Security Group¶
Security Group controls inbound and outbound traffic for Server Instance.
You can create Security Group and Security Group Rule by following steps.
Create Security Group¶
You can create a Security Group from the following API calls. See Security Group for more information on the API.
$ curl -sS \
-H "Content-Type: application/json" \
-H "X-Auth-Token: {TOKEN}" \
-X POST -d @security_group.json {api_endpoint}/v2.0/security-groups
- Sample Request Body (security_group.json)
{
"security_group": {
"description": "Example security group 1 description.",
"name": "Example security group 1",
"tags": {},
"tenant_id": "6c0bdafab1914ab2b2b6c415477defc7"
}
}
- Sample Response Body
{
"security_group": {
"description": "Example security group 1 description.",
"id": "21b9fd0d-38c7-472d-9912-ae1079866a3a",
"name": "Example security group 1",
"security_group_rules": [],
"status": "PENDING_CREATE",
"tags": {},
"tenant_id": "6c0bdafab1914ab2b2b6c415477defc7"
}
}
The id parameter in Response is the uuid of Security Group and is used as the security_group_id parameter in Create Security Group Rule and Apply Security Group to Port.
Create Security Group Rule¶
You can create a Security Group Rule from the following API calls. See Security Group Rule for more information on the API.
$ curl -sS \
-H "Content-Type: application/json" \
-H "X-Auth-Token: {TOKEN}" \
-X POST -d @security_group_rule.json {api_endpoint}/v2.0/security-group-rules
- Sample Request Body (security_group_rule.json)
{
"security_group_rule": {
"description": "Example security group rule 1 description.",
"direction": "ingress",
"ethertype": "IPv4",
"port_range_max": 65535,
"port_range_min": 0,
"protocol": "any",
"remote_ip_prefix": "192.168.100.0/24",
"security_group_id": "21b9fd0d-38c7-472d-9912-ae1079866a3a",
"tenant_id": "6c0bdafab1914ab2b2b6c415477defc7"
}
}
- Sample Response Body
{
"security_group_rule": {
"description": "Example security group rule 1 description.",
"direction": "ingress",
"ethertype": "IPv4",
"id": "ea9a61c9-1e47-42f5-81b2-35ab4b2ce461",
"port_range_max": 65535,
"port_range_min": 0,
"protocol": "any",
"remote_group_id": null,
"remote_ip_prefix": "192.168.100.0/24",
"security_group_id": "21b9fd0d-38c7-472d-9912-ae1079866a3a",
"tenant_id": "6c0bdafab1914ab2b2b6c415477defc7"
}
}
Show Security Group¶
You can show details for a Security Group from the following API calls. See Security Group for more information on the API.
$ curl -sS \
-H "Content-Type: application/json" \
-H "X-Auth-Token: {TOKEN}" \
-X GET {api_endpoint}/v2.0/security-groups/{security_group_id}
- Sample Response Body
{
"security_group": {
"description": "Example security group 1 description.",
"id": "21b9fd0d-38c7-472d-9912-ae1079866a3a",
"name": "Example security group 1",
"security_group_rules": [
{
"description": "Example security group rule 1 description.",
"direction": "ingress",
"ethertype": "IPv4",
"id": "ea9a61c9-1e47-42f5-81b2-35ab4b2ce461",
"port_range_max": 65535,
"port_range_min": 0,
"protocol": "any",
"remote_group_id": null,
"remote_ip_prefix": "192.168.100.0/24",
"security_group_id": "21b9fd0d-38c7-472d-9912-ae1079866a3a",
"tenant_id": "6c0bdafab1914ab2b2b6c415477defc7"
}
],
"status": "ACTIVE",
"tags": {},
"tenant_id": "6c0bdafab1914ab2b2b6c415477defc7"
}
}
Apply Security Group to Port¶
You can apply Security Group to Port from the following API calls (Update Port). See Port for more information on the API.
$ curl -sS \
-H "Content-Type: application/json" \
-H "X-Auth-Token: {TOKEN}" \
-X PUT -d @update_port.json {api_endpoint}/v2.0//ports/{port_id}
- Sample Request Body (update_port.json)
{
"port": {
"security_groups": [
"fab0f28f-d3cb-49b2-840e-d6c00d75d27c"
]
}
}
- Sample Response Body
{
"port": {
"admin_state_up": true,
"allowed_address_pairs": [],
"description": "Example port 1 description.",
"device_id": "0a93a32e-4137-4689-bcc7-0da8ee7fa74d",
"device_owner": "compute:zone1-groupa",
"fixed_ips": [
{
"ip_address": "192.168.10.11",
"subnet_id": "2e0a6111-7a8a-44e2-a60a-6c5aaa0225f6"
}
],
"id": "feed7fde-df0d-4bd8-a951-a93f4bf2cc5a",
"mac_address": "fa:16:3e:37:83:e6",
"name": "Example port 1",
"network_id": "0389b606-bef6-48b5-9a04-802ff0a80bc9",
"security_groups": [
"fab0f28f-d3cb-49b2-840e-d6c00d75d27c"
],
"segmentation_id": 0,
"segmentation_type": "flat",
"status": "PENDING_UPDATE",
"tags": {},
"tenant_id": "6c0bdafab1914ab2b2b6c415477defc7"
}
}