weihongmin1
46d24ba358
Reviewed-by: Belejkanic, Lukas <lukas.belejkanic@t-systems.com> Co-authored-by: weihongmin1 <weihongmin1@huawei.com> Co-committed-by: weihongmin1 <weihongmin1@huawei.com>
37 KiB
Modifying the ACL for Console Access
Function
This API is provided for the administrator to modify the ACL for console access.
URI
PUT /v3.0/OS-SECURITYPOLICY/domains/{domain_id}/console-acl-policy
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
domain_id |
Yes |
String |
Domain ID. |
Request Parameters
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
X-Auth-Token |
Yes |
String |
Token with Security Administrator permissions. |
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
Yes |
object |
ACL for console access. |
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
No |
Array of objects |
IPv4 address or CIDR block from which access is allowed. Specify either allow_address_netmasks or allow_ip_ranges. |
|
No |
Array of objects |
IPv4 address or CIDR block from which access is allowed. Specify either allow_address_netmasks or allow_ip_ranges. |
|
No |
Array of objects |
IPv6 address or CIDR block from which access is allowed. Specify either allow_address_netmasks_ipv6 or allow_ip_ranges_ipv6. |
|
No |
Array of objects |
IPv6 address or CIDR block from which access is allowed. Specify either allow_address_netmasks_ipv6 or allow_ip_ranges_ipv6. |
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
address_netmask |
Yes |
String |
IPv4 CIDR block, for example, 192.168.0.1/24. |
description |
No |
String |
Description about the IPv4 CIDR block. |
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
description |
No |
String |
Description about an IP address range. |
ip_range |
Yes |
String |
IPv4 address range, for example, 0.0.0.0-255.255.255.255. |
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
address_netmask |
Yes |
String |
IPv6 address or CIDR block, for example, 0000:0000:0000:0000:0000:0000:0000:0000/100. |
description |
No |
String |
Description about the IPv6 address or CIDR block. |
Parameter |
Mandatory |
Type |
Description |
|---|---|---|---|
description |
No |
String |
Description about the IP address range. |
ip_range |
Yes |
String |
IPv6 address range, for example, 0000:0000:0000:0000:0000:0000:0000:0000-FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF. |
Response Parameters
Parameter |
Type |
Description |
|---|---|---|
object |
ACL for console access. |
Parameter |
Type |
Description |
|---|---|---|
Array of objects |
IPv4 CIDR blocks from which console access is allowed. |
|
Array of objects |
IP address ranges from which console access is allowed. |
|
Array of objects |
IPv6 address or CIDR block from which access is allowed. This parameter is only returned when an IPv6 address range or CIDR block from which access is allowed is specified. |
|
Array of objects |
IPv6 address range from which access is allowed. This parameter is only returned when an IPv6 address range from which access is allowed is specified. |
Parameter |
Type |
Description |
|---|---|---|
address_netmask |
String |
IPv4 CIDR block, for example, 192.168.0.1/24. |
description |
String |
Description about the IPv4 CIDR block. |
Parameter |
Type |
Description |
|---|---|---|
description |
String |
Description about an IP address range. |
ip_range |
String |
IPv4 address range, for example, 0.0.0.0-255.255.255.255. |
Example Request
PUT https://sample.domain.com/v3.0/OS-SECURITYPOLICY/domains/{domain_id}/console-acl-policy
{
"console_acl_policy" : {
"allow_ip_ranges" : [ {
"ip_range" : "0.0.0.0-255.255.255.255",
"description" : "1"
}, {
"ip_range" : "0.0.0.0-255.255.255.253",
"description" : "12"
} ],
"allow_address_netmasks" : [ {
"address_netmask" : "192.168.0.1/24",
"description" : "3"
}, {
"address_netmask" : "192.168.0.2/23",
"description" : "4"
} ] ,
"allow_ip_ranges_ipv6": [{
"ip_range": "0000:0000:0000:0000:0000:0000:0000:0000-FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF",
"description": "IPv6 address range"
} ],
"allow_address_netmasks_ipv6": [{
"address_netmask": "0000:0000:0000:0000:0000:0000:0000:0000/100",
"description": "IPv6 address or CIDR block"
}]
}
}
Example Response
Status code: 200
The request is successful.
{
"console_acl_policy" : {
"allow_ip_ranges" : [ {
"ip_range" : "0.0.0.0-255.255.255.255",
"description" : ""
}, {
"ip_range" : "0.0.0.0-255.255.255.255",
"description" : ""
} ],
"allow_address_netmasks" : [ {
"address_netmask" : "192.168.0.1/24",
"description" : ""
}, {
"address_netmask" : "192.168.0.1/24",
"description" : ""
} ]
,
"allow_ip_ranges_ipv6": [{
"ip_range": "0000:0000:0000:0000:0000:0000:0000:0000-FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF",
"description": "IPv6 address range"
} ],
"allow_address_netmasks_ipv6": [{
"address_netmask": "0000:0000:0000:0000:0000:0000:0000:0000/100",
"description": "IPv6 address or CIDR block"
}]
}
}
Status code: 400
The request body is abnormal.
- Example 1
{
"error_msg" : "'%(key)s' is a required property.",
"error_code" : "IAM.0072"
}
- Example 2
{
"error_msg" : "Invalid input for field '%(key)s'. The value is '%(value)s'.",
"error_code" : "IAM.0073"
}
Status code: 500
The system is abnormal.
{
"error_msg" : "An unexpected error prevented the server from fulfilling your request.",
"error_code" : "IAM.0006"
}
Status Codes
Status Code |
Description |
|---|---|
200 |
The request is successful. |
400 |
The request body is abnormal. |
401 |
Authentication failed. |
403 |
Access denied. |
500 |
The system is abnormal. |