GetChain - Container Registry - Alibaba Cloud Documentation Center

Obtains the information of a delivery chain to understand the node execution sequence of the delivery chain.

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Association operation
cr:GetChain	Read	CR acs:cr:{#regionId}:{#accountId}:repository/{#InstanceId}	none	none

Request parameters

Parameter	Type	Required	Description	Example
InstanceId	string	Yes	The ID of the instance.	cri-4cdrlqmhn4gm****
ChainId	string	Yes	The ID of the delivery chain.	chi-0ops0gsmw5x2****

Response parameters

Parameter	Type	Description	Example
	object
ModifiedTime	long	The time when the delivery chain description was last modified.	1638259914000
ScopeId	string	The ID of the delivery chain scope.	crr-nyrh2oko32xb****
RequestId	string	The ID of the request.	C87993B5-7D61-5CAC-8D64-1AC732DD69FF
Description	string	The description of the delivery chain.	description
CreateTime	long	The time when the delivery chain was created.	1638255427000
ScopeType	string	The type of the delivery chain scope.	REPOSITORY
Code	string	The return value.	success
ChainId	string	The ID of the delivery chain.	chi-0ops0gsmw5x2****
InstanceId	string	The ID of the instance.	cri-4cdrlqmhn4gm****
IsSuccess	boolean	Indicates whether the request is successful.	true
Name	string	The name of the delivery chain.	test
ChainConfig	object	The delivery chain configuration.
ChainConfigId	string	The ID of the delivery chain configuration.	cci-lz3ycgo69ukt****
IsActive	boolean	Indicates whether the delivery chain configuration takes effect. Valid values: `true`: The delivery chain configuration takes effect. `false`: The delivery chain configuration does not take effect.	true
Version	string	The version of the delivery chain.	1
Routers	array	The node execution sequence of the delivery chain.
	object
From	object	The source node.
NodeName	string	The name of the source node.	DOCKER_IMAGE_BUILD
To	object	The destination node.
NodeName	string	The name of the destination node.	DOCKER_IMAGE_PUSH
Nodes	array	The list of nodes in the delivery chain.
	object
NodeName	string	The name of the node in the delivery chain.	VULNERABILITY_SCANNING
Enable	boolean	Indicates whether the node in the delivery chain is enabled. `true`: The node is enabled. `false`: The node is disabled.	true
NodeConfig	object	The configuration of the node in the delivery chain.
Timeout	long	Timeout period.	5
Retry	integer	The number of retries.	3
DenyPolicy	object	The block rule for image security scanning.
Logic	string	The logic of the system to block image security scanning.	AND
IssueLevel	string	The severity level of the detected vulnerabilities at which the system triggers the block.	HIGH
IssueCount	string	The number of vulnerabilities that are detected on images and cause the system to trigger the block.	10
Action	string	The block operation. Valid values: `BLOCK`: The system stops the subsequent steps in the delivery chain. `BLOCK_RETAG`: The system stops overwriting the previously pushed image tags. `BLOCK_DELETE_TAG`: The system stops deleting image tags.	BLOCK
IssueList	string	The list of CVE vulnerabilities to be blocked. Separate multiple CVE vulnerabilities with commas (,).	CVE-2020-8286,CVE-2020-8285
MaliciousList	string	The list of malicious samples to be blocked. Separate multiple malicious sample names with commas (,).	mutate_cockhorse,abnormal_program
BaselineList	string	The list of baseline samples to be blocked. Separate multiple baseline sample names with commas (,).	identification,hc_image_exploit
ScanEngine	string	The scan engine of the delivery chain. `SAS_SCAN_SERVICE`: Security Center scan engine (paid service) `ACR_SCAN_SERVICE`: Container Registry scan engine	ACR_SCAN_SERVICE
ScopeExclude	array	Repositories to which the delivery chain does not apply.
	string	The names of the repositories to which the delivery chain does not apply. Separate multiple repository names with commas (,).	repo_name1,repo_name2

Examples

Sample success responses

JSONformat

{
  "ModifiedTime": 1638259914000,
  "ScopeId": "crr-nyrh2oko32xb****",
  "RequestId": "C87993B5-7D61-5CAC-8D64-1AC732DD69FF",
  "Description": "description",
  "CreateTime": 1638255427000,
  "ScopeType": "REPOSITORY",
  "Code": "success",
  "ChainId": "chi-0ops0gsmw5x2****",
  "InstanceId": "cri-4cdrlqmhn4gm****",
  "IsSuccess": true,
  "Name": "test",
  "ChainConfig": {
    "ChainConfigId": "cci-lz3ycgo69ukt****",
    "IsActive": true,
    "Version": "1",
    "Routers": [
      {
        "From": {
          "NodeName": "DOCKER_IMAGE_BUILD"
        },
        "To": {
          "NodeName": "DOCKER_IMAGE_PUSH"
        }
      }
    ],
    "Nodes": [
      {
        "NodeName": "VULNERABILITY_SCANNING",
        "Enable": true,
        "NodeConfig": {
          "Timeout": 5,
          "Retry": 3,
          "DenyPolicy": {
            "Logic": "AND",
            "IssueLevel": "HIGH",
            "IssueCount": "10",
            "Action": "BLOCK",
            "IssueList": "CVE-2020-8286,CVE-2020-8285",
            "MaliciousList": "mutate_cockhorse,abnormal_program",
            "BaselineList": "identification,hc_image_exploit"
          },
          "ScanEngine": "ACR_SCAN_SERVICE"
        }
      }
    ]
  },
  "ScopeExclude": [
    "repo_name1,repo_name2\n"
  ]
}

Error codes

For a list of error codes, visit the Service error codes.