ves-io-schema-fast_acl_rule-API-Create

Examples of creating fast_acl_rule

Usecase:

Create fast-acl-rule-black-list-deny to deny traffic from source IPs defined black list by ves-io tenant

Request using vesctl:

vesctl configuration create fast_acl_rule -i fast_acl_rule.yaml

where file fast_acl_rule.yaml has following contents (fast_acl_rule.CreateRequest):

RequestJSON:

          {
    "metadata": {
        "name": "fast-acl-rule-black-list-deny",
        "namespace": "system"
    },
    "spec": {
        "action": {
            "simple_action": "DENY"
        },
        "ip_prefix_set": {
            "ref": [
                {
                    "kind": "ip_prefix_set",
                    "tenant": "ves-io",
                    "namespace": "shared",
                    "name": "ddos-black-list"
                }
            ]
        }
    }
}
        

vesctl yaml response:

ResponseJSON:

          {
    "metadata": {
        "name": "fast-acl-rule-black-list-deny",
        "namespace": "system",
        "labels": {},
        "annotations": {},
        "description": "",
        "disable": false
    },
    "system_metadata": {
        "uid": "40ed72f2-b779-456e-a1ba-fcda05bf850b",
        "creation_timestamp": "2024-03-21T14:05:20.755982Z",
        "deletion_timestamp": null,
        "modification_timestamp": null,
        "initializers": null,
        "finalizers": [],
        "tenant": "acmecorp",
        "creator_class": "examplesvc",
        "creator_id": "examplesvc",
        "object_index": 0,
        "owner_view": null,
        "labels": {}
    },
    "spec": {
        "action": {
            "simple_action": "DENY"
        },
        "port": [],
        "ip_prefix_set": {
            "ref": [
                {
                    "kind": "ip_prefix_set",
                    "uid": "ffffffff-ffff-ffff-ffff-ffffffffffff",
                    "tenant": "ves-io",
                    "namespace": "shared",
                    "name": "ddos-black-list"
                }
            ]
        }
    }
}
        

Request using curl:

          curl -X 'POST' -d '{"metadata":{"name":"fast-acl-rule-black-list-deny","namespace":"system"},"spec":{"action":{"simple_action":"DENY"},"ip_prefix_set":{"ref":[{"kind":"ip_prefix_set","tenant":"ves-io","namespace":"shared","name":"ddos-black-list"}]}}}' -H 'Content-Type: application/json' -H 'X-Volterra-Useragent: v1/pgm=_var_folders_2__8qnt6fwd5dvglr1xqq6l8b7w0000gp_T_go-build3109416560_b001_apidocs.test/host=C02FN35BMD6R/svc=S:examplesvc/site=mytestce01' 'https://acmecorp.console.ves.volterra.io/api/config/namespaces/system/fast_acl_rules'
        

curl response:

          HTTP/1.1 200 OK
Content-Length: 963
Content-Type: application/json
Date: Thu, 21 Mar 2024 14:05:20 GMT
Vary: Accept-Encoding

{
  "metadata": {
    "name": "fast-acl-rule-black-list-deny",
    "namespace": "system",
    "labels": {
    },
    "annotations": {
    },
    "description": "",
    "disable": false
  },
  "system_metadata": {
    "uid": "40ed72f2-b779-456e-a1ba-fcda05bf850b",
    "creation_timestamp": "2024-03-21T14:05:20.755982Z",
    "deletion_timestamp": null,
    "modification_timestamp": null,
    "initializers": null,
    "finalizers": [
    ],
    "tenant": "acmecorp",
    "creator_class": "examplesvc",
    "creator_id": "examplesvc",
    "object_index": 0,
    "owner_view": null,
    "labels": {
    }
  },
  "spec": {
    "action": {
      "simple_action": "DENY"
    },
    "port": [
    ],
    "ip_prefix_set": {
      "ref": [
        {
          "kind": "ip_prefix_set",
          "uid": "ffffffff-ffff-ffff-ffff-ffffffffffff",
          "tenant": "ves-io",
          "namespace": "shared",
          "name": "ddos-black-list"
        }
      ]
    }
  }
}
        

Usecase:

Create fast-acl-rule-white-list to accept traffic only from tenant created white list

Request using vesctl:

vesctl configuration create fast_acl_rule -i fast_acl_rule.yaml

where file fast_acl_rule.yaml has following contents (fast_acl_rule.CreateRequest):

RequestJSON:

          {
    "metadata": {
        "name": "fast-acl-rule-white-list",
        "namespace": "system"
    },
    "spec": {
        "action": {
            "simple_action": "ALLOW"
        },
        "ip_prefix_set": {
            "ref": [
                {
                    "kind": "ip_prefix_set",
                    "tenant": "acmecorp",
                    "namespace": "system",
                    "name": "acmecorp-white-list"
                }
            ]
        }
    }
}
        

vesctl yaml response:

ResponseJSON:

          {
    "metadata": {
        "name": "fast-acl-rule-white-list",
        "namespace": "system",
        "labels": {},
        "annotations": {},
        "description": "",
        "disable": false
    },
    "system_metadata": {
        "uid": "879892a3-0473-4891-a7d2-4003e52de701",
        "creation_timestamp": "2024-03-21T14:05:20.778653Z",
        "deletion_timestamp": null,
        "modification_timestamp": null,
        "initializers": null,
        "finalizers": [],
        "tenant": "acmecorp",
        "creator_class": "examplesvc",
        "creator_id": "examplesvc",
        "object_index": 0,
        "owner_view": null,
        "labels": {}
    },
    "spec": {
        "action": {
            "simple_action": "ALLOW"
        },
        "port": [],
        "ip_prefix_set": {
            "ref": [
                {
                    "kind": "ip_prefix_set",
                    "uid": "ffffffff-ffff-ffff-ffff-ffffffffffff",
                    "tenant": "acmecorp",
                    "namespace": "system",
                    "name": "acmecorp-white-list"
                }
            ]
        }
    }
}
        

Request using curl:

          curl -X 'POST' -d '{"metadata":{"name":"fast-acl-rule-white-list","namespace":"system"},"spec":{"action":{"simple_action":"ALLOW"},"ip_prefix_set":{"ref":[{"kind":"ip_prefix_set","tenant":"acmecorp","namespace":"system","name":"acmecorp-white-list"}]}}}' -H 'Content-Type: application/json' -H 'X-Volterra-Useragent: v1/pgm=_var_folders_2__8qnt6fwd5dvglr1xqq6l8b7w0000gp_T_go-build3109416560_b001_apidocs.test/host=C02FN35BMD6R/svc=S:examplesvc/site=mytestce01' 'https://acmecorp.console.ves.volterra.io/api/config/namespaces/system/fast_acl_rules'
        

curl response:

          HTTP/1.1 200 OK
Content-Length: 965
Content-Type: application/json
Date: Thu, 21 Mar 2024 14:05:20 GMT
Vary: Accept-Encoding

{
  "metadata": {
    "name": "fast-acl-rule-white-list",
    "namespace": "system",
    "labels": {
    },
    "annotations": {
    },
    "description": "",
    "disable": false
  },
  "system_metadata": {
    "uid": "879892a3-0473-4891-a7d2-4003e52de701",
    "creation_timestamp": "2024-03-21T14:05:20.778653Z",
    "deletion_timestamp": null,
    "modification_timestamp": null,
    "initializers": null,
    "finalizers": [
    ],
    "tenant": "acmecorp",
    "creator_class": "examplesvc",
    "creator_id": "examplesvc",
    "object_index": 0,
    "owner_view": null,
    "labels": {
    }
  },
  "spec": {
    "action": {
      "simple_action": "ALLOW"
    },
    "port": [
    ],
    "ip_prefix_set": {
      "ref": [
        {
          "kind": "ip_prefix_set",
          "uid": "ffffffff-ffff-ffff-ffff-ffffffffffff",
          "tenant": "acmecorp",
          "namespace": "system",
          "name": "acmecorp-white-list"
        }
      ]
    }
  }
}