All Products
Search
Document Center

Security Center:UpdateOpaStrategyNew

Last Updated:Nov 25, 2024

Updates the blocking rule for at-risk images.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

  • Operation: the value that you can use in the Action element to specify the operation on a resource.
  • Access level: the access level of each operation. The levels are read, write, and list.
  • Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
    • The required resource types are displayed in bold characters.
    • If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
  • Condition Key: the condition key that is defined by the cloud service.
  • Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.
OperationAccess levelResource typeCondition keyAssociated operation
yundun-sas:UpdateOpaStrategyNewupdate
*All Resources
*
    none
none

Request parameters

ParameterTypeRequiredDescriptionExample
StrategyIdlongNo

The ID of the rule.

Note You can call the ListOpaClusterStrategyNew operation to query the ID.
1003
StrategyTemplateIdlongNo

The ID of the rule template.

Note You can call the GetOpaStrategyTemplateSummary operation to query the ID of the rule template.
109
ClusterIdstringNo

The cluster ID.

Note This parameter is deprecated. You can use the Scopes parameter to specify a scope in which cluster parameters take effect.
c870ec78ecbcb41d2a35c679823ef****
StrategyNamestringNo

The rule name.

test
DescriptionstringNo

The rule description.

4566
ClusterNamestringNo

The cluster name.

Note This parameter is deprecated.
docker-law
UnScanedImagebooleanNo

Specifies whether the rule supports unscanned images. Valid values:

  • true
  • false
true
MaliciousImagebooleanNo

Specifies whether the rule supports malicious Internet images. Valid values:

  • true
  • false
true
ImageNamearrayNo

The image names.

ImageNamestringNo

The image name.

Note You can call the GetOpaClusterImageList operation to query the image name.
muximux:latest
LabelarrayNo

The image tags.

LabelstringNo

The image tag.

Note You can call the GetOpaClusterLabelList operation to query the image tag.
alertmanager:main
RuleActionintegerNo

The action that is performed when the rule is hit. Valid values:

  • 1: alert
  • 2: block
  • 3: allow
1
WhiteListarrayNo

The whitelists.

WhiteListstringNo

The name of the image that is added to the whitelist.

repo-016
AlarmDetailobjectNo

The risks that you want to detect by using the rule.

BaselineobjectNo

The baseline risks.

RiskLevelarrayNo

The risk levels.

RiskLevelstringNo

The risk level. Valid values:

  • high
  • medium
  • low
medium
Itemarray<object>No

The baseline check items.

ItemobjectNo
IdstringNo

The ID of the baseline check item.

Note You can call the GetOpaClusterBaseLineList operation to query the ID.
hc.image.checklist.identify.hc_exploit_couchdb_linux.item
NamestringNo

The name of the baseline check item.

Note You can call the GetOpaClusterBaseLineList operation to query the name.
passwd
VulobjectNo

The vulnerability risks.

RiskLevelarrayNo

The risk levels.

RiskLevelstringNo

The risk level. Valid values:

  • high
  • medium
  • low
high
Itemarray<object>No

The vulnerabilities.

ItemobjectNo
IdstringNo

The ID of the vulnerability.

Note You can call the DescribeVulListPage operation to query the ID.
CVE-2023-36034
NamestringNo

The name of the vulnerability.

Note You can call the DescribeVulListPage operation to query the name.
oval:com.redhat.rhsa:def:20227002
RiskClassarray<object>No

Risk type of vulnerability.

ItemobjectNo
IdstringNo

The ID of the vulnerability types. Valid values:

  • cve: system vulnerability
  • app: application vulnerability
cve
NamestringNo

The name of the vulnerability. Valid values:

  • system vulnerability
  • application vulnerability
system vulnerability
MaliciousFileobjectNo

The malicious sample risks.

RiskLevelarrayNo

The risk levels.

RiskLevelstringNo

The risk level. Valid values:

  • high
  • medium
  • low
medium
Itemarray<object>No

The malicious samples.

ItemobjectNo
IdstringNo

The ID of the malicious sample.

Note You can call the DescribeMatchedMaliciousNames operation to query the ID.
65201
NamestringNo

The name of the malicious sample.

Note You can call the DescribeMatchedMaliciousNames operation to query the name.
abnormal binary file
SensitiveFileobjectNo

The configuration of sensitive file.

RiskLevelarrayNo

The risk levels.

RiskLevelstringNo

The risk level. Valid values:

  • high
  • medium
  • low
high
Itemarray<object>No

The configuration of sensitive file.

ItemobjectNo
IdstringNo

The ID of the sensitive files.

Note You can call the GetSensitiveDefineRuleConfig operation to query the ID of the malicious sample.
key
NamestringNo

The name of the sensitive files.

Note You can call the GetSensitiveDefineRuleConfig operation to query the ID of the malicious sample.
name
BuildRiskobjectNo

The configuration of image build risk.

RiskLevelarrayNo

The risk levels.

RiskLevelstringNo

The risk level. Valid values:

  • high
  • medium
  • low
high
Itemarray<object>No

The configuration of image build risk.

ItemobjectNo
IdstringNo

The ID of the image build risk.

Note You can call the ListImageBuildRiskItem operation to query the ID of the malicious sample.
key
NamestringNo

The name of the image build risk.

Note You can call the ListImageBuildRiskItem operation to query the ID of the malicious sample.
name
Scopesarray<object>No

The application scope.

ScopeobjectNo
ClusterIdstringNo

The cluster ID.

Note You can call the DescribeGroupedContainerInstances operation to query the cluster ID.
cdcb56a931c**
AllNamespaceintegerNo

Specifies whether all namespaces are included. Valid values:

  • 0: Not all namespaces are included.
  • 1: All namespaces are included.
1
NamespaceListarrayNo

The namespaces.

Note This parameter is valid only when the AllNamespace parameter is set to 0.
NamespaceListstringNo

The namespaces.

m1
AckPolicyInstanceIdstringNo

The ID of the cluster node to which the rule is applied.

Note You can call the GetOpaStrategyDetailNew operation to query the ID of the cluster node to which the rule is applied.
ack-1

Response parameters

ParameterTypeDescriptionExample
object

BaseResult

Successboolean

Indicates whether the request was successful. Valid values:

  • true
  • false
true
Codestring

The status code returned. The status code 200 indicates that the request was successful. Other status codes indicate that the request failed. You can identify the cause of the failure based on the status code.

200
Messagestring

The returned message.

success
RequestIdstring

The request ID.

F75B5FF5-DCB2-59CE-8978-08510707A9E6
HttpStatusCodeinteger

The HTTP status code.

200
Dataarray

The IDs of the clusters that failed to be updated.

datastring

The ID of the cluster that failed to be updated.

['c8d**7614df1bf']

Examples

Sample success responses

JSONformat

{
  "Success": true,
  "Code": "200",
  "Message": "success",
  "RequestId": "F75B5FF5-DCB2-59CE-8978-08510707A9E6",
  "HttpStatusCode": 200,
  "Data": [
    "['c8d**7614df1bf']"
  ]
}

Error codes

HTTP status codeError codeError messageDescription
403NoPermissioncaller has no permissionYou are not authorized to do this operation.
500ServerErrorServerError-

For a list of error codes, visit the Service error codes.

Change history

Change timeSummary of changesOperation
2023-12-22The Error code has changedView Change Details