Rulesets Reference
This topic covers parameters, properties, and examples for rulesets.
Parameters for rulesets
You can use the following query parameters to restrict the results of the query to get a collection of rulesets.
Parameter | Description | Type | Required |
|---|---|---|---|
| Organization | Integer | Yes |
| Security Policy Version | String | Yes |
| Integer | Yes | |
| Name of the rulesets to filter, which must be unique. This parameter supports partial matches. | String | No |
| Description of Rule Set(s) to return. Supports partial matches | String | No |
| The data source from which the resource originates. For example, if ruleset information is stored in an external database. | String, Null | No |
| A unique identifier within the external data source. For example, if ruleset information is stored in an external database. | String, Null | No |
| Enabled flag | Boolean | No |
| Type of update | String | No |
| Rule set scopes
| Array String | No |
| Array of rules in this rule set Required properties:
| Object | No |
Properties for rulesets
Property | Description | Type | Required |
|---|---|---|---|
| Enabled flag | Boolean | Yes |
| Name of the rulesets to filter. This parameter supports partial matches. | String | Yes |
| Reference to | Yes | |
| Array of rules in this rule set Reference to | Yes | |
| Timestamp when this rule set was first created | String | Yes |
| Timestamp when this rule set was last updated | String | Yes |
| Timestamp when this rule set was deleted | String, Null | Yes |
| User who originally created this rule set | Object | No |
| User who last updated this rule set | Object | No |
| User who deleted this rule set | Object, Null | No |
| Type of update Reference to | No | |
| The data source from which the resource originates. For example, if ruleset information is stored in an external database. | String | No |
| A unique identifier within the external data source. For example, if ruleset information is stored in an external database. | String | No |
| Array of iptables rules in this rule set. Reference to | No |
Properties to create a ruleset
Property | Description | Type | Required |
|---|---|---|---|
| Name of the new ruleset, which must be unique. | String | Yes |
| Reference to | Yes | |
| Reference to | No | |
| Array of custom iptables rules in this rule set. Reference to | No | |
| External data set identifier | String, Null | No |
| External data reference identifier. | String, Null | No |
| Enabled flag | Boolean | Yes |
| Reference to | Yes | |
| Array of rules in this rule set Reference to | Yes |
Properties for updating a ruleset
Property | Description | Type | Required |
|---|---|---|---|
| Name of the ruleset to update, must be unique | String | No |
| External data set identifier | String, Null | No |
| External data reference identifier. | String, Null | No |
| Enabled flag | Boolean | Yes |
| Type of update Reference to | No | |
| Reference to | No | |
| Array of rules in this rule set Required properties: "href" "enabled", "providers", "consumers", "ingress_services", "resolve_labels_as" | Object | No |
| Reference to
| ||
| Reference to
| ||
| Reference to
| ||
| Reference to
|
Get a Ruleset
$curl -X GET https://pce.my-company.com:8443/api/v2/orgs/1/sec_policy/draft/rule_sets -H "Accept: application/json" -u api_1c2618a67847c94b8:98c76f7a4563f29cd78b3392684cd5ec09534bafe5197fe8e901d95561bdd8f5| jq
Response
[
{
"href": "/orgs/1/sec_policy/draft/rule_sets/1",
"created_at": "2023-04-05T23:08:32.578Z",
"updated_at": "2023-04-05T23:08:32.632Z",
"deleted_at": null,
"created_by": {
"href": "/users/0"
},
"updated_by": {
"href": "/users/0"
},
"deleted_by": null,
"update_type": null,
"name": "Default",
"description": null,
"enabled": true,
"scopes": [
[]
],
"rules": [
{
"href": "/orgs/1/sec_policy/draft/rule_sets/1/sec_rules/1",
"created_at": "2023-04-05T23:08:32.599Z",
"updated_at": "2023-04-05T23:08:32.632Z",
"deleted_at": null,
"created_by": {
"href": "/users/0"
},
"updated_by": {
"href": "/users/0"
},
"deleted_by": null,
"update_type": null,
"description": "Allow outbound connections",
"enabled": true,
"providers": [
{
"ip_list": {
"href": "/orgs/1/sec_policy/draft/ip_lists/1"
}
}
],
"consumers": [
{
"actors": "ams"
}
],
"consuming_security_principals": [],
"sec_connect": false,
"stateless": false,
"machine_auth": false,
"unscoped_consumers": false,
"network_type": "brn",
"use_workload_subnets": [],
"ingress_services": [
{
"href": "/orgs/1/sec_policy/draft/services/1"
}
],
"egress_services": [],
"resolve_labels_as": {
"providers": [
"workloads"
],
"consumers": [
"workloads"
]
}
}
],
"ip_tables_rules": [],
"caps": [
"write",
"provision"
]
},
{
"href": "/orgs/1/sec_policy/draft/rule_sets/3",
"created_at": "2023-04-05T23:50:05.591Z",
"updated_at": "2023-04-06T19:03:49.947Z",
"deleted_at": null,
"created_by": {
"href": "/users/1"
},
"updated_by": {
"href": "/users/1"
},
"deleted_by": null,
"update_type": null,
"name": "ruleset1"
" "description": "",
"enabled": true,
"scopes": [
[]
],
"rules": [
{
"href": "/orgs/1/sec_policy/draft/rule_sets/3/sec_rules/9",
"created_at": "2023-04-06T00:58:55.061Z",
"updated_at": "2023-04-06T00:58:55.088Z",
"deleted_at": null,
"created_by": {
"href": "/users/1"
},
"updated_by": {
"href": "/users/1"
},
"deleted_by": null,
"update_type": null,
"description": "",
"enabled": true,
"providers": [
{
"label": {
"href": "/orgs/1/labels/14"
},
"exclusion": false
}
],
"consumers": [
{
"label": {
"href": "/orgs/1/labels/15"
},
"exclusion": false
}
],
"consuming_security_principals": [],
"sec_connect": true,
"stateless": false,
"machine_auth": false,
"unscoped_consumers": false,
"network_type": "brn",
"use_workload_subnets": [],
"ingress_services": [
{
"href": "/orgs/1/sec_policy/draft/services/9"
},
{
"port": 23000,
"proto": 6
}
],
"egress_services": [],
"resolve_labels_as": {
"providers": [
"workloads"
],
"consumers": [
"workloads"
]
}
}
],
"ip_tables_rules": [],
"caps": [
"write",
"provision"
]
}
]Create a Ruleset
$curl -u api_1c2618a67847c94b8:98c76f7a4563f29cd78b3392684cd5ec09534bafe5197fe8e901d95561bdd8f5-X POST -H 'Content-Type: application/json' -d ' {"name":"ruleset3","description":"","scopes":[[{"exclusion":false,"label":{"href":"/orgs/1/labels/14"}}]]}'https://2x2testvc168.ilabs.io:8443/api/v2/orgs/1/sec_policy/draft/rule_sets | jqResponse
{
"href": "/orgs/1/sec_policy/draft/rule_sets/16",
"created_at": "2023-04-06T18:46:34.718Z",
"updated_at": "2023-04-06T18:46:34.727Z",
"deleted_at": null, "created_by": {
"href": "/users/1"
},
"updated_by": {
"href": "/users/1"
},
"deleted_by": null,
"update_type": "create",
"name": "ruleset3",
"description": "",
"enabled": true, "scopes": [
[
{
"label": {
"href": "/orgs/1/labels/14"
},
"exclusion": false
}
]
],
"rules": [],
"ip_tables_rules": [], "caps": [
"write",
"provision"
]
}Update a Ruleset
$curl -w "%{http_code}" -u api_1c2618a67847c94b8:98c76f7a4563f29cd78b3392684cd5ec09534bafe5197fe8e901d95561bdd8f5 -X PUT -H 'Content-Type: application/json' -d '{"scopes":[[{"label": {"href":"/orgs/1/labels/14"}},{"label":{"href":"/orgs/1/labels/15"}}]]}' https://2x2testvc168.ilabs.io:8443/api/v2/orgs/1/sec_policy/draft/rule_sets/14 | jqResponse
The ruleset was successfully updated:
204