Example 7: Creating an Access Policy
Scenario
This section describes how to create an access policy by calling an API.
Prerequisites
- You have created a P2C VPN gateway.
- You have created a VPN server and set the authentication mode of the server to password authentication. For details, see Creating a Server.
- You have determined the endpoint for calling APIs.
- You have obtained a user token if you need to use token authentication. In addition, you need to add X-Auth-Token to the request header when calling an API. For details about token authentication, see Authentication.
The token obtained through IAM is valid for only 24 hours. When using a token for authentication, cache it to avoid frequent calling.
Calling the APIs related to access policies is an asynchronous process. The configuration takes effect after a period of time. If you frequently perform operations on access policies within a short period of time, the queue may be congested due to limited performance, and the error message "VPN.0030, The system is busy, please try later." is returned. In this case, you need to wait for a while before calling the APIs again.
Data Preparation
Parameter |
Description |
Example Value |
---|---|---|
vpn_server_id |
Specifies the ID of a VPN server. |
0e325fb6-83b9-4004-a343-8b6fc714a5d9 |
user_group_id |
Specifies the ID of a user group. |
7625fd92-2e20-4e4d-8c56-66f110fbfaa8 |
Procedure
- Create an access policy.
- Send POST https://{endpoint}/v5/{project_id}/p2c-vpn-gateways/vpn-servers/{vpn_server_id}/access-policies. {vpn_server_id} specifies the ID of the created VPN server.
- Add X-Auth-Token to the request header.
- Specify the following parameters in the request body:
{ "access_policy": { "name": "policy-001", "user_group_id": "7625fd92-2e20-4e4d-8c56-66f110fbfaa8", "description": "AccessPolicy1", "dest_ip_cidrs": [ "172.16.0.0/24", "172.16.1.0/24" ] } }
- Check the response.
- The request is successful if the following response is displayed. In the response, id specifies the ID of the created user group.
{ "access_policy": { "id": "4f746482-a575-4e1f-9e80-5f6f69ff8588" }, "request_id": "1663cd8cacbb3497ebc88877e5a3ad89" }
- The request is successful if the following response is displayed. In the response, id specifies the ID of the created user group.
- Query the access policy.
- Send GET https://{endpoint}/v5/{project_id}/p2c-vpn-gateways/vpn-servers/{vpn_server_id}/access-policies/{policy_id}. {vpn_server_id} specifies the ID of the created VPN server. {policy_id} specifies the ID of the created access policy.
- Add X-Auth-Token to the request header.
- Check the response.
{ "access_policy": { "id": "4f746482-a575-4e1f-9e80-5f6f69ff8588", "name": "policy-001", "user_group_id": "7625fd92-2e20-4e4d-8c56-66f110fbfaa8", "user_group_name": "user-group1", "description": "AccessPolicy1", "dest_ip_cidrs": [ "172.16.0.0/24", "172.16.1.0/24" ], "created_at": "2024-06-17T13:32:19.57Z", "updated_at": "2024-06-17T13:32:19.57Z" }, "request_id": "85657002f01c35576606003cc36114ab" }
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot