3.1.5.1 accessControlLists
An accessControlLists resource contains a list of access control list (ACL) rules. Access control list resources can be assigned to virtual subnets or IP configurations.
An ACL can be associated with:
Subnets of a virtual or logical network. This means that all network interface cards (NICs) with IP configurations created in the subnet inherit the ACL rules in the Access Control List. Often, subnets are used for a specific architectural tier (frontend, middle tier, backend) in more complex applications. Assigning an ACL to subnets can thus be used to control the network flow between the different tiers.
IP configuration of a NIC. This means that the ACL will be applied to the parent network interface of the specified IP configuration.
It is invoked through the following URI.
-
https://<url>/networking/v1/accessControlLists/{resourceId}
url: The address or name of the REST server of the Network Controller.
resourceId: the identifier for the specific resource within the resource type. See section 2.2.3.4 for more details.
Note The server MAY support additional versions, v1 or later, in the URI.
The following HTTP methods can be performed on this resource.
HTTP method |
Section |
Description |
---|---|---|
PUT |
Create a new accessControlLists resource or update an existing accessControlLists resource. |
|
GET |
Get one accessControlLists resource. |
|
GET ALL |
List all accessControlLists resources in the Network Controller. |
|
DELETE |
Delete an accessControlLists resource. |
The following property elements are valid.
Element name |
Type |
Description |
---|---|---|
etag |
Read-only |
Specified in Common JSON Elements, section 2.2.2. |
provisioningState |
Read-only |
Specified in Common JSON Elements, section 2.2.2. |
aclRules |
Optional |
Indicates the rules in an access control list. See section 3.1.5.1.2 for full details on this element. |
inboundDefaultAction |
Optional |
Indicates the default action for inbound rules. Valid values are Permit or Deny. The default value is Permit. |
ipConfigurations |
Read-only |
Indicates references to IP addresses of networkInterfaces resources this access control list is associated with. |
outboundDefaultAction |
Optional |
Indicates the default action for outbound rules. Valid values are Permit or Deny. The default value is Permit. |
subnets |
Read-only |
Indicates an array of references to subnets resources this access control list is associated with. |
configurationState |
Optional Read-only |
See configurationState in section 2.2.4. |
configurationState.id |
Optional Read-only |
This is the instance ID of the access control list. |
virtualNetworkInterfaceErrors |
Optional Read-only |
An array of configurationState objects as defined in section 2.2.4. |
securityTags |
Optional |
An array of security tags (section 3.1.5.31) to which the parent access control list is applied. That is, the parent access control list will be applied to all virtual interfaces associated with each security tag. |