Provisioning Reference (Public Stable)
This topic covers examples of public stable provisioning API.
Examples
Provision All Items
This example passes a provisioning comment using the curl -d option (lowercase d) followed by the comment '{"update_description":"make active"}'. This operation provisions all draft policy items.
curl -i -X POST https://pce.my-company.com:8443/api/v2/orgs/2/sec_policy -H "Content-Type: application/json" -u $KEY:$TOKEN -d '{"update_description":"make active"}' Response
After provisioning the draft security policy, the response provides information related to the operation, including the version HREF of the provisioning.
You can use a provision history HREF to get all modified items for a particular version.
The response also indicates how many workloads were affected, when the provisioning was done, which user did it, and any provided message.
{
"href": "/orgs/2/sec_policy/80",
"commit_message": null, "version": 80,
"workloads_affected": 3,
"object_counts": 3,
"created_at": "2020-26T21:48:46.446Z",
"created_by": { "href": "/users/18" }
}Provision Individual Items
Curl Example
The request body uses update_description instead of commit_message, and instead of entities, define an array of pending HREFs for each method as appropriate.
curl -i -X POST https://pce.my-company.com:8443/api/v2/orgs/2/sec_policy -H "Content- Type:application/json" -u $KEY:$TOKEN -d '{"change_subset":{"rule_sets":[{"href": "/orgs/2/sec_policy/draft/rule_sets/843"}], "ip_lists": [{"href": "/orgs/2/sec_policy/draft/ip_lists/151"}]}, "update_description":"Provisioning a ruleset and an ip list"}'Request Body Prototype
The security policy POST request body has this format. Only define the methods used in the call and don't include any unused methods in the request body.
{
"update_description": "string",
"change_subset": {
"label_groups": [
{
"href": "string"
}
],
"services": [
{
"href": "string"
}
],
"rule_sets": [
{
"href": "string"
}
],
"ip_lists": [
{
"href": "string"
}
],
"virtual_services": [
{
"href": "string"
}
],
"firewall_settings": [
{
"href": "string"
}
],
"enforcement_boundaries": [
{
"href": "string"
}
],
"secure_connect_gateways": [
{
"href": "string"
}
],
"virtual_servers": [
{
"href": "string"
}
]
Restore the Previous Security Policy
This API creates draft changes of the previous security policy's changes. When this API is called, the draft changes should not be present in the PCE.
Curl Command to Restore the Security Policy
curl -i -X POSThttps://pce.my-company.com:8443/api/v2/orgs/1/sec_policy/127/restore -H "Content-Type: application/json" -u $KEY:$TOKEN -d {}Get All Provision Versions
This method gets the full history of all provisioned security policy versions.
URI to Get All Provisioned Versions
GET [api_version][org_href]/sec_policy
Get the Provision Versions
curl -i -X POST https://pce.my-company.com:8443/api/v2/orgs/1/sec_policy/127/restore -H "Content-Type: application/json" -u $KEY:$TOKEN -d {}Response
Note that the field selective_enforcement_rules was renamed to enforcement_boundaries in the object_counts property.
{
"href": "string",
"version": "string",
"workloads_affected": 0,
"commit_message": "string",
"object_counts": {
"rule_sets": 0,
"ip_lists": 0,
"services": 0,
"virtual_services": 0,
"label_groups": 0,
"virtual_servers": 0,
"firewall_settings": 0,
"secure_connect_gateways": 0,
"enforcement_boundaries": 0
},
"created_at": "string",
"created_by": {
"href": "string"
}
} Curl Command to Get Version
curl -i -X GET https://pce.my-company.com:8443/api/v2/orgs/2/sec_policy/79 -H "Accept: application/json" -u $KEY:$TOKEN
Response
{
"href": "string",
"version": "string",
"workloads_affected": 0,
"commit_message": "string",
"object_counts": {
"rule_sets": 0,
"ip_lists": 0,
"services": 0,
"virtual_services": 0,
"label_groups": 0,
"virtual_servers": 0,
"firewall_settings": 0,
"secure_connect_gateways": 0,
"enforcement_boundaries": 0
},
"created_at": "string",
"created_by": {
"href": "string"
}
}