Updated on 2025-08-19 GMT+08:00

Querying Network ACLs Using Tags

Function

This API is used to query network ACLs using tags.

Calling Method

For details, see Calling APIs.

URI

POST /v3/{project_id}/firewalls/resource-instances/filter

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID

Table 2 Query Parameters

Parameter

Mandatory

Type

Description

limit

No

Integer

Number of records to be queried.

The value can be from 1 to 1000.

The default value is 1000.

Default: 1000

offset

No

Integer

The index position. The query starts from the next piece of data indexed by this parameter.

The value is 0 by default, indicating that the query starts from the first piece of data. The value cannot be a negative number.

Default: 0

Request Parameters

Table 3 Request body parameters

Parameter

Mandatory

Type

Description

matches

No

Array of Match objects

The key-value pair to be matched in the query. The key is a fixed dictionary value and must be a unique and supported key. The key can only be resource_name.

tags

No

Array of ListTag objects

The resources to be queried contain all tags listed in tags. A maximum of 50 tags can be specified. Each tag key can have a maximum of 10 tag values. Each tag value can be an empty array but the structure cannot be missing. Each tag key must be unique, and each tag value of a tag must also be unique. Resources with all tags listed in tags will be returned. Keys in this list are in an AND relationship while values in each key-value structure are in an OR relationship. If tags is not specified, all resources will be returned.

Table 4 Match

Parameter

Mandatory

Type

Description

key

Yes

String

Tag key. Currently, the tag key can only be the resource name.

Minimum: 1

Maximum: 128

value

Yes

String

Tag value. Each value can contain a maximum of 255 Unicode characters.

Minimum: 0

Maximum: 255

Table 5 ListTag

Parameter

Mandatory

Type

Description

key

Yes

String

Tag key.

The key cannot be left blank.

Minimum: 1

Maximum: 128

values

Yes

Array of strings

Tag values. If values is left blank, it indicates any_value (querying any value). The values are in the OR relationship.

Maximum: 255

Response Parameters

Status code: 200

Table 6 Response body parameters

Parameter

Type

Description

resources

Array of ListResourceResp objects

Resources

total_count

Integer

Resource quantity

request_id

String

Request ID

Table 7 ListResourceResp

Parameter

Type

Description

resource_id

String

Resource ID

resource_detail

Object

Resource details that are used for extension. This parameter is left blank by default.

resource_name

String

Resource name. This parameter is an empty string by default if there is no resource name.

tags

Array of ResourceTag objects

A list of tags for queried resources to match against. This parameter is an empty array by default if there is no tag.

Table 8 ResourceTag

Parameter

Type

Description

key

String

  • Tag key

  • Tag keys must be unique for each resource.

  • The value can contain 1 to 128 characters.

Minimum: 1

Maximum: 128

value

String

  • Tag value.

  • The value can contain no more than 255 characters

Maximum: 255

Example Requests

Query network ACLs using tags and matches. A maximum of 100 records can be returned. The query starts from the first record.

https://{{Endpoint}}/v3/{project_id}/firewalls/resource-instances/filter?limit=100&offset=0

{
  "tags" : [ {
    "key" : "key1",
    "values" : [ "value1" ]
  } ],
  "matches" : [ {
    "key" : "resource_name",
    "value" : "network_aclv3_test"
  } ]
}

Example Responses

Status code: 200

Normal request response. For more status codes, see Status Codes.

{
  "resources" : [ {
    "resource_id" : "55046c0b-f38e-4bc4-988a-06529b34a7db",
    "resource_detail" : "",
    "resource_name" : "network_aclv3_test",
    "tags" : [ {
      "key" : "key1",
      "value" : "value1"
    }, {
      "key" : "key2",
      "value" : "value2"
    } ]
  }, {
    "resource_id" : "1828c600-793d-4570-987b-ac59f3ef0734",
    "resource_detail" : "",
    "resource_name" : "network_aclv3_test",
    "tags" : [ {
      "key" : "key1",
      "value" : "value1"
    }, {
      "key" : "key5",
      "value" : "value5"
    } ]
  } ],
  "request_id" : "2d9cef8c-4e17-40bc-9111-f3fc97b97294",
  "total_count" : 2
}

SDK Sample Code

The SDK sample code is as follows.

Query network ACLs using tags and matches. A maximum of 100 records can be returned. The query starts from the first record.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.vpc.v3.region.VpcRegion;
import com.huaweicloud.sdk.vpc.v3.*;
import com.huaweicloud.sdk.vpc.v3.model.*;

import java.util.List;
import java.util.ArrayList;

public class ListFirewallsByTagsSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        VpcClient client = VpcClient.newBuilder()
                .withCredential(auth)
                .withRegion(VpcRegion.valueOf("<YOUR REGION>"))
                .build();
        ListFirewallsByTagsRequest request = new ListFirewallsByTagsRequest();
        ListFirewallsByTagsRequestBody body = new ListFirewallsByTagsRequestBody();
        []string listTagsValues = new ArrayList<>();
        listTagsValues.add("value1");
        [](model.ListTag) listbodyTags = new ArrayList<>();
        listbodyTags.add(
            new ListTag()
                .withKey("key1")
                .withValues(listTagsValues)
        );
        [](model.Match) listbodyMatches = new ArrayList<>();
        listbodyMatches.add(
            new Match()
                .withKey("resource_name")
                .withValue("network_aclv3_test")
        );
        body.withTags(listbodyTags);
        body.withMatches(listbodyMatches);
        request.withBody(body);
        try {
            ListFirewallsByTagsResponse response = client.listFirewallsByTags(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

Query network ACLs using tags and matches. A maximum of 100 records can be returned. The query starts from the first record.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
# coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkvpc.v3.region.vpc_region import VpcRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkvpc.v3 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = VpcClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(VpcRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = ListFirewallsByTagsRequest()
        listValuesTags = [
            "value1"
        ]
        listTagsbody = [
            ListTag(
                key="key1",
                values=listValuesTags
            )
        ]
        listMatchesbody = [
            Match(
                key="resource_name",
                value="network_aclv3_test"
            )
        ]
        request.body = ListFirewallsByTagsRequestBody(
            tags=listTagsbody,
            matches=listMatchesbody
        )
        response = client.list_firewalls_by_tags(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

Query network ACLs using tags and matches. A maximum of 100 records can be returned. The query starts from the first record.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    vpc "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := vpc.NewVpcClient(
        vpc.VpcClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.ListFirewallsByTagsRequest{}
	var listValuesTags = []string{
        "value1",
    }
	var listTagsbody = []model.ListTag{
        {
            Key: "key1",
            Values: listValuesTags,
        },
    }
	var listMatchesbody = []model.Match{
        {
            Key: "resource_name",
            Value: "network_aclv3_test",
        },
    }
	request.Body = &model.ListFirewallsByTagsRequestBody{
		Tags: &listTagsbody,
		Matches: &listMatchesbody,
	}
	response, err := client.ListFirewallsByTags(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.

Status Codes

Status Code

Description

200

Normal request response. For more status codes, see Status Codes.

Error Codes

See Error Codes.