Add an Access Rule
/paas/api/v1.1/instancemgmt/{identityDomainId}/services/jaas/instances/{serviceId}/accessrules
Adds a new access rule to an Oracle Java Cloud Service instance.
Note: On Oracle Cloud Infrastructure, all the required rules are preconfigured out-of-the-box upon service instance provisioning. To add rules using the REST API, use the security-related Core Services APIs in Oracle Cloud Infrastructure API Documentation. See also Security Lists in the Oracle Cloud Infrastructure documentation.
Request
- application/json
-
identityDomainId: string
Identity domain ID for the Oracle Java Cloud Service account.
-
serviceId: string
Name of the Oracle Java Cloud Service instance.
-
Authorization: string
Base64 encoded user name and password separated by a colon or OAuth access token obtained from Oracle Identity Cloud Service. See Authenticate.
-
X-ID-TENANT-NAME: string
Identity domain ID for the Oracle Java Cloud Service account.
object
-
description:
string
Description of the rule.
-
destination:
string
Destination network. Specify the service component to allow traffic to. For example,
WLS_ADMIN
orWLS_ADMIN_SERVER
for the virtual machine where the WebLogic Administration Server is running, andOTD_ADMIN_HOST
orOTD
for the virtual machine that contains the Oracle Traffic Director administration server.See View all Rule Parameters to retrieve the exact destination names to use for your service instance.
-
ports:
string
Network port. Specify a single port or a port range. For example,
8989
or7000-8000
. -
protocol:
string
Communication protocol. Valid values are:
tcp
orudp
. Default istcp
. -
ruleName:
string
Name of the rule.
-
source:
string
Network address of source. Specify the hosts from which traffic is allowed. Valid values include:
PUBLIC-INTERNET
for any host on the Internet- A single IP address or a comma-separated list of subnets (in CIDR format) or IPv4 addresses
- A service component name. Valid values include
WLS_ADMIN
orWLS_ADMIN_SERVER
,WLS_MS
orWLS_MANAGED_SERVER
,OTD_ADMIN_HOST
orOTD
,DBaaS:Your_DBCS_Name:DB
orDB
See View all Rule Parameters to retrieve the exact source names to use for your service instance.
-
status(optional):
string
Status of the rule. Specify whether the status should be enabled or disabled. Valid value:
disabled
orenabled
.
Response
- application/json
202 Response
Examples
The following example shows how to add a new access rule by submitting a POST request on the REST resource using cURL.
Note: The command in this example uses the URL structure https://rest_server_url/resource-path
, where rest_server_url
is the REST server to contact for your identity domain (or Cloud Account). See Send Requests.
cURL Command
curl -i -X POST -u username:password -d @createrule.json -H "Content-Type:application/json" -H "X-ID-TENANT-NAME:ExampleIdentityDomain" https://rest_server_url/paas/api/v1.1/instancemgmt/ExampleIdentityDomain/services/jaas/instances/ExampleInstance/accessrules
Example of Request Body
The following example shows the contents of the request body in JSON format.
{
"ruleName": "my_corp_vnc",
"description": "corporate to VNC to Admin Server",
"ports": "5900",
"protocol": "tcp",
"status": "enabled",
"source": "192.123.45.6/32",
"destination": "WLS_ADMIN_SERVER"
}
Example of Response Header
The following shows an example of the response header when you add a rule.
HTTP/1.1 202 Accepted
Date: Wed, 27 Apr 2016 00:53:16 GMT
Content-Length: 0
Content-Type: application/json
Example of Response Body (View Rules)
There is no response body when you perform a POST to add a rule. Use the GET method to list all rules, including rules that are being created. The following shows an example of the response body using the GET method to list all access rules (as described in View All Access Rules). The activities
section shows ongoing and failed activities. In this example, there is a rule creation in progress.
{
"accessRules":[
{
"ruleName":"ora_p2otd_ahttps",
"description":"Permit public to https to OTD admin server",
"status":"enabled",
"source":"PUBLIC-INTERNET",
"destination":"OTD",
"ports":"8989",
"protocol": "tcp",
"ruleType":"DEFAULT"
},
{
"ruleName":"ora_p2otd_chttps",
"description":"Permit public to https to OTD server",
"status":"enabled",
"source":"PUBLIC-INTERNET",
"destination":"OTD",
"ports":"443",
"protocol": "tcp",
"ruleType":"DEFAULT"
},
{
"ruleName":"ora_p2otd_ssh",
"description":"Permit public to ssh to OTD server",
"status":"enabled",
"source":"PUBLIC-INTERNET",
"destination":"OTD",
"ports":"22",
"protocol": "tcp",
"ruleType":"DEFAULT"
},
{
"ruleName":"sys_otd2ms_chttp",
"description":"DO NOT MODIFY: Permit http connection to managed servers from OTD",
"status":"enabled",
"source":"OTD",
"destination":"WLS_MANAGED_SERVER",
"ports":"8001",
"protocol": "tcp",
"ruleType":"SYSTEM"
},
{
"ruleName":"sys_otd2ms_chttps",
"description":"DO NOT MODIFY: Permit https connection to managed servers from OTD",
"status":"enabled",
"source":"OTD",
"destination":"WLS_MANAGED_SERVER",
"ports":"8002",
"protocol": "tcp",
"ruleType":"SYSTEM"
},
{
"ruleName":"sys_admin2otd_ssh",
"description":"DO NOT MODIFY: Permit admin server to ssh to otd",
"status":"enabled",
"source":"WLS_ADMIN_SERVER",
"destination":"OTD",
"ports":"22",
"protocol": "tcp",
"ruleType":"SYSTEM"
},
{
"ruleName":"sys_ms2db_dblistener",
"description":"DO NOT MODIFY: Permit listener connection to database from managed servers",
"status":"enabled",
"source":"WLS_MANAGED_SERVER",
"destination":"DB",
"ports":"1521",
"protocol": "tcp",
"ruleType":"SYSTEM"
},
{
"ruleName":"sys_ms2db_ssh",
"description":"DO NOT MODIFY: Permit managed servers to ssh to db",
"status":"enabled",
"source":"WLS_MANAGED_SERVER",
"destination":"DB",
"ports":"22",
"ruleType":"SYSTEM"
},
{
"ruleName":"ora_p2admin_ssh",
"description":"Permit public to ssh to admin server",
"status":"enabled",
"source":"PUBLIC-INTERNET",
"destination":"WLS_ADMIN_SERVER",
"ports":"22",
"protocol": "tcp",
"ruleType":"DEFAULT"
},
{
"ruleName":"ora_p2admin_ahttps",
"description":"Permit public to https to admin server",
"status":"enabled",
"source":"PUBLIC-INTERNET",
"destination":"WLS_ADMIN_SERVER",
"ports":"7002",
"protocol": "tcp",
"ruleType":"DEFAULT"
}],
"activities":[
{
"activity":
{
"message":"Creation of [my_corp_vnc] access rule(s) is in progress."
}
}]
}