SoftLayer API createObject

时间:2017-01-13 15:41:23

标签: api rules ibm-cloud-infrastructure createobject

我已经尝试了几天来获取API服务{' Network_Firewall_Update_Request_Rule']。createObject 工作没有成功。我确实让firewallManager edit_dedicated_fwl_rules工作,但现在也希望服务也能正常工作。我已经在整个网络上寻找答案而找不到答案。

我的问题是传递给防火墙规则的Service createObject的参数的语法是什么? 你有一个例子吗?

正在使用的命令是:

client = SoftLayer.create_client_from_env(username=user, api_key=api)
client['Network_Firewall_Update_Request_Rule'].createObject(id=12345, [{'action': 'permit'}])
是的,我知道我需要更多的创建规则声明。 这将返回"SyntaxError: non-keyword arg after keyword arg" because of the "id=".

"id="放在API的末尾: client['Network_Firewall_Update_Request_Rule'].createObject([{'action': 'permit'}], id=12345) then the error is "Either a component ID or an ACL ID must be supplied."

如果我删除" id ="并且只有 client['Network_Firewall_Update_Request_Rule'].createObject(12345, [{'action': 'permit'}])

然后错误是"必须提供组件ID或ACL ID。"

我知道我必须拥有"id=",因为此命令有效:

client['Network_Firewall_Update_Request'].getRules(id=12345)

但是使用Manager API命令fw.edit_dedicated_fwl_rules(12345, [{'action': 'permit'}])

没有"id="因为这会成功创建规则。

感谢您的帮助。

1 个答案:

答案 0 :(得分:0)

查看这篇文章:

I need to create a softlayer network firewall rule through REST API

创建规则的REST示例如下:

POST https://[username]:[apikey]@api.softlayer.com/rest/v3/SoftLayer_Network_Firewall_Update_Request/createObjec

Payload:

{
  "parameters": [
    {
      "networkComponentFirewallId": 72605,
      "rules": [
        {
          "action": "permit",
          "destinationIpAddress": "159.8.52.188",
          "destinationIpCidr": 32,
          "destinationPortRangeEnd": 122,
          "destinationPortRangeStart": 12,
          "notes": "This is a test",
          "orderValue": 1,
          "protocol": "tcp",
          "sourceIpAddress": "10.10.10.0",
          "sourceIpCidr": 32,
          "version": 4
        }
      ]
    }
  ]
}

您需要根据所需的配置替换所有值。

现在你需要得到" networkComponentFirewallId"对于上面的请求,可以这样:

GET https://$USERID:$APIKEY@api.softlayer.com/rest/v3/SoftLayer_Virtual_Guest/$VSIID/getFirewallServiceComponent

使用Python,上面的示例将是这样的:

client['Network_Firewall_Update_Request_Rule'].createObject(
 {
          "networkComponentFirewallId": 72605,
          "rules": [
            {
              "action": "permit",
              "destinationIpAddress": "159.8.52.188",
              "destinationIpCidr": 32,
              "destinationPortRangeEnd": 122,
              "destinationPortRangeStart": 12,
              "notes": "This is a test",
              "orderValue": 1,
              "protocol": "tcp",
              "sourceIpAddress": "10.10.10.0",
              "sourceIpCidr": 32,
              "version": 4
            }
          ]
        }
)

并获得" networkComponentFirewallId"属性:

client['Virtual_Guest'].getFirewallServiceComponent(id=VirtualGuest)

请注意,上面的示例是编辑附加到VSI的防火墙的规则。

为了在VLAN中为专用firewal创建规则,这是请求:

client['Network_Firewall_Update_Request_Rule'].createObject(
{
    "firewallContextAccessControlListId": 3092,
    "rules": [{
        "action": "permit",
        "destinationIpAddress": "any",
        "destinationIpCidr": 32,
        "destinationIpSubnetMask": "255.255.255.255",
        "destinationPortRangeEnd": 65535,
        "destinationPortRangeStart": 1,
        "id": 5669281,
        "orderValue": 1,
        "protocol": "tcp",
        "sourceIpAddress": "0.0.0.0",
        "sourceIpCidr": 0,
        "sourceIpSubnetMask": "0.0.0.0",
        "status": "allow_edit",
        "version": 4
    }]
}
)

现在如何获取" firewallContextAccessControlListId"的值,你需要使用它:

client['SoftLayer_Network_Vlan'].getFirewallInterfaces(id=vlanId, mask="mask[firewallContextAccessControlLists]")

上面的方法将返回外部和内部的接口,当前只有你可以设置外部接口的规则

此致