Querying the Security Group Policies Configured for Clusters Using Cloud Native Network Mode 2.0

Function

This API is used to query the security group policies configured for a cluster in cloud native network mode 2.0.

Authorization Information

Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.

If you are using role/policy-based authorization, see Permissions Policies and Supported Actions for details on the required permissions.
If you are using identity policy-based authorization, no identity policy-based permission required for calling this API.

URI

GET /v5/{project_id}/container-network/{cluster_id}/security-group-policies

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Definition Project ID, which is used to specify the project that an asset belongs to. After the project ID is configured, you can query assets in the project using the project ID. For details about how to obtain it, see Obtaining a Project ID. Constraints N/A Range The value can contain 1 to 256 characters. Default Value N/A
cluster_id	Yes	String	Cluster ID

**Table 2** Query Parameters
Parameter	Mandatory	Type	Description
enterprise_project_id	No	String	Definition Enterprise project ID, which is used to filter assets in different enterprise projects. For details, see Obtaining an Enterprise Project ID. To query assets in all enterprise projects, set this parameter to all_granted_eps. Constraints You need to set this parameter only after the enterprise project function is enabled. Range The value can contain 1 to 256 characters. Default Value 0: default enterprise project.
limit	Yes	Integer	Definition Number of records displayed on each page. Constraints N/A Range Value range: 10 to 200 Default Value 10
offset	Yes	Integer	Definition Offset, which specifies the start position of the record to be returned. Constraints N/A Range The value range is 0 to 2,000,000. Default Value N/A

Request Parameters

**Table 3** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	Definition User token, which contains user identity and permissions. The token can be used for identity authentication when an API is called. For details about how to obtain the token, see Obtaining a User Token. Constraints N/A Range The value can contain 1 to 32,768 characters. Default Value N/A

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
total_num	Integer	Total number of records
data_list	Array of SecurityGroupPolicyResponseInfo objects	Data list
last_update_time	Long	Latest data synchronization time

**Table 5** SecurityGroupPolicyResponseInfo
Parameter	Type	Description
policy_id	String	Policy ID.
policy_name	String	Policy Name
pod_selector	String	Selector
security_groups	Array of SecurityGroup objects	Security group list
workload_id	String	Workload ID
workload_name	String	Workload name
workload_type	String	Definition Workload type. Range deployments: deployment statefulsets: StatefulSet daemonsets: DaemonSet
namespace_id	String	Namespace ID.
namespace	String	Namespaces
create_time	String	Created At
policy_content	String	YAML policy content

**Table 6** SecurityGroup
Parameter	Type	Description
security_group_id	String	Definition Unique ID of a security group in the cloud native network model, which is used to associate a specific security group with a policy. Constraints The security group must be in the same VPC network as the cluster. Otherwise, the association fails. Range The value can contain 1 to 64 characters, including letters, numbers, hyphens (-), and underscores (_). Default Value None
security_group_name	String	Definition Name of a security group. Constraints If this parameter is specified, its value must be the same as the name of the security group corresponding to security_group_id. Otherwise, the display may be abnormal. (Functions are not affected.) Range The value can contain 1 to 64 characters, including letters, numbers, hyphens (-), and underscores (_). Default Value None. By default, the system name corresponding to the security group ID is used.
security_group_description	String	Definition Description of the security group, which is used to record the purpose and permission scope of the security group. Constraints The description cannot contain special characters such as HTML tags. Range The value can contain 0 to 256 characters, including Chinese characters, letters, numbers, common punctuations, and spaces. Default Value None. Do not modify the security group description. (If the original description is empty, keep it empty).

Example Requests

Query the security group policies configured for a cluster in cloud native network mode 2.0.

GET https://{endpoint}/v5/{project_id}/container-network/{cluster_id}/security-group-policies?offset=0&limit=200&enterprise_project_id=all_granted_eps

Example Responses

Status code: 200

Request succeeded.

{
  "total_num" : 20,
  "data_list" : [ {
    "policy_id" : "07ffd721-1a1a-4e0a-9479-11e72f5049b0",
    "policy_name" : "gz-test",
    "pod_selector" : "{\"app\":\"log-agent-log-operator\",\"release\":\"cceaddon-log-agent\"}",
    "security_groups" : [ {
      "security_group_id" : "6daf50f9-88d8-44f8-84d2-4426b255314a",
      "security_group_name" : "gz-test",
      "security_group_description" : "Security group for test"
    } ],
    "workload_id" : "3d30ed8a-5534-4b41-9977-dbd83aa22b34",
    "workload_name" : "log-agent-log-operato",
    "workload_type" : "deployments",
    "namespace" : "monitoring",
    "namespace_id" : "dd12895a-fda4-45fb-815f-044f410f75de",
    "create_time" : "1710332874658",
    "policy_content" : "{\"apiVersion\":\"crd.yangtse.cni/v1\",\"kind\":\"SecurityGroup\",\"metadata\":{\"generation\":1,\"finalizers\":[\"yangtse.io/security-group-cleanup\"],\"uid\":\"07ffd721-1a1a-4e0a-9479-11e72f5049b0\",\"managedFields\":[{\"apiVersion\":\"crd.yangtse.cni/v1\",\"fieldsV1\":{\"f:metadata\":{\"f:labels\":{\"f:app\":{},\".\":{}}},\"f:spec\":{\"f:podSelector\":{\"f:matchLabels\":{\"f:app\":{},\"f:release\":{},\".\":{}},\".\":{}},\"f:securityGroups\":{},\".\":{}}},\"manager\":\"cfe-apiserver\",\"time\":\"2024-03-08T09:23:43Z\",\"operation\":\"Update\",\"fieldsType\":\"FieldsV1\"},{\"apiVersion\":\"crd.yangtse.cni/v1\",\"fieldsV1\":{\"f:metadata\":{\"f:finalizers\":{\"v:\\\"yangtse.io/security-group-cleanup\\\"\":{},\".\":{}}}},\"manager\":\"controller\",\"time\":\"2024-03-08T09:23:43Z\",\"operation\":\"Update\",\"fieldsType\":\"FieldsV1\"}],\"resourceVersion\":\"10362662\",\"creationTimestamp\":\"2024-03-08T09:23:43Z\",\"name\":\"glz-test\",\"namespace\":\"monitoring\",\"labels\":{\"app\":\"log-agent-log-operator\"}},\"spec\":{\"podSelector\":{\"matchLabels\":{\"app\":\"log-agent-log-operator\",\"release\":\"cceaddon-log-agent\"}},\"securityGroups\":[{\"id\":\"6daf50f9-88d8-44f8-84d2-4426b255315a\"}]}}"
  } ],
  "last_update_time" : 1743644574000
}

Status Codes

Status Code	Description
200	Request succeeded.

Error Codes

See Error Codes.

Parent Topic: Container Network Isolation Information

Previous topic: Container Cluster Network Update Configuration Policy

Next topic: Synchronizing the Latest Security Group Policies in a Cluster

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

For any further questions, feel free to contact us through the chatbot.

Chatbot