Help Center/ Virtual Private Cloud/ API Reference/ VPC APIs (V3)/ Port/ Removing a Security Group from the Security Group List of a Port
Updated on 2025-08-19 GMT+08:00

Removing a Security Group from the Security Group List of a Port

Function

This API is used to remove a security group from the security group list of a port.

Calling Method

For details, see Calling APIs.

URI

PUT /v3/{project_id}/ports/{port_id}/remove-security-groups

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

port_id

Yes

String

Unique identifier of a port.

project_id

Yes

String

Project ID.

For details about how to obtain a project ID, see Obtaining a Project ID.

Request Parameters

Table 2 Request body parameters

Parameter

Mandatory

Type

Description

port

Yes

RemoveSecurityGroupOption object

Request body for removing a security group from a security group list of a port.

Table 3 RemoveSecurityGroupOption

Parameter

Mandatory

Type

Description

security_groups

Yes

Array of strings

Security group IDs, for example, "security_groups": ["a0608cbf-d047-4f54-8b28-cd7b59853fff"].

Response Parameters

Status code: 200

Table 4 Response body parameters

Parameter

Type

Description

request_id

String

Request ID.

port

Port object

Response body for removing a security group from a security group list of a port.

Table 5 Port

Parameter

Type

Description

admin_state_up

Boolean

Administrative status.

Value range: true or false

Default value: true

binding:host_id

String

Host ID.

Constraints: This parameter is visible only to administrators.

binding:profile

Object

User-defined settings.

binding:vif_details

Object

Details about the virtual interface. ovs_hybrid_plug specifies whether the OVS/bridge hybrid mode is used.

binding:vif_type

String

Interface type of the port. The value can be ovs, hw_veb, or others. This is an extended attribute.

Constraints: This parameter is visible only to administrators.

binding:vnic_type

String

Type of the bound vNIC.

The value can be:

- normal: software switching.

- direct: SR-IOV PCIe passthrough. direct is not supported.

created_at

String

Time when the port was created.

The value is a UTC time in the format of yyyy-MM-ddTHH:mm:ss.

updated_at

String

Time when the port was created.

The value is a UTC time in the format of yyyy-MM-ddTHH:mm:ss.

description

String

Supplementary information about a port.

The value can contain up to 255 characters and cannot contain angle brackets (< or >).

device_id

String

ID of the device that a port belongs to.

The value must be in standard UUID format.

The system automatically sets this parameter.

device_owner

String

Device that a port belongs to, which can be a DHCP server, router, load balancer, or Nova.

ecs_flavor

String

Flavor of the ECS that the port belongs to.

id

String

Port ID, which uniquely identifies a port.

The value must be in standard UUID format.

instance_id

String

ID of the instance that the port belongs to, for example, RDS instance ID.

The system automatically sets this parameter.

instance_type

String

Type of the instance that the port belongs to, for example, RDS.

The system automatically sets this parameter.

mac_address

String

MAC address.

name

String

Port name.

The value can contain no more than 255 characters. This parameter is left blank by default.

port_security_enabled

Boolean

Whether the security option is enabled for the port. If the option is not enabled, the security group and DHCP snooping do not take effect.

Value range: true or false

private_ips

Array of PrivateIpInfo objects

Private IP address of the port.

project_id

String

Project ID.

The value must be in standard UUID format.

security_groups

Array of strings

Security groups associated with the port.

status

String

Port status.

The value can be ACTIVE, BUILD, or DOWN.

tenant_id

String

Tenant ID.

The value must be in standard UUID format.

virsubnet_id

String

Network ID.

The value must be in standard UUID format.

vpc_id

String

VPC ID.

The value must be in standard UUID format.

vpc_tenant_id

String

VPC tenant ID.

The value must be in standard UUID format.

vtep_ip

String

VTEP IP address.

enable_efi

Boolean

Whether to enable efi. If efi is enabled, the port supports vRoCE.

Value range: true or false

Default value: false

scope

String

Application scope.

The value can be:

  • center: central AZs.

  • {azId}: specific AZs.

Default value: center

zone_id

String

AZ that the port belongs to.

binding:migration_info

Object

Destination node information, including the details defined by binding:vif_details and binding:vif_type.

extra_dhcp_opts

Array of ExtraDhcpOpt objects

Extended attributes of DHCP.

position_type

String

Location type in the edge scenario.

Default value: center

instance_info

Object

Information about the instance bound to the port.

tags

Array of strings

Port tags.

allowed_address_pairs

Array of AllowedAddressPair objects

IP address and MAC address pairs.

Constraints:

  • The IP address cannot be 0.0.0.0/0.

  • Configure a dedicated security group for the port if allowed_address_pairs has a CIDR block with a netmask length less than 24.

  • If the value of allowed_address_pairs is 1.1.1.1/0, the source/destination check is disabled.

  • Set allowed_address_pairs of the cloud server NIC to 1.1.1.1/0.

Table 6 PrivateIpInfo

Parameter

Type

Description

subnet_cidr_id

String

ID of the subnet where the port works.

ip_address

String

Private IP address of the port.

Table 7 ExtraDhcpOpt

Parameter

Type

Description

opt_name

String

Option name.

opt_value

String

Option value.

Table 8 AllowedAddressPair

Parameter

Type

Description

ip_address

String

Definition:

IP address.

Constraints:

Configure a dedicated security group if a large CIDR block (subnet mask less than 24) is configured for parameter allowed_address_pairs.

Range:

Single IP address, for example, 192.168.21.25

A CIDR block, for example, 192.168.21.0/24

Default Value:

N/A

mac_address

String

Definition:

MAC address.

Constraints:

N/A

Range:

N/A

Default Value:

N/A

Example Requests

Remove security groups (8edd3747-ccd4-49a1-82b9-a165eec314b4 and 6c2d4540-3b7d-4207-a319-a7231b439995) associated with the port (99fd0c77-56b4-4bf6-8365-df352e45d5fc).

PUT https://{Endpoint}/v3/f5dab68cd75740e68c599e9af5fe0aed/ports/99fd0c77-56b4-4bf6-8365-df352e45d5fc/remove-security-groups

{
  "port" : {
    "security_groups" : [ "8edd3747-ccd4-49a1-82b9-a165eec314b4", "6c2d4540-3b7d-4207-a319-a7231b439995" ]
  }
}

Example Responses

Status code: 200

Normal response to the PUT operation. For more status codes, see Status Codes.

{
  "port" : {
    "name" : "",
    "id" : "99fd0c77-56b4-4bf6-8365-df352e45d5fc",
    "admin_state_up" : true,
    "status" : "DOWN",
    "project_id" : "f5dab68cd75740e68c599e9af5fe0aed",
    "device_id" : "",
    "mac_address" : "fa:16:3e:1f:17:df",
    "device_owner" : "",
    "description" : "",
    "zone_id" : "",
    "scope" : "center",
    "position_type" : "center",
    "created_at" : "2023-05-10T01:35:02.000+00:00",
    "updated_at" : "2023-05-10T01:35:02.000+00:00",
    "port_security_enabled" : true,
    "tags" : [ ],
    "security_groups" : [ "567be4e3-d171-46ce-9e8a-c15e91cfe86a", "4940b983-5992-4663-bed9-d1d1e15d1009" ],
    "allowed_address_pairs" : [ ],
    "extra_dhcp_opts" : [ ],
    "instance_id" : "",
    "instance_type" : "",
    "ecs_flavor" : "",
    "enable_efi" : false,
    "virsubnet_id" : "3847b263-2370-45c0-8236-38a1de568049",
    "private_ips" : [ {
      "subnet_cidr_id" : "ffe98087-6d4f-45cd-988b-1c87f75d2d53",
      "ip_address" : "192.168.158.228"
    } ],
    "binding:host_id" : "",
    "binding:vif_type" : "unbound",
    "binding:vnic_type" : "normal",
    "binding:vif_details" : { },
    "binding:profile" : { },
    "binding:migration_info" : { }
  },
  "request_id" : "abd08c76-c853-4967-a898-12804330efab"
}

SDK Sample Code

The SDK sample code is as follows.

Remove security groups (8edd3747-ccd4-49a1-82b9-a165eec314b4 and 6c2d4540-3b7d-4207-a319-a7231b439995) associated with the port (99fd0c77-56b4-4bf6-8365-df352e45d5fc).

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.vpc.v3.region.VpcRegion;
import com.huaweicloud.sdk.vpc.v3.*;
import com.huaweicloud.sdk.vpc.v3.model.*;

import java.util.List;
import java.util.ArrayList;

public class RemoveSecurityGroupsSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        VpcClient client = VpcClient.newBuilder()
                .withCredential(auth)
                .withRegion(VpcRegion.valueOf("<YOUR REGION>"))
                .build();
        RemoveSecurityGroupsRequest request = new RemoveSecurityGroupsRequest();
        request.withPortId("{port_id}");
        RemoveSecurityGroupsRequestBody body = new RemoveSecurityGroupsRequestBody();
        List<String> listPortSecurityGroups = new ArrayList<>();
        listPortSecurityGroups.add("8edd3747-ccd4-49a1-82b9-a165eec314b4");
        listPortSecurityGroups.add("6c2d4540-3b7d-4207-a319-a7231b439995");
        RemoveSecurityGroupOption portbody = new RemoveSecurityGroupOption();
        portbody.withSecurityGroups(listPortSecurityGroups);
        body.withPort(portbody);
        request.withBody(body);
        try {
            RemoveSecurityGroupsResponse response = client.removeSecurityGroups(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

Remove security groups (8edd3747-ccd4-49a1-82b9-a165eec314b4 and 6c2d4540-3b7d-4207-a319-a7231b439995) associated with the port (99fd0c77-56b4-4bf6-8365-df352e45d5fc).

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkvpc.v3.region.vpc_region import VpcRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkvpc.v3 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = VpcClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(VpcRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = RemoveSecurityGroupsRequest()
        request.port_id = "{port_id}"
        listSecurityGroupsPort = [
            "8edd3747-ccd4-49a1-82b9-a165eec314b4",
            "6c2d4540-3b7d-4207-a319-a7231b439995"
        ]
        portbody = RemoveSecurityGroupOption(
            security_groups=listSecurityGroupsPort
        )
        request.body = RemoveSecurityGroupsRequestBody(
            port=portbody
        )
        response = client.remove_security_groups(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

Remove security groups (8edd3747-ccd4-49a1-82b9-a165eec314b4 and 6c2d4540-3b7d-4207-a319-a7231b439995) associated with the port (99fd0c77-56b4-4bf6-8365-df352e45d5fc).

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    vpc "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := vpc.NewVpcClient(
        vpc.VpcClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.RemoveSecurityGroupsRequest{}
	request.PortId = "{port_id}"
	var listSecurityGroupsPort = []string{
        "8edd3747-ccd4-49a1-82b9-a165eec314b4",
	    "6c2d4540-3b7d-4207-a319-a7231b439995",
    }
	portbody := &model.RemoveSecurityGroupOption{
		SecurityGroups: listSecurityGroupsPort,
	}
	request.Body = &model.RemoveSecurityGroupsRequestBody{
		Port: portbody,
	}
	response, err := client.RemoveSecurityGroups(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.

Status Codes

Status Code

Description

200

Normal response to the PUT operation. For more status codes, see Status Codes.

Error Codes

See Error Codes.