Check policy validity

Prev Next

Available in Classic and VPC

Check the validity of the policy details before creating a policy.

Request

This section describes the request format. The method and URI are as follows:

Method URI
POST /api/v1/policy/validation

Request headers

For information about the headers common to all Sub Account APIs, see Sub Account request headers.

Request body

You can include the following data in the body of your request:

Field Type Required Description
policyName String Required Policy name
  • 3-30 characters using Korean, English uppercase and lowercase letters, Japanese, and special characters . _ -
  • First letter must be Korean, English uppercase and lowercase letter, or Japanese
description String Optional Description of the policy (byte)
  • 0-300
permissions Array Required Allowed permission list

permissions

The following describes permissions.

Field Type Required Description
effect String Required Permission allowance
  • Allow (Valid value)
targets Array Required Permission allowance target
condition Object Optional Policy condition
condition.{operator} Object Optional Policy condition operator
condition.{operator}.{key} Object Optional Policy condition key
condition.{operator}.{value} Array Optional Policy condition value

targets

The following describes targets.

Field Type Required Description
product String Required Allowable service code
actions Array Required Allowable action
  • See Permission information by service to apply as follows
    • Detailed action unit: Enter the action name
    • All query units: Enter View*
    • All change units: Enter Change*
    • Service unit: Enter an asterisk (*)
resourceNrns Array Required NAVER Cloud Platform resource identification value for the allowable target
  • Enter an asterisk (*) when not specifying

Request example

The request example is as follows:

curl --location --request POST 'https://subaccount.apigw.ntruss.com/api/v1/policy/48ac3260-****-****-****-246e96591594?withPermissions=true' \
--header 'x-ncp-apigw-timestamp: {Timestamp}' \
--header 'x-ncp-iam-access-key: {Access Key}' \
--header 'x-ncp-apigw-signature-v2: {API Gateway Signature}' \
--header 'Accept: application/json' \
--header 'Content-Type: application/json' \
--data '{
    "policyName": "policy",
    "description": "Testing",
    "permissions": [
        {
            "effect": "Allow",
            "targets": [
                {
                    "product": "Server",
                    "actions": [
                        "View*"
                    ],
                    "resourceNrns": [
                        "*"
                    ]
                }
            ]
        }
    ]
}

Response

This section describes the response format.

Response body

The response body includes the following data:

Field Type Required Description
details Array - Validity check detailed results
success Boolean - Validity check results
  • true | false
    • true: valid
    • false: invalid

details

The following describes details.

Field Type Required Description
type String - Check result type
  • INFO | WARNING | ERROR
  • ERROR indicates a failed validity check
code String - Detailed code
location String - Check location
message String - Check result message

Response status codes

For information about the HTTP status codes common to all Sub Account APIs, see Sub Account status codes.

Response example

The response example is as follows:

If the check results in a valid policy

The following is a sample response if the check results in a valid policy.

{
  "success": true
}

If the check results in an invalid policy

The following is a sample response if the check results in an invalid policy.

{
  "details": [
    {
      "type": "WARNING",
      "code": "iam.policy.missingRelatedAction",
      "location": "",
      "message": "An associated action is missing. {Server=[View/getInitScriptList, Change/changeInitScript, View/getRootPasswordServerInstanceList, Change/setDetailedMonitoring]}"
    }
  ],
  "success": false
}