Provisioning (Public Stable)
This Public Stable API provisions all current changes (additions, changes, and deletions) to your security policy.
This API can also return a collection of provisioning or individual provisioning versions.
To get information about un-provisioned changes to security policy items, find provisioning dependencies, delete un-provisioned security policy items, revert the last provisioned items, and check whether a security rule exists that allows communications between two workloads. See Provisioning - Public Experimental.
Provisioning API Methods
Functionality | HTTP | URI |
|---|---|---|
Provision of the current set of modified security policy items. |
|
|
Get a list of all provisioned security policy versions. |
|
|
Get a specific version of a provisioned security policy. |
|
|
Provision All Items
Policy item additions, modifications, and deletions must be provisioned before they affect workloads.
URI to Provision All Items
POST api_version][org_href]/sec_policy
Get an Individual Provision Version
This method gets a specific version of a provisioned policy.
Every time a security policy is provisioned, it gets a unique version ID, which takes the form of an HREF. This HREF can be obtained from a GET of all security policy provisioned versions and then used in this call.
URI to Get an Individual Version of a Provisioned Policy
GET [api_version][sec_policy_version_href]
Provisioning Reference (Public Stable)
This topic covers examples of public stable provisioning API.
Examples
Provision All Items
This example passes a provisioning comment using the curl -d option (lowercase d) followed by the comment '{"update_description":"make active"}'. This operation provisions all draft policy items.
curl -i -X POST https://pce.my-company.com:8443/api/v2/orgs/2/sec_policy -H "Content-Type: application/json" -u $KEY:$TOKEN -d '{"update_description":"make active"}' Response
After provisioning the draft security policy, the response provides information related to the operation, including the version HREF of the provisioning.
You can use a provision history HREF to get all modified items for a particular version.
The response also indicates how many workloads were affected, when the provisioning was done, which user did it, and any provided message.
{
"href": "/orgs/2/sec_policy/80",
"commit_message": null, "version": 80,
"workloads_affected": 3,
"object_counts": 3,
"created_at": "2020-26T21:48:46.446Z",
"created_by": { "href": "/users/18" }
}Provision Individual Items
Curl Example
The request body uses update_description instead of commit_message, and instead of entities, define an array of pending HREFs for each method as appropriate.
curl -i -X POST https://pce.my-company.com:8443/api/v2/orgs/2/sec_policy -H "Content- Type:application/json" -u $KEY:$TOKEN -d '{"change_subset":{"rule_sets":[{"href": "/orgs/2/sec_policy/draft/rule_sets/843"}], "ip_lists": [{"href": "/orgs/2/sec_policy/draft/ip_lists/151"}]}, "update_description":"Provisioning a ruleset and an ip list"}'Request Body Prototype
The security policy POST request body has this format. Only define the methods used in the call and don't include any unused methods in the request body.
{
"update_description": "string",
"change_subset": {
"label_groups": [
{
"href": "string"
}
],
"services": [
{
"href": "string"
}
],
"rule_sets": [
{
"href": "string"
}
],
"ip_lists": [
{
"href": "string"
}
],
"virtual_services": [
{
"href": "string"
}
],
"firewall_settings": [
{
"href": "string"
}
],
"enforcement_boundaries": [
{
"href": "string"
}
],
"secure_connect_gateways": [
{
"href": "string"
}
],
"virtual_servers": [
{
"href": "string"
}
]
Restore the Previous Security Policy
This API creates draft changes of the previous security policy's changes. When this API is called, the draft changes should not be present in the PCE.
Curl Command to Restore the Security Policy
curl -i -X POSThttps://pce.my-company.com:8443/api/v2/orgs/1/sec_policy/127/restore -H "Content-Type: application/json" -u $KEY:$TOKEN -d {}Get All Provision Versions
This method gets the full history of all provisioned security policy versions.
URI to Get All Provisioned Versions
GET [api_version][org_href]/sec_policy
Get the Provision Versions
curl -i -X POST https://pce.my-company.com:8443/api/v2/orgs/1/sec_policy/127/restore -H "Content-Type: application/json" -u $KEY:$TOKEN -d {}Response
Note that the field selective_enforcement_rules was renamed to enforcement_boundaries in the object_counts property.
{
"href": "string",
"version": "string",
"workloads_affected": 0,
"commit_message": "string",
"object_counts": {
"rule_sets": 0,
"ip_lists": 0,
"services": 0,
"virtual_services": 0,
"label_groups": 0,
"virtual_servers": 0,
"firewall_settings": 0,
"secure_connect_gateways": 0,
"enforcement_boundaries": 0
},
"created_at": "string",
"created_by": {
"href": "string"
}
} Curl Command to Get Version
curl -i -X GET https://pce.my-company.com:8443/api/v2/orgs/2/sec_policy/79 -H "Accept: application/json" -u $KEY:$TOKEN
Response
{
"href": "string",
"version": "string",
"workloads_affected": 0,
"commit_message": "string",
"object_counts": {
"rule_sets": 0,
"ip_lists": 0,
"services": 0,
"virtual_services": 0,
"label_groups": 0,
"virtual_servers": 0,
"firewall_settings": 0,
"secure_connect_gateways": 0,
"enforcement_boundaries": 0
},
"created_at": "string",
"created_by": {
"href": "string"
}
}