Updated on 2024-11-18 GMT+08:00

Querying the ACL for Console Access

Function

This API is used to query the ACL for console access.

The API can be called using both the global endpoint and region-specific endpoints. For IAM endpoints, see Regions and Endpoints.

Debugging

You can debug this API in API Explorer.

URI

GET /v3.0/OS-SECURITYPOLICY/domains/{domain_id}/console-acl-policy

Table 1 URI parameters

Parameter

Mandatory

Type

Description

domain_id

Yes

String

Account ID. For details about how to obtain the account ID, see Obtaining Account, IAM User, Group, Project, Region, and Agency Information.

Request Parameters

Table 2 Parameters in the request header

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

Access token issued to a user to bear its identity and permissions.

For details about the permissions required by the token, see Actions.

Response Parameters

Table 3 Parameters in the response body

Parameter

Type

Description

console_acl_policy

object

ACL for console access.

Table 4 console_acl_policy

Parameter

Type

Description

allow_address_netmasks

Array of objects

IP address CIDR blocks from which console access is allowed. This parameter is only returned when an IP address range or CIDR block from which console access is allowed is specified.

allow_ip_ranges

Array of objects

IP address ranges from which console access is allowed. This parameter is only returned when an IP address range from which console access is allowed is specified.

Table 5 allow_address_netmasks

Parameter

Type

Description

address_netmask

String

IP address CIDR block, for example, 192.168.0.1/24.

description

String

Description of an IP address CIDR block.

Table 6 allow_ip_ranges

Parameter

Type

Description

description

String

Description of an IP address range.

ip_range

String

IP address range, for example, 0.0.0.0-255.255.255.255.

Example Request

Request for querying the ACL for console access

GET https://iam.myhuaweicloud.com/v3.0/OS-SECURITYPOLICY/domains/{domain_id}/console-acl-policy

Example Response

Status code: 200

The request is successful.

{ 
  "console_acl_policy" : { 
    "allow_ip_ranges" : [ { 
      "ip_range" : "0.0.0.0-255.255.255.255", 
      "description" : "" 
    }, { 
      "ip_range" : "0.0.0.0-255.255.255.255", 
      "description" : "" 
    } ], 
    "allow_address_netmasks" : [ { 
      "address_netmask" : "192.168.0.1/24", 
      "description" : "" 
    }, { 
      "address_netmask" : "192.168.0.1/24", 
      "description" : "" 
    } ] 
  } 
}

Status code: 403

Access denied.

  • Example 1
{ 
   "error_msg" : "You are not authorized to perform the requested action.", 
   "error_code" : "IAM.0002" 
 }
  • Example 2
{ 
   "error_msg" : "Policy doesn't allow %(actions)s to be performed.", 
   "error_code" : "IAM.0003" 
 }

Status code: 404

The requested resource cannot be found.

{ 
  "error_msg" : "Could not find %(target)s: %(target_id)s.", 
  "error_code" : "IAM.0004" 
}

Status code: 500

Internal server error.

{ 
  "error_msg" : "An unexpected error prevented the server from fulfilling your request.", 
  "error_code" : "IAM.0006" 
}

Status Codes

Status Code

Description

200

The request is successful.

401

Authentication failed.

403

Access denied.

404

The requested resource cannot be found.

500

Internal server error.

Error Codes

For details, see Error Codes.