Updated on 2022-12-05 GMT+08:00

Creating an Access Control Policy

Function

This API is used to create an access control policy to allow or deny API access from certain IP addresses or tenants. The acl_value value of a domain is a tenant name rather than a domain name (such as www.exampleDomain.com).

URI

POST /v2/{project_id}/apic/instances/{instance_id}/acls

Table 1 Path parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID. For details about how to obtain the project ID, see Appendix > Obtaining a Project ID in the ROMA Connect API Reference.

instance_id

Yes

String

Instance ID.

Request Parameters

Table 2 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

User token, which can be obtained by calling the IAM API (value of X-Subject-Token in the response header).

Table 3 Request body parameters

Parameter

Mandatory

Type

Description

acl_name

Yes

String

Access control policy name. The value contains 3 to 64 characters, including letters, digits, and underscores (_). It must start with a letter.

NOTE:

Characters must be in UTF-8 or Unicode format.

acl_type

Yes

String

Access control type.

  • PERMIT (whitelist)

  • DENY (blacklist)

acl_value

Yes

String

One or more objects from which the access will be controlled. Separate multiple objects with commas.

entity_type

Yes

String

Object type.

  • IP

  • DOMAIN

Response Parameters

Status code: 201

Table 4 Response body parameters

Parameter

Type

Description

acl_name

String

Name.

acl_type

String

Type.

  • PERMIT (whitelist)

  • DENY (blacklist)

acl_value

String

Access control objects.

entity_type

String

Object type.

  • IP

  • DOMAIN

id

String

ID.

update_time

String

Update time.

Status code: 400

Table 5 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error description.

Status code: 401

Table 6 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error description.

Status code: 403

Table 7 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error description.

Status code: 404

Table 8 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error description.

Status code: 500

Table 9 Response body parameters

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error description.

Example Requests

{
  "acl_name" : "acl_demo",
  "acl_type" : "PERMIT",
  "acl_value" : "192.168.1.5,192.168.10.1",
  "entity_type" : "IP"
}

Example Responses

Status code: 201

Created

{
  "id" : "7eb619ecf2a24943b099833cd24a01ba",
  "acl_name" : "acl_demo",
  "entity_type" : "IP",
  "acl_type" : "PERMIT",
  "acl_value" : "192.168.1.5,192.168.10.1",
  "update_time" : "2020-08-04T08:42:43.461276217Z"
}

Status code: 400

Bad Request

{
  "error_code" : "APIG.2011",
  "error_msg" : "Invalid parameter value,parameterName:acl_type. Please refer to the support documentation"
}

Status code: 401

Unauthorized

{
  "error_code" : "APIG.1002",
  "error_msg" : "Incorrect token or token resolution failed"
}

Status code: 403

Forbidden

{
  "error_code" : "APIG.1005",
  "error_msg" : "No permissions to request this method"
}

Status code: 404

Not Found

{
  "error_code" : "APIG.3030",
  "error_msg" : "The instance does not exist;id:f0fa1789-3b76-433b-a787-9892951c620e"
}

Status code: 500

Internal Server Error

{
  "error_code" : "APIG.9999",
  "error_msg" : "System error"
}

Status Codes

Status Code

Description

201

Created

400

Bad Request

401

Unauthorized

403

Forbidden

404

Not Found

500

Internal Server Error

Error Codes

See Error Codes.