17T07:49:38.717Z",
"updated" : "2025-06-17T07:49:38.717Z",
"policy_definition_id" : "77982d0e4e8954e37d0f6919",
"custom_policy" : null,
"parameters" : {
"trackBucket" : {
"value" : "rms"
}
},
"tags" : [ {
"key" : "AAA",
"value" : "AAA"
} ],
"created_by" : "ServiceLinkedAgencyForRMSConforms",
"target_type" : null,
"target_id" : null
},
"results" : {
"resource_details" : {
"compliant_count" : 0,
"non_compliant_count" : 1
},
"assignment_details" : null
}
} ]
}
SDK Sample Code
The SDK sample code is as follows.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.GlobalCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.config.v1.region.ConfigRegion; import com.huaweicloud.sdk.config.v1.*; import com.huaweicloud.sdk.config.v1.model.*; public class CollectPolicyStatesSummarySolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new GlobalCredentials() .withAk(ak) .withSk(sk); ConfigClient client = ConfigClient.newBuilder() .withCredential(auth) .withRegion(ConfigRegion.valueOf("<YOUR REGION>")) .build(); CollectPolicyStatesSummaryRequest request = new CollectPolicyStatesSummaryRequest(); try { CollectPolicyStatesSummaryResponse response = client.collectPolicyStatesSummary(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } } |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
# coding: utf-8 import os from huaweicloudsdkcore.auth.credentials import GlobalCredentials from huaweicloudsdkconfig.v1.region.config_region import ConfigRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdkconfig.v1 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = os.environ["CLOUD_SDK_AK"] sk = os.environ["CLOUD_SDK_SK"] credentials = GlobalCredentials(ak, sk) client = ConfigClient.new_builder() \ .with_credentials(credentials) \ .with_region(ConfigRegion.value_of("<YOUR REGION>")) \ .build() try: request = CollectPolicyStatesSummaryRequest() response = client.collect_policy_states_summary(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg) |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/global" config "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/config/v1" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/config/v1/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/config/v1/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") auth := global.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). Build() client := config.NewConfigClient( config.ConfigClientBuilder(). WithRegion(region.ValueOf("<YOUR REGION>")). WithCredential(auth). Build()) request := &model.CollectPolicyStatesSummaryRequest{} response, err := client.CollectPolicyStatesSummary(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } } |
For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.
Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
Query results |
|
400 |
Invalid parameters. |
|
403 |
Authentication failed or insufficient permissions. |
|
404 |
Resource not found. |
|
500 |
Internal server error. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
