REST API for Oracle Java Cloud Service

Add an Access Rule

post

/paas/api/v1.1/instancemgmt/{identityDomainId}/services/jaas/instances/{serviceId}/accessrules

This endpoint is not applicable to service instances created on Oracle Cloud Infrastructure.

Adds a new access rule to an Oracle Java Cloud Service instance.

Note: On Oracle Cloud Infrastructure, all the required rules are preconfigured out-of-the-box upon service instance provisioning. To add rules using the REST API, use the security-related Core Services APIs in Oracle Cloud Infrastructure API Documentation. See also Security Lists in the Oracle Cloud Infrastructure documentation.

Request

Supported Media Types

application/json

Path Parameters

identityDomainId: string

Identity domain ID for the Oracle Java Cloud Service account.
serviceId: string

Name of the Oracle Java Cloud Service instance.

Header Parameters

Authorization: string

Base64 encoded user name and password separated by a colon or OAuth access token obtained from Oracle Identity Cloud Service. See Authenticate.
X-ID-TENANT-NAME: string

Identity domain ID for the Oracle Java Cloud Service account.

The request body defines the details of the access rule to add.

Root Schema : addsecrule-postrequest

Type: object

Show Source

description: string

Description of the rule.
destination: string

Destination network. Specify the service component to allow traffic to. For example, WLS_ADMIN or WLS_ADMIN_SERVER for the virtual machine where the WebLogic Administration Server is running, and OTD_ADMIN_HOST or OTD for the virtual machine that contains the Oracle Traffic Director administration server.
See View all Rule Parameters to retrieve the exact destination names to use for your service instance.
ports: string

Network port. Specify a single port or a port range. For example, 8989 or 7000-8000.
protocol: string

Communication protocol. Valid values are: tcp or udp. Default is tcp.
ruleName: string

Name of the rule.
source: string
Network address of source. Specify the hosts from which traffic is allowed. Valid values include:
- PUBLIC-INTERNET for any host on the Internet
- A single IP address or a comma-separated list of subnets (in CIDR format) or IPv4 addresses
- A service component name. Valid values include WLS_ADMIN or WLS_ADMIN_SERVER, WLS_MS or WLS_MANAGED_SERVER, OTD_ADMIN_HOST or OTD, DBaaS:Your_DBCS_Name:DB or DB
See View all Rule Parameters to retrieve the exact source names to use for your service instance.
status(optional): string

Status of the rule. Specify whether the status should be enabled or disabled. Valid value: disabled or enabled.

{
    "properties":{
        "description":{
            "type":"string",
            "description":"Description of the rule."
        },
        "destination":{
            "type":"string",
            "description":"Destination network. Specify the service component to allow traffic to. For example, <code>WLS_ADMIN</code> or <code>WLS_ADMIN_SERVER</code> for the virtual machine where the WebLogic Administration Server is running, and <code>OTD_ADMIN_HOST</code> or <code>OTD</code> for the virtual machine that contains the Oracle Traffic Director administration server.<p>See <a href='http://www.oracle.com/pls/topic/lookup?ctx=cloud&id=jcs_rest_ruleparams'>View all Rule Parameters</a> to retrieve the exact destination names to use for your service instance."
        },
        "ruleName":{
            "type":"string",
            "description":"Name of the rule."
        },
        "ports":{
            "type":"string",
            "description":"Network port. Specify a single port or a port range. For example, <code>8989</code> or <code>7000-8000</code>."
        },
        "protocol":{
            "type":"string",
            "description":"Communication protocol. Valid values are: <code>tcp</code> or <code>udp</code>. Default is <code>tcp</code>."
        },
        "source":{
            "type":"string",
            "description":"Network address of source. Specify the hosts from which traffic is allowed. Valid values include:<ul><li><code>PUBLIC-INTERNET</code> for any host on the Internet</li><li>A single IP address or a comma-separated list of subnets (in CIDR format) or IPv4 addresses</li><li>A service component name. Valid values include <code>WLS_ADMIN</code> or <code>WLS_ADMIN_SERVER</code>, <code>WLS_MS</code> or <code>WLS_MANAGED_SERVER</code>, <code>OTD_ADMIN_HOST</code> or <code>OTD</code>, <code>DBaaS:Your_DBCS_Name:DB</code> or <code>DB</code></li></ul><p>See <a href='http://www.oracle.com/pls/topic/lookup?ctx=cloud&id=jcs_rest_ruleparams'>View all Rule Parameters</a> to retrieve the exact source names to use for your service instance."
        },
        "status":{
            "type":"string",
            "description":"Status of the rule. Specify whether the status should be enabled or disabled. Valid value: <code>disabled</code> or <code>enabled</code>."
        }
    },
    "required":[
        "description",
        "destination",
        "ruleName",
        "ports",
        "protocol",
        "source"
    ]
}

Response

Supported Media Types

application/json

202 Response

Accepted. See Status Codes for information about other HTTP status codes.

Examples

The following example shows how to add a new access rule by submitting a POST request on the REST resource using cURL.

Note: The command in this example uses the URL structure https://rest_server_url/resource-path, where rest_server_url is the REST server to contact for your identity domain (or Cloud Account). See Send Requests.

cURL Command

curl -i -X POST -u username:password -d @createrule.json -H "Content-Type:application/json" -H "X-ID-TENANT-NAME:ExampleIdentityDomain" https://rest_server_url/paas/api/v1.1/instancemgmt/ExampleIdentityDomain/services/jaas/instances/ExampleInstance/accessrules

Example of Request Body

The following example shows the contents of the request body in JSON format.

{    
    "ruleName": "my_corp_vnc",
    "description": "corporate to VNC to Admin Server",
    "ports": "5900",
    "protocol": "tcp",
    "status": "enabled",
    "source": "192.123.45.6/32",
    "destination": "WLS_ADMIN_SERVER"
}

Example of Response Header

The following shows an example of the response header when you add a rule.

HTTP/1.1 202 Accepted
Date: Wed, 27 Apr 2016 00:53:16 GMT
Content-Length: 0
Content-Type: application/json

Example of Response Body (View Rules)

There is no response body when you perform a POST to add a rule. Use the GET method to list all rules, including rules that are being created. The following shows an example of the response body using the GET method to list all access rules (as described in View All Access Rules). The activities section shows ongoing and failed activities. In this example, there is a rule creation in progress.

{
    "accessRules":[
    {
        "ruleName":"ora_p2otd_ahttps",
        "description":"Permit public to https to OTD admin server",
        "status":"enabled",
        "source":"PUBLIC-INTERNET",
        "destination":"OTD",
        "ports":"8989",
        "protocol": "tcp",
        "ruleType":"DEFAULT"
    },
    {
        "ruleName":"ora_p2otd_chttps",
        "description":"Permit public to https to OTD server",
        "status":"enabled",
        "source":"PUBLIC-INTERNET",
        "destination":"OTD",
        "ports":"443",
        "protocol": "tcp",
        "ruleType":"DEFAULT"
    },
    {
        "ruleName":"ora_p2otd_ssh",
        "description":"Permit public to ssh to OTD server",
        "status":"enabled",
        "source":"PUBLIC-INTERNET",
        "destination":"OTD",
        "ports":"22",
        "protocol": "tcp",
        "ruleType":"DEFAULT"
    },
    {
        "ruleName":"sys_otd2ms_chttp",
        "description":"DO NOT MODIFY: Permit http connection to managed servers from OTD",
        "status":"enabled",
        "source":"OTD",
        "destination":"WLS_MANAGED_SERVER",
        "ports":"8001",
        "protocol": "tcp",
        "ruleType":"SYSTEM"
    },
    {
        "ruleName":"sys_otd2ms_chttps",
        "description":"DO NOT MODIFY: Permit https connection to managed servers from OTD",
        "status":"enabled",
        "source":"OTD",
        "destination":"WLS_MANAGED_SERVER",
        "ports":"8002",
        "protocol": "tcp",
        "ruleType":"SYSTEM"
    },
    {
        "ruleName":"sys_admin2otd_ssh",
        "description":"DO NOT MODIFY: Permit admin server to ssh to otd",
        "status":"enabled",
        "source":"WLS_ADMIN_SERVER",
        "destination":"OTD",
        "ports":"22",
        "protocol": "tcp",
        "ruleType":"SYSTEM"
    },
    {
        "ruleName":"sys_ms2db_dblistener",
        "description":"DO NOT MODIFY: Permit listener connection to database from managed servers",
        "status":"enabled",
        "source":"WLS_MANAGED_SERVER",
        "destination":"DB",
        "ports":"1521",
        "protocol": "tcp",
        "ruleType":"SYSTEM"
    },
    {
        "ruleName":"sys_ms2db_ssh",
        "description":"DO NOT MODIFY: Permit managed servers to ssh to db",
        "status":"enabled",
        "source":"WLS_MANAGED_SERVER",
        "destination":"DB",
        "ports":"22",
        "ruleType":"SYSTEM"
    },
    {
        "ruleName":"ora_p2admin_ssh",
        "description":"Permit public to ssh to admin server",
        "status":"enabled",
        "source":"PUBLIC-INTERNET",
        "destination":"WLS_ADMIN_SERVER",
        "ports":"22",
        "protocol": "tcp",
        "ruleType":"DEFAULT"
    },
    {
        "ruleName":"ora_p2admin_ahttps",
        "description":"Permit public to https to admin server",
        "status":"enabled",
        "source":"PUBLIC-INTERNET",
        "destination":"WLS_ADMIN_SERVER",
        "ports":"7002",
        "protocol": "tcp",
        "ruleType":"DEFAULT"
    }],
    "activities":[
    {
        "activity":
            {
                "message":"Creation of [my_corp_vnc] access rule(s) is in progress."
            }
    }]
}