MENU
      Check policy validity

        Check policy validity


        Article summary

        Available in Classic and VPC

        Check the validity of the policy details before creating a policy.

        Request

        This section describes the request format. The method and URI are as follows:

        MethodURI
        POST/api/v1/policy/validation

        Request headers

        For information about the headers common to all Sub Account APIs, see Sub Account request headers.

        Request body

        You can include the following data in the body of your request:

        FieldTypeRequiredDescription
        policyNameStringRequiredPolicy name
        • 3-30 characters using Korean, English uppercase and lowercase letters, Japanese, and special characters . _ -
        • First letter must be Korean, English uppercase and lowercase letter, or Japanese
        descriptionStringOptionalDescription of the policy (byte)
        • 0-300
        permissionsArrayRequiredAllowed permission list

        permissions

        The following describes permissions.

        FieldTypeRequiredDescription
        effectStringRequiredPermission allowance
        • Allow (Valid value)
        targetsArrayRequiredPermission allowance target
        conditionObjectOptionalPolicy condition
        condition.{operator}ObjectOptionalPolicy condition operator
        condition.{operator}.{key}ObjectOptionalPolicy condition key
        condition.{operator}.{value}ArrayOptionalPolicy condition value

        targets

        The following describes targets.

        FieldTypeRequiredDescription
        productStringRequiredAllowable service code
        actionsArrayRequiredAllowable action
        • See Permission information by service to apply as follows
          • Detailed action unit: Enter the action name
          • All query units: Enter View*
          • All change units: Enter Change*
          • Service unit: Enter an asterisk (*)
        resourceNrnsArrayRequiredNAVER Cloud Platform resource identification value for the allowable target
        • Enter an asterisk (*) when not specifying

        Request example

        The request example is as follows:

        curl --location --request POST 'https://subaccount.apigw.ntruss.com/api/v1/policy/48ac3260-****-****-****-246e96591594?withPermissions=true' \
        --header 'x-ncp-apigw-timestamp: {Timestamp}' \
        --header 'x-ncp-iam-access-key: {Access Key}' \
        --header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
        --header 'Accept: application/json' \
        --header 'Content-Type: application/json' \
        --data '{
            "policyName": "policy",
            "description": "Testing",
            "permissions": [
                {
                    "effect": "Allow",
                    "targets": [
                        {
                            "product": "Server",
                            "actions": [
                                "View*"
                            ],
                            "resourceNrns": [
                                "*"
                            ]
                        }
                    ]
                }
            ]
        }
        Shell

        Response

        This section describes the response format.

        Response body

        The response body includes the following data:

        FieldTypeRequiredDescription
        detailsArray-Validity check detailed results
        successBoolean-Validity check results
        • true | false
          • true: valid
          • false: invalid

        details

        The following describes details.

        FieldTypeRequiredDescription
        typeString-Check result type
        • INFO | WARNING | ERROR
        • ERROR indicates a failed validity check
        codeString-Detailed code
        locationString-Check location
        messageString-Check result message

        Response status codes

        For information about the HTTP status codes common to all Sub Account APIs, see Sub Account status codes.

        Response example

        The response example is as follows:

        If the check results in a valid policy

        The following is a sample response if the check results in a valid policy.

        {
          "success": true
        }
        JSON

        If the check results in an invalid policy

        The following is a sample response if the check results in an invalid policy.

        {
          "details": [
            {
              "type": "WARNING",
              "code": "iam.policy.missingRelatedAction",
              "location": "",
              "message": "An associated action is missing. {Server=[View/getInitScriptList, Change/changeInitScript, View/getRootPasswordServerInstanceList, Change/setDetailedMonitoring]}"
            }
          ],
          "success": false
        }
        JSON

        Was this article helpful?

        Changing your password will log you out immediately. Use the new password to log back in.
        First name must have atleast 2 characters. Numbers and special characters are not allowed.
        Last name must have atleast 1 characters. Numbers and special characters are not allowed.
        Enter a valid email
        Enter a valid password
        Your profile has been successfully updated.