vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/vpc/api-ref/vpc_sg02_0008.html
gtema 4cfecba474 VPC api from PR#278 
Reviewed-by: Kucerak, Kristian <kristian.kucerak@t-systems.com>
Co-authored-by: gtema <artem.goncharov@gmail.com>
Co-committed-by: gtema <artem.goncharov@gmail.com>
2022-10-17 12:39:05 +00:00

26 KiB
Raw Permalink Blame History

Creating a Security Group Rule

Function

This API is used to create a security group rule.

URI

POST /v2.0/security-group-rules

Request Message

Table 1 Request parameter

Parameter

Type

Mandatory

Description

security_group_rule

security_group_rule object

Yes

Specifies the security group rule. For details, see Table 2.
Table 2 Security Group Rule objects

Attribute

Mandatory

Type

Description

description

No

String

Provides supplementary information about the security group rule.

security_group_id

Yes

String

Specifies the ID of the belonged security group.

remote_group_id

No

String

Specifies the peer ID of the belonged security group.

Either remote_group_id or remote_ip_prefix is used.

direction

Yes

String

Specifies the direction of the traffic for which the security group rule takes effect.

The value can be ingress or egress.

remote_ip_prefix

No

String

Specifies the peer IP address segment.

Either remote_ip_prefix or remote_group_id is used.

protocol

No

String

Specifies the protocol type or the IP protocol number.

The value can be tcp, udp, icmp or an IP protocol number

port_range_max

No

Integer

Specifies the maximum port number. When ICMP is used, the value is the ICMP code.

The value ranges from 1 to 65535. (The value ranges from 0 to 255 when it indicates the code.)

port_range_min

No

Integer

Specifies the minimum port number. If the ICMP protocol is used, this parameter indicates the ICMP type.

When the TCP or UDP protocol is used, both port_range_max and port_range_min must be specified, and the port_range_max value must be greater than the port_range_min value.

When the ICMP protocol is used, if you specify the ICMP code (port_range_max), you must also specify the ICMP type (port_range_min).

The value ranges from 1 to 65535. (The value ranges from 0 to 255 when it indicates the code.)

ethertype

No

String

Specifies the network type.

The value can be IPv4 or IPv6.

remote_address_group_id

No

String
  • Specifies the remote IP address group ID. You can log in to the management console and view the ID on the IP address group page.
  • The value is exclusive with parameters remote_ip_prefix and remote_group_id.

Response Message

Table 3 Response parameter

Parameter

Type

Description

security_group_rule

security_group_rule object

Specifies the security group rule. For details, see Table 4.
Table 4 Security Group Rule objects

Attribute

Type

Description

id

String

Specifies the security group rule ID.

This parameter is not mandatory when you query security group rules.

description

String

Provides supplementary information about the security group rule.

security_group_id

String

Specifies the ID of the belonged security group.

remote_group_id

String

Specifies the peer ID of the belonged security group.

direction

String

Specifies the direction of the traffic for which the security group rule takes effect.

remote_ip_prefix

String

Specifies the peer IP address segment.

protocol

String

Specifies the protocol type or the IP protocol number.

port_range_max

Integer

Specifies the maximum port number. When ICMP is used, the value is the ICMP code.

port_range_min

Integer

Specifies the minimum port number. If the ICMP protocol is used, this parameter indicates the ICMP type.

When the TCP or UDP protocol is used, both port_range_max and port_range_min must be specified, and the port_range_max value must be greater than the port_range_min value.

When the ICMP protocol is used, if you specify the ICMP code (port_range_max), you must also specify the ICMP type (port_range_min).

ethertype

String

Specifies the network type.

IPv4 and IPv6 are supported.

tenant_id

String

Specifies the project ID.

remote_address_group_id

String
  • Specifies the remote IP address group ID.
  • The value is exclusive with parameters remote_ip_prefix and remote_group_id.

project_id

String

Specifies the project ID.

created_at

String

Specifies the time (UTC) when the security group rule is created.

Format: yyyy-MM-ddTHH:mm:ss

updated_at

String

Specifies the time (UTC) when the security group rule is updated.

Format: yyyy-MM-ddTHH:mm:ss

Example:

Example request

POST https://{Endpoint}/v2.0/security-group-rules

{
    "security_group_rule": {
        "security_group_id": "5cb9c1ee-00e0-4d0f-9623-55463cd26ff8", 
        "direction": "egress", 
        "protocol": "tcp", 
        "remote_ip_prefix": "10.10.0.0/24"
    }
}

Example response

{
    "security_group_rule": {
        "remote_group_id": null, 
        "direction": "egress", 
        "remote_ip_prefix": "10.10.0.0/24", 
        "protocol": "tcp", 
        "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", 
        "port_range_max": null, 
        "security_group_id": "5cb9c1ee-00e0-4d0f-9623-55463cd26ff8", 
        "port_range_min": null, 
        "ethertype": "IPv4", 
        "description": null, 
        "id": "7c336b04-1603-4911-a6f4-f2af1d9a0488",
        "project_id": "6fbe9263116a4b68818cf1edce16bc4f", 
        "created_at": "2018-09-20T02:15:34",
        "updated_at": "2018-09-20T02:15:34"
    }
}

Status Code

See Status Codes.

Error Code

See Error Codes.

Parent topic: Security Group