openstack/deb-python-neutron-lib
Code Issues Proposed changes
Files
e3cb5a4129480517eeeec1a681a333b5f767f129
deb-python-neutron-lib/api-ref/source/v2/fwaas-v2.0.inc
Akihiro Motoki e3cb5a4129 api-ref: Move sample JSON files under v2 directory 
Previously sample JSON files are placed in the top directory
of api-ref, but they belong to v2 API, so it sounds reasonable
to place them in v2 directory.

Preparation of API-ref cleanup.

Part of blueprint neutron-in-tree-api-ref

Change-Id: I7c63f570507c51526957988f9b21a4244bd6e58a
2016-08-04 10:33:10 +09:00

746 lines
16 KiB
ReStructuredText
Raw Blame History

.. -*- rst -*-
.. needs:method_verification
.. needs:parameter_verification
.. needs:example_verification
.. needs:body_verification
=======================================================================
FWaaS v2.0 (CURRENT) (fw, firewalls, firewall_policies, firewall_rules)
=======================================================================
Use the Firewall-as-a-Service (FWaaS) v2.0 extension to deploy
firewalls to protect your networks.
The FWaaS extension enables you to:
- Apply firewall rules on traffic entering and leaving tenant
networks.
- Apply TCP, UDP, ICMP, or protocol-agnostic rules.
- Create and share firewall policies that hold an ordered collection
of the firewall rules.
- Audit firewall rules and policies.
This extension introduces these resources:
- ``firewall``. A logical firewall resource that a tenant can
instantiate and manage. A firewall can have one firewall policy.
- ``firewall_policy``. An ordered collection of firewall rules. You
can share a firewall policy across tenants. You can include a
firewall policy as part of an audit workflow so that an
authorized relevant entity can audit the firewall policy. This
entity can differ from the tenant who created, or the tenants
that use, the firewall policy.
- ``firewall_rule``. A collection of attributes, such as ports and
IP addresses. These attributes define match criteria and an
action to take, such as allow or deny, on matched data traffic.
Insert rule into a firewall policy
==================================
.. rest_method:: PUT /v2.0/fw/firewall_policies/{firewall_policy_id}/insert_rule
Insert firewall rule into a policy.
A firewall_rule_id is inserted relative to the position of the
firewall_rule_id set in ``insert_before`` or ``insert_after``. If
``insert_before`` is set, ``insert_after`` is ignored. If both
``insert_before`` and ``insert_after`` are not set, the new
firewall_rule_id is inserted at the top of the policy.
Normal response codes: 200
Error response codes: 404,409,401,400
Request
-------
.. rest_parameters:: parameters.yaml
- insert_after: insert_after
- firewall_rule_id: firewall_rule_id
- insert_before: insert_before
- firewall_policy_id: firewall_policy_id
Request Example
---------------
.. literalinclude:: samples/firewalls/firewall-policy-insert-rule-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- name: name
- firewall_rules: firewall_rules
- tenant_id: tenant_id
- firewall_list: firewall_list
- audited: audited
- shared: shared
- id: id
- description: description
Response Example
----------------
.. literalinclude:: samples/firewalls/firewall-policy-insert-rule-response.json
:language: javascript
Show firewall policy details
============================
.. rest_method:: GET /v2.0/fw/firewall_policies/{firewall_policy_id}
Shows details for a firewall policy.
If the user is not an administrative user and the firewall policy
object does not belong to the tenant account, this call returns the
``Forbidden (403)`` response code.
Normal response codes: 200
Error response codes: 404,403,401
Request
-------
.. rest_parameters:: parameters.yaml
- firewall_policy_id: firewall_policy_id
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- firewall_policy: firewall_policy
- name: name
- firewall_rules: firewall_rules
- tenant_id: tenant_id
- audited: audited
- shared: shared
- id: id
- description: description
Response Example
----------------
.. literalinclude:: samples/firewalls/firewall-policy-show-response.json
:language: javascript
Update firewall policy
======================
.. rest_method:: PUT /v2.0/fw/firewall_policies/{firewall_policy_id}
Updates a firewall policy.
Normal response codes: 200
Error response codes: 404,401,400
Request
-------
.. rest_parameters:: parameters.yaml
- firewall_policy_id: firewall_policy_id
Request Example
---------------
.. literalinclude:: samples/firewalls/firewall-policy-update-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- firewall_policy: firewall_policy
- name: name
- firewall_rules: firewall_rules
- tenant_id: tenant_id
- audited: audited
- shared: shared
- id: id
- description: description
Response Example
----------------
.. literalinclude:: samples/firewalls/firewall-policy-update-response.json
:language: javascript
Delete firewall policy
======================
.. rest_method:: DELETE /v2.0/fw/firewall_policies/{firewall_policy_id}
Deletes a firewall policy.
Error response codes: 409,404,204,401
Request
-------
.. rest_parameters:: parameters.yaml
- firewall_policy_id: firewall_policy_id
List firewall policies
======================
.. rest_method:: GET /v2.0/fw/firewall_policies
Lists all firewall policies.
The list might be empty.
Normal response codes: 200
Error response codes: 403,401
Request
-------
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- name: name
- firewall_rules: firewall_rules
- tenant_id: tenant_id
- audited: audited
- firewall_policies: firewall_policies
- shared: shared
- id: id
- description: description
Response Example
----------------
.. literalinclude:: samples/firewalls/firewall-policies-list-response.json
:language: javascript
Create firewall policy
======================
.. rest_method:: POST /v2.0/fw/firewall_policies
Creates a firewall policy.
Error response codes: 201,401,400
Request
-------
.. rest_parameters:: parameters.yaml
- firewall_rules_id: firewall_rules_id
- firewall_policy: firewall_policy
- name: name
- tenant_id: tenant_id
- shared: shared
- audited: audited
- description: description
Request Example
---------------
.. literalinclude:: samples/firewalls/firewall-policy-create-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- firewall_policy: firewall_policy
- name: name
- firewall_rules: firewall_rules
- tenant_id: tenant_id
- audited: audited
- shared: shared
- id: id
- description: description
Show firewall rule details
==========================
.. rest_method:: GET /v2.0/fw/firewall_rules/{firewall_rule_id}
Shows details for a firewall rule.
If the user is not an administrative user and the firewall rule
object does not belong to the tenant account, this call returns the
``Forbidden (403)`` response code.
Normal response codes: 200
Error response codes: 404,403,401
Request
-------
.. rest_parameters:: parameters.yaml
- firewall_rule_id: firewall_rule_id
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- firewall_rule: firewall_rule
- description: description
- source_ip_address: source_ip_address
- tenant_id: tenant_id
- enabled: enabled
- protocol: protocol
- source_port: source_port
- ip_version: ip_version
- destination_ip_address: destination_ip_address
- firewall_policy_id: firewall_policy_id
- shared: shared
- action: action
- position: position
- destination_port: destination_port
- id: id
- name: name
Response Example
----------------
.. literalinclude:: samples/firewalls/firewall-rule-show-response.json
:language: javascript
Update firewall rule
====================
.. rest_method:: PUT /v2.0/fw/firewall_rules/{firewall_rule_id}
Updates a firewall rule.
Normal response codes: 200
Error response codes: 404,401,400
Request
-------
.. rest_parameters:: parameters.yaml
- firewall_rule: firewall_rule
- description: description
- tenant_id: tenant_id
- enabled: enabled
- ip_version: ip_version
- destination_ip_address: destination_ip_address
- source_port: source_port
- shared: shared
- action: action
- protocol: protocol
- destination_port: destination_port
- name: name
- firewall_rule_id: firewall_rule_id
Request Example
---------------
.. literalinclude:: samples/firewalls/firewall-rule-update-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- firewall_rule: firewall_rule
- description: description
- source_ip_address: source_ip_address
- tenant_id: tenant_id
- enabled: enabled
- protocol: protocol
- source_port: source_port
- ip_version: ip_version
- destination_ip_address: destination_ip_address
- firewall_policy_id: firewall_policy_id
- shared: shared
- action: action
- position: position
- destination_port: destination_port
- id: id
- name: name
Response Example
----------------
.. literalinclude:: samples/firewalls/firewall-rule-update-response.json
:language: javascript
Delete firewall rule
====================
.. rest_method:: DELETE /v2.0/fw/firewall_rules/{firewall_rule_id}
Deletes a firewall rule.
Error response codes: 409,404,204,401
Request
-------
.. rest_parameters:: parameters.yaml
- firewall_rule_id: firewall_rule_id
Show firewall details
=====================
.. rest_method:: GET /v2.0/fw/firewalls/{firewall_id}
Shows details for a firewall.
If the user is not an administrative user and the firewall object
does not belong to the tenant account, this call returns the
``Forbidden (403)`` response code.
Normal response codes: 200
Error response codes: 404,403,401
Request
-------
.. rest_parameters:: parameters.yaml
- firewall_id: firewall_id
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- status: status
- router_ids: router_ids
- description: description
- admin_state_up: admin_state_up
- firewall: firewall
- tenant_id: tenant_id
- firewall_policy_id: firewall_policy_id
- id: id
- name: name
Response Example
----------------
.. literalinclude:: samples/firewalls/firewall-show-response.json
:language: javascript
Update firewall
===============
.. rest_method:: PUT /v2.0/fw/firewalls/{firewall_id}
Updates a firewall.
To update a service, the service status cannot be a ``PENDING_*``
status.
Normal response codes: 200
Error response codes: 404,401,400
Request
-------
.. rest_parameters:: parameters.yaml
- router_ids: router_ids
- description: description
- admin_state_up: admin_state_up
- firewall: firewall
- firewall_policy_id: firewall_policy_id
- name: name
- firewall_id: firewall_id
Request Example
---------------
.. literalinclude:: samples/firewalls/firewall-update-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- status: status
- router_ids: router_ids
- description: description
- admin_state_up: admin_state_up
- firewall: firewall
- tenant_id: tenant_id
- firewall_policy_id: firewall_policy_id
- id: id
- name: name
Response Example
----------------
.. literalinclude:: samples/firewalls/firewall-update-response.json
:language: javascript
Delete firewall
===============
.. rest_method:: DELETE /v2.0/fw/firewalls/{firewall_id}
Deletes a firewall.
Error response codes: 409,404,204,401
Request
-------
.. rest_parameters:: parameters.yaml
- firewall_id: firewall_id
List firewall rules
===================
.. rest_method:: GET /v2.0/fw/firewall_rules
Lists all firewall rules.
The list might be empty.
Normal response codes: 200
Error response codes: 403,401
Request
-------
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- protocol: protocol
- description: description
- source_ip_address: source_ip_address
- tenant_id: tenant_id
- enabled: enabled
- id: id
- ip_version: ip_version
- destination_ip_address: destination_ip_address
- firewall_policy_id: firewall_policy_id
- shared: shared
- action: action
- position: position
- destination_port: destination_port
- source_port: source_port
- firewalls: firewalls
- name: name
Response Example
----------------
.. literalinclude:: samples/firewalls/firewall-rules-list-response.json
:language: javascript
Create firewall rule
====================
.. rest_method:: POST /v2.0/fw/firewall_rules
Creates a firewall rule.
Error response codes: 201,401,400
Request
-------
.. rest_parameters:: parameters.yaml
- firewall_rule: firewall_rule
- description: description
- tenant_id: tenant_id
- enabled: enabled
- ip_version: ip_version
- destination_ip_address: destination_ip_address
- source_port: source_port
- shared: shared
- action: action
- protocol: protocol
- destination_port: destination_port
- name: name
Request Example
---------------
.. literalinclude:: samples/firewalls/firewall-rule-create-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- firewall_rule: firewall_rule
- description: description
- source_ip_address: source_ip_address
- tenant_id: tenant_id
- enabled: enabled
- protocol: protocol
- source_port: source_port
- ip_version: ip_version
- destination_ip_address: destination_ip_address
- firewall_policy_id: firewall_policy_id
- shared: shared
- action: action
- position: position
- destination_port: destination_port
- id: id
- name: name
List firewalls
==============
.. rest_method:: GET /v2.0/fw/firewalls
Lists all firewalls.
The list might be empty.
Normal response codes: 200
Error response codes: 403,401
Request
-------
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- status: status
- router_ids: router_ids
- description: description
- admin_state_up: admin_state_up
- tenant_id: tenant_id
- firewall_policy_id: firewall_policy_id
- firewalls: firewalls
- id: id
- name: name
Response Example
----------------
.. literalinclude:: samples/firewalls/firewalls-list-response.json
:language: javascript
Create firewall
===============
.. rest_method:: POST /v2.0/fw/firewalls
Creates a firewall.
The firewall must be associated with a firewall policy.
If ``admin_state_up`` is ``false``, the firewall would block all
traffic.
Error response codes: 201,401,400
Request
-------
.. rest_parameters:: parameters.yaml
- router_ids: router_ids
- description: description
- admin_state_up: admin_state_up
- firewall: firewall
- firewall_policy_id: firewall_policy_id
- name: name
Request Example
---------------
.. literalinclude:: samples/firewalls/firewall-create-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- status: status
- router_ids: router_ids
- description: description
- admin_state_up: admin_state_up
- firewall: firewall
- tenant_id: tenant_id
- firewall_policy_id: firewall_policy_id
- id: id
- name: name
Remove rule from firewall policy
================================
.. rest_method:: PUT /v2.0/fw/firewall_policies/{firewall_policy_id}/remove_rule
Remove firewall rule from a policy.
Normal response codes: 200
Error response codes: 404,401,400
Request
-------
.. rest_parameters:: parameters.yaml
- firewall_rule_id: firewall_rule_id
- firewall_policy_id: firewall_policy_id
Request Example
---------------
.. literalinclude:: samples/firewalls/firewall-policy-remove-rule-request.json
:language: javascript
Response Parameters
-------------------
.. rest_parameters:: parameters.yaml
- name: name
- firewall_rules: firewall_rules
- tenant_id: tenant_id
- firewall_list: firewall_list
- audited: audited
- shared: shared
- id: id
- description: description
Response Example
----------------
.. literalinclude:: samples/firewalls/firewall-policy-remove-rule-response.json
:language: javascript
View Git Blame Copy Permalink