Updated on 2026-07-01 GMT+08:00

VPC

Function Description

This plugin has been built into SecMaster. It calls Virtual Private Cloud (VPC) APIs to manage VPC resources, such as VPCs, security groups, security group rules, Elastic IP addresses (EIPs), flow logs, VPC peering connections, network access control lists (ACLs), IP address groups, and ports.

Each built-in plugin has a corresponding built-in operation connection.

Viewing Details and Operation Connections of the VPC Plugin

  1. Log in to the SecMaster console.
  2. Click in the upper left corner of the management console and select a region or project.
  3. In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

    Figure 1 Workspace management page

  4. In the navigation pane on the left, choose Security Orchestration > Plugins.

    Figure 2 Plugins page

  5. On the Plugins page, select the VPC plugin under the Huawei Cloud catalog. The Details tab is displayed by default. The Details tab displays the login credential information of the operation connection associated with the plugin.
  6. Click the Operation Connections tab for the VPC plugin. On the displayed page, you can view information about the operation connections associated with the plugin.
  7. For details about how to edit or delete an operation connection, see Editing an Operation Connection and Deleting an Operation Connection. For details about how to add an operation connection for a plugin, see Creating an Operation Connection. A plugin can have multiple operation connections.

Plugin Execution Function listFlowLogs

Parameters of the listFlowLogs Function

Function: Calls the corresponding VPC API to query all flow logs of the tenant who submits the request and filter the flow logs based on the filter criteria.

Table 1 Input parameters of the listFlowLogs function

Parameter

Parameter Type

Parameter Description

Mandatory

id

String

Flow log ID.

No

name

String

Flow log name.

No

tenantId

String

Project ID.

No

description

String

Flow log description.

No

resourceType

String

Type of resources for which flow logs are collected. The options are as follows:

  • port: a single network interface
  • vpc: all network interfaces in a VPC
  • network: all network interfaces in a subnet

No

resourceId

String

ID of the target resource.

No

trafficType

String

Flow log collection type. The options are as follows:

  • all: Both accepted and rejected traffic of the specified resource will be logged.
  • accept: Only accepted inbound and outbound traffic of the specified resource will be logged.
  • reject: Only rejected inbound and outbound traffic of the specified resource will be logged.

No

logGroupId

String

Log group ID.

No

logTopicId

String

Log topic ID.

No

logStoreType

String

Flow log storage type.

  • lts: Log Tank Service (LTS)

No

status

String

Flow log status.

  • ACTIVE: Enabled
  • DOWN: Disabled
  • ERROR: Faulty

No

limit

String

Number of records that will be returned on each page. Value range: 0 to 2,000. Default value: 2,000.

No

marker

String

A resource ID for pagination query, indicating that the query starts from the next record of the specified resource ID.

Parameters marker and limit must be used together. If marker is left blank, the query starts from the first record.

No

Table 2 Output parameters of the listFlowLogs function

Parameter

Parameter Type

Parameter Description

headers

Object

Headers of the response returned by the API.

code

Int

Status code, which indicates whether the request is successful.

Response code description:

  • If the value of code is 200, the request is successful.
  • If the value of code is 401, the account or password is incorrect.
  • If the value of code is 403, the permission is insufficient.
  • If the value of code is 404, the requested resource does not exist.

body

Object

Content returned by the API, including the flow log list.

Output Example of the listFlowLogs Function

{
  "headers": {
    "Transfer-Encoding": "chunked",
    "Server": "api-gateway",
    "X-Request-Id": "b715be7fc3fe1c9960dc14e0e54ca021",
    "X-Content-Type-Options": "nosniff",
    "Connection": "keep-alive",
    "X-Download-Options": "noopen",
    "Date": "Wed, 03 Jun 2026 01:41:32 GMT",
    "Accept-Ranges": "bytes",
    "X-Frame-Options": "SAMEORIGIN",
    "Strict-Transport-Security": "max-age=31536000; includeSubdomains;",
    "Vary": "Accept-Charset, Accept-Encoding, Accept-Language, Accept",
    "X-XSS-Protection": "1; mode=block;",
    "Content-Type": "application/json"
  },
  "code": 200,
  "body": {
    "flow_logs": [
      {
        "id": "35868d55-443e-xxxx-90a4-ac618dc45c1a",
        "name": "flowlog",
        "description": "just a test",
        "tenant_id": "b2782e6708xxxxxx993e6064bc456bf8",
        "resource_type": "port",
        "resource_id": "05c4052d-8d14-xxxx-aa00-19fea5a25fde",
        "traffic_type": "reject",
        "log_group_id": "05c4052d-8d14-xxxx-aa00-19fea5a25fff",
        "log_topic_id": "a9d7dee7-37d2-xxxx-a208-a016252aaa63",
        "log_store_type": "lts",
        "created_at": "2019-01-14T11:03:02",
        "updated_at": "2019-01-14T11:03:02",
        "status": "ACTIVE",
        "admin_state": true
      }
    ]
  }
}

Plugin Execution Function listSecurityGroupRules

Parameters of the listSecurityGroupRules Function

Function: Calls the corresponding VPC API to query information about all security group rules, including the security group rule ID and protocol type.

Table 3 Input parameters of the listSecurityGroupRules function

Parameter

Parameter Type

Parameter Description

Mandatory

id

Array

List of resource IDs of security group rules. Multiple IDs can be specified for filtering.

No

description

String

Description of the security group rule.

No

limit

Int

Number of records that will be returned on each page. Value range: 0 to 2,000. Default value: 2,000.

No

marker

String

A resource ID for pagination query, indicating that the query starts from the next record of the specified resource ID.

Parameters marker and limit must be used together. If marker is left blank, the query starts from the first record.

No

protocol

Array

List of communication protocols supported by the security group rule. Multiple protocols can be specified for filtering.

No

remoteGroupId

Array

List of remote security group IDs supported by the security group rule. Multiple IDs can be specified for filtering.

No

direction

String

Security group rule direction.
  • ingress: inbound direction
  • egress: outbound direction

No

action

String

Policy for a security group rule to take effect.
  • allow
  • deny

No

securityGroupId

Array

List of security groups to which the security group rule belongs. Multiple IDs can be specified for filtering.

No

remoteIpPrefix

String

Remote IP address of the security group rule, in CIDR format.

No

resultVariable

Object

Output parameter filtering parameter. Format: {"New field name 1": "$ (Original parameters returned).xxx (Next level of the returned parameters) or {xxx1, xxx2}", {"New field name 2": ...}, ...}, for example, {"alert_id": "$.body.data.id"} or {"alert": "$.body.data{id,name}"}.

No

Table 4 Output parameters of the listSecurityGroupRules function

Parameter

Parameter Type

Parameter Description

headers

Object

Headers of the response returned by the API.

code

Int

Status code, which indicates whether the request is successful.

Response code description:

  • If the value of code is 200, the request is successful.
  • If the value of code is 401, the account or password is incorrect.
  • If the value of code is 403, the permission is insufficient.
  • If the value of code is 404, the requested resource does not exist.

body

Object

Content returned by the API, including the security group rule list specified by security_group_rules and pagination information specified by page_info.

Output Example of the listSecurityGroupRules Function

{
  "headers": {
    "Server": "api-gateway",
    "X-Request-Id": "a5d39ad8ac096a7a920d1242a019eac6",
    "X-Content-Type-Options": "nosniff",
    "Connection": "keep-alive",
    "X-Download-Options": "noopen",
    "Date": "Wed, 03 Jun 2026 01:51:42 GMT",
    "X-Handler-Trace": "C->Q",
    "X-Frame-Options": "SAMEORIGIN",
    "Strict-Transport-Security": "max-age=31536000; includeSubdomains;",
    "X-Openstack-Request-Id": "Req-a5d39ad8ac096a7a920d1242a019eac6",
    "Content-Length": "163796",
    "X-XSS-Protection": "1; mode=block;",
    "Content-Type": "application/json; charset=utf-8"
  },
  "code": 200,
  "body": {
    "page_info": {
      "current_count": 325,
      "previous_marker": "00dd26f1-1603-4ed8-8b50-217ce428915c"
    },
    "request_id": "a5d39ad8ac096a7a920d1242a019eac6",
    "security_group_rules": [
      {
        "id": "f626eb24-d8bd-4d26-xxxx-c16bb65730cb",
        "project_id": "06057678298xxxx2f9ec014dd2f1148",
        "security_group_id": "0552091e-xxxx-49dd-88a7-4a5c86fd9ec3",
        "direction": "ingress",
        "protocol": "tcp",
        "description": "security group rule description",
        "created_at": "2020-08-13T07:12:36.000+00:00",
        "updated_at": "2020-08-13T07:12:36.000+00:00",
        "ethertype": "IPv4",
        "remote_ip_prefix": "10.x.x.0/16",
        "multiport": 333,
        "action": "allow",
        "priority": 1,
        "remote_group_id": null,
        "remote_address_group_id": null,
        "enabled": true
      }
    ]
  }
}

Plugin Execution Function listPublicips

Parameters of the listPublicips Function

Function: Calls the corresponding API of the EIP service to query the EIP list.

Table 5 Input parameters of the listPublicips function

Parameter

Parameter Type

Parameter Description

Mandatory

id

Array

List of EIP IDs. Multiple IDs can be specified for filtering.

No

description

String

Description about the EIP.

No

offset

Int

Start resource number of pagination query.

No

limit

Int

Number of records that will be returned on each page. Value range: 0 to 2,000. Default value: 2,000.

No

marker

String

A resource ID for pagination query, indicating that the query starts from the next record of the specified resource ID.

Parameters marker and limit must be used together. If marker is left blank, the query starts from the first record.

No

sort_key

String

Sorting fields:

  • id
  • public_ip_address
  • public_ipv6_address
  • ip_version
  • created_at
  • updated_at
  • public_border_group

No

sort_dir

String

Sorting direction:
  • asc: sorting in ascending order
  • desc: sorting in descending order

No

ip_version

Int

Filter by ip_version.
  • 4: IPv4
  • 6: IPv6

No

public_ip_address

Array

Filter by public_ip_address. Multiple values are supported.

No

public_ip_address_like

String

Filter by public_ip_address. Fuzzy query is supported.

No

public_ipv6_address

Array

Filter by public_ipv6_address. Multiple values are supported.

No

public_ipv6_address_like

String

Filter by public_ipv6_address. Fuzzy query is supported.

No

type

Array

Filter by type.

  • EIP: elastic IP address
  • DUALSTACK: dual-stack IPv6

No

network_type

Array

Filter by network_type.

  • 5_telcom
  • 5_union
  • 5_bgp
  • 5_sbgp
  • 5_ipv6
  • 5_graybgp

No

publicip_pool_name

Array

Filter by publicip_pool_name.

The value can be 5_telcom, 5_union, 5_bgp, 5_sbgp, 5_ipv6, 5_graybgp, or a dedicated pool name.

No

status

Array

Filter by status.

  • FREEZED
  • DOWN
  • ACTIVE
  • ERROR

No

alias_like

String

Fuzzy search by alias.

No

alias

Array

Filter by alias.

No

description

Array

Filter by description.

No

vnic.private_ip_address

Array

Filter by private_ip_address.

No

vnic.private_ip_address_like

String

Fuzzy search by private_ip_address.

No

vnic.device_id

Array

Filter by device_id.

No

vnic.device_owner

Array

Filter by device_owner.

No

vnic.vpc_id

Array

Filter by vpc_id.

No

vnic.port_id

Array

Filter by port_id.

No

vnic.device_owner_prefixlike

String

Fuzzy search by device_owner_prefixlike.

No

vnic.instance_type

Array

Filter by instance_type.

No

vnic.instance_id

Array

Filter by instance_id.

No

bandwidth.id

Array

Filter by ID.

No

bandwidth.name

Array

Filter by name.

No

bandwidth.name_like

String

Filter by name for fuzzy match.

No

bandwidth.size

Array

Filter by size.

No

bandwidth.share_type

Array

Filter by share_type:

  • PER
  • WHOLE

No

bandwidth.charge_mode

Array

Filter by charge_mode:

  • bandwidth
  • traffic
  • 95peak_plus

No

billing_info

Array

Filter by billing_info:

No

billing_mode

String

Filter by billing mode:

  • YEARLY_MONTHLY
  • PAY_PER_USE

No

associate_instance_type

Array

Filter by associate_instance_type:

  • PORT
  • NATGW
  • ELB
  • VPN
  • ELBV1

No

associate_instance_id

Array

Filter by associate_instance_id.

No

enterprise_project_id

Array

Filter by enterprise_project_id.

No

public_border_group

Array

Filter by public_border_group.

No

allow_share_bandwidth_type_any

Array

Shared bandwidth type. EIPs can be filtered based on shared bandwidth types. You can specify multiple bandwidth types and separate them with commas (,).

No

Table 6 Output parameters of the listPublicips function

Parameter

Parameter Type

Parameter Description

headers

Object

Headers of the response returned by the API.

code

Int

Status code, which indicates whether the request is successful.

Response code description:

  • If the value of code is 200, the request is successful.
  • If the value of code is 401, the account or password is incorrect.
  • If the value of code is 403, the permission is insufficient.
  • If the value of code is 404, the requested resource does not exist.

body

Object

Content returned by the API, including the EIP list specified by publicips, pagination information specified by page_info, and total count specified by total_count.

Output Example of the listPublicips Function

{
  "headers": {
    "Server": "api-gateway",
    "X-Request-Id": "e341d8f30baa16119701ddf2aa4e5f12",
    "X-Content-Type-Options": "nosniff",
    "Connection": "keep-alive",
    "X-Download-Options": "noopen",
    "Date": "Wed, 03 Jun 2026 02:05:08 GMT",
    "X-Handler-Trace": "C->Q",
    "X-Frame-Options": "SAMEORIGIN",
    "Strict-Transport-Security": "max-age=31536000; includeSubdomains;",
    "X-Openstack-Request-Id": "Req-e341d8f30baa16119701ddf2aa4e5f12",
    "Content-Length": "6029",
    "X-XSS-Protection": "1; mode=block;",
    "Content-Type": "application/json; charset=utf-8"
  },
  "code": 200,
  "body": {
    "total_count": 1,
    "page_info": {
      "current_count": 1,
      "previous_marker": "0a88e7b4-53fd-4dbb-8875-4d8bbe6fa7ac"
    },
    "request_id": "e341d8f30baa16119701ddf2aa4e5f12",
    "publicips": [
      {
        "public_ip_address": "215.252.12.244",
        "associate_instance_type": "PORT",
        "vnic": {
          "port_vif_details": "{\"primary_interface\":true}",
          "instance_id": "",
          "device_id": "25c4a8d9-9b08-442e-883c-399eaec39847",
          "vpc_id": "316a461f-8219-498e-84cc-726d0ffe8976",
          "port_id": "37a55739-a847-4577-8ff6-38bbb5158d9e",
          "private_ip_address": "192.168.0.97",
          "instance_type": "",
          "device_owner": "compute:cn-north-7c",
          "mac": "fa:16:3e:1e:76:d7"
        },
        "bandwidth": {
          "billing_info": "",
          "size": 10,
          "share_type": "PER",
          "name": "ecs-secmaster-z60114071-bandwidth-f517",
          "charge_mode": "traffic",
          "id": "efa99393-192c-4128-9d21-905de88729e5"
        },
        "created_at": "2026-05-15T02:45:12Z",
        "publicip_pool_id": "8a425166-82ac-4163-94d5-e6913579e7e7",
        "associate_instance_id": "37a55739-a847-4577-8ff6-38bbb5158d9e",
        "type": "EIP",
        "tags": [],
        "enterprise_project_id": "0",
        "publicip_pool_name": "5_g-vm",
        "updated_at": "2026-05-15T02:45:12Z",
        "ip_version": 4,
        "project_id": "f69081793d9e4ea8a2f479dcef961989",
        "allow_share_bandwidth_types": [
          "share",
          "share_bgp_ext",
          "testshare"
        ],
        "id": "0a88e7b4-53fd-4dbb-8875-4d8bbe6fa7ac",
        "public_border_group": "center",
        "status": "ACTIVE"
      }
    ]
  }
}

Plugin Execution Function deleteSecurityGroupRule

Parameters of the deleteSecurityGroupRule Function

Function: Calls the corresponding VPC API to delete a security group rule that is no longer used.

Table 7 Input parameters of the deleteSecurityGroupRule function

Parameter

Parameter Type

Parameter Description

Mandatory

securityGroupRuleId

String

ID of the security group rule to be deleted.

Yes

agency_type

String

Unified adaptation parameter for multi-account management. Use the default value.

No

Table 8 Output parameters of the deleteSecurityGroupRule function

Parameter

Parameter Type

Parameter Description

headers

Object

Headers of the response returned by the API.

code

Int

Status code, which indicates whether the request is successful.

Response code description:

  • If the value of code is 200, the request is successful.
  • If the value of code is 401, the account or password is incorrect.
  • If the value of code is 403, the permission is insufficient.
  • If the value of code is 404, the requested resource does not exist.

body

Object

Content returned by the API. No response body is returned for the deletion operation.

Output Example of the deleteSecurityGroupRule Function

{
  "headers": {
    "Accept-Ranges": "bytes",
    "X-Frame-Options": "SAMEORIGIN",
    "Strict-Transport-Security": "max-age=31536000; includeSubdomains;",
    "Server": "api-gateway",
    "X-Request-Id": "3dca9828e35bf051b99babff33462981",
    "X-Content-Type-Options": "nosniff",
    "Connection": "keep-alive",
    "X-Download-Options": "noopen",
    "Vary": "Accept-Charset, Accept-Encoding, Accept-Language, Accept",
    "X-XSS-Protection": "1; mode=block;",
    "Date": "Fri, 05 Jun 2026 06:50:09 GMT",
    "Content-Type": "application/json"
  },
  "code": 204,
  "body": "success"
}

Plugin Execution Function createSecurityGroup

Parameters of the createSecurityGroup Function

Function: Calls the corresponding VPC API to create a security group.

Table 9 Input parameters of the createSecurityGroup function

Parameter

Parameter Type

Parameter Description

Mandatory

dryRun

Boolean

Whether the request is a pre-check request. true: The request is a pre-check request, and no security group will be created. false: The request is a normal request, and a security group will be created. The default value is false.

No

name

String

Security group name. The value can contain 1 to 64 characters. Only letters, digits, underscores (_), hyphens (-), and periods (.) are allowed.

Yes

description

String

Security group description. The value can contain 0 to 255 characters and cannot contain angle brackets ("<" or ">").

No

enterpriseProjectId

String

Enterprise project ID. The value can be 0 or a string that contains a maximum of 36 characters in UUID format with hyphens (-).

No

agency_type

String

Unified adaptation parameter for multi-account management. Use the default value.

No

Table 10 Output parameters of the createSecurityGroup function

Parameter

Parameter Type

Parameter Description

headers

Object

Headers of the response returned by the API.

code

Int

Status code, which indicates whether the request is successful.

Response code description:

  • If the value of code is 200, the request is successful.
  • If the value of code is 401, the account or password is incorrect.
  • If the value of code is 403, the permission is insufficient.
  • If the value of code is 404, the requested resource does not exist.

body

Object

Content returned by the API, including the security group object specified by security_group.

Output Example of the createSecurityGroup Function

{
  "headers": {
    "Server": "api-gateway",
    "X-Request-Id": "4a04a7195f3f097db0eb9995cb465721",
    "X-Content-Type-Options": "nosniff",
    "Connection": "keep-alive",
    "X-Download-Options": "noopen",
    "Date": "Fri, 05 Jun 2026 06:52:36 GMT",
    "X-Handler-Trace": "C->Q",
    "X-Frame-Options": "SAMEORIGIN",
    "Strict-Transport-Security": "max-age=31536000; includeSubdomains;",
    "X-Openstack-Request-Id": "Req-4a04a7195f3f097db0eb9995cb465721",
    "Content-Length": "2156",
    "X-XSS-Protection": "1; mode=block;",
    "Content-Type": "application/json; charset=utf-8"
  },
  "code": 201,
  "body": {
    "security_group": {
      "enterprise_project_id": "0",
      "updated_at": "2026-06-05T06:52:36Z",
      "project_id": "f8ae07d4148f4e418c5fe15833f6b105",
      "name": "test",
      "description": "",
      "created_at": "2026-06-05T06:52:36Z",
      "id": "381f726c-6225-47c1-ac06-54381e711c35",
      "security_group_rules": [
        {
          "updated_at": "2026-06-05T06:52:36Z",
          "project_id": "f8ae07d4148f4e418c5fe15833f6b105",
          "ethertype": "IPv6",
          "security_group_id": "381f726c-6225-47c1-ac06-54381e711c35",
          "description": "",
          "created_at": "2026-06-05T06:52:36Z",
          "action": "allow",
          "id": "3b23a1af-520e-4d86-97a7-2d446d00587f",
          "priority": 100,
          "enabled": true,
          "direction": "egress"
        },
        {
          "updated_at": "2026-06-05T06:52:36Z",
          "project_id": "f8ae07d4148f4e418c5fe15833f6b105",
          "ethertype": "IPv4",
          "security_group_id": "381f726c-6225-47c1-ac06-54381e711c35",
          "description": "",
          "created_at": "2026-06-05T06:52:36Z",
          "action": "allow",
          "id": "de0036a8-8d2c-4a62-9735-2433179f4a72",
          "priority": 100,
          "enabled": true,
          "direction": "egress"
        },
        {
          "remote_group_id": "381f726c-6225-47c1-ac06-54381e711c35",
          "updated_at": "2026-06-05T06:52:36Z",
          "project_id": "f8ae07d4148f4e418c5fe15833f6b105",
          "ethertype": "IPv6",
          "security_group_id": "381f726c-6225-47c1-ac06-54381e711c35",
          "description": "",
          "created_at": "2026-06-05T06:52:36Z",
          "action": "allow",
          "id": "314498ae-8f54-419f-8f2a-93c9674fb936",
          "priority": 100,
          "enabled": true,
          "direction": "ingress"
        },
        {
          "remote_group_id": "381f726c-6225-47c1-ac06-54381e711c35",
          "updated_at": "2026-06-05T06:52:36Z",
          "project_id": "f8ae07d4148f4e418c5fe15833f6b105",
          "ethertype": "IPv4",
          "security_group_id": "381f726c-6225-47c1-ac06-54381e711c35",
          "description": "",
          "created_at": "2026-06-05T06:52:36Z",
          "action": "allow",
          "id": "4bb21d10-8083-47a7-a9ac-854692462fac",
          "priority": 100,
          "enabled": true,
          "direction": "ingress"
        }
      ],
      "tags": []
    },
    "request_id": "4a04a7195f3f097db0eb9995cb465721"
  }
}

Plugin Execution Function createSecurityGroupRule

Parameters of the createSecurityGroupRule Function

Function: Calls the corresponding VPC API to create a security group rule.

Table 11 Input parameters of the createSecurityGroupRule function

Parameter

Parameter Type

Parameter Description

Mandatory

dryRun

Boolean

Whether the request is a pre-check request. true: The request is a pre-check request, and no rule will be created. false: The request is a normal request, and a rule will be created. The default value is false.

No

securityGroupId

String

ID of the security group that contains the security rules.

Yes

description

String

Security group rule description. The value can contain 0 to 255 characters and cannot contain angle brackets ("<" or ">").

No

direction

String

Security group rule direction. The value can be ingress (inbound) or egress (outbound).

Yes

ethertype

String

IP address protocol type. The value can be IPv4 or IPv6.

No

protocol

String

Communication protocol type. The value can be icmp, tcp, udp, icmpv6, or an IP protocol number.

No

multiport

String

Port range. The value can be a single port (80), a port range (1-30), or inconsecutive ports separated by commas (22,3389,80).

No

remoteIpPrefix

String

Remote IP address in CIDR format, for example, 192.168.0.0/16.

No

remoteGroupId

String

Remote security group ID.

No

remoteAddressGroupId

String

Remote address group ID.

No

action

String

Policy type. Value: allow or deny.

No

priority

Integer

Priority. The value ranges from 1 to 100. The value 1 indicates the highest priority.

No

agency_type

String

Unified adaptation parameter for multi-account management. Use the default value.

No

Table 12 Output parameters of the createSecurityGroupRule function

Parameter

Parameter Type

Parameter Description

headers

Object

Headers of the response returned by the API.

code

Int

Status code, which indicates whether the request is successful.

Response code description:

  • If the value of code is 200, the request is successful.
  • If the value of code is 401, the account or password is incorrect.
  • If the value of code is 403, the permission is insufficient.
  • If the value of code is 404, the requested resource does not exist.

body

Object

Content returned by the API, including the security group rules specified by security_group_rule.

Output Example of the createSecurityGroupRule Function

{
  "headers": {
    "Content-Type": "application/json",
    "X-Request-Id": "b2c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7",
    "Connection": "keep-alive",
    "Date": "Wed, 03 Jun 2026 03:10:00 GMT",
    "Server": "api-gateway"
  },
  "code": 201,
  "body": {
    "security_group_rule": {
      "id": "f626eb24-d8bd-4d26-ae0b-c16bb65730cb",
      "description": "security group rule description",
      "security_group_id": "0552091e-b83a-49dd-88a7-4a5c86fd9ec3",
      "direction": "ingress",
      "protocol": "tcp",
      "ethertype": "IPv4",
      "multiport": "33",
      "remote_ip_prefix": "10.10.0.0/16",
      "action": "allow",
      "priority": 1,
      "remote_group_id": null,
      "remote_address_group_id": null,
      "created_at": "2026-06-03T03:10:00.000+00:00",
      "updated_at": "2026-06-03T03:10:00.000+00:00",
      "project_id": "060576782980d5762f9ec014dd2f1148",
      "enabled": true
    }
  }
}

Plugin Execution Function listAddressGroup

Parameters of the listAddressGroup Function

Function: Calls the corresponding VPC API to query information about all IP address groups, including the name and IP addresses of each IP address group.

Table 13 Input parameters of the listAddressGroup function

Parameter

Parameter Type

Parameter Description

Mandatory

limit

Integer

Number of resources on each page. Value range: 0 to 2000.

No

marker

String

Start resource ID of pagination query. If the parameter is left blank, only resources on the first page are queried.

No

address_id

Array of strings

IP address group ID. Multiple IDs can be specified for filtering.

No

name

Array of strings

IP address group name. Multiple names can be specified for filtering.

No

ip_version

Integer

IP address group version. Value: 4 (IPv4) or 6 (IPv6).

No

description

Array of strings

IP address group description. Multiple descriptions can be specified for filtering.

No

enterprise_project_id

String

Enterprise project ID. The value can be 0 or a string that contains a maximum of 36 characters in UUID format with hyphens (-).

No

Table 14 Output parameters of the listAddressGroup function

Parameter

Parameter Type

Parameter Description

headers

Object

Headers of the response returned by the API.

code

Int

Status code, which indicates whether the request is successful.

Response code description:

  • If the value of code is 200, the request is successful.
  • If the value of code is 401, the account or password is incorrect.
  • If the value of code is 403, the permission is insufficient.
  • If the value of code is 404, the requested resource does not exist.

body

Object

Content returned by the API, including the address group list and pagination information.

Output Example of the listAddressGroup Function

{
  "headers": {
    "Content-Type": "application/json",
    "X-Request-Id": "c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8",
    "Connection": "keep-alive",
    "Date": "Wed, 03 Jun 2026 03:20:00 GMT",
    "Server": "api-gateway"
  },
  "code": 200,
  "body": {
    "address_groups": [
      {
        "id": "dd6a0c79-5e48-4e5d-9c1b-84b0a5c6e7d8",
        "name": "SecMaster_Group_IPv4_INGRESS_BLOCK0",
        "description": "SecMaster Automatic Blocking",
        "ip_version": 4,
        "ip_set": [
          "192.168.1.1",
          "192.168.1.2"
        ],
        "enterprise_project_id": "0"
      }
    ],
    "request_id": "c3d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8",
    "page_info": {
      "previous_marker": "dd6a0c79-5e48-4e5d-9c1b-84b0a5c6e7d8",
      "current_count": 1
    }
  }
}

Plugin Execution Function listFirewall

Parameters of the listFirewall Function

Function: Calls the corresponding VPC API to query the network ACL list.

Table 15 Input parameters of the listFirewall function

Parameter

Parameter Type

Parameter Description

Mandatory

limit

Integer

Number of resources on each page. Value range: 0 to 2000.

No

marker

String

Start resource ID of pagination query. If the parameter is left blank, only resources on the first page are queried.

No

id

Array of strings

Network ACL ID. Multiple IDs can be specified for filtering.

No

name

Array of strings

Network ACL name. Multiple names can be specified for filtering.

No

enterprise_project_id

String

Enterprise project ID.

No

status

String

Network ACL status.

No

admin_state_up

Boolean

Management status. true: enabled. false: disabled.

No

resultVariable

String

Query result filter.

No

Table 16 Output parameters of the listFirewall function

Parameter

Parameter Type

Parameter Description

headers

Object

Headers of the response returned by the API.

code

Int

Status code, which indicates whether the request is successful.

Response code description:

  • If the value of code is 200, the request is successful.
  • If the value of code is 401, the account or password is incorrect.
  • If the value of code is 403, the permission is insufficient.
  • If the value of code is 404, the requested resource does not exist.

body

Object

Content returned by the API, including the ACL list specified by firewalls and pagination information specified by page_info.

Output Example of the listFirewall Function

{
  "headers": {
    "Content-Type": "application/json",
    "X-Request-Id": "d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9",
    "Connection": "keep-alive",
    "Date": "Wed, 03 Jun 2026 03:30:00 GMT",
    "Server": "api-gateway"
  },
  "code": 200,
  "body": {
    "firewalls": [
      {
        "id": "f78a0c79-5e48-4e5d-9c1b-84b0a5c6e7d8",
        "name": "firewall-test",
        "description": "Test network ACL",
        "status": "ACTIVE",
        "admin_state_up": true,
        "enterprise_project_id": "0"
      }
    ],
    "request_id": "d4e5f6a7b8c9d0e1f2a3b4c5d6e7f8a9",
    "page_info": {
      "previous_marker": "f78a0c79-5e48-4e5d-9c1b-84b0a5c6e7d8",
      "current_count": 1
    }
  }
}

Plugin Execution Function listSecurityGroups

Parameters of the listSecurityGroups Function

Function: Calls the corresponding VPC API to query information about all security groups, including the name, ID, and description of each security group. A maximum of 2,000 records can be returned for each query. If the number of records exceeds 2,000, the pagination marker will be returned.

Table 17 Input parameters of the listSecurityGroups function

Parameter

Parameter Type

Parameter Description

Mandatory

limit

Integer

Number of resources on each page. Value range: 0 to 2000.

No

marker

String

Start resource ID of pagination query. If the parameter is left blank, only resources on the first page are queried.

No

enterpriseProjectId

String

Enterprise project ID. The value can be 0 or a string that contains a maximum of 36 characters in UUID format with hyphens (-). To obtain all security groups that you have permissions to view, specify all_granted_eps.

No

vpcId

Array of strings

ID of the VPC to which the security group belongs.

No

Table 18 Output parameters of the listSecurityGroups function

Parameter

Parameter Type

Parameter Description

headers

Object

Headers of the response returned by the API.

code

Int

Status code, which indicates whether the request is successful.

Response code description:

  • If the value of code is 200, the request is successful.
  • If the value of code is 401, the account or password is incorrect.
  • If the value of code is 403, the permission is insufficient.
  • If the value of code is 404, the requested resource does not exist.

body

Object

Content returned by the API, including the security group list specified by security_groups and pagination information specified by page_info.

Output Example of the listSecurityGroups Function

{
  "headers": {
    "Server": "api-gateway",
    "X-Request-Id": "55f74ba6e6691be7b3f64b54539b5325",
    "X-Content-Type-Options": "nosniff",
    "Connection": "keep-alive",
    "X-Download-Options": "noopen",
    "Date": "Fri, 05 Jun 2026 07:14:15 GMT",
    "X-Handler-Trace": "C->Q",
    "X-Frame-Options": "SAMEORIGIN",
    "Strict-Transport-Security": "max-age=31536000; includeSubdomains;",
    "X-Openstack-Request-Id": "Req-55f74ba6e6691be7b3f64b54539b5325",
    "Content-Length": "11630",
    "X-XSS-Protection": "1; mode=block;",
    "Content-Type": "application/json; charset=utf-8"
  },
  "code": 200,
  "body": {
    "security_groups": [
      {
        "enterprise_project_id": "0",
        "updated_at": "2025-08-18T11:35:52Z",
        "project_id": "099706f4090026a62f0bc014b68c0527",
        "name": "test495011-cce-node-mdssd",
        "description": "The security group is created by CCE cluster 7db9da55-7c27-11f0-8e7a-0255ac10024a for the node",
        "created_at": "2025-08-18T11:35:52Z",
        "id": "3be73caa-519f-4168-b97f-4f98d937e8f6",
        "tags": []
      },
      {
        "enterprise_project_id": "0",
        "updated_at": "2023-07-19T02:34:45Z",
        "project_id": "099706f4090026a62f0bc014b68c0527",
        "name": "SecMaster",
        "description": "You can select common protocol ports to quickly add inbound rules to allow traffic from the selected protocols and ports. If you do not select any protocol ports, no ports will be allowed. After creating a security group, you can add or modify security group rules based on your access requirements.",
        "created_at": "2023-07-19T02:34:45Z",
        "id": "4950081a-f0a4-4c19-8aac-1d8168197828",
        "tags": []
      },
      {
        "enterprise_project_id": "b5566e6a-7b7e-4629-8b2f-75108ee8214b",
        "updated_at": "2023-09-13T06:11:23Z",
        "project_id": "099706f4090026a62f0bc014b68c0527",
        "name": "Sys-WebServer",
        "description": "",
        "created_at": "2023-09-13T06:11:23Z",
        "id": "65fad4c2-1a81-47e1-a01f-5e2286177bbc",
        "tags": []
      },
      {
        "enterprise_project_id": "0",
        "updated_at": "2020-08-11T02:55:52Z",
        "project_id": "099706f4090026a62f0bc014b68c0527",
        "name": "mrd-10086",
        "description": "The security group that you create using this template includes default rules that deny inbound traffic on any port. You can add or modify security group rules as required.",
        "created_at": "2020-08-11T02:55:52Z",
        "id": "71385f85-ff57-46c4-b94d-5218ef515081",
        "tags": []
      },
      {
        "enterprise_project_id": "0",
        "updated_at": "2023-09-06T07:33:56Z",
        "project_id": "099706f4090026a62f0bc014b68c0527",
         "name": "SecMaster_One-click host isolation",
        "description": "Security group automatically created by SecMaster",
        "created_at": "2023-09-06T07:33:56Z",
        "id": "73f39739-b23d-429d-9e60-23d68aad3008",
        "tags": []
      },
      {
        "enterprise_project_id": "0",
        "updated_at": "2022-09-23T10:10:34Z",
        "project_id": "099706f4090026a62f0bc014b68c0527",
        "name": "CSB",
        "description": "The security group that you create using this template includes default rules that deny inbound traffic on any port. You can add or modify security group rules as required.",
        "created_at": "2022-09-23T10:10:34Z",
        "id": "a7c4649c-4a64-4611-828c-a44aa5158d87",
        "tags": []
      },
      {
        "enterprise_project_id": "0",
        "updated_at": "2023-10-10T03:49:56Z",
        "project_id": "099706f4090026a62f0bc014b68c0527",
        "name": "all",
        "description": "Allowing inbound traffic on all ports poses security risks.",
        "created_at": "2023-10-10T03:49:56Z",
        "id": "ab58944d-5475-450b-afd5-bff11b7fd8a9",
        "tags": []
      },
      {
        "enterprise_project_id": "f5cd2ecb-7e77-4c6e-8836-105b47e05771",
        "updated_at": "2024-11-21T09:10:19Z",
        "project_id": "099706f4090026a62f0bc014b68c0527",
        "name": "sg-1fb0",
        "description": "",
        "created_at": "2024-11-21T09:10:19Z",
        "id": "b2ee13ce-1bc4-49a5-819c-323bc099776d",
        "tags": []
      }
    ],
    "page_info": {
      "current_count": 8,
      "previous_marker": "06b553e2-02c1-4eb9-b621-993251c681b9"
    },
    "request_id": "55f74ba6e6691be7b3f64b54539b5325"
  }
}

Plugin Execution Function listVpcPeerings

Parameters of the listVpcPeerings Function

Function: Calls the corresponding VPC API to query all VPC peering connections of the tenant who submits the request. The connections are filtered based on the filtering condition.

Table 19 Input parameters of the listVpcPeerings function

Parameter

Parameter Type

Parameter Description

Mandatory

limit

Integer

Number of records that will be returned on each page. Value range: 0 to 2,000. Default value: 2,000.

No

marker

String

A resource ID for pagination query, indicating that the query starts from the next record of the specified resource ID.

No

id

String

Filter by peering_id for the query.

No

name

String

Filter by peering_name for the query. The value contains a maximum of 64 characters.

No

status

String

Filter by status for the query. The value can be PENDING_ACCEPTANCE, REJECTED, EXPIRED, DELETED, or ACTIVE.

No

tenant_id

String

Filter by tenant_id for the query.

No

vpc_id

String

Filter by vpc_id for the query.

No

resultVariable

String

Query result filter.

No

Table 20 Output parameters of the listVpcPeerings function

Parameter

Parameter Type

Parameter Description

headers

Object

Headers of the response returned by the API.

code

Int

Status code, which indicates whether the request is successful.

Response code description:

  • If the value of code is 200, the request is successful.
  • If the value of code is 401, the account or password is incorrect.
  • If the value of code is 403, the permission is insufficient.
  • If the value of code is 404, the requested resource does not exist.

body

Object

Content returned by the API, including the VPC peering connection list.

Output Example of the listVpcPeerings Function

{
  "headers": {
    "Content-Type": "application/json",
    "X-Request-Id": "f6a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1",
    "Connection": "keep-alive",
    "Date": "Wed, 03 Jun 2026 03:50:00 GMT",
    "Server": "api-gateway"
  },
  "code": 200,
  "body": {
    "peerings": [
      {
        "request_vpc_info": {
          "vpc_id": "9daeac7c-a98f-430f-8e38-67f9c044e299",
          "tenant_id": "f65e9ebc-ed5d-418b-a931-9a723718ba4e"
        },
        "accept_vpc_info": {
          "vpc_id": "f583c072-0bb8-4e19-afb2-afb7c1693be5",
          "tenant_id": "f65e9ebc-ed5d-418b-a931-9a723718ba4e"
        },
        "name": "test",
        "description": "test",
        "id": "b147a74b-39bb-4c7a-aed5-19cac4c2df13",
        "status": "ACTIVE"
      }
    ]
  }
}

Description of the listVpcs Function

Parameters of the listVpcs Function

Function: Calls the corresponding VPC API to query the VPC list.

Table 21 Input parameters of the listVpcs function

Parameter

Parameter Type

Parameter Description

Mandatory

limit

Integer

Number of resources on each page. Value range: 0 to 2000.

No

marker

String

Start resource ID of pagination query. If the parameter is left blank, only resources on the first page are queried.

No

id

Array of strings

VPC resource ID. Multiple IDs can be specified for filtering.

No

Table 22 Output parameters of the listVpcs function

Parameter

Parameter Type

Parameter Description

headers

Object

Headers of the response returned by the API.

code

Int

Status code, which indicates whether the request is successful.

Response code description:

  • If the value of code is 200, the request is successful.
  • If the value of code is 401, the account or password is incorrect.
  • If the value of code is 403, the permission is insufficient.
  • If the value of code is 404, the requested resource does not exist.

body

Object

Content returned by the API, including the VPC list specified by vpcs and pagination information specified by page_info.

Output Example of the listVpcs Function

{
  "headers": {
    "Content-Type": "application/json",
    "X-Request-Id": "a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2",
    "Connection": "keep-alive",
    "Date": "Wed, 03 Jun 2026 04:00:00 GMT",
    "Server": "api-gateway"
  },
  "code": 200,
  "body": {
    "vpcs": [
      {
        "id": "0552091e-b83a-49dd-88a7-4a5c86fd9ec3",
        "name": "vpc-test",
        "description": "Test VPC,"
        "cidr": "192.168.0.0/16",
        "status": "ACTIVE",
        "project_id": "060576782980d5762f9ec014dd2f1148",
        "enterprise_project_id": "0",
        "created_at": "2026-01-01T00:00:00.000+00:00",
        "updated_at": "2026-01-01T00:00:00.000+00:00",
        "tags": []
      }
    ],
    "request_id": "a7b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2",
    "page_info": {
      "previous_marker": "0552091e-b83a-49dd-88a7-4a5c86fd9ec3",
      "current_count": 1
    }
  }
}

Description of the showFirewall Function

Parameters of the showFirewall Function

Function: Calls the corresponding VPC API to query details about a network ACL, including the network ACL name and status.

Table 23 Input parameters of the showFirewall function

Parameter

Parameter Type

Parameter Description

Mandatory

firewall_id

String

Resource ID of the network ACL. You can obtain the ID of the target network ACL by calling the API for querying network ACLs.

Yes

Table 24 Output parameters of the showFirewall function

Parameter

Parameter Type

Parameter Description

headers

Object

Headers of the response returned by the API.

code

Int

Status code, which indicates whether the request is successful.

Response code description:

  • If the value of code is 200, the request is successful.
  • If the value of code is 401, the account or password is incorrect.
  • If the value of code is 403, the permission is insufficient.
  • If the value of code is 404, the requested resource does not exist.

body

Object

Content returned by the API, including the network ACL object specified in firewall.

Output Example of the showFirewall Function

{
  "headers": {
    "Content-Type": "application/json",
    "X-Request-Id": "b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3",
    "Connection": "keep-alive",
    "Date": "Wed, 03 Jun 2026 04:10:00 GMT",
    "Server": "api-gateway"
  },
  "code": 200,
  "body": {
    "firewall": {
      "id": "f78a0c79-5e48-4e5d-9c1b-84b0a5c6e7d8",
      "name": "firewall-test",
        "description": "Test network ACL",
      "status": "ACTIVE",
      "admin_state_up": true,
      "enterprise_project_id": "0",
      "ingress_rules": [],
      "egress_rules": []
    },
    "request_id": "b8c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3"
  }
}

Description of the showSecurityGroup Function

Parameters of the showSecurityGroup Function

Function: Calls the corresponding VPC API to query details about a single security group, including the name, ID, and description of the security group.

Table 25 Input parameters of the showSecurityGroup function

Parameter

Parameter Type

Parameter Description

Mandatory

securityGroupId

String

Security group ID.

Yes

Table 26 Output parameters of the showSecurityGroup function

Parameter

Parameter Type

Parameter Description

headers

Object

Headers of the response returned by the API.

code

Int

Status code, which indicates whether the request is successful.

Response code description:

  • If the value of code is 200, the request is successful.
  • If the value of code is 401, the account or password is incorrect.
  • If the value of code is 403, the permission is insufficient.
  • If the value of code is 404, the requested resource does not exist.

body

Object

Content returned by the API, including the security group object specified in security_group and security group rule list specified in security_group_rules.

Output Example of the showSecurityGroup Function

{
  "headers": {
    "Content-Type": "application/json",
    "X-Request-Id": "c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4",
    "Connection": "keep-alive",
    "Date": "Wed, 03 Jun 2026 04:20:00 GMT",
    "Server": "api-gateway"
  },
  "code": 200,
  "body": {
    "security_group": {
      "id": "69c999ad-d9ef-4d79-94fd-35e6ceb75325",
      "name": "security_group_1",
      "project_id": "060576782980d5762f9ec014dd2f1148",
      "description": "security group description",
      "enterprise_project_id": "0",
      "created_at": "2026-06-03T04:20:00.000+00:00",
      "updated_at": "2026-06-03T04:20:00.000+00:00",
      "tags": [],
      "security_group_rules": [
        {
          "id": "f626eb24-d8bd-4d26-ae0b-c16bb65730cb",
          "direction": "ingress",
          "protocol": "tcp",
          "ethertype": "IPv4",
          "multiport": "33",
          "action": "allow",
          "priority": 1
        }
      ]
    },
    "request_id": "c9d0e1f2a3b4c5d6e7f8a9b0c1d2e3f4"
  }
}

Description of the mapError Function

Parameters of the mapError Function

Function: Maps VPC error codes to readable descriptions.

Table 27 Input parameters of the mapError function

Parameter

Parameter Type

Parameter Description

Mandatory

language

String

Language. The value can be zh (Chinese) or en (English). The default value is en.

No

code

String

VPC error code, for example, VPC.0002, VPC.0003, VPC.0004, VPC.0005, VPC.0007, VPC.0008, VPC.0009, VPC.0010, VPC.0011, VPC.0014, VPC.2201, VPC.2701, VPC.0602, VPC.9902, or VPC.9929.

Yes

Table 28 Output parameters of the mapError function

Parameter

Parameter Type

Parameter Description

result

String

Readable string corresponding to the error code.

engine_has_error

Int

0: The mapping is successful.

Output Example of the mapError Function

{
  "result": "The security group rule already exists. Modify the request body to create a security group rule.",
  "engine_has_error": 0
}

Plugin Execution Function operationAddressGroup

Parameters of the operationAddressGroup Function

Function: Manages IP addresses in an address group. You can add or delete IP addresses to or from a VPC address group. When an IP address is added, a new address group is automatically created or the IP address is added to an existing address group. When an IP address is deleted, the specified IP address is removed from the address group. Each address group can contain a maximum of 20 IP addresses, and a maximum of 50 address groups can be created.

Table 29 Input parameters of the operationAddressGroup function

Parameter

Parameter Type

Parameter Description

Mandatory

ip_list

JSON Array

IP address list, in JSON array format.

Yes

policy

String

Policy. Options: BLOCK and ALLOW.

Yes

operation_type

String

Operation type. SENDING: adding an IP address. DELETING: deleting an IP address.

Yes

enterprise_project_id

String

Enterprise project ID.

Yes

language

String

Language.

No

agency_type

String

Unified adaptation parameter for multi-account management. Use the default value.

No

Table 30 Output parameters of the operationAddressGroup function

Parameter

Parameter Type

Parameter Description

failed_targets

Array

List of IP addresses that fail to be processed.

success_targets

Array

List of IP addresses that are successfully processed.

Output Example of the operationAddressGroup Function

{
  "failed_targets": [],
  "success_targets": [
    {
      "target": "192.168.1.1",
      "address_group_id": "dd6a0c79-5e48-4e5d-9c1b-84b0a5c6e7d8",
      "address_group_name": "SecMaster_Group_IPv4_INGRESS_BLOCK0"
    }
  ]
}

Description of the bindAddressGroup Function

Parameters of the bindAddressGroup Function

Function: Binds an IP address group to a security group rule to enabled address group-based access control. The BLOCK (deny) and WHITE (allow) policies are supported.

Table 31 Input parameters of the bindAddressGroup function

Parameter

Parameter Type

Parameter Description

Mandatory

ip_list

JSON Array

IP address list, in JSON array format.

Yes

ip_version

String

IP version. Value: IPv4 or IPv6. Default value: IPv4.

Yes

enterprise_project_id

String

Enterprise project ID.

Yes

description

String

Description.

Yes

action

String

Operation policy. WHITE: mapped to allow. BLOCK: mapped to deny.

Yes

direction

String

Direction. INGRESS: inbound. EGRESS: outbound.

Yes

operation_type

String

Operation type. SENDING: binding. DELETING: unbinding.

Yes

language

String

Language.

No

agency_type

String

Unified adaptation parameter for multi-account management. Use the default value.

No

Table 32 Output parameters of the bindAddressGroup function

Parameter

Parameter Type

Parameter Description

failed_targets

Array

List of IP addresses that fail to be bound.

success_targets

Array

List of IP addresses that are successfully bound.

Output Example of the bindAddressGroup Function

{
  "failed_targets": [],
  "success_targets": [
    {
      "target": "192.168.1.1",
      "address_group_id": "dd6a0c79-5e48-4e5d-9c1b-84b0a5c6e7d8",
      "address_group_name": "SecMaster_Group_IPv4_INGRESS_BLOCK0"
    }
  ]
}