2cd41cb7a4
As Sam Harwell noticed, the slash should be outside of the parameter tags for /fw/firewall_policies/firewall_policy-id/remove_rule. This is a followup to change I174f5d6ca5291bff88c1b8350b48f5d97daf4c34. Change-Id: I5f30b4d2ac65efff604ee5e424060805e7cf30e5 Related-Bug: #1265927
1372 lines
56 KiB
XML
1372 lines
56 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<!DOCTYPE section [
|
|
<!-- Some useful entities borrowed from HTML -->
|
|
<!ENTITY ndash "–">
|
|
<!ENTITY mdash "—">
|
|
<!ENTITY hellip "…">
|
|
<!ENTITY plusmn "±">
|
|
|
|
<!-- Useful for describing APIs -->
|
|
<!ENTITY GET '<command xmlns="http://docbook.org/ns/docbook">GET</command>'>
|
|
<!ENTITY PUT '<command xmlns="http://docbook.org/ns/docbook">PUT</command>'>
|
|
<!ENTITY POST '<command xmlns="http://docbook.org/ns/docbook">POST</command>'>
|
|
<!ENTITY DELETE '<command xmlns="http://docbook.org/ns/docbook">DELETE</command>'>
|
|
|
|
<!ENTITY CHECK '<inlinemediaobject xmlns="http://docbook.org/ns/docbook">
|
|
<imageobject>
|
|
<imagedata fileref="figures/Check_mark_23x20_02.svg"
|
|
format="SVG" scale="60"/>
|
|
</imageobject>
|
|
</inlinemediaobject>'>
|
|
|
|
<!ENTITY ARROW '<inlinemediaobject xmlns="http://docbook.org/ns/docbook">
|
|
<imageobject>
|
|
<imagedata fileref="figures/Arrow_east.svg"
|
|
format="SVG" scale="60"/>
|
|
</imageobject>
|
|
</inlinemediaobject>'>
|
|
]>
|
|
<section xmlns="http://docbook.org/ns/docbook"
|
|
xmlns:xlink="http://www.w3.org/1999/xlink"
|
|
xmlns:xi="http://www.w3.org/2001/XInclude"
|
|
xmlns:svg="http://www.w3.org/2000/svg"
|
|
xmlns:m="http://www.w3.org/1998/Math/MathML"
|
|
xmlns:html="http://www.w3.org/1999/xhtml"
|
|
xmlns:db="http://docbook.org/ns/docbook" version="5.0"
|
|
status="final" xml:id="fwaas_ext">
|
|
|
|
<title>Firewall as a Service (FWaaS) Extension</title>
|
|
<para>The FWaaS extension provides OpenStack users
|
|
with the ability to deploy firewalls to protect
|
|
their networks.
|
|
|
|
The current features provided by the FWaaS extension are:
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>Apply firewall rules on traffic entering and leaving
|
|
tenant networks.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Support for applying tcp, udp, icmp, or protocol agnostic
|
|
rules.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Creation and sharing of firewall policies which hold an
|
|
ordered collection of the firewall rules.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Ability to audit firewall rules and policies.</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</para>
|
|
|
|
<para>This extension introduces new resources:
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para><emphasis role="bold">firewall</emphasis>: represents
|
|
a logical firewall resource that a tenant can instantiate
|
|
and manage. A firewall is associated with one firewall_policy.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para><emphasis role="bold">firewall_policy</emphasis>: is an
|
|
ordered collection of firewall_rules. A firewall_policy can
|
|
be shared across tenants. Thus it can also be made part of
|
|
an audit workflow wherein the firewall_policy can be audited
|
|
by the relevant entity that is authorized (and can be
|
|
different from the tenants which create or use the
|
|
firewall_policy).
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para><emphasis role="bold">firewall_rule</emphasis>: represents
|
|
a collection of attributes like ports, ip addresses which
|
|
define match criteria and action (allow, or deny) that needs
|
|
to be taken on the matched data traffic.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</para>
|
|
|
|
<?hard-pagebreak?>
|
|
|
|
<section xml:id="fwaas_ext_ops_firewall_rule">
|
|
<title>Firewall Rule Operations</title>
|
|
<para>This section discusses operations for managing a Firewall Rule
|
|
through this extension.
|
|
</para>
|
|
|
|
<table rules="all">
|
|
<caption>Firewall Rule Attributes</caption>
|
|
<col width="20%"/>
|
|
<col width="8%"/>
|
|
<col width="10%"/>
|
|
<col width="7%"/>
|
|
<col width="15%"/>
|
|
<col width="15%"/>
|
|
<col width="25%"/>
|
|
<thead>
|
|
<tr>
|
|
<th>Attribute</th>
|
|
<th>Type</th>
|
|
<th>Required</th>
|
|
<th>CRUD
|
|
<footnote xml:id="fwaas_rule_crud_note">
|
|
<para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para><emphasis role="bold">C</emphasis>. Use the attribute in create operations.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para><emphasis role="bold">R</emphasis>. This attribute is returned in response to show and list operations.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para><emphasis role="bold">U</emphasis>. You can update the value of this attribute.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para><emphasis role="bold">D</emphasis>. You can delete the value of this attribute.</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</para>
|
|
</footnote>
|
|
</th>
|
|
<th>Default Value</th>
|
|
<th>Validation Constraints</th>
|
|
<th>Notes</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td>id</td>
|
|
<td>uuid-str</td>
|
|
<td>N/A</td>
|
|
<td>R</td>
|
|
<td>generated</td>
|
|
<td>N/A</td>
|
|
<td>Unique identifier for the Firewall Rule object.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>tenant_id</td>
|
|
<td>uuid-str</td>
|
|
<td>Yes</td>
|
|
<td>CR</td>
|
|
<td>Derived from Authentication token</td>
|
|
<td>N/A</td>
|
|
<td>Owner of the Firewall Rule. Only admin users can
|
|
specify a tenant identifier other than their own.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>name</td>
|
|
<td>String</td>
|
|
<td>No</td>
|
|
<td>CRU</td>
|
|
<td>None</td>
|
|
<td>N/A</td>
|
|
<td>Human readable name for the Firewall Rule (255
|
|
characters limit). Does not have to be unique.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>description</td>
|
|
<td>String</td>
|
|
<td>No</td>
|
|
<td>CRU</td>
|
|
<td>None</td>
|
|
<td>N/A</td>
|
|
<td>Human readable description for the Firewall Rule (1024
|
|
characters limit).</td>
|
|
</tr>
|
|
<tr>
|
|
<td>firewall_policy_id</td>
|
|
<td>uuid-str</td>
|
|
<td>No</td>
|
|
<td>R</td>
|
|
<td>None</td>
|
|
<td>N/A</td>
|
|
<td>This is a readonly attribute which gets populated
|
|
with the uuid of the Firewall Policy when this
|
|
Firewall Rule is associated with a Firewall
|
|
Policy. A Firewall Rule can be associated
|
|
with one Firewall Policy at a time. The association
|
|
can however be updated to a different Firewall Policy.
|
|
This attribute can be "null" if the rule is not
|
|
associated with any firewall policy.
|
|
</td>
|
|
</tr>
|
|
<tr>
|
|
<td>shared</td>
|
|
<td>Bool</td>
|
|
<td>No</td>
|
|
<td>CRU</td>
|
|
<td>false</td>
|
|
<td>{true | false}</td>
|
|
<td>When set to True makes this Firewall Rule visible
|
|
to tenants other than its owner, and can be used
|
|
in Firewall Policies not owned by its tenant.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>protocol</td>
|
|
<td>String</td>
|
|
<td>No</td>
|
|
<td>CRU</td>
|
|
<td>None</td>
|
|
<td>{icmp | tcp | udp | null}</td>
|
|
<td>IP Protocol</td>
|
|
</tr>
|
|
<tr>
|
|
<td>ip_version</td>
|
|
<td>Integer</td>
|
|
<td>No</td>
|
|
<td>CRU</td>
|
|
<td>4</td>
|
|
<td>{4 | 6}</td>
|
|
<td>IP Protocol Version</td>
|
|
</tr>
|
|
<tr>
|
|
<td>source_ip_address</td>
|
|
<td>String (IP address or CIDR)</td>
|
|
<td>No</td>
|
|
<td>CRU</td>
|
|
<td>None</td>
|
|
<td>valid IP address (v4 or v6), or CIDR</td>
|
|
<td>Source IP address or CIDR</td>
|
|
</tr>
|
|
<tr>
|
|
<td>destination_ip_address</td>
|
|
<td>String (IP address or CIDR)</td>
|
|
<td>No</td>
|
|
<td>CRU</td>
|
|
<td>None</td>
|
|
<td>Valid IP address (v4 or v6), or CIDR</td>
|
|
<td>Destination IP address or CIDR</td>
|
|
</tr>
|
|
<tr>
|
|
<td>source_port</td>
|
|
<td>Integer</td>
|
|
<td>No</td>
|
|
<td>CRU</td>
|
|
<td>None</td>
|
|
<td>Valid port number (integer or string), or port range
|
|
in the format of a ':' separated range). In the case
|
|
of port range, both ends of the range are included.</td>
|
|
<td>Source port number or a range</td>
|
|
</tr>
|
|
<tr>
|
|
<td>destination_port</td>
|
|
<td>Integer</td>
|
|
<td>No</td>
|
|
<td>CRU</td>
|
|
<td>None</td>
|
|
<td>Valid port number (integer or string), or port range
|
|
in the format of a ':' separated range. In the case
|
|
of port range, both ends of the range are included.</td>
|
|
<td>Destination port number or a range</td>
|
|
</tr>
|
|
<tr>
|
|
<td>position</td>
|
|
<td>Integer</td>
|
|
<td>No</td>
|
|
<td>R</td>
|
|
<td>None</td>
|
|
<td>N/A</td>
|
|
<td>This is a readonly attribute that gets assigned
|
|
to this rule when the rule is associated with
|
|
a Firewall Policy. It indicates the position of
|
|
this rule in that Firewall Policy. This position
|
|
number starts at 1. The position can be "null"
|
|
if the firewall rule is not associated with any
|
|
policy.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>action</td>
|
|
<td>String</td>
|
|
<td>No</td>
|
|
<td>CRU</td>
|
|
<td>deny</td>
|
|
<td>{allow | deny}</td>
|
|
<td>Action to be performed on the traffic matching
|
|
the rule (allow, deny)</td>
|
|
</tr>
|
|
<tr>
|
|
<td>enabled</td>
|
|
<td>Bool</td>
|
|
<td>No</td>
|
|
<td>CRU</td>
|
|
<td>true</td>
|
|
<td>{true | false}</td>
|
|
<td>When set to False will disable this rule in the
|
|
Firewall Policy. Facilitates selectively turning
|
|
off rules without having to disassociate the rule
|
|
from the Firewall Policy</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
|
|
<?hard-pagebreak?>
|
|
|
|
<section xml:id="fwaas_ext_ops_firewall_rule_list">
|
|
<title>List Firewall Rules</title>
|
|
<informaltable rules="all" width="100%">
|
|
<col width="20%"/>
|
|
<col width="20%"/>
|
|
<col width="60%"/>
|
|
<thead>
|
|
<tr>
|
|
<td>Verb</td>
|
|
<td>URI</td>
|
|
<td>Description</td>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td>&GET;
|
|
</td>
|
|
<td>/fw/firewall_rules</td>
|
|
<td>List Firewall Rules.</td>
|
|
</tr>
|
|
</tbody>
|
|
</informaltable>
|
|
<simpara>Normal Response Code:
|
|
<returnvalue>200</returnvalue>
|
|
</simpara>
|
|
<simpara>Error Response Codes: Unauthorized (<errorcode>401</errorcode>).</simpara>
|
|
<para>This operation does not require a request body.</para>
|
|
<para>This operation returns a response body.</para>
|
|
<example>
|
|
<title>List Firewall Rules: Request</title>
|
|
<programlisting>
|
|
GET /v2.0/fw/firewall_rules.json
|
|
User-Agent: python-neutronclient
|
|
Accept: application/json
|
|
</programlisting>
|
|
</example>
|
|
<example>
|
|
<title>List Firewall Rules: Response</title>
|
|
<programlisting language="json"><xi:include href="samples/firewall/firewall_rules-list-res.json" parse="text"/></programlisting>
|
|
</example>
|
|
</section>
|
|
|
|
<?hard-pagebreak?>
|
|
|
|
<section xml:id="fwaas_ext_ops_firewall_rule_show">
|
|
<title>Show Firewall Rule</title>
|
|
<informaltable rules="all" width="100%">
|
|
<col width="20%"/>
|
|
<col width="20%"/>
|
|
<col width="60%"/>
|
|
<thead>
|
|
<tr>
|
|
<td>Verb</td>
|
|
<td>URI</td>
|
|
<td>Description</td>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td>&GET;
|
|
</td>
|
|
<td>/fw/firewall_rules/<parameter>firewall_rule-id</parameter></td>
|
|
<td>Returns details about a specific Firewall Rule.</td>
|
|
</tr>
|
|
</tbody>
|
|
</informaltable>
|
|
<simpara>Normal Response Code:
|
|
<returnvalue>200</returnvalue>
|
|
</simpara>
|
|
<simpara>Error Response Codes: Unauthorized (<errorcode>401</errorcode>),
|
|
Forbidden (<errorcode>403</errorcode>), Not Found (<errorcode>404</errorcode>)
|
|
</simpara>
|
|
<para>This operation does not require a request body.</para>
|
|
<para>This operation returns a response body.</para>
|
|
<example>
|
|
<title>Show Firewall Rule: Request</title>
|
|
|
|
<programlisting>
|
|
GET /v2.0/fw/firewall_rules/9faaf49f-dd89-4e39-a8c6-101839aa49bc.json
|
|
User-Agent: python-neutronclient
|
|
Accept: application/json
|
|
</programlisting>
|
|
</example>
|
|
<example>
|
|
<title>Show Firewall Rule: Response</title>
|
|
<programlisting language="json"><xi:include href="samples/firewall/firewall_rule-show-res.json" parse="text"/></programlisting>
|
|
</example>
|
|
</section>
|
|
|
|
<?hard-pagebreak?>
|
|
|
|
<section xml:id="fwaas_ext_ops_firewall_rule_create">
|
|
<title>Create Firewall Rule</title>
|
|
<informaltable rules="all" width="100%">
|
|
<col width="20%"/>
|
|
<col width="20%"/>
|
|
<col width="60%"/>
|
|
<thead>
|
|
<tr>
|
|
<td>Verb</td>
|
|
<td>URI</td>
|
|
<td>Description</td>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td>&POST;</td>
|
|
<td>/fw/firewall_rules</td>
|
|
<td>Creates a new Firewall Rule.</td>
|
|
</tr>
|
|
</tbody>
|
|
</informaltable>
|
|
<para>Normal Response Code: <returnvalue>201</returnvalue>
|
|
</para>
|
|
<simpara>Error Response Codes: Unauthorized (<errorcode>401</errorcode>),
|
|
Bad Request (<errorcode>400</errorcode>)</simpara>
|
|
<para>This operation requires a request body.</para>
|
|
<para>This operation returns a response body.</para>
|
|
<example>
|
|
<title>Create Firewall Rule: Request</title>
|
|
<programlisting>
|
|
POST /v2.0/fw/firewall_rules.json
|
|
User-Agent: python-neutronclient
|
|
Accept: application/json
|
|
</programlisting>
|
|
<programlisting language="json"><xi:include href="samples/firewall/firewall_rule-create-req.json" parse="text"/></programlisting>
|
|
</example>
|
|
<example>
|
|
<title>Create Firewall Rule: Response</title>
|
|
<programlisting>
|
|
HTTP/1.1 201 Created
|
|
Content-Type: application/json; charset=UTF-8
|
|
</programlisting>
|
|
<programlisting language="json"><xi:include href="samples/firewall/firewall_rule-create-res.json" parse="text"/></programlisting>
|
|
</example>
|
|
</section>
|
|
|
|
<?hard-pagebreak?>
|
|
|
|
<section xml:id="fwaas_ext_ops_firewall_rule_update">
|
|
<title>Update Firewall Rule</title>
|
|
<informaltable rules="all" width="100%">
|
|
<col width="20%"/>
|
|
<col width="20%"/>
|
|
<col width="60%"/>
|
|
<thead>
|
|
<tr>
|
|
<td>Verb</td>
|
|
<td>URI</td>
|
|
<td>Description</td>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td>&PUT;</td>
|
|
<td>/fw/firewall_rules/<parameter>firewall_rule-id</parameter></td>
|
|
<td>Updates a Firewall Rule.</td>
|
|
</tr>
|
|
</tbody>
|
|
</informaltable>
|
|
<para>Normal Response Code: <returnvalue>200</returnvalue></para>
|
|
<simpara>Error Response Codes: Unauthorized (<errorcode>401</errorcode>),
|
|
Bad Request (<errorcode>400</errorcode>), Not Found (<errorcode>404</errorcode>)</simpara>
|
|
<example>
|
|
<title>Update Firewall Rule: Request</title>
|
|
<programlisting>
|
|
PUT /v2.0/fw/firewall_rules/41bfef97-af4e-4f6b-a5d3-4678859d2485.json
|
|
User-Agent: python-neutronclient
|
|
Accept: application/json
|
|
</programlisting>
|
|
<programlisting language="json"><xi:include href="samples/firewall/firewall_rule-update-req.json" parse="text"/></programlisting>
|
|
</example>
|
|
<example>
|
|
<title>Update Firewall Rule: Response</title>
|
|
<programlisting>
|
|
HTTP/1.1 200 OK
|
|
Content-Type: application/json; charset=UTF-8
|
|
</programlisting>
|
|
<programlisting language="json"><xi:include href="samples/firewall/firewall_rule-update-res.json" parse="text"/></programlisting>
|
|
</example>
|
|
</section>
|
|
|
|
<?hard-pagebreak?>
|
|
|
|
<section xml:id="fwaas_ext_ops_firewall_rule_delete">
|
|
<title>Delete Firewall Rule</title>
|
|
<informaltable rules="all" width="100%">
|
|
<col width="20%"/>
|
|
<col width="20%"/>
|
|
<col width="60%"/>
|
|
<thead>
|
|
<tr>
|
|
<td>Verb</td>
|
|
<td>URI</td>
|
|
<td>Description</td>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td>&DELETE;</td>
|
|
<td>/fw/firewall_rules/<parameter>firewall_rule-id</parameter></td>
|
|
<td>Removes a Firewall Rule.</td>
|
|
</tr>
|
|
</tbody>
|
|
</informaltable>
|
|
<para>Normal Response Code: <returnvalue>204</returnvalue>
|
|
</para>
|
|
<simpara>Error Response Codes: Unauthorized (<errorcode>401</errorcode>),
|
|
Not Found (<errorcode>404</errorcode>), Conflict
|
|
(<errorcode>409</errorcode>). The Conflict error response is
|
|
returned when an operation is performed while the firewall
|
|
is in a PENDING state.</simpara>
|
|
<para>This operation does not require a request body.</para>
|
|
<para>This operation does not return a response body.</para>
|
|
<example>
|
|
<title>Delete Firewall Rule: Request</title>
|
|
<programlisting>
|
|
DELETE /v2.0/fw/firewall_rules/1be5e5f7-c45e-49ba-85da-156575b60d50.json
|
|
User-Agent: python-neutronclient
|
|
Accept: application/json
|
|
</programlisting>
|
|
</example>
|
|
<example>
|
|
<title>Delete Firewall Rule: Response</title>
|
|
<programlisting>
|
|
HTTP/1.1 204 No Content
|
|
Content-Length: 0
|
|
</programlisting>
|
|
</example>
|
|
</section>
|
|
|
|
</section> <!-- end of firewall rule section-->
|
|
|
|
<?hard-pagebreak?>
|
|
|
|
<section xml:id="fwaas_ext_ops_firewall_policy">
|
|
<title>Firewall Policy Operations</title>
|
|
<para>This section discusses operations for managing a Firewall Policy
|
|
through this extension.
|
|
</para>
|
|
|
|
<table rules="all">
|
|
<caption>Firewall Policy Attributes</caption>
|
|
<col width="20%"/>
|
|
<col width="8%"/>
|
|
<col width="10%"/>
|
|
<col width="7%"/>
|
|
<col width="15%"/>
|
|
<col width="15%"/>
|
|
<col width="25%"/>
|
|
<thead>
|
|
<tr>
|
|
<th>Attribute</th>
|
|
<th>Type</th>
|
|
<th>Required</th>
|
|
<th>CRUD
|
|
<footnote xml:id="fwaas_policy_crud_note">
|
|
<para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para><emphasis role="bold">C</emphasis>. Use the attribute in create operations.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para><emphasis role="bold">R</emphasis>. This attribute is returned in response to show and list operations.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para><emphasis role="bold">U</emphasis>. You can update the value of this attribute.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para><emphasis role="bold">D</emphasis>. You can delete the value of this attribute.</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</para>
|
|
</footnote>
|
|
</th>
|
|
<th>Default Value</th>
|
|
<th>Validation Constraints</th>
|
|
<th>Notes</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td>id</td>
|
|
<td>uuid-str</td>
|
|
<td>N/A</td>
|
|
<td>R</td>
|
|
<td>generated</td>
|
|
<td>N/A</td>
|
|
<td>Unique identifier for the Firewall Policy object.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>tenant_id</td>
|
|
<td>uuid-str</td>
|
|
<td>Yes</td>
|
|
<td>CR</td>
|
|
<td>Derived from Authentication token</td>
|
|
<td>N/A</td>
|
|
<td>Owner of the Firewall Policy. Only admin users can
|
|
specify a tenant identifier other than their own.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>name</td>
|
|
<td>String</td>
|
|
<td>No</td>
|
|
<td>CRU</td>
|
|
<td>None</td>
|
|
<td>N/A</td>
|
|
<td>Human readable name for the Firewall Policy (255
|
|
characters limit). Does not have to be unique.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>description</td>
|
|
<td>String</td>
|
|
<td>No</td>
|
|
<td>CRU</td>
|
|
<td>None</td>
|
|
<td>N/A</td>
|
|
<td>Human readable description for the Firewall Policy (1024
|
|
characters limit)</td>
|
|
</tr>
|
|
<tr>
|
|
<td>shared</td>
|
|
<td>Bool</td>
|
|
<td>No</td>
|
|
<td>CRU</td>
|
|
<td>false</td>
|
|
<td>{true | false}</td>
|
|
<td>When set to True makes this Firewall Policy visible
|
|
to tenants other than its owner.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>firewall_rules</td>
|
|
<td>List</td>
|
|
<td>No</td>
|
|
<td>CRU</td>
|
|
<td>Empty list</td>
|
|
<td>JSON list of Firewall Rule uuids</td>
|
|
<td>This is an ordered list of Firewall Rule uuids.
|
|
The Firewall applies the rules in the order in
|
|
which they appear in this list.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>audited</td>
|
|
<td>Bool</td>
|
|
<td>No</td>
|
|
<td>CRU</td>
|
|
<td>false</td>
|
|
<td>{true | false}</td>
|
|
<td>When set to True by the policy owner indicates
|
|
that the Firewall Policy has been audited. This
|
|
attribute is meant to aid in the firewall
|
|
policy audit workflows. Each time the Firewall
|
|
Policy or the associated Firewall Rules are
|
|
changed, this attribute will be set to False and
|
|
will have to be explicitly set to True through an
|
|
update operation.</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
|
|
<?hard-pagebreak?>
|
|
|
|
<section xml:id="fwaas_ext_ops_firewall_policy_list">
|
|
<title>List Firewall Policies</title>
|
|
<informaltable rules="all" width="100%">
|
|
<col width="20%"/>
|
|
<col width="20%"/>
|
|
<col width="60%"/>
|
|
<thead>
|
|
<tr>
|
|
<td>Verb</td>
|
|
<td>URI</td>
|
|
<td>Description</td>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td>&GET;
|
|
</td>
|
|
<td>/fw/firewall_policies</td>
|
|
<td>List Firewall Policies.</td>
|
|
</tr>
|
|
</tbody>
|
|
</informaltable>
|
|
<simpara>Normal Response Code:
|
|
<returnvalue>200</returnvalue>
|
|
</simpara>
|
|
<simpara>Error Response Codes: Unauthorized (<errorcode>401</errorcode>),
|
|
Forbidden (<errorcode>403</errorcode>)
|
|
</simpara>
|
|
<para>This operation does not require a request body.</para>
|
|
<para>This operation returns a response body.</para>
|
|
<example>
|
|
<title>List Firewall Policies: Request</title>
|
|
<programlisting>
|
|
GET /v2.0/fw/firewall_policies.json
|
|
User-Agent: python-neutronclient
|
|
Accept: application/json
|
|
</programlisting>
|
|
</example>
|
|
<example>
|
|
<title>List Firewall Policies: Response</title>
|
|
<programlisting language="json"><xi:include href="samples/firewall/firewall_policies-list-res.json" parse="text"/></programlisting>
|
|
</example>
|
|
</section>
|
|
|
|
<?hard-pagebreak?>
|
|
|
|
<section xml:id="fwaas_ext_ops_firewall_policy_show">
|
|
<title>Show Firewall Policy</title>
|
|
<informaltable rules="all" width="100%">
|
|
<col width="20%"/>
|
|
<col width="20%"/>
|
|
<col width="60%"/>
|
|
<thead>
|
|
<tr>
|
|
<td>Verb</td>
|
|
<td>URI</td>
|
|
<td>Description</td>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td>&GET;
|
|
</td>
|
|
<td>/fw/firewall_policies/<parameter>firewall_policy-id</parameter></td>
|
|
<td>Returns details about a specific Firewall Policy.</td>
|
|
</tr>
|
|
</tbody>
|
|
</informaltable>
|
|
<simpara>Normal Response Code:
|
|
<returnvalue>200</returnvalue>
|
|
</simpara>
|
|
<simpara>Error Response Codes: Unauthorized (<errorcode>401</errorcode>),
|
|
Not Found (<errorcode>404</errorcode>)
|
|
</simpara>
|
|
<para>This operation does not require a request body.</para>
|
|
<para>This operation returns a response body.</para>
|
|
<example>
|
|
<title>Show Firewall Policy: Request</title>
|
|
|
|
<programlisting>
|
|
GET /v2.0/fw/firewall_policies/9faaf49f-dd89-4e39-a8c6-101839aa49bc.json
|
|
User-Agent: python-neutronclient
|
|
Accept: application/json
|
|
</programlisting>
|
|
</example>
|
|
<example>
|
|
<title>Show Firewall Policy: Response</title>
|
|
<programlisting language="json"><xi:include href="samples/firewall/firewall_policy-show-res.json" parse="text"/></programlisting>
|
|
</example>
|
|
</section>
|
|
|
|
<?hard-pagebreak?>
|
|
|
|
<section xml:id="fwaas_ext_ops_firewall_policy_create">
|
|
<title>Create Firewall Policy</title>
|
|
<informaltable rules="all" width="100%">
|
|
<col width="20%"/>
|
|
<col width="20%"/>
|
|
<col width="60%"/>
|
|
<thead>
|
|
<tr>
|
|
<td>Verb</td>
|
|
<td>URI</td>
|
|
<td>Description</td>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td>&POST;</td>
|
|
<td>/fw/firewall_policies</td>
|
|
<td>Creates a new Firewall Policy.</td>
|
|
</tr>
|
|
</tbody>
|
|
</informaltable>
|
|
<para>Normal Response Code: <returnvalue>201</returnvalue>
|
|
</para>
|
|
<simpara>Error Response Codes: Unauthorized (<errorcode>401</errorcode>).</simpara>
|
|
<para>This operation requires a request body.</para>
|
|
<para>This operation returns a response body.</para>
|
|
<example>
|
|
<title>Create Firewall Policy: Request</title>
|
|
<programlisting>
|
|
POST /v2.0/fw/firewall_policies.json
|
|
User-Agent: python-neutronclient
|
|
Accept: application/json
|
|
</programlisting>
|
|
<programlisting language="json"><xi:include href="samples/firewall/firewall_policy-create-req.json" parse="text"/></programlisting>
|
|
</example>
|
|
<example>
|
|
<title>Create Firewall Policy: Response</title>
|
|
<programlisting>
|
|
HTTP/1.1 201 Created
|
|
Content-Type: application/json; charset=UTF-8
|
|
</programlisting>
|
|
<programlisting language="json"><xi:include href="samples/firewall/firewall_policy-create-res.json" parse="text"/></programlisting>
|
|
</example>
|
|
</section>
|
|
|
|
<?hard-pagebreak?>
|
|
|
|
<section xml:id="fwaas_ext_ops_firewall_policy_update">
|
|
<title>Update Firewall Policy</title>
|
|
<informaltable rules="all" width="100%">
|
|
<col width="20%"/>
|
|
<col width="20%"/>
|
|
<col width="60%"/>
|
|
<thead>
|
|
<tr>
|
|
<td>Verb</td>
|
|
<td>URI</td>
|
|
<td>Description</td>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td>&PUT;</td>
|
|
<td>/fw/firewall_policies/<parameter>firewall_policy-id</parameter></td>
|
|
<td>Updates a Firewall Policy.</td>
|
|
</tr>
|
|
</tbody>
|
|
</informaltable>
|
|
<para>Normal Response Code: <returnvalue>200</returnvalue></para>
|
|
<simpara>Error Response Codes: Unauthorized (<errorcode>401</errorcode>),
|
|
Not Found (<errorcode>404</errorcode>)</simpara>
|
|
<example>
|
|
<title>Update Firewall Policy: Request</title>
|
|
<programlisting>
|
|
PUT /v2.0/fw/firewall_policies/41bfef97-af4e-4f6b-a5d3-4678859d2485.json
|
|
User-Agent: python-neutronclient
|
|
Accept: application/json
|
|
</programlisting>
|
|
<programlisting language="json"><xi:include href="samples/firewall/firewall_policy-update-req.json" parse="text"/></programlisting>
|
|
</example>
|
|
<example>
|
|
<title>Update Firewall Policy: Response</title>
|
|
<programlisting>
|
|
HTTP/1.1 200 OK
|
|
Content-Type: application/json; charset=UTF-8
|
|
</programlisting>
|
|
<programlisting language="json"><xi:include href="samples/firewall/firewall_policy-update-res.json" parse="text"/></programlisting>
|
|
</example>
|
|
</section>
|
|
|
|
<?hard-pagebreak?>
|
|
|
|
<section xml:id="fwaas_ext_ops_firewall_policy_delete">
|
|
<title>Delete Firewall Policy</title>
|
|
<informaltable rules="all" width="100%">
|
|
<col width="20%"/>
|
|
<col width="20%"/>
|
|
<col width="60%"/>
|
|
<thead>
|
|
<tr>
|
|
<td>Verb</td>
|
|
<td>URI</td>
|
|
<td>Description</td>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td>&DELETE;</td>
|
|
<td>/fw/firewall_policies/<parameter>firewall_policy-id</parameter></td>
|
|
<td>Removes a Firewall Policy.</td>
|
|
</tr>
|
|
</tbody>
|
|
</informaltable>
|
|
<para>Normal Response Code: <returnvalue>204</returnvalue>
|
|
</para>
|
|
<simpara>Error Response Codes: Unauthorized (<errorcode>401</errorcode>),
|
|
Not Found (<errorcode>404</errorcode>), Conflict (<errorcode>409
|
|
</errorcode>). Conflict error code is returned the firewall policy
|
|
is in use.</simpara>
|
|
<para>This operation does not require a request body.</para>
|
|
<para>This operation does not return a response body.</para>
|
|
<example>
|
|
<title>Delete Firewall Policy: Request</title>
|
|
<programlisting>
|
|
DELETE /v2.0/fw/firewall_policies/1be5e5f7-c45e-49ba-85da-156575b60d50.json
|
|
User-Agent: python-neutronclient
|
|
Accept: application/json
|
|
</programlisting>
|
|
</example>
|
|
<example>
|
|
<title>Delete Firewall Policy: Response</title>
|
|
<programlisting>
|
|
HTTP/1.1 204 No Content
|
|
Content-Length: 0
|
|
</programlisting>
|
|
</example>
|
|
</section>
|
|
|
|
<?hard-pagebreak?>
|
|
|
|
<section xml:id="fwaas_ext_ops_firewall_policy_insert_rule">
|
|
<title>Positionally inserting a Firewall Rule in a Firewall Policy</title>
|
|
<informaltable rules="all" width="100%">
|
|
<col width="20%"/>
|
|
<col width="20%"/>
|
|
<col width="60%"/>
|
|
<thead>
|
|
<tr>
|
|
<td>Verb</td>
|
|
<td>URI</td>
|
|
<td>Description</td>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td>&PUT;</td>
|
|
<td>/fw/firewall_policies/<parameter>firewall_policy-id</parameter>/insert_rule</td>
|
|
<td>Inserts a Firewall Rule in a Firewall Policy relative to the position of other rules.</td>
|
|
</tr>
|
|
</tbody>
|
|
</informaltable>
|
|
<para>Normal Response Code: <returnvalue>200</returnvalue></para>
|
|
<simpara>Error Response Codes: Unauthorized (<errorcode>401</errorcode>),
|
|
Bad Request (<errorcode>400</errorcode>), Not Found (<errorcode>404</errorcode>).
|
|
Bad Request error is returned in the case the rule information is missing.</simpara>
|
|
<example>
|
|
<title>Insert Firewall Rule in Firewall Policy: Request</title>
|
|
<programlisting>
|
|
PUT /v2.0/fw/firewall_policies/41bfef97-af4e-4f6b-a5d3-4678859d2485/insert_rule.json
|
|
User-Agent: python-neutronclient
|
|
Accept: application/json
|
|
</programlisting>
|
|
<programlisting language="json"><xi:include href="samples/firewall/firewall_policy-insert-rule-req.json" parse="text"/></programlisting>
|
|
</example>
|
|
<example>
|
|
<title>Insert Firewall Rule in Firewall Policy: Response</title>
|
|
<programlisting>
|
|
HTTP/1.1 200 OK
|
|
Content-Type: application/json; charset=UTF-8
|
|
</programlisting>
|
|
<programlisting language="json"><xi:include href="samples/firewall/firewall_policy-insert-rule-res.json" parse="text"/></programlisting>
|
|
</example>
|
|
<para>insert_before and insert_after parameters refer to firewall rule uuids
|
|
already associated with the firewall policy. firewall_rule_id refers to
|
|
uuid of the rule being inserted. insert_before takes precedence over
|
|
insert_after and if neither is specified, firewall_rule_is is inserted
|
|
at the first position.</para>
|
|
</section>
|
|
|
|
<?hard-pagebreak?>
|
|
|
|
<section xml:id="fwaas_ext_ops_firewall_policy_remove_rule">
|
|
<title>Removing a Firewall Rule from a Firewall Policy</title>
|
|
<informaltable rules="all" width="100%">
|
|
<col width="20%"/>
|
|
<col width="20%"/>
|
|
<col width="60%"/>
|
|
<thead>
|
|
<tr>
|
|
<td>Verb</td>
|
|
<td>URI</td>
|
|
<td>Description</td>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td>&PUT;</td>
|
|
<td>/fw/firewall_policies/<parameter>firewall_policy-id</parameter>/remove_rule</td>
|
|
<td>Removes a Firewall Rule from a Firewall Policy.</td>
|
|
</tr>
|
|
</tbody>
|
|
</informaltable>
|
|
<para>Normal Response Code: <returnvalue>200</returnvalue></para>
|
|
<simpara>Error Response Codes: Unauthorized (<errorcode>401</errorcode>),
|
|
Bad Request (<errorcode>400</errorcode>), Not Found (<errorcode>404</errorcode>).
|
|
Bad Request error is returned if the rule information is missing or when a
|
|
firewall rule is tried to be removed from a firewall policy to which it is
|
|
not associated.</simpara>
|
|
<example>
|
|
<title>Remove Firewall Rule from Firewall Policy: Request</title>
|
|
<programlisting>
|
|
PUT /v2.0/fw/firewall_policies/41bfef97-af4e-4f6b-a5d3-4678859d2485/remove_rule.json
|
|
User-Agent: python-neutronclient
|
|
Accept: application/json
|
|
</programlisting>
|
|
<programlisting language="json"><xi:include href="samples/firewall/firewall_policy-remove-rule-req.json" parse="text"/></programlisting>
|
|
</example>
|
|
<example>
|
|
<title>Remove Firewall Rule from Firewall Policy: Response</title>
|
|
<programlisting>
|
|
HTTP/1.1 200 OK
|
|
Content-Type: application/json; charset=UTF-8
|
|
</programlisting>
|
|
<programlisting language="json"><xi:include href="samples/firewall/firewall_policy-remove-rule-res.json" parse="text"/></programlisting>
|
|
</example>
|
|
</section>
|
|
|
|
</section> <!-- end of firewall policy section-->
|
|
|
|
<?hard-pagebreak?>
|
|
|
|
<section xml:id="fwaas_ext_ops_firewall">
|
|
<title>Firewall Operations</title>
|
|
<para>This section discusses operations for managing a Firewall
|
|
through this extension.
|
|
</para>
|
|
|
|
<table rules="all">
|
|
<caption>Firewall Attributes</caption>
|
|
<col width="20%"/>
|
|
<col width="8%"/>
|
|
<col width="10%"/>
|
|
<col width="7%"/>
|
|
<col width="15%"/>
|
|
<col width="15%"/>
|
|
<col width="25%"/>
|
|
<thead>
|
|
<tr>
|
|
<th>Attribute</th>
|
|
<th>Type</th>
|
|
<th>Required</th>
|
|
<th>CRUD
|
|
<footnote xml:id="fwaas_firewall_crud_note">
|
|
<para>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para><emphasis role="bold">C</emphasis>. Use the attribute in create operations.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para><emphasis role="bold">R</emphasis>. This attribute is returned in response to show and list operations.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para><emphasis role="bold">U</emphasis>. You can update the value of this attribute.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para><emphasis role="bold">D</emphasis>. You can delete the value of this attribute.</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
</para>
|
|
</footnote>
|
|
</th>
|
|
<th>Default Value</th>
|
|
<th>Validation Constraints</th>
|
|
<th>Notes</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td>id</td>
|
|
<td>uuid-str</td>
|
|
<td>N/A</td>
|
|
<td>R</td>
|
|
<td>generated</td>
|
|
<td>N/A</td>
|
|
<td>Unique identifier for the Firewall object.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>tenant_id</td>
|
|
<td>uuid-str</td>
|
|
<td>Yes</td>
|
|
<td>CR</td>
|
|
<td>Derived from Authentication token</td>
|
|
<td>N/A</td>
|
|
<td>Owner of the Firewall. Only admin users can
|
|
specify a tenant identifier other than their own.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>name</td>
|
|
<td>String</td>
|
|
<td>No</td>
|
|
<td>CRU</td>
|
|
<td>None</td>
|
|
<td>N/A</td>
|
|
<td>Human readable name for the Firewall (255
|
|
characters limit). Does not have to be unique.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>description</td>
|
|
<td>String</td>
|
|
<td>No</td>
|
|
<td>CRU</td>
|
|
<td>None</td>
|
|
<td>N/A</td>
|
|
<td>Human readable description for the Firewall (1024
|
|
characters limit)</td>
|
|
</tr>
|
|
<tr>
|
|
<td>admin_state_up</td>
|
|
<td>Bool</td>
|
|
<td>N/A</td>
|
|
<td>CRU</td>
|
|
<td>true</td>
|
|
<td>{true | false }</td>
|
|
<td>Administrative state of the Firewall. If false
|
|
(down), firewall does not forward packets and will
|
|
drop all traffic to/from VMs behind the firewall.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>status</td>
|
|
<td>String</td>
|
|
<td>N/A</td>
|
|
<td>R</td>
|
|
<td>N/A</td>
|
|
<td>N/A</td>
|
|
<td>Indicates whether Firewall resource is currently
|
|
operational. Possible values include:
|
|
ACTIVE, DOWN, BUILD, ERROR, PENDING_CREATE,
|
|
PENDING_UPDATE, or PENDING_DELETE.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>shared</td>
|
|
<td>Bool</td>
|
|
<td>No</td>
|
|
<td>CRU</td>
|
|
<td>false</td>
|
|
<td>{true | false}</td>
|
|
<td>When set to True makes this Firewall Rule visible
|
|
to tenants other than its owner, and can be used
|
|
in Firewall Policies not owned by its tenant.</td>
|
|
</tr>
|
|
<tr>
|
|
<td>firewall_policy_id</td>
|
|
<td>uuid-str</td>
|
|
<td>No</td>
|
|
<td>CRU</td>
|
|
<td>None</td>
|
|
<td>valid Firewall Policy uuid</td>
|
|
<td>The Firewall Policy uuid that this Firewall
|
|
is associated with. This Firewall will implement
|
|
the rules contained in the Firewall Policy
|
|
represented by this uuid.</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
|
|
<?hard-pagebreak?>
|
|
|
|
<section xml:id="fwaas_ext_ops_firewall_list">
|
|
<title>List Firewalls</title>
|
|
<informaltable rules="all" width="100%">
|
|
<col width="20%"/>
|
|
<col width="20%"/>
|
|
<col width="60%"/>
|
|
<thead>
|
|
<tr>
|
|
<td>Verb</td>
|
|
<td>URI</td>
|
|
<td>Description</td>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td>&GET;
|
|
</td>
|
|
<td>/fw/firewalls</td>
|
|
<td>List Firewalls.</td>
|
|
</tr>
|
|
</tbody>
|
|
</informaltable>
|
|
<simpara>Normal Response Code:
|
|
<returnvalue>200</returnvalue>
|
|
</simpara>
|
|
<simpara>Error Response Codes: Unauthorized (<errorcode>401</errorcode>)</simpara>
|
|
<para>This operation does not require a request body.</para>
|
|
<para>This operation returns a response body.</para>
|
|
<example>
|
|
<title>List Firewalls: Request</title>
|
|
<programlisting>
|
|
GET /v2.0/fw/firewalls.json
|
|
User-Agent: python-neutronclient
|
|
Accept: application/json
|
|
</programlisting>
|
|
</example>
|
|
<example>
|
|
<title>List Firewalls: Response</title>
|
|
<programlisting language="json"><xi:include href="samples/firewall/firewalls-list-res.json" parse="text"/></programlisting>
|
|
</example>
|
|
</section>
|
|
|
|
<?hard-pagebreak?>
|
|
|
|
<section xml:id="fwaas_ext_ops_firewall_show">
|
|
<title>Show Firewall</title>
|
|
<informaltable rules="all" width="100%">
|
|
<col width="20%"/>
|
|
<col width="20%"/>
|
|
<col width="60%"/>
|
|
<thead>
|
|
<tr>
|
|
<td>Verb</td>
|
|
<td>URI</td>
|
|
<td>Description</td>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td>&GET;
|
|
</td>
|
|
<td>/fw/firewalls/<parameter>firewall-id</parameter></td>
|
|
<td>Returns details about a specific Firewall.</td>
|
|
</tr>
|
|
</tbody>
|
|
</informaltable>
|
|
<simpara>Normal Response Code:
|
|
<returnvalue>200</returnvalue>
|
|
</simpara>
|
|
<simpara>Error Response Codes: Unauthorized (<errorcode>401</errorcode>),
|
|
Forbidden (<errorcode>403</errorcode>), Not Found (<errorcode>404</errorcode>)
|
|
</simpara>
|
|
<para>This operation does not require a request body.</para>
|
|
<para>This operation returns a response body.</para>
|
|
<example>
|
|
<title>Show Firewall: Request</title>
|
|
|
|
<programlisting>
|
|
GET /v2.0/fw/firewalls/9faaf49f-dd89-4e39-a8c6-101839aa49bc.json
|
|
User-Agent: python-neutronclient
|
|
Accept: application/json
|
|
</programlisting>
|
|
</example>
|
|
<example>
|
|
<title>Show Firewall: Response</title>
|
|
<programlisting language="json"><xi:include href="samples/firewall/firewall-show-res.json" parse="text"/></programlisting>
|
|
</example>
|
|
</section>
|
|
|
|
<?hard-pagebreak?>
|
|
|
|
<section xml:id="fwaas_ext_ops_firewall_create">
|
|
<title>Create Firewall</title>
|
|
<informaltable rules="all" width="100%">
|
|
<col width="20%"/>
|
|
<col width="20%"/>
|
|
<col width="60%"/>
|
|
<thead>
|
|
<tr>
|
|
<td>Verb</td>
|
|
<td>URI</td>
|
|
<td>Description</td>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td>&POST;</td>
|
|
<td>/fw/firewalls</td>
|
|
<td>Creates a new Firewall.</td>
|
|
</tr>
|
|
</tbody>
|
|
</informaltable>
|
|
<para>Normal Response Code: <returnvalue>201</returnvalue>
|
|
</para>
|
|
<simpara>Error Response Codes: Unauthorized (<errorcode>401</errorcode>),
|
|
Bad Request (<errorcode>400</errorcode>)</simpara>
|
|
<para>This operation requires a request body.</para>
|
|
<para>This operation returns a response body.</para>
|
|
<example>
|
|
<title>Create Firewall: Request</title>
|
|
<programlisting>
|
|
POST /v2.0/fw/firewalls.json
|
|
User-Agent: python-neutronclient
|
|
Accept: application/json
|
|
</programlisting>
|
|
<programlisting language="json"><xi:include href="samples/firewall/firewall-create-req.json" parse="text"/></programlisting>
|
|
</example>
|
|
<example>
|
|
<title>Create Firewall: Response</title>
|
|
<programlisting>
|
|
HTTP/1.1 201 Created
|
|
Content-Type: application/json; charset=UTF-8
|
|
</programlisting>
|
|
<programlisting language="json"><xi:include href="samples/firewall/firewall-create-res.json" parse="text"/></programlisting>
|
|
</example>
|
|
</section>
|
|
|
|
<?hard-pagebreak?>
|
|
|
|
<section xml:id="fwaas_ext_ops_firewall_update">
|
|
<title>Update Firewall</title>
|
|
<informaltable rules="all" width="100%">
|
|
<col width="20%"/>
|
|
<col width="20%"/>
|
|
<col width="60%"/>
|
|
<thead>
|
|
<tr>
|
|
<td>Verb</td>
|
|
<td>URI</td>
|
|
<td>Description</td>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td>&PUT;</td>
|
|
<td>/fw/firewalls/<parameter>firewall-id</parameter></td>
|
|
<td>Updates a Firewall, provided status is not indicating a PENDING_* state.</td>
|
|
</tr>
|
|
</tbody>
|
|
</informaltable>
|
|
<para>Normal Response Code: <returnvalue>200</returnvalue></para>
|
|
<simpara>Error Response Codes: Unauthorized (<errorcode>401</errorcode>),
|
|
Bad Request (<errorcode>400</errorcode>), Not Found (<errorcode>404</errorcode>)</simpara>
|
|
<example>
|
|
<title>Update Firewall: Request</title>
|
|
<programlisting>
|
|
PUT /v2.0/fw/firewalls/41bfef97-af4e-4f6b-a5d3-4678859d2485.json
|
|
User-Agent: python-neutronclient
|
|
Accept: application/json
|
|
</programlisting>
|
|
<programlisting language="json"><xi:include href="samples/firewall/firewall-update-req.json" parse="text"/></programlisting>
|
|
</example>
|
|
<example>
|
|
<title>Update Firewall: Response</title>
|
|
<programlisting>
|
|
HTTP/1.1 200 OK
|
|
Content-Type: application/json; charset=UTF-8
|
|
</programlisting>
|
|
<programlisting language="json"><xi:include href="samples/firewall/firewall-update-res.json" parse="text"/></programlisting>
|
|
</example>
|
|
</section>
|
|
|
|
<?hard-pagebreak?>
|
|
|
|
<section xml:id="fwaas_ext_ops_firewall_delete">
|
|
<title>Delete Firewall</title>
|
|
<informaltable rules="all" width="100%">
|
|
<col width="20%"/>
|
|
<col width="20%"/>
|
|
<col width="60%"/>
|
|
<thead>
|
|
<tr>
|
|
<td>Verb</td>
|
|
<td>URI</td>
|
|
<td>Description</td>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td>&DELETE;</td>
|
|
<td>/fw/firewalls/<parameter>firewall-id</parameter></td>
|
|
<td>Removes a Firewall.</td>
|
|
</tr>
|
|
</tbody>
|
|
</informaltable>
|
|
<para>Normal Response Code: <returnvalue>204</returnvalue>
|
|
</para>
|
|
<simpara>Error Response Codes: Unauthorized (<errorcode>401</errorcode>),
|
|
Not Found (<errorcode>404</errorcode>)</simpara>
|
|
<para>This operation does not require a request body.</para>
|
|
<para>This operation does not return a response body.</para>
|
|
<example>
|
|
<title>Delete Firewall: Request</title>
|
|
<programlisting>
|
|
DELETE /v2.0/fw/firewalls/1be5e5f7-c45e-49ba-85da-156575b60d50.json
|
|
User-Agent: python-neutronclient
|
|
Accept: application/json
|
|
</programlisting>
|
|
</example>
|
|
<example>
|
|
<title>Delete Firewall: Response</title>
|
|
<programlisting>
|
|
HTTP/1.1 204 No Content
|
|
Content-Length: 0
|
|
</programlisting>
|
|
</example>
|
|
</section>
|
|
|
|
</section> <!-- end of firewall section-->
|
|
|
|
<?hard-pagebreak?>
|
|
|
|
</section> <!-- end of fwaas section -->
|