Help Center/ Virtual Private Cloud/ API Reference/ API V3/ Port/ Removing a Security Group from the Security Group List of a Port
Updated on 2024-11-04 GMT+08:00

Removing a Security Group from the Security Group List of a Port

Function

This API is used to remove a security group from the security group list of a port.

URI

PUT /v3/{project_id}/ports/{port_id}/remove-security-groups

Table 1 Path Parameters

Parameter

Mandatory

Type

Description

port_id

Yes

String

Unique identifier of a port.

project_id

Yes

String

Project ID.

For details about how to obtain a project ID, see Obtaining a Project ID.

Request Parameters

Table 2 Request body parameters

Parameter

Mandatory

Type

Description

port

Yes

RemoveSecurityGroupOption object

Request body for removing a security group from a security group list of a port.

Table 3 RemoveSecurityGroupOption

Parameter

Mandatory

Type

Description

security_groups

Yes

Array of strings

Security group IDs, for example, "security_groups": ["a0608cbf-d047-4f54-8b28-cd7b59853fff"].

Response Parameters

Status code: 200

Table 4 Response body parameters

Parameter

Type

Description

request_id

String

Request ID.

port

Port object

Response body for removing a security group from a security group list of a port.

Table 5 Port

Parameter

Type

Description

admin_state_up

Boolean

Administrative status.

Value range: true or false

Default value: true

binding:host_id

String

Host ID.

Constraints: This parameter is visible only to administrators.

binding:profile

Object

User-defined settings.

binding:vif_details

Object

Details about the virtual interface. ovs_hybrid_plug specifies whether the OVS/bridge hybrid mode is used.

binding:vif_type

String

Interface type of the port. The value can be ovs, hw_veb, or others. This is an extended attribute.

Constraints: This parameter is visible only to administrators.

binding:vnic_type

String

Type of the bound vNIC.

The value can be:

- normal: software switching.

- direct: SR-IOV PCIe passthrough. direct is not supported.

created_at

String

Time when a port is created.

The value is a UTC time in the format of yyyy-MM-ddTHH:mm:ss.

updated_at

String

Time when a port is created.

The value is a UTC time in the format of yyyy-MM-ddTHH:mm:ss.

description

String

Supplementary information about a port.

The value can contain up to 255 characters and cannot contain angle brackets (< or >).

device_id

String

ID of the device that a port belongs to.

The value must be in standard UUID format.

The system automatically sets this parameter.

device_owner

String

Device that a port belongs to, which can be a DHCP server, router, load balancer, or Nova.

ecs_flavor

String

Flavor of the ECS that the port belongs to.

id

String

Port ID, which uniquely identifies a port.

The value must be in standard UUID format.

instance_id

String

ID of the instance that the port belongs to, for example, RDS instance ID.

The system automatically sets this parameter.

instance_type

String

Type of the instance that the port belongs to, for example, RDS.

The system automatically sets this parameter.

mac_address

String

MAC address.

name

String

Port name.

The value can contain no more than 255 characters. This parameter is left blank by default.

port_security_enabled

Boolean

Whether the security option is enabled for the port. If the option is not enabled, the security group and DHCP snooping do not take effect.

Value range: true or false

private_ips

Array of PrivateIpInfo objects

Private IP address of the port.

project_id

String

Project ID.

The value must be in standard UUID format.

security_groups

Array of strings

Security groups associated with the port.

status

String

Port status.

The value can be ACTIVE, BUILD, or DOWN.

tenant_id

String

Tenant ID.

The value must be in standard UUID format.

virsubnet_id

String

Network ID.

The value must be in standard UUID format.

vpc_id

String

VPC ID.

The value must be in standard UUID format.

vpc_tenant_id

String

VPC tenant ID.

The value must be in standard UUID format.

vtep_ip

String

VTEP IP address.

enable_efi

Boolean

Whether to enable efi. If efi is enabled, the port supports vRoCE.

Value range: true or false

Default value: false

scope

String

Application scope.

The value can be:

  • center: central AZs.

  • {azId}: specific AZs.

    Default value: center

zone_id

String

AZ that the port belongs to.

binding:migration_info

Object

Destination node information, including the details defined by binding:vif_details and binding:vif_type.

extra_dhcp_opts

Array of ExtraDhcpOpt objects

Extended attributes of DHCP.

position_type

String

Location type in the edge scenario.

Default value: center

instance_info

Object

Information about the instance bound to the port.

tags

Array of strings

Port tags.

allowed_address_pairs

Array of AllowAddressPair objects

IP address and MAC address pairs.

Constraints:

  • The IP address cannot be 0.0.0.0/0.

  • Configure a dedicated security group for the port if allowed_address_pairs has a CIDR block with a netmask length less than 24.

  • If the value of allowed_address_pairs is 1.1.1.1/0, the source/destination check is disabled.

  • Set allowed_address_pairs of the cloud server NIC to 1.1.1.1/0.

Table 6 PrivateIpInfo

Parameter

Type

Description

subnet_cidr_id

String

ID of the subnet where the port works.

ip_address

String

Private IP address of the port.

Table 7 ExtraDhcpOpt

Parameter

Type

Description

opt_name

String

Option name.

opt_value

String

Option value.

Table 8 AllowAddressPair

Parameter

Type

Description

ip_address

String

  • IP address.

    • You cannot set it to 0.0.0.0.

    • Configure a dedicated security group for the port if allowed_address_pairs has a CIDR block with a netmask length less than 24.

mac_address

String

  • MAC address.

Example Requests

Remove security groups (8edd3747-ccd4-49a1-82b9-a165eec314b4 and 6c2d4540-3b7d-4207-a319-a7231b439995) associated with the port (99fd0c77-56b4-4bf6-8365-df352e45d5fc).

PUT https://{Endpoint}/v3/f5dab68cd75740e68c599e9af5fe0aed/ports/99fd0c77-56b4-4bf6-8365-df352e45d5fc/remove-security-groups

{
  "port" : {
    "security_groups" : [ "8edd3747-ccd4-49a1-82b9-a165eec314b4", "6c2d4540-3b7d-4207-a319-a7231b439995" ]
  }
}

Example Responses

Status code: 200

Normal response to the PUT operation. For more status codes, see Status Codes.

{
  "port" : {
    "name" : "",
    "id" : "99fd0c77-56b4-4bf6-8365-df352e45d5fc",
    "admin_state_up" : true,
    "status" : "DOWN",
    "project_id" : "f5dab68cd75740e68c599e9af5fe0aed",
    "device_id" : "",
    "mac_address" : "fa:16:3e:1f:17:df",
    "device_owner" : "",
    "description" : "",
    "zone_id" : "",
    "scope" : "center",
    "position_type" : "center",
    "created_at" : "2023-05-10T01:35:02.000+00:00",
    "updated_at" : "2023-05-10T01:35:02.000+00:00",
    "port_security_enabled" : true,
    "tags" : [ ],
    "security_groups" : [ "567be4e3-d171-46ce-9e8a-c15e91cfe86a", "4940b983-5992-4663-bed9-d1d1e15d1009" ],
    "allowed_address_pairs" : [ ],
    "extra_dhcp_opts" : [ ],
    "instance_id" : "",
    "instance_type" : "",
    "ecs_flavor" : "",
    "enable_efi" : false,
    "virsubnet_id" : "3847b263-2370-45c0-8236-38a1de568049",
    "private_ips" : [ {
      "subnet_cidr_id" : "ffe98087-6d4f-45cd-988b-1c87f75d2d53",
      "ip_address" : "192.168.158.228"
    } ],
    "binding:host_id" : "",
    "binding:vif_type" : "unbound",
    "binding:vnic_type" : "normal",
    "binding:vif_details" : { },
    "binding:profile" : { },
    "binding:migration_info" : { }
  },
  "request_id" : "abd08c76-c853-4967-a898-12804330efab"
}

Status Codes

Status Code

Description

200

Normal response to the PUT operation. For more status codes, see Status Codes.

Error Codes

See Error Codes.