All Products
Search

This Product

    :Query policies

    Document Center

    :Query policies

    更新时间:Sep 01, 2023

    You can call the DescribePolicies operation to query policies.

    Debugging

    OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

    Request syntax

    GET /policies HTTP/1.1
Content-Type:application/json

Common request parameters

    Request parameters

    Response syntax

    Response parameters

    Table 1. Response body parameters
    Parameter Type Example Description
    Map

    The list of policies. The key of each entry indicates the type of policy. The value of each entry indicates the names of the policies of the type.

    Array of String ACKNoEnvVarSecrets

    For more information about policies, see Predefined security policies of ACK.

    Sample requests

    Submit the following sample request to query policies:

    GET /policies HTTP/1.1
Host:cs.aliyuncs.com
Content-Type:application/json

Common request parameters

    Sample success responses

    XML format

    HTTP/1.1 200 OK
Content-Type:application/xml

<DescribePoliciesResponse>
    <cis-k8s>ACKNoEnvVarSecrets</cis-k8s>
    <cis-k8s>ACKPodsRequireSecurityContext</cis-k8s>
    <cis-k8s>ACKRestrictNamespaces</cis-k8s>
    <cis-k8s>ACKRestrictRoleBindings</cis-k8s>
    <infra>ACKBlockProcessNamespaceSharing</infra>
    <infra>ACKEmptyDirHasSizeLimit</infra>
    <infra>ACKLocalStorageRequireSafeToEvict</infra>
    <infra>ACKOSSStorageLocationConstraint</infra>
    <k8s-general>ACKBlockAutoinjectServiceEnv</k8s-general>
    <k8s-general>ACKBlockAutomountToken</k8s-general>
    <k8s-general>ACKBlockLoadBalancer</k8s-general>
    <k8s-general>ACKBlockNodePort</k8s-general>
    <k8s-general>ACKContainerLimits</k8s-general>
    <k8s-general>ACKExternalIPs</k8s-general>
    <k8s-general>ACKImageDigests</k8s-general>
    <k8s-general>ACKRequiredLabels</k8s-general>
    <k8s-general>ACKRequiredProbes</k8s-general>
    <k8s-general>ACKAllowedRepos</k8s-general>
    <psp>ACKPSPAllowPrivilegeEscalationContainer</psp>
    <psp>ACKPSPAllowedUsers</psp>
    <psp>ACKPSPAppArmor</psp>
    <psp>ACKPSPCapabilities</psp>
    <psp>ACKPSPFSGroup</psp>
    <psp>ACKPSPFlexVolumes</psp>
    <psp>ACKPSPForbiddenSysctls</psp>
    <psp>ACKPSPHostFilesystem</psp>
    <psp>ACKPSPHostNamespace</psp>
    <psp>ACKPSPHostNetworkingPorts</psp>
    <psp>ACKPSPPrivilegedContainer</psp>
    <psp>ACKPSPProcMount</psp>
    <psp>ACKPSPReadOnlyRootFilesystem</psp>
    <psp>ACKPSPSELinuxV2</psp>
    <psp>ACKPSPSeccomp</psp>
    <psp>ACKPSPVolumeTypes</psp>
</DescribePoliciesResponse>

    JSON format

    HTTP/1.1 200 OK
Content-Type:application/json

{
  "cis-k8s" : [ "ACKNoEnvVarSecrets", "ACKPodsRequireSecurityContext", "ACKRestrictNamespaces", "ACKRestrictRoleBindings" ],
  "infra" : [ "ACKBlockProcessNamespaceSharing", "ACKEmptyDirHasSizeLimit", "ACKLocalStorageRequireSafeToEvict", "ACKOSSStorageLocationConstraint" ],
  "k8s-general" : [ "ACKBlockAutoinjectServiceEnv", "ACKBlockAutomountToken", "ACKBlockLoadBalancer", "ACKBlockNodePort", "ACKContainerLimits", "ACKExternalIPs", "ACKImageDigests", "ACKRequiredLabels", "ACKRequiredProbes", "ACKAllowedRepos" ],
  "psp" : [ "ACKPSPAllowPrivilegeEscalationContainer", "ACKPSPAllowedUsers", "ACKPSPAppArmor", "ACKPSPCapabilities", "ACKPSPFSGroup", "ACKPSPFlexVolumes", "ACKPSPForbiddenSysctls", "ACKPSPHostFilesystem", "ACKPSPHostNamespace", "ACKPSPHostNetworkingPorts", "ACKPSPPrivilegedContainer", "ACKPSPProcMount", "ACKPSPReadOnlyRootFilesystem", "ACKPSPSELinuxV2", "ACKPSPSeccomp", "ACKPSPVolumeTypes" ]
}

    Error codes

    For a list of error codes, see Service error codes.