Skip to content
API Enriched

Replace Enhanced Firewall Policy.

PUT
/api/config/namespaces/{metadata.namespace}/enhanced_firewall_policys/{metadata.name}
curl --request PUT \
  --url https://example-corp.console.ves.volterra.io/api/v1/api/production/us-east-1/namespaces/default/api/config/namespaces/example/enhanced_firewall_policys/example \
  --header 'Authorization: <Authorization>' \
  --header 'Content-Type: application/json' \
  --data '{ "metadata": { "annotations": {}, "description": "example", "disable": true, "labels": {}, "name": "example", "namespace": "example" }, "spec": { "allow_all": {}, "allowed_destinations": { "prefix": [ "example" ] }, "allowed_sources": { "prefix": [ "example" ] }, "denied_destinations": { "prefix": [ "example" ] }, "denied_sources": { "prefix": [ "example" ] }, "deny_all": {}, "rule_list": { "rules": [ { "advanced_action": { "action": "NOLOG" }, "all_destinations": {}, "all_sli_vips": {}, "all_slo_vips": {}, "all_sources": {}, "all_tcp_traffic": {}, "all_traffic": {}, "all_udp_traffic": {}, "allow": {}, "applications": { "applications": [ "APPLICATION_HTTP" ] }, "deny": {}, "destination_aws_vpc_ids": { "vpc_id": [ "example" ] }, "destination_ip_prefix_set": { "ref": [ { "name": "example", "namespace": "example" } ] }, "destination_label_selector": { "expressions": [ "example" ] }, "destination_prefix_list": { "prefixes": [ "example" ] }, "insert_service": { "nfv_service": { "name": "example", "namespace": "example" } }, "inside_destinations": {}, "inside_sources": {}, "label_matcher": { "keys": [ "example" ] }, "metadata": { "description": "example", "name": "example" }, "outside_destinations": {}, "outside_sources": {}, "protocol_port_range": { "port_ranges": [ "example" ], "protocol": "example" }, "source_aws_vpc_ids": { "vpc_id": [ "example" ] }, "source_ip_prefix_set": { "ref": [ { "name": "example", "namespace": "example" } ] }, "source_label_selector": { "expressions": [ "example" ] }, "source_prefix_list": { "prefixes": [ "example" ] } } ] } } }'

Shape of Enhanced Firewall Policy replace specification.

Examples of this operation.

Authorizations

Section titled “Authorizations”

Parameters

Section titled “Parameters”

Path Parameters

Section titled “Path Parameters”
metadata.namespace
required
string

Namespace This defines the workspace within which each the configuration object is to be created. Must be a DNS_LABEL format. For a namespace object itself, namespace value will be ""

metadata.name
required
string

Name The configuration object to be replaced will be looked up by name.

Request Bodyrequired

Section titled “Request Bodyrequired”
Media typeapplication/json
ReplaceRequest is used to replace contents of a enhanced_firewall_policy

This is the input message of the ‘Replace’ RPC.

object
metadata
object
annotations
annotations

Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata. They are not queryable and should be preserved when modifying objects.

object
description
description

Human readable description for the object.

string
>= 21 characters <= 1200 characters
disable
disable

A value of true will administratively disable the object.

boolean format: boolean
labels
labels

Map of string keys and values that can be used to organize and categorize (scope and select) objects as chosen by the user. Values specified here will be used by selector expression.

object
name
name

This is the name of configuration object. It has to be unique within the namespace. It can only be specified during create API and cannot be changed during replace API. The value of name has to follow DNS-1035 format. Required: YES.

string
>= 6 characters <= 1024 characters
namespace
namespace

This defines the workspace within which each the configuration object is to be created. Must be a DNS_LABEL format. For a namespace object itself, namespace value will be ""

string
>= 6 characters <= 1024 characters
spec
object
allow_all
object
allowed_destinations
object
prefix
Prefix

IP Address prefix in string format. String must contain both prefix and prefix-length.

Array<string>
<= 256 items
allowed_sources
object
prefix
Prefix

IP Address prefix in string format. String must contain both prefix and prefix-length.

Array<string>
<= 256 items
denied_destinations
object
prefix
Prefix

IP Address prefix in string format. String must contain both prefix and prefix-length.

Array<string>
<= 256 items
denied_sources
object
prefix
Prefix

IP Address prefix in string format. String must contain both prefix and prefix-length.

Array<string>
<= 256 items
deny_all
object
rule_list
object
rules
List of Enhanced Firewall Policy Rules

Ordered List of Enhanced Firewall Policy Rules

Required: YES.

Array<object>
<= 128 items
Enhanced Firewall Policy Rule

Enhanced Firewall Policy rules definition.

object
advanced_action
object
action
string
default: NOLOG
Allowed values: NOLOG LOG
all_destinations
object
all_sli_vips
object
all_slo_vips
object
all_sources
object
all_tcp_traffic
object
all_traffic
object
all_udp_traffic
object
allow
object
applications
object
applications
Applications

Application protocols like HTTP, SNMP.

Array<string>
Allowed values: APPLICATION_HTTP APPLICATION_HTTPS APPLICATION_SNMP APPLICATION_DNS
deny
object
destination_aws_vpc_ids
object
vpc_id
AWS VPC List

List of VPC Identifiers in AWS Required: YES.

Array<string>
<= 256 items
destination_ip_prefix_set
object
ref
ref

A list of references to ip_prefix_set objects.

Array<object>
<= 1 items
ObjectRefType

This type establishes a ‘direct reference’ from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name for public API and Uid for private API This type of reference is called direct because the relation is explicit and concrete (as opposed to selector reference which builds a group based on labels of selectee objects)

object
kind
kind

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)

string
>= 12 characters <= 1024 characters
name
name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.

string
>= 6 characters <= 1024 characters
namespace
namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string
>= 6 characters <= 1024 characters
tenant
tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string
>= 6 characters <= 1024 characters
uid
uid

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.

string format: uuid
>= 36 characters <= 1024 characters
destination_label_selector
object
expressions
expressions

Expressions contains the Kubernetes style label expression for selections. Required: YES.

Array<string>
<= 1 items
destination_prefix_list
object
prefixes
ipv4 prefix list

List of IPv4 prefixes that represent an endpoint.

Array<string>
<= 128 items
insert_service
object
nfv_service
object
name
name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name. Required: YES.

string
>= 1 characters <= 128 characters
namespace
namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string
>= 6 characters <= 64 characters
tenant
tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string
>= 6 characters <= 64 characters
inside_destinations
object
inside_sources
object
label_matcher
object
keys
keys

The list of label key names that have to match.

Array<string>
<= 16 items
metadata
object
description
description

Human readable description.

string
>= 21 characters <= 256 characters
name
name

This is the name of the message. The value of name has to follow DNS-1035 format. Required: YES.

string
>= 1 characters <= 1024 characters
outside_destinations
object
outside_sources
object
protocol_port_range
object
port_ranges
ports

List of port ranges. Each range is a single port or a pair of start and end ports e.g. 8080-8192.

Array<string>
<= 128 items
protocol
protocol

Protocol in IP packet to be used as match criteria Values are TCP, UDP, and icmp.

string
<= 1024 characters
source_aws_vpc_ids
object
vpc_id
AWS VPC List

List of VPC Identifiers in AWS Required: YES.

Array<string>
<= 256 items
source_ip_prefix_set
object
ref
ref

A list of references to ip_prefix_set objects.

Array<object>
<= 1 items
ObjectRefType

This type establishes a ‘direct reference’ from one object(the referrer) to another(the referred). Such a reference is in form of tenant/namespace/name for public API and Uid for private API This type of reference is called direct because the relation is explicit and concrete (as opposed to selector reference which builds a group based on labels of selectee objects)

object
kind
kind

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then kind will hold the referred object’s kind (e.g. “route”)

string
>= 12 characters <= 1024 characters
name
name

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then name will hold the referred object’s(e.g. Route’s) name.

string
>= 6 characters <= 1024 characters
namespace
namespace

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then namespace will hold the referred object’s(e.g. Route’s) namespace.

string
>= 6 characters <= 1024 characters
tenant
tenant

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then tenant will hold the referred object’s(e.g. Route’s) tenant.

string
>= 6 characters <= 1024 characters
uid
uid

When a configuration object(e.g. Virtual_host) refers to another(e.g route) then uid will hold the referred object’s(e.g. Route’s) uid.

string format: uuid
>= 36 characters <= 1024 characters
source_label_selector
object
expressions
expressions

Expressions contains the Kubernetes style label expression for selections. Required: YES.

Array<string>
<= 1 items
source_prefix_list
object
prefixes
ipv4 prefix list

List of IPv4 prefixes that represent an endpoint.

Array<string>
<= 128 items

Responses

Section titled “Responses”

200

Section titled “200”

A successful response.

Media typeapplication/json
object
Examplegenerated
{}

401

Section titled “401”

Returned when operation is not authorized.

Media typeapplication/json
string format: string
Examplegenerated
example

403

Section titled “403”

Returned when there is no permission to access resource.

Media typeapplication/json
string format: string
Examplegenerated
example

404

Section titled “404”

Returned when resource is not found.

Media typeapplication/json
string format: string
Examplegenerated
example

409

Section titled “409”

Returned when operation on resource is conflicting with current value.

Media typeapplication/json
string format: string
Examplegenerated
example

429

Section titled “429”

Returned when operation has been rejected as it is happening too frequently.

Media typeapplication/json
string format: string
Examplegenerated
example

500

Section titled “500”

Returned when server encountered an error in processing API.

Media typeapplication/json
string format: string
Examplegenerated
example

503

Section titled “503”

Returned when service is unavailable temporarily.

Media typeapplication/json
string format: string
Examplegenerated
example

504

Section titled “504”

Returned when server timed out processing request.

Media typeapplication/json
string format: string
Examplegenerated
example