Access lists¶
The access list management feature allows fine-grained network access
controls to be applied to the load balancer’s virtual IP address. A
single IP address, multiple IP addresses, or entire network subnets can
be added as anetworkItem. Items that are configured with the
ALLOW type always takes precedence over items with the DENY
type. To reject traffic from all items except for those with the
ALLOW type, add a networkItem with an address of “0.0.0.0/0” and
a DENY type.
When issuing a POST to add to an access list, one or more network items are required. If a populated access list exists for the load balancer, it is appended to with subsequent POST requests. One access list may include up to 100 network items. A single address or subnet definition is considered unique and cannot be duplicated between items in an access list.
The following table describes the required and optional attributes:
Table. Required and optional attributes
Name |
Description |
Required |
|---|---|---|
address |
IP address for item to add to access list. |
No |
type |
Type of item to add:
Note Items that are configured with the ALLOW type always take precedence over items with the DENY type. That is, the items marked with the DENY type will still be accepted, but just at a lower priority than ALLOW ones. A common use case for ALLOW and DENY is to DENY a subnet and then ALLOW individual addresses within that subnet |
No |
You can perform these DELETE operations for the access list:
Delete multiple network items in an access list
Delete the entire access list.
Delete a specified network item in an access list.
Show access list¶
GET /v1.0/{account}/loadbalancers/{loadBalancerId}/accesslist
Shows the access list.
The following table shows the possible response codes for this operation:
Response Code |
Name |
Description |
|---|---|---|
200 |
Success |
Request succeeded. |
400 |
Bad Request |
The request is missing one or more elements, or the values of some elements are invalid. |
401 |
Unauthorized |
You are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token. |
404 |
Not Found |
The requested item was not found. |
413 |
Over Limit |
The number of items returned is above the allowed limit. |
422 |
ImmutableEntity |
This fault is returned when a user attempts to modify an item that is not currently in a state that allows modification. For example, load balancers in a status of PENDING_UPDATE,BUILD, or DELETED may not be modified. |
500 |
Load Balancer Fault |
The load balancer has experienced a fault. |
503 |
Service Unavailable |
The service is not available. |
Request¶
The following table shows the URI parameters for the request:
Name |
Type |
Description |
|---|---|---|
{account} |
String |
The ID for the tenant or account in a multi- tenancy cloud. |
{loadBalancerId} |
String |
The ID for the load balancer. |
This operation does not accept a request body.
Response¶
Example Show access list: JSON response
{
"accessList": [
{
"address": "206.160.163.21",
"id": 23,
"type": "DENY"
},
{
"address": "206.160.165.11",
"id": 24,
"type": "DENY"
},
{
"address": "206.160.163.21",
"id": 25,
"type": "DENY"
},
{
"address": "206.160.165.11",
"id": 26,
"type": "DENY"
},
{
"address": "206.160.123.11",
"id": 27,
"type": "DENY"
},
{
"address": "206.160.122.21",
"id": 28,
"type": "DENY"
},
{
"address": "206.140.123.11",
"id": 29,
"type": "DENY"
},
{
"address": "206.140.122.21",
"id": 30,
"type": "DENY"
}
]
}
Example Show access list: XML response
<accessList xmlns="http://docs.openstack.org/loadbalancers/api/v1.0">
<networkItem
id="1000"
address="206.160.165.40"
type="ALLOW" />
<networkItem
id="1001"
address="206.160.165.0/24"
type="DENY" />
</accessList>
Example Show atom access list: XML response
<?xml version='1.0' encoding='UTF-8'?>
<feed xmlns="http://www.w3.org/2005/Atom">
<link rel="next"
href="https://ord.loadbalancers.api.rackspacecloud.com/v1.0/1234/loadbalancers/141/accesslist.atom?page=2"/>
<title type="text">Access List Feed</title>
<id>1234-loadbalancers-141-accesslist</id>
<author>
<name>Rackspace Cloud</name>
</author>
<entry>
<title type="text">Access List Updated</title>
<summary
type="text">Access list successfully updated with the following network item: id: '2155', address: '206.160.163.210', type: 'DENY'
</summary>
<author>
<name>tvardema</name>
</author>
<link href="https://ord.loadbalancers.api.rackspacecloud.com/v1.0/1234/loadbalancers/141/accesslist/"/>
<id>1234-loadbalancers-141-accesslist-2011971658310</id>
<category term="UPDATE"/>
<updated>2011-04-07T16:58:31.000Z</updated>
</entry>
<entry>
<title type="text">Access List Updated</title>
<summary
type="text">Access list successfully updated with the following network item: id: '2156', address: '206.160.165.110', type: 'DENY'
</summary>
<author>
<name>tvardema</name>
</author>
<link href="https://ord.loadbalancers.api.rackspacecloud.com/v1.0/1234/loadbalancers/141/accesslist/"/>
<id>1234-loadbalancers-141-accesslist-2011971658310</id>
<category term="UPDATE"/>
<updated>2011-04-07T16:58:31.000Z</updated>
</entry>
</feed>
Create or update access list¶
POST /v1.0/{account}/loadbalancers/{loadBalancerId}/accesslist
Creates or appends to an access list.
When issuing a POST to add to an access list, one or more network items are
required. If a populated access list already exists for the load balancer, it
is appended to with subsequent POST requests. One access list may include
up to 100 network items. A single address or subnet definition is considered
unique and cannot be duplicated between items in an access list. The following
table shows the possible response codes for this operation:
Response Code |
Name |
Description |
|---|---|---|
202 |
Success |
Request succeeded. |
400 |
Bad Request |
The request is missing one or more elements, or the values of some elements are invalid. |
401 |
Unauthorized |
You are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token. |
404 |
Not Found |
The requested item was not found. |
413 |
Over Limit |
The number of items returned is above the allowed limit. |
422 |
ImmutableEntity |
This fault is returned when a user attempts to modify an item that is not currently in a state that allows modification. For example, load balancers in a status of PENDING_UPDATE,BUILD, or DELETED may not be modified. |
500 |
Load Balancer Fault |
The load balancer has experienced a fault. |
503 |
Service Unavailable |
The service is not available. |
Request¶
The following table shows the URI parameters for the request:
Name |
Type |
Description |
|---|---|---|
{account} |
String |
The ID for the tenant or account in a multi- tenancy cloud. |
{loadBalancerId} |
String |
The ID for the load balancer. |
Example Create or update access list: JSON request
{
"accessList": [
{
"address": "206.160.163.21",
"type": "DENY"
},
{
"address": "206.160.165.11",
"type": "DENY"
}
]
}
Example Create or update access list: XML request
<accessList xmlns="http://docs.openstack.org/loadbalancers/api/v1.0">
<networkItem
address="206.160.165.1"
type="ALLOW" />
<networkItem
address="206.160.165.2"
type="DENY" />
</accessList>
Response¶
This operation does not return a response body.
Delete access list¶
DELETE /v1.0/{account}/loadbalancers/{loadBalancerId}/accesslist
Deletes the entire access list.
The following table shows the possible response codes for this operation:
Response Code |
Name |
Description |
|---|---|---|
202 |
Success |
Request succeeded. |
400 |
Bad Request |
The request is missing one or more elements, or the values of some elements are invalid. |
401 |
Unauthorized |
You are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token. |
404 |
Not Found |
The requested item was not found. |
413 |
Over Limit |
The number of items returned is above the allowed limit. |
422 |
ImmutableEntity |
This fault is returned when a user attempts to modify an item that is not currently in a state that allows modification. For example, load balancers in a status of PENDING_UPDATE,BUILD, or DELETED may not be modified. |
500 |
Load Balancer Fault |
The load balancer has experienced a fault. |
503 |
Service Unavailable |
The service is not available. |
Request¶
The following table shows the URI parameters for the request:
Name |
Type |
Description |
|---|---|---|
{account} |
String |
The ID for the tenant or account in a multi- tenancy cloud. |
{loadBalancerId} |
String |
The ID for the load balancer. |
This operation does not accept a request body.
Response¶
This operation does not return a response body.
Bulk-delete networks from access list¶
DELETE /v1.0/{account}/loadbalancers/{loadBalancerId}/accesslist
Bulk-deletes the specified networks from an access list.
Note
Note that a maximum of 10 network items can be deleted with a Bulk-delete
networks from access list API operation, for example the following call will
delete 3 network items: DELETE \
/v1.0/{account}/loadbalancers/{loadBalancerId}/accesslist?id={id1} &\
id={id2} & id={id3}
The following table shows the possible response codes for this operation:
Response Code |
Name |
Description |
|---|---|---|
202 |
Success |
Request succeeded. |
400 |
Bad Request |
The request is missing one or more elements, or the values of some elements are invalid. |
401 |
Unauthorized |
You are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token. |
404 |
Not Found |
The requested item was not found. |
413 |
Over Limit |
The number of items returned is above the allowed limit. |
422 |
ImmutableEntity |
This fault is returned when a user attempts to modify an item that is not currently in a state that allows modification. For example, load balancers in a status of PENDING_UPDATE,BUILD, or DELETED may not be modified. |
500 |
Load Balancer Fault |
The load balancer has experienced a fault. |
503 |
Service Unavailable |
The service is not available. |
Request¶
The following table shows the URI parameters for the request:
Name |
Type |
Description |
|---|---|---|
{account} |
String |
The ID for the tenant or account in a multi- tenancy cloud. |
{loadBalancerId} |
String |
The ID for the load balancer. |
The following table shows the query parameters for the request:
Name |
Type |
Description |
|---|---|---|
id |
String |
The ID for the network item. |
This operation does not accept a request body.
Response¶
This operation does not return a response body.
Delete network from access list¶
DELETE /v1.0/{account}/loadbalancers/{loadBalancerId}/accesslist/{networkItemId}
Deletes a network item from a specified access list.
The following table shows the possible response codes for this operation:
Response Code |
Name |
Description |
|---|---|---|
202 |
Success |
Request succeeded. |
400 |
Bad Request |
The request is missing one or more elements, or the values of some elements are invalid. |
401 |
Unauthorized |
You are not authorized to complete this operation. This error can occur if the request is submitted with an invalid authentication token. |
404 |
Not Found |
The requested item was not found. |
413 |
Over Limit |
The number of items returned is above the allowed limit. |
422 |
ImmutableEntity |
This fault is returned when a user attempts to modify an item that is not currently in a state that allows modification. For example, load balancers in a status of PENDING_UPDATE,BUILD, or DELETED may not be modified. |
500 |
Load Balancer Fault |
The load balancer has experienced a fault. |
503 |
Service Unavailable |
The service is not available. |
Request¶
The following table shows the URI parameters for the request:
Name |
Type |
Description |
|---|---|---|
{account} |
String |
The ID for the tenant or account in a multi- tenancy cloud. |
{loadBalancerId} |
String |
The ID for the load balancer. |
{networkItemId} |
String |
The ID for the network item. |
This operation does not accept a request body.
Response¶
This operation does not return a response body.