ves-io-schema-fast_acl_rule-API-Create

Examples of creating fastaclrule

Usecase:

Create fast-acl-rule-black-list-deny to deny traffic from source IPs defined black list by ves-io tenant

Request using vesctl:

vesctl configuration create fast_acl_rule -i fast_acl_rule.yaml

where file fastaclrule.yaml has following contents (fastaclrule.CreateRequest):

metadata:
  name: fast-acl-rule-black-list-deny
  namespace: system
spec:
  action:
    simpleAction: DENY
  ipPrefixSet:
    ref:
    - kind: ip_prefix_set
      name: ddos-black-list
      namespace: shared
      tenant: ves-io

vesctl yaml response:

metadata:
  annotations: {}
  labels: {}
  name: fast-acl-rule-black-list-deny
  namespace: system
spec:
  action:
    simpleAction: DENY
  ipPrefixSet:
    ref:
    - kind: ip_prefix_set
      name: ddos-black-list
      namespace: shared
      tenant: ves-io
      uid: ffffffff-ffff-ffff-ffff-ffffffffffff
  port: []
systemMetadata:
  creationTimestamp: "2020-05-15T10:52:38.026012519Z"
  creatorClass: examplesvc.ves.io
  finalizers: []
  tenant: acmecorp
  uid: 869a013c-1bf7-45a0-b0b0-e3da3f7ba49a

Request using curl:

curl -X 'POST' -d '{"metadata":{"name":"fast-acl-rule-black-list-deny","namespace":"system"},"spec":{"action":{"simpleAction":"DENY"},"ipPrefixSet":{"ref":[{"kind":"ip_prefix_set","tenant":"ves-io","namespace":"shared","name":"ddos-black-list"}]}}}' -H 'Content-Type: application/json' -H 'X-Volterra-Useragent: v1/pgm=_tmp_go-build144460626_b001_apidocs.test/host=docker-desktop' 'https://acmecorp.console.ves.volterra.io/api/config/namespaces/system/fast_acl_rules'

curl response:

HTTP/1.1 200 OK
Content-Length: 940
Content-Type: application/json
Date: Fri, 15 May 2020 10:52:38 GMT
Vary: Accept-Encoding

{
  "metadata": {
    "name": "fast-acl-rule-black-list-deny",
    "namespace": "system",
    "labels": {
    },
    "annotations": {
    },
    "description": "",
    "disable": false
  },
  "system_metadata": {
    "uid": "869a013c-1bf7-45a0-b0b0-e3da3f7ba49a",
    "creation_timestamp": "2020-05-15T10:52:38.026012519Z",
    "deletion_timestamp": null,
    "modification_timestamp": null,
    "initializers": null,
    "finalizers": [
    ],
    "tenant": "acmecorp",
    "creator_class": "examplesvc.ves.io",
    "creator_id": "",
    "object_index": 0,
    "owner_view": null
  },
  "spec": {
    "action": {
      "simple_action": "DENY"
    },
    "port": [
    ],
    "ip_prefix_set": {
      "ref": [
        {
          "kind": "ip_prefix_set",
          "uid": "ffffffff-ffff-ffff-ffff-ffffffffffff",
          "tenant": "ves-io",
          "namespace": "shared",
          "name": "ddos-black-list"
        }
      ]
    }
  }
}

Usecase:

Create fast-acl-rule-white-list to accept traffic only from tenant created white list

Request using vesctl:

vesctl configuration create fast_acl_rule -i fast_acl_rule.yaml

where file fastaclrule.yaml has following contents (fastaclrule.CreateRequest):

metadata:
  name: fast-acl-rule-white-list
  namespace: system
spec:
  action:
    simpleAction: ALLOW
  ipPrefixSet:
    ref:
    - kind: ip_prefix_set
      name: acmecorp-white-list
      namespace: system
      tenant: acmecorp

vesctl yaml response:

metadata:
  annotations: {}
  labels: {}
  name: fast-acl-rule-white-list
  namespace: system
spec:
  action:
    simpleAction: ALLOW
  ipPrefixSet:
    ref:
    - kind: ip_prefix_set
      name: acmecorp-white-list
      namespace: system
      tenant: acmecorp
      uid: ffffffff-ffff-ffff-ffff-ffffffffffff
  port: []
systemMetadata:
  creationTimestamp: "2020-05-15T10:52:38.032475084Z"
  creatorClass: examplesvc.ves.io
  finalizers: []
  tenant: acmecorp
  uid: b7d10baa-c993-48ea-a7ca-6fa40e9cb8a9

Request using curl:

curl -X 'POST' -d '{"metadata":{"name":"fast-acl-rule-white-list","namespace":"system"},"spec":{"action":{"simpleAction":"ALLOW"},"ipPrefixSet":{"ref":[{"kind":"ip_prefix_set","tenant":"acmecorp","namespace":"system","name":"acmecorp-white-list"}]}}}' -H 'Content-Type: application/json' -H 'X-Volterra-Useragent: v1/pgm=_tmp_go-build144460626_b001_apidocs.test/host=docker-desktop' 'https://acmecorp.console.ves.volterra.io/api/config/namespaces/system/fast_acl_rules'

curl response:

HTTP/1.1 200 OK
Content-Length: 942
Content-Type: application/json
Date: Fri, 15 May 2020 10:52:38 GMT
Vary: Accept-Encoding

{
  "metadata": {
    "name": "fast-acl-rule-white-list",
    "namespace": "system",
    "labels": {
    },
    "annotations": {
    },
    "description": "",
    "disable": false
  },
  "system_metadata": {
    "uid": "b7d10baa-c993-48ea-a7ca-6fa40e9cb8a9",
    "creation_timestamp": "2020-05-15T10:52:38.032475084Z",
    "deletion_timestamp": null,
    "modification_timestamp": null,
    "initializers": null,
    "finalizers": [
    ],
    "tenant": "acmecorp",
    "creator_class": "examplesvc.ves.io",
    "creator_id": "",
    "object_index": 0,
    "owner_view": null
  },
  "spec": {
    "action": {
      "simple_action": "ALLOW"
    },
    "port": [
    ],
    "ip_prefix_set": {
      "ref": [
        {
          "kind": "ip_prefix_set",
          "uid": "ffffffff-ffff-ffff-ffff-ffffffffffff",
          "tenant": "acmecorp",
          "namespace": "system",
          "name": "acmecorp-white-list"
        }
      ]
    }
  }
}