Query the grant list
Function
This API is used to query the users who have been granted the permissions of a key.
Calling Method
For details, see Calling APIs.
URI
POST /v1.0/{project_id}/kms/list-grants
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
project_id |
Yes |
String |
Project ID |
Request Parameters
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
X-Auth-Token |
Yes |
String |
User token. It can be obtained by calling the IAM API used to obtain a user token. The value of X-Subject-Token in the response header is the user token. |
|
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
|
key_id |
Yes |
String |
A 36-byte key ID which matches the regular expression ^[0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12}$, for example, 0d0466b0-e727-4d9c-b35d-f84bb474a37f. |
|
limit |
No |
String |
Number of returned records. The default value is 1000. The value cannot be larger than the maximum number of grants, for example, 100. If the number of retrieved results is greater than this value, true is returned for the response parameter truncated, indicating that multiple pages of results are returned. |
|
marker |
No |
String |
Start position of the paginated query. If truncated is true in the response, you can send consecutive requests to obtain more records. Set marker to the value of next_marker in the response, for example, 10. |
|
sequence |
No |
String |
A 36-byte serial number of a request message, for example, 919c82d4-8046-4722-9094-35c3c6524cff |
Response Parameters
Status code: 200
|
Parameter |
Type |
Description |
|---|---|---|
|
grants |
Array of Grants objects |
Grant list. For details, see the data structure description of the grants field. |
|
next_marker |
String |
Value of marker used for obtaining the next page of results. If the value of truncated is false, next_marker is left empty. |
|
truncated |
String |
Whether there is another page. true: There is more data on the next page. false: This is the last page. |
|
total |
Integer |
Total number of grants. |
|
Parameter |
Type |
Description |
|---|---|---|
|
key_id |
String |
Key ID. |
|
grant_id |
String |
Grant ID, which contains 64 bytes. |
|
grantee_principal |
String |
ID of the granted user. The value contains 1 to 64 bytes and matches the regular expression ^[a-zA-Z0-9]{1,64}$, for example, 0d0466b00d0466b00d0466b00d0466b0. |
|
grantee_principal_type |
String |
Grant type. The value can be user or domain. |
|
operations |
Array of strings |
List of granted operations. Possible values are as follows: create-datakey: Create a DEK. create-datakey-without-plaintext: Create a DEK that does not contain plaintext. encrypt-datakey: Encrypt DEK. decrypt-datakey: Decrypt DEK. describe-key: Query the key information. create-grant: Create the grant. retire-grant: Retire the grant. encrypt-data: Encrypt data. decrypt-data: Decrypt data. The value cannot be only create-grant. |
|
issuing_principal |
String |
ID of the user who created the grant. The value contains 1 to 64 bytes and matches the regular expression "^[a-zA-Z0-9]{1,64}$," for example, 0d0466b00d0466b00d0466b00d0466b0. |
|
creation_date |
String |
Creation time. The value is a timestamp which indicates how many seconds it has been since January 1, 1970, for example, 1497341531000. |
|
name |
String |
Grant name. The value is a string of 1 to 255 characters and matches the regular expression ^[a-zA-Z0-9:/_-]{1,255}$. |
|
retiring_principal |
String |
ID of the user whose grant can be retired. The value contains 1 to 64 bytes and matches the regular expression ^[a-zA-Z0-9]{1,64}$, for example, 0d0466b00d0466b00d0466b00d0466b0. |
Status code: 400
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message. |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code returned by the error request |
|
error_msg |
String |
Error information returned by the error request |
Status code: 401
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message. |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code returned by the error request |
|
error_msg |
String |
Error information returned by the error request |
Status code: 403
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message. |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code returned by the error request |
|
error_msg |
String |
Error information returned by the error request |
Status code: 404
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message. |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code returned by the error request |
|
error_msg |
String |
Error information returned by the error request |
Status code: 500
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message. |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code returned by the error request |
|
error_msg |
String |
Error information returned by the error request |
Status code: 502
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message. |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code returned by the error request |
|
error_msg |
String |
Error information returned by the error request |
Status code: 504
|
Parameter |
Type |
Description |
|---|---|---|
|
error |
Object |
Error message. |
|
Parameter |
Type |
Description |
|---|---|---|
|
error_code |
String |
Error code returned by the error request |
|
error_msg |
String |
Error information returned by the error request |
Example Requests
Query the grant list of the key whose ID is 0d0466b0-e727-4d9c-b35d-f84bb474a37f.
{
"key_id" : "0d0466b0-e727-4d9c-b35d-f84bb474a37f"
}
Example Responses
Status code: 200
Request succeeded.
{
"grants" : [ {
"operations" : [ "create-datakey", "describe-key" ],
"issuing_principal" : "8b961fb414344d59825ba0c8c008c815",
"key_id" : "737fd52b-36c4-4c91-972e-f6e202de9f6e",
"grant_id" : "dd3f03e9229a5e47a41be6c27a630e60d5cbdbad2be89465d63109ad034db7d8",
"grantee_principal" : "13gg44z4g2sglzk0egw0u726zoyzvrs8",
"name" : "13gg44z4g2sglzk0egw0u726zoyzvrs8",
"creation_date" : "1597062260000",
"grantee_principal_type" : "user"
} ],
"next_marker" : "",
"total" : 1,
"truncated" : "false"
}
SDK Sample Code
The SDK sample code is as follows.
Query the grant list of the key whose ID is 0d0466b0-e727-4d9c-b35d-f84bb474a37f.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 |
package com.huaweicloud.sdk.test; import com.huaweicloud.sdk.core.auth.ICredential; import com.huaweicloud.sdk.core.auth.BasicCredentials; import com.huaweicloud.sdk.core.exception.ConnectionException; import com.huaweicloud.sdk.core.exception.RequestTimeoutException; import com.huaweicloud.sdk.core.exception.ServiceResponseException; import com.huaweicloud.sdk.kms.v2.region.KmsRegion; import com.huaweicloud.sdk.kms.v2.*; import com.huaweicloud.sdk.kms.v2.model.*; public class ListGrantsSolution { public static void main(String[] args) { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment String ak = System.getenv("CLOUD_SDK_AK"); String sk = System.getenv("CLOUD_SDK_SK"); ICredential auth = new BasicCredentials() .withAk(ak) .withSk(sk); KmsClient client = KmsClient.newBuilder() .withCredential(auth) .withRegion(KmsRegion.valueOf("<YOUR REGION>")) .build(); ListGrantsRequest request = new ListGrantsRequest(); ListGrantsRequestBody body = new ListGrantsRequestBody(); body.withKeyId("0d0466b0-e727-4d9c-b35d-f84bb474a37f"); request.withBody(body); try { ListGrantsResponse response = client.listGrants(request); System.out.println(response.toString()); } catch (ConnectionException e) { e.printStackTrace(); } catch (RequestTimeoutException e) { e.printStackTrace(); } catch (ServiceResponseException e) { e.printStackTrace(); System.out.println(e.getHttpStatusCode()); System.out.println(e.getRequestId()); System.out.println(e.getErrorCode()); System.out.println(e.getErrorMsg()); } } } |
Query the grant list of the key whose ID is 0d0466b0-e727-4d9c-b35d-f84bb474a37f.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 |
# coding: utf-8 import os from huaweicloudsdkcore.auth.credentials import BasicCredentials from huaweicloudsdkkms.v2.region.kms_region import KmsRegion from huaweicloudsdkcore.exceptions import exceptions from huaweicloudsdkkms.v2 import * if __name__ == "__main__": # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak = os.environ["CLOUD_SDK_AK"] sk = os.environ["CLOUD_SDK_SK"] credentials = BasicCredentials(ak, sk) client = KmsClient.new_builder() \ .with_credentials(credentials) \ .with_region(KmsRegion.value_of("<YOUR REGION>")) \ .build() try: request = ListGrantsRequest() request.body = ListGrantsRequestBody( key_id="0d0466b0-e727-4d9c-b35d-f84bb474a37f" ) response = client.list_grants(request) print(response) except exceptions.ClientRequestException as e: print(e.status_code) print(e.request_id) print(e.error_code) print(e.error_msg) |
Query the grant list of the key whose ID is 0d0466b0-e727-4d9c-b35d-f84bb474a37f.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 |
package main import ( "fmt" "github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic" kms "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/kms/v2" "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/kms/v2/model" region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/kms/v2/region" ) func main() { // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security. // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment ak := os.Getenv("CLOUD_SDK_AK") sk := os.Getenv("CLOUD_SDK_SK") auth := basic.NewCredentialsBuilder(). WithAk(ak). WithSk(sk). Build() client := kms.NewKmsClient( kms.KmsClientBuilder(). WithRegion(region.ValueOf("<YOUR REGION>")). WithCredential(auth). Build()) request := &model.ListGrantsRequest{} request.Body = &model.ListGrantsRequestBody{ KeyId: "0d0466b0-e727-4d9c-b35d-f84bb474a37f", } response, err := client.ListGrants(request) if err == nil { fmt.Printf("%+v\n", response) } else { fmt.Println(err) } } |
For SDK sample code of more programming languages, see the Sample Code tab in API Explorer. SDK sample code can be automatically generated.
Status Codes
|
Status Code |
Description |
|---|---|
|
200 |
Request succeeded. |
|
400 |
Invalid request parameters. |
|
401 |
Username and password are required for the requested page. |
|
403 |
Authentication failed. |
|
404 |
The resource does not exist. |
|
500 |
Internal service error. |
|
502 |
Failed to complete the request. The server receives an invalid response from the upstream server. |
|
504 |
Gateway timed out. |
Error Codes
See Error Codes.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
