更新时间:2024-03-18 GMT+08:00

列出内置策略

功能介绍

列出用户的内置策略。

调用方法

请参见如何调用API

URI

GET /v1/resource-manager/policy-definitions

请求参数

表1 请求Header参数

参数

是否必选

参数类型

描述

X-Language

String

选择接口返回的信息的语言,默认为"zh-cn"中文,可选值:zh-cn和en-us。

缺省值:zh-cn

X-Auth-Token

String

调用者token。

X-Security-Token

String

如果正在使用临时安全凭据,则此header是必需的,该值是临时安全凭据的安全令牌(会话令牌)。

响应参数

状态码: 200

表2 响应Body参数

参数

参数类型

描述

value

Array of PolicyDefinition objects

策略定义列表。

page_info

PageInfo object

分页对象。

表3 PolicyDefinition

参数

参数类型

描述

id

String

策略id。

name

String

策略名称。

display_name

String

策略展示名。

policy_type

String

策略类型。

description

String

策略描述。

policy_rule_type

String

策略语法类型。

policy_rule

Object

策略规则。

trigger_type

String

触发器类型,可选值:"resource"和"period"。

keywords

Array of strings

关键词列表。

default_resource_types

Array of default_resource_types objects

默认资源类型列表

parameters

Map<String,PolicyParameterDefinition>

策略参数。

表4 default_resource_types

参数

参数类型

描述

provider

String

云服务名称

type

String

资源类型

表5 PolicyParameterDefinition

参数

参数类型

描述

name

String

策略参数名称。

description

String

策略参数描述。

allowed_values

Array of objects

策略参数允许值列表。

default_value

String

策略参数默认值。

minimum

Float

策略参数的最小值,当参数类型为Integer或Float时生效。

maximum

Float

策略参数的最大值,当参数类型为Integer或Float时生效。

min_items

Integer

策略参数的最小项数,当参数类型为Array时生效。

max_items

Integer

策略参数的最大项数,当参数类型为Array时生效。

min_length

Integer

策略参数的最小字符串长度或每项的最小字符串长度,当参数类型为String或Array时生效。

max_length

Integer

策略参数的最大字符串长度或每项的最大字符串长度,当参数类型为String或Array时生效。

pattern

String

策略参数的字符串正则要求或每项的字符串正则要求,当参数类型为String或Array时生效。

type

String

策略参数类型。

表6 PageInfo

参数

参数类型

描述

current_count

Integer

当前页的资源数量。

最小值:0

最大值:200

next_marker

String

下一页的marker。

最小长度:4

最大长度:400

状态码: 400

表7 响应Body参数

参数

参数类型

描述

error_code

String

错误码。

error_msg

String

错误消息内容。

状态码: 403

表8 响应Body参数

参数

参数类型

描述

error_code

String

错误码。

error_msg

String

错误消息内容。

状态码: 404

表9 响应Body参数

参数

参数类型

描述

error_code

String

错误码。

error_msg

String

错误消息内容。

状态码: 500

表10 响应Body参数

参数

参数类型

描述

error_code

String

错误码。

error_msg

String

错误消息内容。

请求示例

响应示例

状态码: 200

操作成功。

{
  "value" : [ {
    "id" : "5fa365476eed194ccb2c04d1",
    "name" : "volumes-encrypted-check",
    "policy_type" : "builtin",
    "description" : "已挂载的云硬盘未进行加密,视为“不合规”。",
    "policy_rule_type" : "dsl",
    "policy_rule" : {
      "allOf" : [ {
        "value" : "${resource().provider}",
        "comparator" : "equals",
        "pattern" : "evs"
      }, {
        "value" : "${resource().type}",
        "comparator" : "equals",
        "pattern" : "volumes"
      }, {
        "value" : "${resource().properties.status}",
        "comparator" : "equals",
        "pattern" : "in-use"
      }, {
        "anyOf" : [ {
          "value" : "${resource().properties.metadata}",
          "comparator" : "notContainsKey",
          "pattern" : "systemEncrypted"
        }, {
          "value" : "${resource().properties.metadata.systemEncrypted}",
          "comparator" : "equals",
          "pattern" : "0"
        } ]
      } ]
    },
    "keywords" : [ "evs", "ecs" ],
    "parameters" : { }
  }, {
    "id" : "5fa9f89b6eed194ccb2c04db",
    "name" : "required-tag-check",
    "policy_type" : "builtin",
    "description" : "指定一个标签,不具有此标签的资源,视为“不合规”。",
    "policy_rule_type" : "dsl",
    "policy_rule" : {
      "anyOf" : [ {
        "value" : "${contains(resource().tags, parameters('specifiedTagKey'))}",
        "comparator" : "equals",
        "pattern" : false
      }, {
        "allOf" : [ {
          "value" : "${length(parameters('specifiedTagValue'))}",
          "comparator" : "greater",
          "pattern" : 0
        }, {
          "value" : "${getValue(resource().tags, parameters('specifiedTagKey'))}",
          "comparator" : "notIn",
          "pattern" : "${parameters('specifiedTagValue')}"
        } ]
      } ]
    },
    "keywords" : [ "tag" ],
    "parameters" : {
      "specifiedTagKey" : {
        "name" : null,
        "description" : "the specified tag key。",
        "allowed_values" : null,
        "default_value" : null,
        "type" : "String"
      },
      "specifiedTagValue" : {
        "name" : null,
        "description" : "The list of allowed tag value, permit all if empty。",
        "allowed_values" : null,
        "default_value" : null,
        "type" : "Array"
      }
    }
  }, {
    "id" : "5fa265c0aa1e6afc05a0ff07",
    "name" : "allowed-images-by-id",
    "policy_type" : "builtin",
    "description" : "指定允许的镜像ID列表,ECS实例的镜像ID不在指定的范围内,视为“不合规”。",
    "policy_rule_type" : "dsl",
    "policy_rule" : {
      "allOf" : [ {
        "value" : "${resource().provider}",
        "comparator" : "equals",
        "pattern" : "ecs"
      }, {
        "value" : "${resource().type}",
        "comparator" : "equals",
        "pattern" : "cloudservers"
      }, {
        "value" : "${resource().properties.metadata.meteringImageId}",
        "comparator" : "notIn",
        "pattern" : "${parameters('listOfAllowedImages')}"
      } ]
    },
    "keywords" : [ "ecs", "ims" ],
    "parameters" : {
      "listOfAllowedImages" : {
        "name" : null,
        "description" : "The list of allowed image IDs。",
        "allowed_values" : null,
        "default_value" : null,
        "type" : "Array"
      }
    }
  }, {
    "id" : "5fa36558aa1e6afc05a3d0a7",
    "name" : "volume-inuse-check",
    "policy_type" : "builtin",
    "description" : "云硬盘未挂载给任何云服务器,视为“不合规”。",
    "policy_rule_type" : "dsl",
    "policy_rule" : {
      "allOf" : [ {
        "value" : "${resource().provider}",
        "comparator" : "equals",
        "pattern" : "evs"
      }, {
        "value" : "${resource().type}",
        "comparator" : "equals",
        "pattern" : "volumes"
      }, {
        "value" : "${resource().properties.status}",
        "comparator" : "equals",
        "pattern" : "available"
      } ]
    },
    "keywords" : [ "evs" ],
    "parameters" : { }
  }, {
    "id" : "5fa3a1196eed194ccb2c04d7",
    "name" : "allowed_volume_specs",
    "policy_type" : "builtin",
    "description" : "指定允许的云硬盘类型列表,云硬盘的类型不在指定的范围内,视为“不合规”。",
    "policy_rule_type" : "dsl",
    "policy_rule" : {
      "allOf" : [ {
        "value" : "${resource().provider}",
        "comparator" : "equals",
        "pattern" : "evs"
      }, {
        "value" : "${resource().type}",
        "comparator" : "equals",
        "pattern" : "volumes"
      }, {
        "value" : "${resource().properties.volumeType}",
        "comparator" : "notIn",
        "pattern" : "${parameters('listOfAllowedSpecs')}"
      } ]
    },
    "keywords" : [ "evs" ],
    "parameters" : {
      "listOfAllowedSpecs" : {
        "name" : null,
        "description" : "The list of allowed disk specifications。",
        "allowed_values" : null,
        "default_value" : null,
        "type" : "Array"
      }
    }
  }, {
    "id" : "5f8d549bffeecc14f1fb522a",
    "name" : "allowed_ecs_flavors",
    "policy_type" : "builtin",
    "description" : "ECS资源的规格不在指定的范围内,视为“不合规”。",
    "policy_rule_type" : "dsl",
    "policy_rule" : {
      "allOf" : [ {
        "value" : "${resource().provider}",
        "comparator" : "equals",
        "pattern" : "ecs"
      }, {
        "value" : "${resource().type}",
        "comparator" : "equals",
        "pattern" : "cloudservers"
      }, {
        "value" : "${resource().properties.flavor.name}",
        "comparator" : "notIn",
        "pattern" : "${parameters('listOfAllowedFlavors')}"
      } ]
    },
    "keywords" : [ "ecs" ],
    "parameters" : {
      "listOfAllowedFlavors" : {
        "name" : null,
        "description" : "The list of allowed flavor types。",
        "allowed_values" : null,
        "default_value" : null,
        "type" : "Array"
      }
    }
  }, {
    "id" : "5fa3a1196eed194ccb2c04d5",
    "name" : "eip-unbound-check",
    "policy_type" : "builtin",
    "description" : "弹性公网IP未进行任何绑定,视为“不合规”。",
    "policy_rule_type" : "dsl",
    "policy_rule" : {
      "allOf" : [ {
        "value" : "${resource().provider}",
        "comparator" : "equals",
        "pattern" : "vpc"
      }, {
        "value" : "${resource().type}",
        "comparator" : "equals",
        "pattern" : "publicips"
      }, {
        "value" : "${resource().properties.status}",
        "comparator" : "equals",
        "pattern" : "DOWN"
      } ]
    },
    "keywords" : [ "vpc" ],
    "parameters" : { }
  }, {
    "id" : "5f8d5428ffeecc14f1fb5205",
    "name" : "ecs-instance-no-public-ip",
    "policy_type" : "builtin",
    "description" : "ECS资源具有公网IP,视为“不合规”。",
    "policy_rule_type" : "dsl",
    "policy_rule" : {
      "allOf" : [ {
        "value" : "${resource().provider}",
        "comparator" : "equals",
        "pattern" : "ecs"
      }, {
        "value" : "${resource().type}",
        "comparator" : "equals",
        "pattern" : "cloudservers"
      }, {
        "value" : "${length(filter(resource().properties.addresses, lambda x: equals(x.OsExtIpsType, 'floating')))}",
        "comparator" : "greater",
        "pattern" : 0
      } ]
    },
    "keywords" : [ "ecs" ],
    "parameters" : { }
  }, {
    "id" : "5fa265c0aa1e6afc05a0ff10",
    "name" : "ecs-instance-in-vpc",
    "policy_type" : "builtin",
    "description" : "指定虚拟私有云ID,不属于此VPC的ECS资源,视为“不合规”。",
    "policy_rule_type" : "dsl",
    "policy_rule" : {
      "allOf" : [ {
        "value" : "${resource().provider}",
        "comparator" : "equals",
        "pattern" : "ecs"
      }, {
        "value" : "${resource().type}",
        "comparator" : "equals",
        "pattern" : "cloudservers"
      }, {
        "value" : "${resource().properties.metadata.vpcId}",
        "comparator" : "notEquals",
        "pattern" : "${parameters('vpcId')}"
      } ]
    },
    "keywords" : [ "ecs", "vpc" ],
    "parameters" : {
      "vpcId" : {
        "name" : null,
        "description" : "VPC ID that contains the ECS instance。",
        "allowed_values" : null,
        "default_value" : null,
        "type" : "String"
      }
    }
  } ],
  "page_info" : {
    "current_count" : 9,
    "next_marker" : null
  }
}

SDK代码示例

SDK代码示例如下。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.GlobalCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.config.v1.region.ConfigRegion;
import com.huaweicloud.sdk.config.v1.*;
import com.huaweicloud.sdk.config.v1.model.*;


public class ListBuiltInPolicyDefinitionsSolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");

        ICredential auth = new GlobalCredentials()
                .withAk(ak)
                .withSk(sk);

        ConfigClient client = ConfigClient.newBuilder()
                .withCredential(auth)
                .withRegion(ConfigRegion.valueOf("<YOUR REGION>"))
                .build();
        ListBuiltInPolicyDefinitionsRequest request = new ListBuiltInPolicyDefinitionsRequest();
        try {
            ListBuiltInPolicyDefinitionsResponse response = client.listBuiltInPolicyDefinitions(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# coding: utf-8

from huaweicloudsdkcore.auth.credentials import GlobalCredentials
from huaweicloudsdkconfig.v1.region.config_region import ConfigRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkconfig.v1 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = __import__('os').getenv("CLOUD_SDK_AK")
    sk = __import__('os').getenv("CLOUD_SDK_SK")

    credentials = GlobalCredentials(ak, sk) \

    client = ConfigClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(ConfigRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = ListBuiltInPolicyDefinitionsRequest()
        response = client.list_built_in_policy_definitions(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/global"
    config "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/config/v1"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/config/v1/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/config/v1/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")

    auth := global.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        Build()

    client := config.NewConfigClient(
        config.ConfigClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.ListBuiltInPolicyDefinitionsRequest{}
	response, err := client.ListBuiltInPolicyDefinitions(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

更多编程语言的SDK代码示例,请参见API Explorer的代码示例页签,可生成自动对应的SDK代码示例。

状态码

状态码

描述

200

操作成功。

400

参数不合法。

403

用户认证失败,或没有操作权限。

404

资源未找到。

500

服务器内部错误。

错误码

请参见错误码