vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/vpc/api-ref/vpc_sg02_0008.html
Qin Ying, Fan 7e6f07b803 VPC API 20240320 version 
Reviewed-by: Sarda, Priya <prsarda@noreply.gitea.eco.tsi-dev.otc-service.com>
Co-authored-by: Qin Ying, Fan <fanqinying@huawei.com>
Co-committed-by: Qin Ying, Fan <fanqinying@huawei.com>
2024-09-05 12:25:23 +00:00

27 KiB
Raw Permalink Blame History

Creating a Security Group Rule

Function

This API is used to create a security group rule.

URI

POST /v2.0/security-group-rules

Request Parameters

Table 1 Request parameter

Parameter

Type

Mandatory

Description

security_group_rule

security_group_rule object

Yes

Specifies the security group rule. For details, see Table 2.
Table 2 Security Group Rule objects

Attribute

Mandatory

Type

Description

description

No

String

Provides supplementary information about the security group rule.

security_group_id

Yes

String

Specifies the ID of the belonged security group.

remote_group_id

No

String
  • Specifies the peer ID of the belonged security group.
  • This parameter is mutually exclusive with remote_ip_prefix.

direction

Yes

String
  • Specifies the direction of a security group rule.
  • The value can be ingress (inbound) or egress (outbound).

remote_ip_prefix

No

String
  • Specifies the peer IP address segment.
  • This parameter is mutually exclusive with remote_group_id.

protocol

No

String
  • Specifies the protocol type or the IP protocol number.
  • The value can be tcp, udp, icmp or an IP protocol number.

port_range_max

No

Integer
  • Specifies the maximum port number. When ICMP is used, the value is the ICMP code.
  • The value ranges from 1 to 65535. (The value ranges from 0 to 255 when it indicates the code.)

port_range_min

No

Integer
  • Specifies the minimum port number. When ICMP is used, the value is the ICMP type.
  • Constraints:
    • When the TCP or UDP protocol is used, both port_range_max and port_range_min must be specified, and the port_range_max value must be greater than the port_range_min value.
    • When the ICMP protocol is used, if you specify the ICMP code (port_range_max), you must also specify the ICMP type (port_range_min).
  • The value ranges from 1 to 65535. (The value ranges from 0 to 255 when it indicates the code.)

ethertype

No

String
  • Specifies the network type.
  • The value can be IPv4 or IPv6.

remote_address_group_id

No

String
  • Specifies the remote IP address group ID. You can log in to the management console and view the ID on the IP address group page.
  • The value is mutually exclusive with parameters remote_ip_prefix and remote_group_id.

Example Request

Create an outbound rule in the security group whose ID is 5cb9c1ee-00e0-4d0f-9623-55463cd26ff8. Set protocol to tcp, and remote_ip_prefix to 10.10.0.0/24.

POST https://{Endpoint}/v2.0/security-group-rules

{
    "security_group_rule": {
        "security_group_id": "5cb9c1ee-00e0-4d0f-9623-55463cd26ff8", 
        "direction": "egress", 
        "protocol": "tcp", 
        "remote_ip_prefix": "10.10.0.0/24"
    }
}

Response Parameters

Table 3 Response parameter

Parameter

Type

Description

security_group_rule

security_group_rule object

Specifies the security group rule. For details, see Table 4.
Table 4 Security Group Rule objects

Attribute

Type

Description

id

String
  • Specifies the security group rule ID.
  • This parameter is not mandatory when you query security group rules.

description

String

Provides supplementary information about the security group rule.

security_group_id

String

Specifies the ID of the belonged security group.

remote_group_id

String

Specifies the peer ID of the belonged security group.

direction

String

Specifies the direction of a security group rule.

remote_ip_prefix

String

Specifies the peer IP address segment.

protocol

String

Specifies the protocol type or the IP protocol number.

port_range_max

Integer
  • Specifies the maximum port number. When ICMP is used, the value is the ICMP code.
  • The value ranges from 1 to 65535. (The value ranges from 0 to 255 when it indicates the code.)

port_range_min

Integer
  • Specifies the minimum port number. When ICMP is used, the value is the ICMP type.
  • Constraints:
    • When the TCP or UDP protocol is used, both port_range_max and port_range_min must be specified, and the port_range_max value must be greater than the port_range_min value.
    • When the ICMP protocol is used, if you specify the ICMP code (port_range_max), you must also specify the ICMP type (port_range_min).

ethertype

String
  • Specifies the IP version.
  • The value can be IPv4 or IPv6.

tenant_id

String

Specifies the project ID.

remote_address_group_id

String
  • Specifies the remote IP address group ID.
  • The value is mutually exclusive with parameters remote_ip_prefix and remote_group_id.

project_id

String

Specifies the project ID.

created_at

String
  • Time when the security group rule is created
  • UTC time in the format of yyyy-MM-ddTHH:mm:ssZ

updated_at

String
  • Time when the security group rule is updated
  • UTC time in the format of yyyy-MM-ddTHH:mm:ssZ

Example Response

{
    "security_group_rule": {
        "remote_group_id": null, 
        "direction": "egress", 
        "remote_ip_prefix": "10.10.0.0/24", 
        "protocol": "tcp", 
        "tenant_id": "6fbe9263116a4b68818cf1edce16bc4f", 
        "port_range_max": null, 
        "security_group_id": "5cb9c1ee-00e0-4d0f-9623-55463cd26ff8", 
        "port_range_min": null, 
        "ethertype": "IPv4", 
        "description": null, 
        "id": "7c336b04-1603-4911-a6f4-f2af1d9a0488",
        "project_id": "6fbe9263116a4b68818cf1edce16bc4f", 
        "created_at": "2018-09-20T02:15:34",
        "updated_at": "2018-09-20T02:15:34",
        "remote_address_group_id": null
    }
}

Status Code

See Status Codes.

Error Code

See Error Codes.

Parent topic: Security Group