All Products
Search
Document Center

Key Management Service:DescribePolicy

更新時間:Oct 11, 2023

Queries the details of a permission policy.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter

Type

Required

Example

Description

Action String Yes DescribePolicy

The operation that you want to perform. Set the value to DescribePolicy.

Name String Yes policy_test

The name of the permission policy that you want to query.

Response parameters

Parameter

Type

Example

Description

RequestId String f455324b-e229-4066-9f58-9c1cf3fe83a9

The ID of the request, which is used to locate and troubleshoot issues.

Arn String acs:kms:cn-hangzhou:119285303511****:policy/policy_test

The ARN of the permission policy.

Name String policy_test

The name of the permission policy.

Description String policy description

The description.

KmsInstance String kst-hzz634e67d126u9p9****

The scope of the permission policy.

Permissions Array of String ["RbacPermission/Template/CryptoServiceKeyUser", "RbacPermission/Template/CryptoServiceSecretUser"]

The operations that can be performed.

Resources Array of String ["secret/acs/ram/user/ram-secret", "secret/acs/ram/user/acr-master", "key/key-hzz63d9c8d3dfv8cv****"]

The key and secret that are allowed to access.

AccessControlRules String {"NetworkRules":["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"]}

The access control rule that is created for the permission policy.

Examples

Sample requests

http(s)://[Endpoint]/?Action=DescribePolicy
&Name=policy_test
&Common request parameters

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<DescribePolicyResponse>
    <RequestId>f455324b-e229-4066-9f58-9c1cf3fe83a9</RequestId>
    <Arn>acs:kms:cn-hangzhou:119285303511****:policy/policy_test</Arn>
    <Name>policy_test</Name>
    <Description>policy  description</Description>
    <KmsInstance>kst-hzz634e67d126u9p9****</KmsInstance>
    <Permissions>["RbacPermission/Template/CryptoServiceKeyUser", "RbacPermission/Template/CryptoServiceSecretUser"]</Permissions>
    <Resources>["secret/acs/ram/user/ram-secret", "secret/acs/ram/user/acr-master", "key/key-hzz63d9c8d3dfv8cv****"]</Resources>
    <AccessControlRules>{"NetworkRules":["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"]}</AccessControlRules>
</DescribePolicyResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "f455324b-e229-4066-9f58-9c1cf3fe83a9",
  "Arn" : "acs:kms:cn-hangzhou:119285303511****:policy/policy_test",
  "Name" : "policy_test",
  "Description" : "policy  description",
  "KmsInstance" : "kst-hzz634e67d126u9p9****",
  "Permissions" : [ "[\"RbacPermission/Template/CryptoServiceKeyUser\", \"RbacPermission/Template/CryptoServiceSecretUser\"]" ],
  "Resources" : [ "[\"secret/acs/ram/user/ram-secret\", \"secret/acs/ram/user/acr-master\", \"key/key-hzz63d9c8d3dfv8cv****\"]" ],
  "AccessControlRules" : "{\"NetworkRules\":[\"kst-hzz62ee817bvyyr5x****.efkd\",\"kst-hzz62ee817bvyyr5x****.eyyp\"]}"
}

Error codes

For a list of error codes, see Service error codes.