Help Center/ Virtual Private Cloud/ API Reference/ API V3/ Port/ Adding a Security Group to the Security Group List of a Port

Updated on 2024-11-04 GMT+08:00

View PDF

Adding a Security Group to the Security Group List of a Port

Function

This API is used to add a security group to the security group list of a port.

URI

PUT /v3/{project_id}/ports/{port_id}/insert-security-groups

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
port_id	Yes	String	Unique identifier of a port.
project_id	Yes	String	Project ID. For details about how to obtain a project ID, see Obtaining a Project ID.

Request Parameters

**Table 2** Request body parameters
Parameter	Mandatory	Type	Description
port	Yes	InsertSecurityGroupOption object	Request body for inserting a security group to the security group list of a port.

**Table 3** InsertSecurityGroupOption
Parameter	Mandatory	Type	Description
security_groups	Yes	Array of strings	Security group IDs, for example, "security_groups": ["a0608cbf-d047-4f54-8b28-cd7b59853fff"].
index	No	Integer	Position that a security group is added to. The value starts from 0. Examples are as follows: To add a security group to the top of the associated security group list, set index to 0. To add a security group after the nth security group in the associated security group list, set index to n. By default, a security group is added to the end of the security group list associated with the port.

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
request_id	String	Request ID.
port	Port object	Response body for inserting a security group to the security group list of a port.

**Table 5** Port
Parameter	Type	Description
admin_state_up	Boolean	Administrative status. Value range: true or false Default value: true
binding:host_id	String	Host ID. Constraints: This parameter is visible only to administrators.
binding:profile	Object	User-defined settings.
binding:vif_details	Object	Details about the virtual interface. ovs_hybrid_plug specifies whether the OVS/bridge hybrid mode is used.
binding:vif_type	String	Interface type of the port. The value can be ovs, hw_veb, or others. This is an extended attribute. Constraints: This parameter is visible only to administrators.
binding:vnic_type	String	Type of the bound vNIC. The value can be: - normal: software switching. - direct: SR-IOV PCIe passthrough. direct is not supported.
created_at	String	Time when a port is created. The value is a UTC time in the format of yyyy-MM-ddTHH:mm:ss.
updated_at	String	Time when a port is created. The value is a UTC time in the format of yyyy-MM-ddTHH:mm:ss.
description	String	Supplementary information about a port. The value can contain up to 255 characters and cannot contain angle brackets (< or >).
device_id	String	ID of the device that a port belongs to. The value must be in standard UUID format. The system automatically sets this parameter.
device_owner	String	Device that a port belongs to, which can be a DHCP server, router, load balancer, or Nova.
ecs_flavor	String	Flavor of the ECS that the port belongs to.
id	String	Port ID, which uniquely identifies a port. The value must be in standard UUID format.
instance_id	String	ID of the instance that the port belongs to, for example, RDS instance ID. The system automatically sets this parameter.
instance_type	String	Type of the instance that the port belongs to, for example, RDS. The system automatically sets this parameter.
mac_address	String	MAC address.
name	String	Port name. The value can contain no more than 255 characters. This parameter is left blank by default.
port_security_enabled	Boolean	Whether the security option is enabled for the port. If the option is not enabled, the security group and DHCP snooping do not take effect. Value range: true or false
private_ips	Array of PrivateIpInfo objects	Private IP address of the port.
project_id	String	Project ID. The value must be in standard UUID format.
security_groups	Array of strings	Security groups associated with the port.
status	String	Port status. The value can be ACTIVE, BUILD, or DOWN.
tenant_id	String	Tenant ID. The value must be in standard UUID format.
virsubnet_id	String	Network ID. The value must be in standard UUID format.
vpc_id	String	VPC ID. The value must be in standard UUID format.
vpc_tenant_id	String	VPC tenant ID. The value must be in standard UUID format.
vtep_ip	String	VTEP IP address.
enable_efi	Boolean	Whether to enable efi. If efi is enabled, the port supports vRoCE. Value range: true or false Default value: false
scope	String	Application scope. The value can be: center: central AZs. {azId}: specific AZs. Default value: center
zone_id	String	AZ that the port belongs to.
binding:migration_info	Object	Destination node information, including the details defined by binding:vif_details and binding:vif_type.
extra_dhcp_opts	Array of ExtraDhcpOpt objects	Extended attributes of DHCP.
position_type	String	Location type in the edge scenario. Default value: center
instance_info	Object	Information about the instance bound to the port.
tags	Array of strings	Port tags.
allowed_address_pairs	Array of AllowAddressPair objects	IP address and MAC address pairs. Constraints: The IP address cannot be 0.0.0.0/0. Configure a dedicated security group for the port if allowed_address_pairs has a CIDR block with a netmask length less than 24. If the value of allowed_address_pairs is 1.1.1.1/0, the source/destination check is disabled. Set allowed_address_pairs of the cloud server NIC to 1.1.1.1/0.

**Table 6** PrivateIpInfo
Parameter	Type	Description
subnet_cidr_id	String	ID of the subnet where the port works.
ip_address	String	Private IP address of the port.

**Table 7** ExtraDhcpOpt
Parameter	Type	Description
opt_name	String	Option name.
opt_value	String	Option value.

**Table 8** AllowAddressPair
Parameter	Type	Description
ip_address	String	IP address. You cannot set it to 0.0.0.0. Configure a dedicated security group for the port if allowed_address_pairs has a CIDR block with a netmask length less than 24.
mac_address	String	MAC address.

Example Requests

Add a security group above the first security group (567be4e3-d171-46ce-9e8a-c15e91cfe86a) to the security group list (["567be4e3-d171-46ce-9e8a-c15e91cfe86a", "4940b983-5992-4663-bed9-d1d1e15d1009"]) associated with the port (99fd0c77-56b4-4bf6-8365-df352e45d5fc). Set index to 1.

PUT https://{Endpoint}/v3/f5dab68cd75740e68c599e9af5fe0aed/ports/99fd0c77-56b4-4bf6-8365-df352e45d5fc/insert-security-groups

{
  "port" : {
    "security_groups" : [ "8edd3747-ccd4-49a1-82b9-a165eec314b4", "6c2d4540-3b7d-4207-a319-a7231b439995" ],
    "index" : 1
  }
}

Example Responses

Status code: 200

Normal response to the PUT operation. For more status codes, see Status Codes.

{
  "port" : {
    "name" : "",
    "id" : "99fd0c77-56b4-4bf6-8365-df352e45d5fc",
    "admin_state_up" : true,
    "status" : "DOWN",
    "project_id" : "f5dab68cd75740e68c599e9af5fe0aed",
    "device_id" : "",
    "mac_address" : "fa:16:3e:1f:17:df",
    "device_owner" : "",
    "description" : "",
    "zone_id" : "",
    "scope" : "center",
    "position_type" : "center",
    "created_at" : "2023-05-10T01:35:02.000+00:00",
    "updated_at" : "2023-05-10T01:35:02.000+00:00",
    "port_security_enabled" : true,
    "tags" : [ ],
    "security_groups" : [ "567be4e3-d171-46ce-9e8a-c15e91cfe86a", "8edd3747-ccd4-49a1-82b9-a165eec314b4", "6c2d4540-3b7d-4207-a319-a7231b439995", "4940b983-5992-4663-bed9-d1d1e15d1009" ],
    "allowed_address_pairs" : [ ],
    "extra_dhcp_opts" : [ ],
    "instance_id" : "",
    "instance_type" : "",
    "ecs_flavor" : "",
    "enable_efi" : false,
    "virsubnet_id" : "3847b263-2370-45c0-8236-38a1de568049",
    "private_ips" : [ {
      "subnet_cidr_id" : "ffe98087-6d4f-45cd-988b-1c87f75d2d53",
      "ip_address" : "192.168.158.228"
    } ],
    "binding:host_id" : "",
    "binding:vif_type" : "unbound",
    "binding:vnic_type" : "normal",
    "binding:vif_details" : { },
    "binding:profile" : { },
    "binding:migration_info" : { }
  },
  "request_id" : "458691c0-7db2-43d8-9400-053800c5ff53"
}