Creates a rule to block at-risk images.
Debugging
Authorization information
Request parameters
Parameter | Type | Required | Description | Example |
---|---|---|---|---|
StrategyId | long | No | The rule ID. Note
You can call the ListOpaClusterStrategyNew operation to query the rule ID.
Note
This parameter is invalid when you create a rule.
| 16 |
StrategyTemplateId | long | No | The ID of the rule template. Note
You can call the GetOpaStrategyTemplateSummary operation to query the ID of the rule template.
| 109 |
ClusterId | string | No | The cluster ID. Note
This parameter is deprecated.
| cfa7e2fb8c221483ba59e098c34c6**** |
StrategyName | string | No | The rule name. | default |
Description | string | No | The rule description. | default policy |
ClusterName | string | No | The cluster name. Note
This parameter is deprecated.
| * |
UnScanedImage | boolean | No | Specifies whether the rule supports unscanned images. Valid values:
| true |
MaliciousImage | boolean | No | Specifies whether the rule supports malicious Internet images. Valid values:
| true |
ImageName | array | No | The image names. | |
string | No | The image name. Note
You can call the GetOpaClusterImageList operation to query the image name.
| testImage | |
Label | array | No | The container tags. | |
string | No | The container tag. Note
You can call the GetOpaClusterLabelList operation to query the container tag.
| app.kubernetes.io/component:collector | |
RuleAction | integer | No | The action that is performed when the rule is hit. Valid values:
| 1 |
WhiteList | array | No | The whitelist. | |
string | No | The entry in the whitelist. | repo-06 | |
AlarmDetail | object | No | The rule configuration. | |
Baseline | object | No | The baseline check configuration. | |
RiskLevel | array | No | The risk levels. | |
string | No | The risk level. Valid values:
| high | |
Item | object [] | No | The information about the baseline check item. | |
Id | string | No | The ID of the baseline check item. Note
You can call the GetOpaClusterBaseLineList operation to query the ID of the baseline check item.
| hc.image.checklist.identify.hc_exploit_couchdb_linux.item |
Name | string | No | The name of the baseline check item. Note
You can call the GetOpaClusterBaseLineList operation to query the name of the baseline check item.
| Unauthorized access to CouchDB configuration risk |
Vul | object | No | The vulnerability configuration. | |
RiskLevel | array | No | The risk levels. | |
string | No | The risk level. Valid values:
| high | |
Item | object [] | No | The information about the vulnerability. | |
Id | string | No | The vulnerability ID. Note
You can call the DescribeVulListPage operation to query the vulnerability ID.
| CVE-2023-36034 |
Name | string | No | The vulnerability name. Note
You can call the DescribeVulListPage operation to query the vulnerability name.
| Microsoft Edge vul |
RiskClass | object [] | No | Risk type of vulnerability. | |
Id | string | No | The ID of the vulnerability types. Valid values:
| cve |
Name | string | No | The name of the vulnerability. Valid values:
| system vulnerability |
MaliciousFile | object | No | The configuration of malicious samples. | |
RiskLevel | array | No | The risk levels. | |
string | No | The risk level. Valid values:
| high | |
Item | object [] | No | The information about the malicious sample. | |
Id | string | No | The ID of the malicious sample. Note
You can call the DescribeMatchedMaliciousNames operation to query the ID of the malicious sample.
| 3685699 |
Name | string | No | The name of the malicious sample. Note
You can call the DescribeMatchedMaliciousNames operation to query the name of the malicious sample.
| abnormal binary file |
SensitiveFile | object | No | The configuration of sensitive file. | |
RiskLevel | array | No | The risk levels. | |
string | No | The risk level. Valid values:
| low | |
Item | object [] | No | The configuration of sensitive file. | |
Id | string | No | The ID of the sensitive files. Note
You can call the GetSensitiveDefineRuleConfig operation to query the ID of the malicious sample.
| key |
Name | string | No | The name of the sensitive files. Note
You can call the GetSensitiveDefineRuleConfig operation to query the ID of the malicious sample.
| name |
BuildRisk | object | No | The configuration of image build risk. | |
RiskLevel | array | No | The risk levels. | |
string | No | The risk level. Valid values:
| low | |
Item | object [] | No | The configuration of image build risk. | |
Id | string | No | The ID of the image build risk. Note
You can call the ListImageBuildRiskItem operation to query the ID of the malicious sample.
| key |
Name | string | No | The name of the image build risk. Note
You can call the ListImageBuildRiskItem operation to query the ID of the malicious sample.
| name |
Scopes | object [] | No | The application scope of the rule. | |
ClusterId | string | No | The ID of the cluster that is specified in the rule. Note
You can call the DescribeGroupedContainerInstances operation to query the cluster ID.
| cc50d***015d2 |
AllNamespace | integer | No | Specifies whether to include all namespaces. Valid values:
| 1 |
NamespaceList | array | No | The namespaces. Note
This parameter is valid only when the AllNamespace parameter is set to 0.
| |
string | No | The namespace. Note
You can call the GetOpaClusterNamespaceList operation to query the namespace.
| namespace1 | |
AckPolicyInstanceId | string | No | The ID of the cluster node to which the rule is applied. Note
This parameter is not required when you create the instance.
| ack-p-1 |
Response parameters
Examples
Sample success responses
JSON
format
{
"Success": true,
"Code": "200",
"Message": "success",
"RequestId": "CD380235-A0B8-540D-A0D5-D62884469E3C",
"HttpStatusCode": 200,
"Data": [
"['cb8cd***b07ee5']"
]
}
Error codes
HTTP status code | Error code | Error message | Description |
---|---|---|---|
403 | NoPermission | caller has no permission | You are not authorized to do this operation. |
500 | ServerError | ServerError | - |
For a list of error codes, visit the Service error codes.
Change history
Change time | Summary of changes | Operation | ||||
---|---|---|---|---|---|---|
2023-12-22 | The Error code has changed | see changesets | ||||
|