ves-io-schema-fast_acl-API-Create

Examples of creating fast_acl

Usecase:

Create acmecrop-fast-acl to allow access to all VIPs in site from white list

Request using vesctl:

vesctl configuration create fast_acl -i fast_acl.yaml

where file fastacl.yaml has following contents (fastacl.CreateRequest):

metadata:
  name: acmecorp-fast-acl
  namespace: system
spec:
  destinationType:
    vipServices: {}
  networkType:
    siteLocal: {}
  sourceRules:
  - kind: fast_acl_rule
    name: fast-acl-rule-white-list
    namespace: system
    tenant: acmecorp

vesctl yaml response:

metadata:
  annotations: {}
  labels: {}
  name: acmecorp-fast-acl
  namespace: system
spec:
  defaultProtocolPolicer: []
  destinationType:
    vipServices: {}
  networkType:
    siteLocal: {}
  sourceRules:
  - kind: fast_acl_rule
    name: fast-acl-rule-white-list
    namespace: system
    tenant: acmecorp
    uid: ffffffff-ffff-ffff-ffff-ffffffffffff
systemMetadata:
  creationTimestamp: "2020-05-15T10:52:37.273370073Z"
  creatorClass: examplesvc.ves.io
  finalizers: []
  tenant: acmecorp
  uid: ea63fef7-5bbf-4660-8886-593d6896686b

Request using curl:

curl -X 'POST' -d '{"metadata":{"name":"acmecorp-fast-acl","namespace":"system"},"spec":{"networkType":{"siteLocal":{}},"destinationType":{"vipServices":{}},"sourceRules":[{"kind":"fast_acl_rule","tenant":"acmecorp","namespace":"system","name":"fast-acl-rule-white-list"}]}}' -H 'Content-Type: application/json' -H 'X-Volterra-Useragent: v1/pgm=_tmp_go-build144460626_b001_apidocs.test/host=docker-desktop' 'https://acmecorp.console.ves.volterra.io/api/config/namespaces/system/fast_acls'

curl response:

HTTP/1.1 200 OK
Content-Length: 994
Content-Type: application/json
Date: Fri, 15 May 2020 10:52:37 GMT
Vary: Accept-Encoding

{
  "metadata": {
    "name": "acmecorp-fast-acl",
    "namespace": "system",
    "labels": {
    },
    "annotations": {
    },
    "description": "",
    "disable": false
  },
  "system_metadata": {
    "uid": "ea63fef7-5bbf-4660-8886-593d6896686b",
    "creation_timestamp": "2020-05-15T10:52:37.273370073Z",
    "deletion_timestamp": null,
    "modification_timestamp": null,
    "initializers": null,
    "finalizers": [
    ],
    "tenant": "acmecorp",
    "creator_class": "examplesvc.ves.io",
    "creator_id": "",
    "object_index": 0,
    "owner_view": null
  },
  "spec": {
    "network_type": {
      "site_local": {

      }
    },
    "destination_type": {
      "vip_services": {

      }
    },
    "source_rules": [
      {
        "kind": "fast_acl_rule",
        "uid": "ffffffff-ffff-ffff-ffff-ffffffffffff",
        "tenant": "acmecorp",
        "namespace": "system",
        "name": "fast-acl-rule-white-list"
      }
    ],
    "default_protocol_policer": [
    ]
  }
}

Usecase:

Create fast-acl-1234vip to protect single destination IP

Request using vesctl:

vesctl configuration create fast_acl -i fast_acl.yaml

where file fastacl.yaml has following contents (fastacl.CreateRequest):

metadata:
  name: fast-acl-1234vip
  namespace: system
spec:
  destinationType:
    destinationIpAddress:
      address:
      - ipv4:
          addr: 1.2.3.4/32
      ports:
      - all: {}
      protocol: TCP
  networkType:
    siteLocal: {}
  sourceRules:
  - kind: fast_acl_rule
    name: fast-acl-1234vip-rule1
    namespace: system
    tenant: acmecorp
  - kind: fast_acl_rule
    name: fast-acl-1234vip-rule2
    namespace: system
    tenant: acmecorp

vesctl yaml response:

metadata:
  annotations: {}
  labels: {}
  name: fast-acl-1234vip
  namespace: system
spec:
  defaultProtocolPolicer: []
  destinationType:
    destinationIpAddress:
      address:
      - ipv4:
          addr: 1.2.3.4/32
      ports:
      - all: {}
      protocol: TCP
  networkType:
    siteLocal: {}
  sourceRules:
  - kind: fast_acl_rule
    name: fast-acl-1234vip-rule1
    namespace: system
    tenant: acmecorp
    uid: ffffffff-ffff-ffff-ffff-ffffffffffff
  - kind: fast_acl_rule
    name: fast-acl-1234vip-rule2
    namespace: system
    tenant: acmecorp
    uid: ffffffff-ffff-ffff-ffff-ffffffffffff
systemMetadata:
  creationTimestamp: "2020-05-15T10:52:37.276838870Z"
  creatorClass: examplesvc.ves.io
  finalizers: []
  tenant: acmecorp
  uid: 48ca390e-a61b-4648-a433-8689c19279ec

Request using curl:

curl -X 'POST' -d '{"metadata":{"name":"fast-acl-1234vip","namespace":"system"},"spec":{"networkType":{"siteLocal":{}},"destinationType":{"destinationIpAddress":{"address":[{"ipv4":{"addr":"1.2.3.4/32"}}],"ports":[{"all":{}}],"protocol":"TCP"}},"sourceRules":[{"kind":"fast_acl_rule","tenant":"acmecorp","namespace":"system","name":"fast-acl-1234vip-rule1"},{"kind":"fast_acl_rule","tenant":"acmecorp","namespace":"system","name":"fast-acl-1234vip-rule2"}]}}' -H 'Content-Type: application/json' -H 'X-Volterra-Useragent: v1/pgm=_tmp_go-build144460626_b001_apidocs.test/host=docker-desktop' 'https://acmecorp.console.ves.volterra.io/api/config/namespaces/system/fast_acls'

curl response:

HTTP/1.1 200 OK
Content-Type: application/json
Date: Fri, 15 May 2020 10:52:37 GMT
Vary: Accept-Encoding

{
  "metadata": {
    "name": "fast-acl-1234vip",
    "namespace": "system",
    "labels": {
    },
    "annotations": {
    },
    "description": "",
    "disable": false
  },
  "system_metadata": {
    "uid": "48ca390e-a61b-4648-a433-8689c19279ec",
    "creation_timestamp": "2020-05-15T10:52:37.276838870Z",
    "deletion_timestamp": null,
    "modification_timestamp": null,
    "initializers": null,
    "finalizers": [
    ],
    "tenant": "acmecorp",
    "creator_class": "examplesvc.ves.io",
    "creator_id": "",
    "object_index": 0,
    "owner_view": null
  },
  "spec": {
    "network_type": {
      "site_local": {

      }
    },
    "destination_type": {
      "destination_ip_address": {
        "address": [
          {
            "ipv4": {
              "addr": "1.2.3.4/32"
            }
          }
        ],
        "ports": [
          {
            "all": {

            }
          }
        ],
        "protocol": "TCP"
      }
    },
    "source_rules": [
      {
        "kind": "fast_acl_rule",
        "uid": "ffffffff-ffff-ffff-ffff-ffffffffffff",
        "tenant": "acmecorp",
        "namespace": "system",
        "name": "fast-acl-1234vip-rule1"
      },
      {
        "kind": "fast_acl_rule",
        "uid": "ffffffff-ffff-ffff-ffff-ffffffffffff",
        "tenant": "acmecorp",
        "namespace": "system",
        "name": "fast-acl-1234vip-rule2"
      }
    ],
    "default_protocol_policer": [
    ]
  }
}