Help Center> Virtual Private Cloud> API Reference> API V3> Ports> Adding a Security Group to a Security Group List of a Port

Updated on 2024-06-27 GMT+08:00

View PDF

Adding a Security Group to a Security Group List of a Port

Function

This API is used to add a security group to a security group list of a port.

URI

PUT /v3/{project_id}/ports/{port_id}/insert-security-groups

**Table 1** Parameter description
Parameter	Mandatory	Type	Description
port_id	Yes	String	Unique identifier of a port
project_id	Yes	String	Project ID

Request Parameters

**Table 2** Request body parameter
Parameter	Mandatory	Type	Description
port	Yes	InsertSecurityGroupOption object	Request body for adding a security group to a security group list of a port

**Table 3** InsertSecurityGroupOption
Parameter	Mandatory	Type	Description
security_groups	Yes	Array of strings	Security group IDs, for example, "security_groups": ["a0608cbf-d047-4f54-8b28-cd7b59853fff"]
index	No	Integer	Position that a security group is added to. The value starts from 0. Example: 1. To add a security group to the first of the associated security group list, set index to 0. 2. To add a security group after the nth security group in the associated security group list, set index to n. By default, a security group is added to the end of the security group list associated with the port.

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
request_id	String	Request ID
port	port object	Response body for adding a security group to a security group list of a port

**Table 5** port
Parameter	Type	Description
admin_state_up	Boolean	Administrative state The value can be true. Constraints: N/A Default value: true Permissions: N/A
binding:host_id	String	Host ID Value range: N/A This parameter is visible only to administrators. Default value: N/A Permissions: N/A
binding:profile	Object	User-defined settings Value range: N/A Constraints: N/A Default value: N/A Permissions: N/A
binding:vif_details	Object	VIF details. Parameter ovs_hybrid_plug specifies whether the OVS/bridge hybrid mode is used. Value range: N/A Constraints: N/A Default value: N/A Permissions: N/A
binding:vif_type	String	Interface type of the port. The value can be ovs, hw_veb, or others. This is an extended attribute. Value range: N/A This parameter is visible only to administrators. Default value: N/A Permissions: N/A
binding:vnic_type	String	Type of the bound vNIC. normal indicates software switching. direct indicates SR-IOV PCIe passthrough, which is not supported. The value can be normal or direct. Constraints: N/A Default value: N/A Permissions: N/A
created_at	String	Time when a port is created The value is a UTC time in the format of yyyy-MM-ddTHH:mmss. Constraints: N/A Default value: N/A Permissions: N/A
updated_at	String	Time when a port is updated. The value is a UTC time in the format of yyyy-MM-ddTHH:mmss. Constraints: N/A Default value: N/A Permissions: N/A
description	String	Supplementary information about a port The value can contain no more than 255 characters and cannot contain angle brackets (< or >). Constraints: N/A Default value: N/A Permissions: N/A
device_id	String	ID of the device that a port belongs to. The value must be in standard UUID format. The system automatically sets this parameter. Default value: N/A Permissions: N/A
device_owner	String	Belonged device, which can be a DHCP server, router, load balancer, or Nova. Value range: N/A Constraints: N/A Default value: N/A Permissions: N/A
ecs_flavor	String	Flavor of the ECS that the port belongs to Value range: N/A Constraints: N/A Default value: N/A Permissions: N/A
id	String	Unique identifier of a port The value must be in standard UUID format. Constraints: N/A Default value: N/A Permissions: N/A
instance_id	String	ID of the instance that the port belongs to, for example, RDS instance ID. Value range: N/A The system automatically sets this parameter. Default value: N/A Permissions: N/A
instance_type	String	Type of the instance that the port belongs to, for example, RDS. Value range: N/A The system automatically sets this parameter. Default value: N/A Permissions: N/A
mac_address	String	MAC address Value range: N/A Constraints: N/A Default value: N/A Permissions: N/A
name	String	Port name The value can contain no more than 255 characters. This parameter is left blank by default. Constraints: N/A Default value: N/A Permissions: N/A
port_security_enabled	Boolean	Whether the security option is enabled for the port. If the option is not enabled, the security group and DHCP snooping do not take effect. The value can be true or false. Constraints: N/A Default value: N/A Permissions: N/A
private_ips	Array of PrivateIpInfo objects	Private IP address of the port Value range: N/A Constraints: N/A Default value: N/A Permissions: N/A
project_id	String	Project ID The value must be in standard UUID format. Constraints: N/A Default value: N/A Permissions: N/A
security_groups	Array of strings	Security group Value range: N/A Constraints: N/A Default value: N/A Permissions: N/A
status	String	Port status The value can be ACTIVE, BUILD, or DOWN. Constraints: N/A Default value: N/A Permissions: N/A
tenant_id	String	Tenant ID The value must be in standard UUID format. Constraints: N/A Default value: N/A Permissions: N/A
virsubnet_id	String	Network ID The value must be in standard UUID format. Constraints: N/A Default value: N/A Permissions: N/A
vpc_id	String	VPC ID The value must be in standard UUID format. Constraints: N/A Default value: N/A Permissions: N/A
vpc_tenant_id	String	VPC tenant ID The value must be in standard UUID format. Constraints: N/A Default value: N/A Permissions: N/A
vtep_ip	String	VTEP IP address Value range: N/A Constraints: N/A Default value: N/A Permissions: N/A
enable_efi	Boolean	Whether to enable efi. If efi is enabled, the port supports vRoCE. The value can be true or false. Constraints: N/A Default value: false Permissions: N/A
scope	String	Application scope The value can be center or {azId}. center indicates that the scope is the center. {azId} indicates that the scope is a specific AZ. Constraints: N/A Default value: center Permissions: N/A
zone_id	String	AZ that the port belongs to Value range: N/A Constraints: N/A Default value: N/A Permissions: N/A
binding:migration_info	Object	Destination node information, including binding:vif_details and binding:vif_type Value range: N/A Constraints: N/A Default value: N/A Permissions: N/A
extra_dhcp_opts	Array of objects	Extended attributes of DHCP Value range: N/A Constraints: N/A Default value: N/A Permissions: N/A
position_type	String	Location type in the edge scenario Value range: N/A Constraints: N/A Default value: center Permissions: N/A
instance_info	Object	Information about the instance bound to the port Value range: N/A Constraints: N/A Default value: N/A Permissions: N/A
tags	Array of strings	Port tags Value range: N/A Constraints: N/A Default value: N/A Permissions: N/A
allowed_address_pairs	Array of AllowAddressPair objects	A set of zero or more allowed address pairs. An address pair consists of an IP address and a MAC address. Value range: N/A Constraints: The IP address cannot be 0.0.0.0/0. Configure a dedicated security group for the port if the parameter allowed_address_pairs has a large CIDR block (subnet mask less than 24). If the value of allowed_address_pairs is 1.1.1.1/0, the source/destination check is disabled. Set allowed_address_pairs of the cloud server NIC to 1.1.1.1/0. Default value: N/A Permissions: N/A

**Table 6** PrivateIpInfo
Parameter	Type	Description
ip_address	String	Port IP address
subnet_cidr_id	String	ID of the device that a port belongs to.

**Table 7** AllowAddressPair
Parameter	Type	Description
ip_address	String	IP address. You cannot set it to 0.0.0.0. Configure an independent security group for the port if parameter allowed_address_pairs has a CIDR block with a netmask length less than 24.
mac_address	String	MAC address

Example Request

Add a security group after the first security group (567be4e3-d171-46ce-9e8a-c15e91cfe86a) to the security group list (["567be4e3-d171-46ce-9e8a-c15e91cfe86a", "4940b983-5992-4663-bed9-d1d1e15d1009"]) associated with the port (99fd0c77-56b4-4bf6-8365-df352e45d5fc). Set index to 1.

PUT https://{Endpoint}/v3/f5dab68cd75740e68c599e9af5fe0aed/ports/99fd0c77-56b4-4bf6-8365-df352e45d5fc/insert-security-groups

{
  "port" : {
    "security_groups" : [ "8edd3747-ccd4-49a1-82b9-a165eec314b4", "6c2d4540-3b7d-4207-a319-a7231b439995" ],
    "index" : 1
  }
}

Example Response

Status code: 200

{
  "port" : {
    "name" : "",
    "id" : "99fd0c77-56b4-4bf6-8365-df352e45d5fc",
    "admin_state_up" : true,
    "status" : "DOWN",
    "project_id" : "f5dab68cd75740e68c599e9af5fe0aed",
    "device_id" : "",
    "mac_address" : "fa:16:3e:1f:17:df",
    "device_owner" : "",
    "description" : "",
    "vpc_id" : null,
    "zone_id" : "",
    "scope" : "center",
    "position_type" : "center",
    "vtep_ip" : null,
    "created_at" : "2023-05-10T01:35:02",
    "updated_at" : "2023-05-10T01:35:02",
    "port_security_enabled" : true,
    "tags" : [ ],
    "security_groups" : [ "567be4e3-d171-46ce-9e8a-c15e91cfe86a", "8edd3747-ccd4-49a1-82b9-a165eec314b4", "6c2d4540-3b7d-4207-a319-a7231b439995", "4940b983-5992-4663-bed9-d1d1e15d1009" ],
    "allowed_address_pairs" : [ ],
    "extra_dhcp_opts" : [ ],
    "instance_info" : null,
    "instance_id" : "",
    "instance_type" : "",
    "ecs_flavor" : "",
    "enable_efi" : false,
    "virsubnet_id" : "3847b263-2370-45c0-8236-38a1de568049",
    "private_ips" : [ {
      "subnet_cidr_id" : "ffe98087-6d4f-45cd-988b-1c87f75d2d53",
      "ip_address" : "192.168.158.228"
    } ],
    "vpc_tenant_id" : null,
    "binding:host_id" : "",
    "binding:vif_type" : "unbound",
    "binding:vnic_type" : "normal",
    "binding:vif_details" : { },
    "binding:profile" : { },
    "binding:migration_info" : { }
  },
  "request_id" : "458691c0-7db2-43d8-9400-053800c5ff53"
}