Querying Network ACLs

Function

This API is used to query information about all network ACLs, including the network ACL name and status.

Calling Method

For details, see Calling APIs.

Authorization Information

Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.

If you are using role/policy-based authorization, see Permissions Policies and Supported Actions for details on the required permissions.

If you are using identity policy-based authorization, the following identity policy-based permissions are required.

Action	Access Level	Resource Type (*: required)	Condition Key	Alias	Dependencies
vpc:firewalls:list	List	firewall *	-	-	-
vpc:firewalls:list	List	-	g:EnterpriseProjectId	-	-

URI

GET /v3/{project_id}/vpc/firewalls

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Definition: ID of the project that the network ACL belongs to. For details about how to obtain a project ID, see Obtaining a Project ID. Range: N/A

**Table 2** Query Parameters
Parameter	Mandatory	Type	Description
limit	No	Integer	Definition: Number of resources on each page. Range: 0 to 2000
marker	No	String	Definition: Start resource ID of pagination query. If the parameter is left blank, only resources on the first page are queried. Range: Network ACL ID.
id	No	Array of strings	Definition: ID of the network ACL, which can be used to filter the network ACL. Multiple IDs can be specified for filtering. Range: N/A
name	No	Array of strings	Definition: Name of the network ACL, which can be used to filter the network ACL. Multiple names can be specified for filtering. Range: N/A
status	No	String	Definition: Network ACL status, which indicates whether the network ACL has been associated with a subnet. This value can be used to filter the network ACL. Range: ACTIVE: Filter network ACLs that have been associated with subnets. INACTIVE: Filter network ACLs that have not been associated with subnets.
admin_state_up	No	Boolean	Definition: Administrative status of a network ACL, which indicates whether the network ACL is enabled or disabled and can be used to filter the network ACL. Range: true: Filter network ACLs that are enabled. false: Filter network ACLs that are disabled.
enterprise_project_id	No	Array of strings	Definition: ID of the enterprise project that the network ACL belongs to. You can use this field to filter network ACLs in an enterprise project. Range: The value is 0 or a string that contains a maximum of 36 characters in UUID format with hyphens (-). 0 indicates the default enterprise project. To obtain network ACLs of all enterprise projects, set this parameter to all_granted_eps.
type	No	String	Definition: Type of the subnet that can be associated with a network ACL, which can be used to filter the network ACL. Range: normal: Filter network ACLs that can be associated with common subnets. CloudDCN: Filter network ACLs that can be associated with CloudDCN subnets.

Request Parameters

None

Response Parameters

Status code: 200

**Table 3** Response body parameters
Parameter	Type	Description
firewalls	Array of ListFirewallDetail objects	Definition: Response body for querying network ACLs. Range: N/A
page_info	PageInfo object	Definition: Pagination information. Range: N/A
request_id	String	Definition: Request ID. Range: N/A

**Table 4** ListFirewallDetail
Parameter	Type	Description
id	String	Definition: Network ACL ID. Each network ACL comes with an ID, which uniquely identifies the network ACL. Range: The value is in UUID format with hyphens (-).
name	String	Definition: Name of the network ACL. Range: The value can contain 1 to 64 characters, including letters, digits, underscores (_), hyphens (-), and periods.
description	String	Definition: Supplementary information about the network ACL. Range: The value can contain 0 to 255 characters and cannot contain angle brackets (< or >).
project_id	String	Definition: ID of the project that the network ACL belongs to. Range: N/A
created_at	String	Definition: Time when the network ACL was created. The value is automatically generated by the system. Range: The value is a UTC time in the format of yyyy-MM-ddTHH:mm:ssZ.
updated_at	String	Definition: Time when the network ACL was last updated. The value is automatically generated by the system. Range: The value is a UTC time in the format of yyyy-MM-ddTHH:mm:ssZ.
admin_state_up	Boolean	Definition: Network ACL administrative status. Range: true: The network ACL is enabled. false: The network ACL is disabled.
status	String	Definition: Network ACL status. Range: ACTIVE: The network ACL is associated with a subnet. INACTIVE: The network ACL is not associated with a subnet.
enterprise_project_id	String	Definition: ID of the enterprise project that the network ACL belongs to. Range: The value is 0 or a string that contains a maximum of 36 characters in UUID format with hyphens (-). 0 indicates the default enterprise project.
tags	Array of ResponseTag objects	Definition: Tags of a network ACL, including tag keys and tag values, which can be used to classify and identify resources. For details, see the tag objects. Range: N/A
associations	Array of FirewallAssociation objects	Definition: Subnets associated with the network ACL. Range: N/A
type	String	Definition: Type of the subnet that can be associated with a network ACL. Range: normal: The network ACL can be associated with common subnets. This is the default value. CloudDCN: The network ACL can be associated with CloudDCN subnets.

**Table 5** ResponseTag
Parameter	Type	Description
key	String	Definition: Tag key. Range: A tag key can contain a maximum of 128 Unicode characters and cannot be left blank. Each tag key of a resource must be unique. The value can contain: Letters Digits Special characters: underscores (_), periods (.), colons (:), plus signs (+), hyphens (-), and equal signs (=) Chinese characters
value	String	Definition: Tag value. Range: Each value can contain a maximum of 255 Unicode characters and can be left blank. The value can contain: Letters Digits Special characters: underscores (_), periods (.), colons (:), plus signs (+), hyphens (-), and equal signs (=) Chinese characters

**Table 6** FirewallAssociation
Parameter	Type	Description
virsubnet_id	String	Definition: ID of the subnet associated with the network ACL. Range: If the network ACL type is normal, it can only be associated with common subnets. If the network ACL type is CloudDCN, it can only be associated with CloudDCN subnets.

**Table 7** PageInfo
Parameter	Type	Description
previous_marker	String	Definition: The first record on the current page. Range: N/A
current_count	Integer	Definition: Total number of resources on the current page. Range: N/A
next_marker	String	Definition: The last record on the current page. The next_marker field does not exist if the page is the last one. Range: N/A

Example Requests

Querying network ACLs

GET https://{Endpoint}/v3/{project_id}/vpc/firewalls

Example Responses

Status code: 200

Normal response to the GET operation. For more status codes, see Status Codes.

{
  "firewalls" : [ {
    "id" : "e9a7731d-5bd9-4250-a524-b9a076fd5629",
    "name" : "network_acl_test1",
    "description" : "network_acl_test1",
    "project_id" : "9476ea5a8a9849c38358e43c0c3a9e12",
    "created_at" : "2022-04-07T07:30:46.000+00:00",
    "updated_at" : "2022-04-07T07:30:46.000+00:00",
    "admin_state_up" : true,
    "enterprise_project_id" : "158ad39a-dab7-45a3-9b5a-2836b3cf93f9",
    "status" : "ACTIVE",
    "tags" : [ ],
    "associations" : [ {
      "virsubnet_id" : "8359e5b0-353f-4ef3-a071-98e67a34a143"
    } ]
  } ]
}

SDK Sample Code

The SDK sample code is as follows.

      
       
         
         
           package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.vpc.v3.region.VpcRegion;
import com.huaweicloud.sdk.vpc.v3.*;
import com.huaweicloud.sdk.vpc.v3.model.*;


public class ListFirewallSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        VpcClient client = VpcClient.newBuilder()
                .withCredential(auth)
                .withRegion(VpcRegion.valueOf("<YOUR REGION>"))
                .build();
        ListFirewallRequest request = new ListFirewallRequest();
        try {
            ListFirewallResponse response = client.listFirewall(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

          

        

      
     

      
       
         
         
           # coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkvpc.v3.region.vpc_region import VpcRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkvpc.v3 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = VpcClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(VpcRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = ListFirewallRequest()
        response = client.list_firewall(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

          

        

      
     

      
       
         
         
           package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    vpc "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/vpc/v3/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := vpc.NewVpcClient(
        vpc.VpcClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.ListFirewallRequest{}
	response, err := client.ListFirewall(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

          

        

      
     