Modifying a Tracker_Tracker Management_V3 APIs (Recommended)_API Reference

Function

This API is used to modify configurations of a tracker, including trace transfer to OBS buckets, key event notifications, trace file encryption, management trace retrieval using Log Tank Service (LTS), trace file integrity check, and tracker enablement or disablement. Modifying tracker parameters does not affect the collected traces. After the modification is complete, the new rules are immediately applied to operation recording.

Calling Method

For details, see Calling APIs.

Authorization Information

Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.

If you are using role/policy-based authorization, see Permissions Policies and Supported Actions for details on the required permissions.

If you are using identity policy-based authorization, the following identity policy-based permissions are required.

Action	Access Level	Resource Type (*: required)	Condition Key	Alias	Dependencies
cts:tracker:update	Write	tracker	-	-	lts:topics:list lts:topics:create lts:groups:list lts:groups:create obs:bucket:CreateBucket obs:bucket:HeadBucket obs:bucket:GetLifecycleConfiguration obs:bucket:PutLifecycleConfiguration obs:bucket:GetBucketAcl obs:bucket:PutBucketAcl kms:cmk:list

URI

PUT /v3/{project_id}/tracker

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID. For details, see Obtaining an Account ID and Project ID.

Request Parameters

**Table 2** Request body parameters
Parameter	Mandatory	Type	Description
tracker_type	Yes	String	Tracker type. The value can be system (management tracker) or data (data tracker). Both data and management trackers have the following parameters: is_lts_enabled, obs_info, and is_support_validate. Parameters for management trackers: is_support_trace_files_encryption and kms_id. Parameters for data trackers: tracker_name and data_bucket.
tracker_name	Yes	String	Tracker name. When tracker_type is set to system, the default value system is used. When tracker_type is set to data, you need to set this parameter to a tracker name.
status	No	String	Tracker status. The value can be enabled or disabled. If you change the value to disabled, the tracker stops recording traces.
is_lts_enabled	No	Boolean	Whether to enable transfer to LTS.
is_organization_tracker	No	Boolean	Whether to apply the tracker configuration to your organization. This parameter is valid only for the management tracker. If the value is set to true, the audit logs of all members in the ORG organization in the current region will be transferred to the OBS bucket or LTS log stream configured for the management tracker. However, audit logs of other members cannot be viewed on the Trace List page.
management_event_selector	No	ManagementEventSelector object	Management trace selector.
obs_info	No	TrackerObsInfo object	Configurations of an OBS bucket to which traces are transferred.
is_support_trace_files_encryption	No	Boolean	Whether trace files are encrypted during transfer to an OBS bucket. This parameter is valid only when tracker_type is set to system. It must be used together with kms_id.
kms_id	No	String	Key ID used for transferring and encrypting trace files. This key ID is obtained from Key Management Service (KMS). This parameter is valid when tracker_type is set to system. This parameter is mandatory when is_support_trace_files_encryption is set to true.
is_support_validate	No	Boolean	Whether trace file verification is enabled for trace transfer.
data_bucket	No	DataBucket object	Configurations of a tracked OBS bucket. This parameter is valid only when tracker_type is set to data.
agency_name	No	String	Cloud service agency name. If this parameter is set to cts_admin_trust, a cloud service agency named cts_admin_trust is automatically created during tracker modification.

**Table 3** ManagementEventSelector
Parameter	Mandatory	Type	Description
exclude_service	No	Array of strings	Cloud service whose traces will not be transferred. Currently, the value can only be set to KMS, indicating that the createDatakey traces of KMS will not be transferred.

**Table 4** TrackerObsInfo
Parameter	Mandatory	Type	Description
bucket_name	No	String	OBS bucket name. The value contains 3 to 63 characters and must start with a number or lowercase letter. Only lowercase letters, numbers, hyphens (-), and periods (.) are allowed.
file_prefix_name	No	String	File name prefix to mark trace files that need to be stored in an OBS bucket. The value contains 0 to 64 characters. Only letters, numbers, hyphens (-), underscores (_), and periods (.) are allowed.
is_obs_created	No	Boolean	Whether a new OBS bucket is created. When the value is true, you can create an OBS bucket to store trace files. When the value is false, you can select an existing OBS bucket to store trace files.
bucket_lifecycle	No	Integer	Duration that traces are stored in the OBS bucket. This parameter is valid only when tracker_type is set to data.
compress_type	No	String	Compression type, which can be JSON (no compression) or GZIP (compression). The default format is GZIP.
is_sort_by_service	No	Boolean	Whether to sort the path by cloud service. If this option is enabled, the cloud service name is added to the transfer file path. The default value is true.

**Table 5** DataBucket
Parameter	Mandatory	Type	Description
data_bucket_name	No	String	Name of the bucket tracked by a data tracker. This parameter is mandatory when the data tracker is enabled or disabled. This parameter is unavailable for a management tracker. Once a tracker is created, the bucket that it tracks cannot be changed.
data_event	No	Array of strings	Type of operations tracked by a data tracker. This parameter is mandatory when the data tracker is enabled or disabled. This parameter is unavailable for a management tracker. READ OBS: reading objects; WRITE OBS: writing objects.

Response Parameters

Status code: 200

The request is successful.

Status code: 400

**Table 6** Response body parameters
Parameter	Type	Description
error_code	String	Error code. Format: CTS.XXX.
error_msg	String	Error message.

Status code: 401

**Table 7** Response body parameters
Parameter	Type	Description
error_code	String	Error code. Format: CTS.XXX.
error_msg	String	Error message.

Status code: 403

**Table 8** Response body parameters
Parameter	Type	Description
error_code	String	Error code. Format: CTS.XXX.
error_msg	String	Error message.

Status code: 404

**Table 9** Response body parameters
Parameter	Type	Description
error_code	String	Error code. Format: CTS.XXX.
error_msg	String	Error message.

Status code: 500

**Table 10** Response body parameters
Parameter	Type	Description
error_code	String	Error code. Format: CTS.XXX.
error_msg	String	Error message.

Status code: 503

**Table 11** Response body parameters
Parameter	Type	Description
error_code	String	Error code. Format: CTS.XXX.
error_msg	String	Error message.

Example Requests

Modifying a management tracker

PUT https://{endpoint}/v3/{project_id}/tracker

{
  "tracker_type" : "system",
  "tracker_name" : "system",
  "agency_name" : "cts_admin_trust",
  "obs_info" : {
    "is_obs_created" : false,
    "bucket_name" : "test-data-tracker",
    "file_prefix_name" : "11"
  },
  "is_lts_enabled" : false,
  "is_support_trace_files_encryption" : false,
  "kms_id" : "",
  "is_support_validate" : false,
  "status" : "enabled"
}

Modifying a data tracker

PUT https://{endpoint}/v3/{project_id}/tracker

{
  "tracker_type" : "data",
  "tracker_name" : "data-tracker-name",
  "agency_name" : "cts_admin_trust",
  "obs_info" : {
    "is_obs_created" : false,
    "bucket_name" : "",
    "file_prefix_name" : "",
    "bucket_lifecycle" : 60
  },
  "is_lts_enabled" : true,
  "data_bucket" : {
    "data_bucket_name" : "test-data-tracker",
    "data_event" : [ "READ", "WRITE" ]
  }
}

Example Responses

None

SDK Sample Code

The SDK sample code is as follows.

Java

      
       
         
         
           package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.cts.v3.region.CtsRegion;
import com.huaweicloud.sdk.cts.v3.*;
import com.huaweicloud.sdk.cts.v3.model.*;


public class UpdateTrackerSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        CtsClient client = CtsClient.newBuilder()
                .withCredential(auth)
                .withRegion(CtsRegion.valueOf("<YOUR REGION>"))
                .build();
        UpdateTrackerRequest request = new UpdateTrackerRequest();
        UpdateTrackerRequestBody body = new UpdateTrackerRequestBody();
        TrackerObsInfo obsInfobody = new TrackerObsInfo();
        obsInfobody.withBucketName("test-data-tracker")
            .withFilePrefixName("11")
            .withIsObsCreated(false);
        body.withIsSupportValidate(false);
        body.withKmsId("");
        body.withIsSupportTraceFilesEncryption(false);
        body.withObsInfo(obsInfobody);
        body.withIsLtsEnabled(false);
        body.withStatus(UpdateTrackerRequestBody.StatusEnum.fromValue("enabled"));
        body.withAgencyName(UpdateTrackerRequestBody.AgencyNameEnum.fromValue("cts_admin_trust"));
        body.withTrackerName("system");
        body.withTrackerType(UpdateTrackerRequestBody.TrackerTypeEnum.fromValue("system"));
        request.withBody(body);
        try {
            UpdateTrackerResponse response = client.updateTracker(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

          

        

      
     

      
       
         
         
           package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.cts.v3.region.CtsRegion;
import com.huaweicloud.sdk.cts.v3.*;
import com.huaweicloud.sdk.cts.v3.model.*;

import java.util.List;
import java.util.ArrayList;

public class UpdateTrackerSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        CtsClient client = CtsClient.newBuilder()
                .withCredential(auth)
                .withRegion(CtsRegion.valueOf("<YOUR REGION>"))
                .build();
        UpdateTrackerRequest request = new UpdateTrackerRequest();
        UpdateTrackerRequestBody body = new UpdateTrackerRequestBody();
        List<DataBucket.DataEventEnum> listDataBucketDataEvent = new ArrayList<>();
        listDataBucketDataEvent.add(DataBucket.DataEventEnum.fromValue("READ"));
        listDataBucketDataEvent.add(DataBucket.DataEventEnum.fromValue("WRITE"));
        DataBucket dataBucketbody = new DataBucket();
        dataBucketbody.withDataBucketName("test-data-tracker")
            .withDataEvent(listDataBucketDataEvent);
        TrackerObsInfo obsInfobody = new TrackerObsInfo();
        obsInfobody.withBucketName("")
            .withFilePrefixName("")
            .withIsObsCreated(false)
            .withBucketLifecycle(60);
        body.withDataBucket(dataBucketbody);
        body.withObsInfo(obsInfobody);
        body.withIsLtsEnabled(true);
        body.withAgencyName(UpdateTrackerRequestBody.AgencyNameEnum.fromValue("cts_admin_trust"));
        body.withTrackerName("data-tracker-name");
        body.withTrackerType(UpdateTrackerRequestBody.TrackerTypeEnum.fromValue("data"));
        request.withBody(body);
        try {
            UpdateTrackerResponse response = client.updateTracker(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

          

        

      
     

Python

      
       
         
         
           # coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkcts.v3.region.cts_region import CtsRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkcts.v3 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = CtsClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(CtsRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = UpdateTrackerRequest()
        obsInfobody = TrackerObsInfo(
            bucket_name="test-data-tracker",
            file_prefix_name="11",
            is_obs_created=False
        )
        request.body = UpdateTrackerRequestBody(
            is_support_validate=False,
            kms_id="",
            is_support_trace_files_encryption=False,
            obs_info=obsInfobody,
            is_lts_enabled=False,
            status="enabled",
            agency_name="cts_admin_trust",
            tracker_name="system",
            tracker_type="system"
        )
        response = client.update_tracker(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

          

        

      
     

      
       
         
         
           # coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkcts.v3.region.cts_region import CtsRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkcts.v3 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = CtsClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(CtsRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = UpdateTrackerRequest()
        listDataEventDataBucket = [
            "READ",
            "WRITE"
        ]
        dataBucketbody = DataBucket(
            data_bucket_name="test-data-tracker",
            data_event=listDataEventDataBucket
        )
        obsInfobody = TrackerObsInfo(
            bucket_name="",
            file_prefix_name="",
            is_obs_created=False,
            bucket_lifecycle=60
        )
        request.body = UpdateTrackerRequestBody(
            data_bucket=dataBucketbody,
            obs_info=obsInfobody,
            is_lts_enabled=True,
            agency_name="cts_admin_trust",
            tracker_name="data-tracker-name",
            tracker_type="data"
        )
        response = client.update_tracker(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

          

        

      
     

Go

      
       
         
         
           package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    cts "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cts/v3"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cts/v3/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cts/v3/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := cts.NewCtsClient(
        cts.CtsClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.UpdateTrackerRequest{}
	bucketNameObsInfo:= "test-data-tracker"
	filePrefixNameObsInfo:= "11"
	isObsCreatedObsInfo:= false
	obsInfobody := &model.TrackerObsInfo{
		BucketName: &bucketNameObsInfo,
		FilePrefixName: &filePrefixNameObsInfo,
		IsObsCreated: &isObsCreatedObsInfo,
	}
	isSupportValidateUpdateTrackerRequestBody:= false
	kmsIdUpdateTrackerRequestBody:= ""
	isSupportTraceFilesEncryptionUpdateTrackerRequestBody:= false
	isLtsEnabledUpdateTrackerRequestBody:= false
	statusUpdateTrackerRequestBody:= model.GetUpdateTrackerRequestBodyStatusEnum().ENABLED
	agencyNameUpdateTrackerRequestBody:= model.GetUpdateTrackerRequestBodyAgencyNameEnum().CTS_ADMIN_TRUST
	request.Body = &model.UpdateTrackerRequestBody{
		IsSupportValidate: &isSupportValidateUpdateTrackerRequestBody,
		KmsId: &kmsIdUpdateTrackerRequestBody,
		IsSupportTraceFilesEncryption: &isSupportTraceFilesEncryptionUpdateTrackerRequestBody,
		ObsInfo: obsInfobody,
		IsLtsEnabled: &isLtsEnabledUpdateTrackerRequestBody,
		Status: &statusUpdateTrackerRequestBody,
		AgencyName: &agencyNameUpdateTrackerRequestBody,
		TrackerName: "system",
		TrackerType: model.GetUpdateTrackerRequestBodyTrackerTypeEnum().SYSTEM,
	}
	response, err := client.UpdateTracker(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

          

        

      
     

      
       
         
         
           package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    cts "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cts/v3"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cts/v3/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/cts/v3/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := cts.NewCtsClient(
        cts.CtsClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.UpdateTrackerRequest{}
	var listDataEventDataBucket = []model.DataBucketDataEvent{
        model.GetDataBucketDataEventEnum().READ,
	    model.GetDataBucketDataEventEnum().WRITE,
    }
	dataBucketNameDataBucket:= "test-data-tracker"
	dataBucketbody := &model.DataBucket{
		DataBucketName: &dataBucketNameDataBucket,
		DataEvent: &listDataEventDataBucket,
	}
	bucketNameObsInfo:= ""
	filePrefixNameObsInfo:= ""
	isObsCreatedObsInfo:= false
	bucketLifecycleObsInfo:= int32(60)
	obsInfobody := &model.TrackerObsInfo{
		BucketName: &bucketNameObsInfo,
		FilePrefixName: &filePrefixNameObsInfo,
		IsObsCreated: &isObsCreatedObsInfo,
		BucketLifecycle: &bucketLifecycleObsInfo,
	}
	isLtsEnabledUpdateTrackerRequestBody:= true
	agencyNameUpdateTrackerRequestBody:= model.GetUpdateTrackerRequestBodyAgencyNameEnum().CTS_ADMIN_TRUST
	request.Body = &model.UpdateTrackerRequestBody{
		DataBucket: dataBucketbody,
		ObsInfo: obsInfobody,
		IsLtsEnabled: &isLtsEnabledUpdateTrackerRequestBody,
		AgencyName: &agencyNameUpdateTrackerRequestBody,
		TrackerName: "data-tracker-name",
		TrackerType: model.GetUpdateTrackerRequestBodyTrackerTypeEnum().DATA,
	}
	response, err := client.UpdateTracker(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

          

        

      
     

More

For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.

Status Codes

Status Code	Description
200	The request is successful.
400	The server failed to process the request.
401	The request is rejected due to authentication failure.
403	The server understood the request but refused to authorize it.
404	The server failed to find the requested resource.
500	The server has received the request but encountered an internal error.
503	The requested service is unavailable. The client should not repeat the request without modifications.

Error Codes

See Error Codes.

Modifying a Tracker