Skip to main content

Illumio Core What's New and Release Notes 22.5

Illumio Core REST API in 22.5.20

The Illumio Core REST API v2 has changed in 22.5.20 in the following ways.

In this release no new or changed APIs are introduced to support new features. However, many new and changed APIs are covered in this document to help users understand where to look for changes and what these changes represent.

New Public APIs
common ip_list.schema.json

This new common schema offers a list of URIs with the time/user data about a ruleset creation, updating, or deletion.

It is referenced from sec_policy_rule_sets_sec_rules_destinations_get.

common label_group_optional_key_value.schema.json

This new common schema offers information about the label URi and key and value in the key-value pair.

Rulesets and Rules for destinations and Providers
sec_policy_rule_sets_sec_rules_destinations

This schema is replaced by the following two new APIs:

sec_policy_rule_sets_sec_rules_destinations_get

There are changes to some of the properties, such as:

  • ip_list: description is substituted with the reference to common/ip_list.schema.json

  • label: description substituted with a reference to common/label_optional_key_value.schema.json

  • label_group: removed "additionalProperties": false

  • workload: removed "additionalProperties": false.

Added:

  • items: removed "additionalProperties": false.

sec_policy_rule_sets_sec_rules_destinations_put

  • ip_list: description is substituted with the reference to /common/href_object.schema.json

  • label: description substituted with the reference to /common/href_object.schema.json

sec_policy_rule_sets_sec_rules_providers

This schema is replaced by the following two new APIs:

sec_policy_rule_sets_sec_rules_providers_get

There are changes to some of the properties, such as:

  • ip_list: description is substituted with the reference to /common/ip_list.schema.json

  • label: description substituted with the reference to /common/label_optional_key_value.schema.json

  • virtual_service: Added the property name(Name of virtual service)

sec_policy_rule_sets_sec_rules_providers_put

label: description substituted with the reference to common/href_object.schema.json

Security Principals
common consuming_security_principals

This schema is replaced by the following two new APIs:

common consuming_security_principals_get

  • Several new properties have been added: href, sid, name, description, deleted, and used_by_ruleset(Flag to indicate if this security principal is being used by a ruleset)

common consuming_security_principals_put

  • One additional propery is added: href, URI of security principal

IP Tables
common ip_tables_rule_actors

This schema is replaced by the following two new APIs:

common ip_tables_rule_actors_get

The property label is now described with a reference to a schema:

  • label is referencing label_optional_key_value.schema.json

common ip_tables_rule_actors_put

These properties are now described using references:

  • label is referencing href_object.schema.json

  • label_group is referencing href_object.schema.json

  • workload is referencing href_object.schema.json

Scopes
common rule_set_scope

This schema is replaced by the following two new APIs:

common rule_set_scope_get

These properties are now described using references:

  • label is referencing label_optional_key_value.schema.json

  • label_group is referencing label_group_optional_key_value.schema.json

common rule_set_scope_put

These properties are now described using references:

  • label is referencing href_object.schema.json

  • label_group is referencing href_object.schema.json

common rule_set_scopes

This schema is replaced by the following two new APIs:

common rule_set_scopes_get

The property items is now described with a reference to a schema:

  • items is referencing rule_set_scope_get.schema.json

common rule_set_scopes_put

The property items is now described with a reference to a schema:

  • items is referencing rule_set_scope_put.schema.json

Changed Public Experimental APIs

Global changes for the APIs in this release have been summarized in the following overview:

Common IP Tables
common-ip_tables_rules_get

Property

  • Added properties are: created_at, updated_at, deleted_at, created_by, updated_by, deleted_by, update_type (with an added type null)

  • For the property actors, the schema common/ip_tables_rule_actors.schema.json was replaced with ip_tables_rule_actors_get.schema.json

common-ip_tables_rules_post

  • For the property actors, the reference to the schema common/ip_tables_rule_actors.schema.json was replaced with ip_tables_rule_actors_get.schema.json

rule_search_post_response_rule_set

  • For the property scopes, the reference to the schema common/rule_set_scopes.schema.json was replaced with ip_tables_rule_actors_put.schema

Firewall Settings
sec_policy_firewall_settings_get

These properties have been changed:

  • static_policy_scopes

    Reference to common/rule_set_scopes.schema.json is replaced with common/rule_set_scopes_get.schema.json

  • containers_inherit_host_policy_scopes

    Reference to common/rule_set_scopes.schema.json is replaced with common/rule_set_scopes_get.schema.json

  • blocked_connection_reject_scopes

    Reference to common/rule_set_scope.schema.json is replaced with common/rule_set_scope_get.schema.json

  • loopback_interfaces_in_policy_scopes

    Reference to common/rule_set_scope.schema.json is replaced with common/rule_set_scope_get.schema.json

sec_policy_firewall_settings_put

These properties have been changed:

  • static_policy_scopes

    Reference to common/rule_set_scopes.schema.json is replaced with common/rule_set_scopes_put.schema.json

  • containers_inherit_host_policy_scopes

    Reference to common/rule_set_scopes.schema.json is replaced with common/rule_set_scopes_put.schema.json

  • blocked_connection_reject_scopes

    Reference to common/rule_set_scope.schema.json is replaced with common/rule_set_scope_put.schema.json

  • loopback_interfaces_in_policy_scopes

    Reference to common/rule_set_scope.schema.json is replaced with common/rule_set_scope_put.schema.json

Rules and Rulesets
sec_policy_rule_search_post

  • For the property consuming_security_principals:

    Reference to common/consuming_security_principals.schema.json is replaced with common/consuming_security_principals_put.schema.json

sec_policy_rule_search_post_response

These substitutions are introduced:

  • For the property providers:

    Reference to sec_policy_rule_sets_sec_rules_providers.schema.json is replaced with sec_policy_rule_sets_sec_rules_providers_get.schema.json

  • For the property destinations:

    Reference to sec_policy_rule_sets_sec_rules_destinations.schema.json is replaced with sec_policy_rule_sets_sec_rules_destinations_get.schema.json

  • For the property consuming_security_principals:

    Reference to common/consuming_security_principals.schema.json is replaced with common/consuming_security_principals_get.schema.json

rule_search_post_response_rule_set

  • For the property scopes:

    Reference to common/rule_set_scopes.schema.json is replaced with common/rule_set_scopes_get.schema.json.

sec_policy_rule_sets_get

For the API sec_policy_rule_sets_get, the changes are as follows:

  • The property rules is not required anymore and has a reference to sec_policy_rule_sets_sec_rules_get.schema.json

  • The property update_type has a reference to common/sec_policy_update_type.schema.json

  • The property scopes has a reference to common/rule_set_scopes_get.schema.json instead of to common/rule_set_scopes.schema.json

sec_policy_rule_sets_post

  • The property scopes has a reference to common/rule_set_scopes_put.schema.json instead of common/rule_set_scopes.schema.json

sec_policy_rule_sets_put

  • For the property scopes:

    common/rule_set_scopes.schema.json is replaced with common/rule_set_scopes_put.schema.json

  • For the property rules:

    sec_policy_rule_sets_sec_rules_providers.schema.json is replaced with sec_policy_rule_sets_sec_rules_providers_put.schema.json

  • For the property destinations:

    sec_policy_rule_sets_sec_rules_destinations.schema.json is replaced with sec_policy_rule_sets_sec_rules_destinations_put.schema.json

  • For the property consuming_security_principals:

    common/consuming_security_principals.schema.json is replaced with common/consuming_security_principals_put.schema.json

  • For the property ip_tables_rules:

    common/ip_tables_rule_actors.schema.json is replaced with common/ip_tables_rule_actors_put.schema.json

sec_policy_rule_sets_sec_rules_get

The following properties are added:

  • created_at: Timestamp when this rule set was first create

  • updated_at: Timestamp when this rule set was last updated

  • deleted_at: Timestamp when this rule set was deleted

  • created_by: User who originally created this rule set

  • updated_by: User who last updated this rule set

  • deleted_by: User who deleted this rule set

  • For the property providers:

    Reference to sec_policy_rule_sets_sec_rules_providers.schema.json is replaced with sec_policy_rule_sets_sec_rules_providers_get.schema.json

  • For the property destinations:

    Reference to sec_policy_rule_sets_sec_rules_destinations.schema.json is replaced with sec_policy_rule_sets_sec_rules_destinations_get.schema.json

  • For the property consuming_security_principals:

    Reference to common/consuming_security_principals.schema.json is replaced with common/consuming_security_principals_get.schema.json

  • For the property update_type:

    Reference is added to common/sec_policy_update_type.schema.json

sec_policy_rule_sets_sec_rules_post

  • For the property providers:

    Reference to sec_policy_rule_sets_sec_rules_providers.schema.json, replaced by sec_policy_rule_sets_sec_rules_providers_put.schema.json

  • For the property destinations:

    Reference to sec_policy_rule_sets_sec_rules_destinations.schema.json replaced by sec_policy_rule_sets_sec_rules_destinations_put.schema.json

  • For the property consuming_security_principals:

    Reference to common/consuming_security_principals.schema.json replaced by common/consuming_security_principals_put.schema.json

sec_policy_rule_sets_sec_rules_put

References have been changed as follows:

  • For the property providers:

    sec_policy_rule_sets_sec_rules_providers.schema.json, is replaced by sec_policy_rule_sets_sec_rules_providers_put.schema.json

  • For the property destinations: sec_policy_rule_sets_sec_rules_destinations.schema.json replaced by sec_policy_rule_sets_sec_rules_destinations_put.schema.json

  • For the property consuming_security_principals:

    common/consuming_security_principals.schema.json is replaced by common/consuming_security_principals_put.schema.json

Traffic Flows
traffic_flows_async_queries_post

In this release, the API traffic_flows_async_queries_post was changed so that the new properties are added for the property boundary_decisions:

  • override_deny_rule: Overridden deny rule

  • blocked_non_illumio_rule: Deny rule not written by Illumio

explorer_filters

These same properties,

  • override_deny_rule: Overridden deny rule

  • blocked_non_illumio_rule: Deny rule not written by Illumio

have been added to explorer_filters.