Context Based Restrictions | IBM Cloud API Docs

Introduction

Last updated: 2022-12-08

With the IBM Cloud® Context-based restrictions Management API, you can create, update, view, and delete context-based restriction rules and contexts, and view account settings. You can define ingress rules for IBM Cloud® resources based on the context of access requests by using context-based restrictions.

Contexts and rules are the main components that make up context-based restrictions.

Rules are used in access decisions when you call service APIs. Contexts can be made up of one or more endpoint types, which are the connection over which an access request is received, and network zones, which are an allowlist of IP addresses and VPCs. For more information about how restrictions work, see What are context-based restrictions?.

The following shows an example of a context-based restrictions rule:

Resource	Contexts
All COS buckets in instance XYZ	Zone: A. Zone: B or C, Type: "private"

A context allows access only if all its conditions are satisfied. That is, the request must originate from at least one of the specified network zones if any, and be received over a connection that matches one of the specified endpoint types, if any.

If no rules are applicable to the request, access is not restricted based on context, and is determined exclusively by Identity and Access Management (IAM) access policies.

Installing the Java SDK

Maven

<dependency>
	<groupId>com.ibm.cloud</groupId>
	<artifactId>context-based-restrictions</artifactId>
	<version>{version}</version>
</dependency>

Gradle

compile 'com.ibm.cloud:context-based-restrictions:{version}'

Replace {version} in these examples with the release version.

View on GitHub

https://github.com/IBM/platform-services-java-sdk

Installing the Node SDK

npm install @ibm-cloud/platform-services

View on GitHub

https://github.com/IBM/platform-services-node-sdk

Installing the Python SDK

pip install --upgrade "ibm-platform-services"

View on GitHub

https://github.com/IBM/platform-services-python-sdk

Installing the Go SDK

Go modules (recommended): Add the following import to your code and then run go build or go mod tidy

import (
	"github.com/IBM/platform-services-go-sdk/contextbasedrestrictionsv1"
)

Go get

go get -u github.com/IBM/platform-services-go-sdk/contextbasedrestrictionsv1

View on GitHub

https://github.com/IBM/platform-services-go-sdk

Network Zones

A network zone is an allowlist of IP addresses, VPCs, and service references that represents the location from which an access request originates. Network zones can be shared among any number of context-based restrictions in the account. These zones contain a unique name, description, and an account ID.

A set of one or more network locations in a network zone can be specified by using the following constructs:

IP addresses, which include individual addresses, ranges, or subnets. IPv4 and IPv6 are supported.
VPCs (to allow access from the VPC over the private network)
Service references, which allow access from other IBM Cloud® services.

Rules

Rules apply access restrictions to resources based on the originating context of the access request. For example, a network zone and an endpoint type can make up a context.

If multiple rules are applicable to a particular request, access is allowed only if all applicable rules allow access. This might be the case if rules are defined at different granularities. For example, a rule applicable to the Users service that allows access only from a private endpoint, and another rule applicable to the Users service only from a specific set of IP addresses.

Endpoint URLs

The Context-based restrictions Management API uses the following public global endpoint URL. When you call the API, add the path for each method to form the complete API endpoint for your requests.

https://cbr.cloud.ibm.com

Virtual Private Cloud (VPC) based access requires a virtual private endpoint (VPE) gateway. For more information , see Creating an endpoint gateway.

Private endpoint URL for VPC infrastructure: https://private.cbr.cloud.ibm.com. VPE gateway creation is supported in following datacenters:
- Dallas
- Washington
- Frankfurt

If you enabled service endpoints in your account, you can send API requests over the IBM Cloud private network at the following base endpoint URLs. For more information, see Enabling VRF and service endpoints.

Private endpoint URLs for classic infrastructure. Supported datacenters and urls:
- Dallas: https://private.us-south.cbr.cloud.ibm.com
- Washington DC: https://private.us-east.cbr.cloud.ibm.com
- Frankfurt: https://private.eu-de.cbr.cloud.ibm.com

Authentication

Authorization to this API is enforced by using an IBM Cloud IAM access token. The token is used to determine the actions that a user or service ID has access to when they use the API.

Obtaining an IAM token for an authenticated user or service ID is described in the IAM Identity Services API documentation.

Auditing

You can monitor API activity within your account by using the IBM Cloud Activity Tracker service. When an API method is called, an event is generated that you can then track and audit from within Activity Tracker. Methods that generate events include administrator operations on Context-based restriction rules and network zones only, such as create, delete, and list. For methods that generate these events, the specific event type is listed with each individual method.

Error handling

This API uses standard HTTP response codes to indicate whether a method completed successfully. A 200 response indicates success. A 400 type response indicates a failure, and a 500 type response indicates an internal system error.

Table 1. Error handling table.
HTTP Error Code	Description	Recovery
`200`	Success	The request was successful.
`201`	Created	The resource was successfully created.
`204`	No Content	The request was successful. No response body is provided.
`400`	Bad Request	The input parameters in the request body are either incomplete or in the wrong format. Be sure to include all required parameters in your request.
`401`	Unauthorized	You are not authorized to make this request.
`403`	Forbidden	The supplied authentication is not authorized to access the endpoint.
`404`	Not Found	The requested resource can't be found.
`409`	Conflict	The entity is already in the requested state.
`500`	Service Unavailable	Context-based restrictions are currently unavailable. Your request can't be processed. Wait a few minutes and try again.

Transaction-Id

An optional transaction ID can be passed to your request, which can be useful for tracking calls through multiple services by using one identifier. The header key must be set to Transaction-Id and the value is anything that you choose.

If no transaction ID is passed in, then a random ID is generated.

When you work with the context-based restrictions management API, you might need to work with other IAM services. For example, the following APIs:

See IAM Access Groups to create groups and manage memberships.
See IAM Identity Service to learn about API key, service ID, and token creation.
See IAM Policy Management to enable a subject to access a resource.

This operation creates a network zone for the specified account.

POST /v1/zones

(contextBasedRestrictions *ContextBasedRestrictionsV1) CreateZone(createZoneOptions *CreateZoneOptions) (result *Zone, response *core.DetailedResponse, err error)

(contextBasedRestrictions *ContextBasedRestrictionsV1) CreateZoneWithContext(ctx context.Context, createZoneOptions *CreateZoneOptions) (result *Zone, response *core.DetailedResponse, err error)

ServiceCall<Zone> createZone(CreateZoneOptions createZoneOptions)

createZone(params)

create_zone(
        self,
        *,
        name: Optional[str] = None,
        account_id: Optional[str] = None,
        addresses: Optional[List['Address']] = None,
        description: Optional[str] = None,
        excluded: Optional[List['Address']] = None,
        x_correlation_id: Optional[str] = None,
        transaction_id: Optional[str] = None,
        **kwargs,
    ) -> DetailedResponse

Authorization

To call this method, you must be assigned one or more IAM access roles that include the following action. You can check your access by going to Users > User > Access.

context-based-restrictions.zone.create

Request

Instantiate the CreateZoneOptions struct and set the fields to provide parameter values for the CreateZone method.

Use the CreateZoneOptions.Builder to create a CreateZoneOptions object that contains the parameter values for the createZone method.

Custom Headers

X-Correlation-Id
string
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression ^[a-zA-Z0-9 ,\-_]+$
Transaction-Id
string
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression ^[a-zA-Z0-9 ,\-_]+$

Request Body

NewZone

The network zone to create.

Examples:

View

parameter

WithContext method only

CreateZoneOptions

The CreateZone options.

CreateZoneOptions

The createZone options.

parameters

name
string
The name of the zone.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression /^[^-!-,.-\/:-@[-^`{--]+$/
Examples:
value
_source
_lines
_html
accountId
string
The id of the account owning this zone.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression /^[a-zA-Z0-9\\-]+$/
Examples:
value
_source
_lines
_html
addresses
The list of addresses in the zone.

Possible values: 0 ≤ number of items ≤ 1000
Examples:
value
_source
_lines
_html
description
string
The description of the zone.

Possible values: 0 ≤ length ≤ 300, Value must match regular expression /^[^--]*$/
Examples:
value
_source
_lines
_html
excluded
The list of excluded addresses in the zone. Only addresses of type ipAddress, ipRange, and subnet can be excluded.

Possible values: number of items ≤ 1000
Examples:
value
_source
_lines
_html
xCorrelationId
string
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
transactionId
string
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/

parameters

name
str
The name of the zone.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression /^[^-!-,.-\/:-@[-^`{--]+$/
Examples:
value
_source
_lines
_html
account_id
str
The id of the account owning this zone.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression /^[a-zA-Z0-9\\-]+$/
Examples:
value
_source
_lines
_html
addresses
The list of addresses in the zone.

Possible values: 0 ≤ number of items ≤ 1000
Examples:
value
_source
_lines
_html
description
str
The description of the zone.

Possible values: 0 ≤ length ≤ 300, Value must match regular expression /^[^--]*$/
Examples:
value
_source
_lines
_html
excluded
The list of excluded addresses in the zone. Only addresses of type ipAddress, ipRange, and subnet can be excluded.

Possible values: number of items ≤ 1000
Examples:
value
_source
_lines
_html
x_correlation_id
str
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
transaction_id
str
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/

Example request

curl -X POST --location --header "Authorization: Bearer {iam_token}"   --header "Accept: application/json"   --header "Content-Type: application/json"   --data '{ "name": "an example of zone", "description": "this is an example of zone", "account_id": "12ab34cd56ef78ab90cd12ef34ab56cd", "addresses": [ { "type": "ipAddress", "value": "169.23.56.234" }, { "type": "ipAddress", "value": "3ffe:1900:fe21:4545::" }, { "type": "ipRange", "value": "169.23.22.0-169.23.22.255" }, { "type": "ipRange", "value": "3ffe:1900:fe21:4545::-3ffe:1900:fe21:6767::" }, { "type": "subnet", "value": "192.0.2.0/24" }, { "type": "vpc", "value": "crn:v1:bluemix:public:is:us-south:a/12ab34cd56ef78ab90cd12ef34ab56cd::vpc:r134-d98a1702-b39a-449a-86d4-ef8dbacf281e" }, { "type": "serviceRef", "ref": { "account_id": "12ab34cd56ef78ab90cd12ef34ab56cd", "service_name": "cloud-object-storage" } } ], "excluded": [ { "type": "ipAddress", "value": "169.23.22.127" } ] }'   "https://cbr.cloud.ibm.com/v1/zones"

Example request

ipAddressModel := &contextbasedrestrictionsv1.AddressIPAddress{
  Type:  core.StringPtr("ipAddress"),
  Value: core.StringPtr("169.23.56.234"),
}
ipAddressV6Model := &contextbasedrestrictionsv1.AddressIPAddress{
  Type:  core.StringPtr("ipAddress"),
  Value: core.StringPtr("3ffe:1900:fe21:4545::"),
}
ipRangeAddressModel := &contextbasedrestrictionsv1.AddressIPAddressRange{
  Type:  core.StringPtr("ipRange"),
  Value: core.StringPtr("169.23.22.0-169.23.22.255"),
}
ipRangeAddressV6Model := &contextbasedrestrictionsv1.AddressIPAddressRange{
  Type:  core.StringPtr("ipRange"),
  Value: core.StringPtr("3ffe:1900:fe21:4545::-3ffe:1900:fe21:6767::"),
}
subnetAddressModel := &contextbasedrestrictionsv1.AddressSubnet{
  Type:  core.StringPtr("subnet"),
  Value: core.StringPtr("192.0.2.0/24"),
}
vpcAddressModel := &contextbasedrestrictionsv1.AddressVPC{
  Type:  core.StringPtr("vpc"),
  Value: core.StringPtr(vpcCRN),
}
serviceRefAddressModel := &contextbasedrestrictionsv1.AddressServiceRef{
  Type: core.StringPtr("serviceRef"),
  Ref: &contextbasedrestrictionsv1.ServiceRefValue{
    AccountID:   core.StringPtr(accountID),
    ServiceName: core.StringPtr("cloud-object-storage"),
  },
}
excludedIPAddressModel := &contextbasedrestrictionsv1.AddressIPAddress{
  Type:  core.StringPtr("ipAddress"),
  Value: core.StringPtr("169.23.22.127"),
}

createZoneOptions := contextBasedRestrictionsService.NewCreateZoneOptions()
createZoneOptions.SetName("an example of zone")
createZoneOptions.SetAccountID(accountID)
createZoneOptions.SetDescription("this is an example of zone")
createZoneOptions.SetAddresses([]contextbasedrestrictionsv1.AddressIntf{ipAddressModel, ipAddressV6Model, ipRangeAddressModel, ipRangeAddressV6Model, subnetAddressModel, vpcAddressModel, serviceRefAddressModel})
createZoneOptions.SetExcluded([]contextbasedrestrictionsv1.AddressIntf{excludedIPAddressModel})

zone, response, err := contextBasedRestrictionsService.CreateZone(createZoneOptions)
if err != nil {
  panic(err)
}
b, _ := json.MarshalIndent(zone, "", "  ")
fmt.Println(string(b))

Example request

AddressIPAddress ipAddressModel = new AddressIPAddress.Builder()
  .type("ipAddress")
  .value("169.23.56.234")
  .build();
AddressIPAddress ipAddressV6Model = new AddressIPAddress.Builder()
  .type("ipAddress")
  .value("3ffe:1900:fe21:4545::")
  .build();
AddressIPAddressRange ipRangeAddressModel = new AddressIPAddressRange.Builder()
  .type("ipRange")
  .value("169.23.22.0-169.23.22.255")
  .build();
AddressIPAddressRange ipRangeAddressV6Model = new AddressIPAddressRange.Builder()
  .type("ipRange")
  .value("3ffe:1900:fe21:4545::-3ffe:1900:fe21:6767::")
  .build();
AddressSubnet subnetAddressModel = new AddressSubnet.Builder()
  .type("subnet")
  .value("192.0.2.0/24")
  .build();
AddressVPC vpcAddressModel = new AddressVPC.Builder()
  .type("vpc")
  .value(vpcCRN)
  .build();
ServiceRefValue serviceRefValueModel = new ServiceRefValue.Builder()
  .accountId(accountID)
  .serviceName("cloud-object-storage")
  .build();
AddressServiceRef serviceRefAddressModel = new AddressServiceRef.Builder()
  .type("serviceRef")
  .ref(serviceRefValueModel)
  .build();
AddressIPAddress excludedIPAddressModel = new AddressIPAddress.Builder()
  .type("ipAddress")
  .value("169.23.22.127")
  .build();
CreateZoneOptions createZoneOptions = new CreateZoneOptions.Builder()
  .name("an example of zone")
  .accountId(accountID)
  .description("this is an example of zone")
  .addresses(java.util.Arrays.asList(ipAddressModel, ipAddressV6Model, ipRangeAddressModel, ipRangeAddressV6Model, subnetAddressModel, vpcAddressModel, serviceRefAddressModel))
  .excluded(java.util.Arrays.asList(excludedIPAddressModel))
  .build();

Response<Zone> response = contextBasedRestrictionsService.createZone(createZoneOptions).execute();
Zone zone = response.getResult();

System.out.println(zone);

Example request

// Request models needed by this operation.

// AddressIPAddress
const ipAddressModel = {
  type: 'ipAddress',
  value: '169.23.56.234',
};
const ipAddressV6Model = {
  type: 'ipAddress',
  value: '3ffe:1900:fe21:4545::',
};
// AddressIPAddressRange
const ipRangeAddressModel = {
  type: 'ipRange',
  value: '169.23.22.0-169.23.22.255',
};
const ipRangeAddressV6Model = {
  type: 'ipRange',
  value: '3ffe:1900:fe21:4545::-3ffe:1900:fe21:6767::',
};
// AddressSubnet
const subnetAddressModel = {
  type: 'subnet',
  value: '192.0.2.0/24',
};
// AddressVPC
const vpcAddressModel = {
  type: 'vpc',
  value: vpcCRN,
};
// AddressServiceRef
const serviceRefAddressModel = {
  type: 'serviceRef',
  ref: {
    account_id: accountId,
    service_name: 'cloud-object-storage',
  },
};
// AddressIPAddress
const excludedIPAddressModel = {
  type: 'ipAddress',
  value: '169.23.22.127',
};

const params = {
  name: 'an example of zone',
  accountId,
  addresses: [ipAddressModel, ipAddressV6Model, ipRangeAddressModel, ipRangeAddressV6Model, subnetAddressModel, vpcAddressModel, serviceRefAddressModel],
  excluded: [excludedIPAddressModel],
  description: 'this is an example of zone',
};

try {
  const res = await contextBasedRestrictionsService.createZone(params);
  zoneId = res.result.id;
  zoneRev = res.headers.etag;
  console.log(JSON.stringify(res.result, null, 2));
} catch (err) {
  console.warn(err);
}

Example request

ip_address_model = {
  'type': 'ipAddress',
  'value': '169.23.56.234',
}
ip_address_v6_model = {
  'type': 'ipAddress',
  'value': '3ffe:1900:fe21:4545::',
}
ip_range_address_model = {
  'type': 'ipRange',
  'value': '169.23.22.0-169.23.22.255',
}
ip_range_address_v6_model = {
  'type': 'ipRange',
  'value': '3ffe:1900:fe21:4545::-3ffe:1900:fe21:6767::',
}
subnet_address_model = {
  'type': 'subnet',
  'value': '192.0.2.0/24',
}
vpc_address_model = {
  'type': 'vpc',
  'value': vpc_crn,
}
service_ref_address_model = {
  'type': 'serviceRef',
  'ref': {
    'account_id': account_id,
    'service_name': 'cloud-object-storage',
  },
}
excluded_ip_address_model = {
  'type': 'ipAddress',
  'value': '169.23.22.127',
}

response = context_based_restrictions_service.create_zone(
  name='an example of zone',
  account_id=account_id,
  addresses=[
    ip_address_model,
    ip_address_v6_model,
    ip_range_address_model,
    ip_range_address_v6_model,
    subnet_address_model,
    vpc_address_model,
    service_ref_address_model,
  ],
  description='this is an example of zone',
  excluded=[excluded_ip_address_model],
)
zone = response.get_result()

print(json.dumps(zone, indent=2))

Response

Response Body

Zone

An output zone

Zone

An output zone.

Zone

An output zone.

Zone

An output zone.

Zone

An output zone.

Status Code

201
Network zone created.
400
The network zone could not be created due to an invalid or missing input parameter or request body.
401
You are not authorized to make this request. The token is either missing, invalid, or expired.
403
The supplied authentication is not authorized to perform the operation.
409
The network zone could not be created due to an already existing zone with the same name.
429
Too Many Requests.
503
A backend service required to complete the operation is unavailable. Try again later.

Example responses

Status 201

{
  "id": "65810ac762004f22ac19f8f8edf70a34",
  "crn": "crn:v1:bluemix:public:context-based-restrictions:global:a/12ab34cd56ef78ab90cd12ef34ab56cd::zone:65810ac762004f22ac19f8f8edf70a34",
  "name": "an example of zone",
  "description": "this is an example of zone",
  "account_id": "12ab34cd56ef78ab90cd12ef34ab56cd",
  "addresses": [
    {
      "type": "ipAddress",
      "value": "169.23.56.234"
    },
    {
      "type": "ipAddress",
      "value": "3ffe:1900:fe21:4545::"
    },
    {
      "type": "ipRange",
      "value": "169.23.22.0-169.23.22.255"
    },
    {
      "type": "ipRange",
      "value": "3ffe:1900:fe21:4545::-3ffe:1900:fe21:6767::"
    },
    {
      "type": "subnet",
      "value": "192.0.2.0/24"
    },
    {
      "type": "vpc",
      "value": "crn:v1:bluemix:public:is:us-south:a/12ab34cd56ef78ab90cd12ef34ab56cd::vpc:r134-d98a1702-b39a-449a-86d4-ef8dbacf281e"
    }
  ],
  "excluded": [
    {
      "type": "ipAddress",
      "value": "169.23.22.127"
    }
  ],
  "address_count": 6,
  "excluded_count": 1,
  "href": "https://cbr.cloud.ibm.com/v1/zones/65810ac762004f22ac19f8f8edf70a34",
  "created_at": "2020-11-23T02:01:59Z",
  "created_by_id": "IBMid-120000P1JM",
  "last_modified_at": "2020-11-23T02:01:59Z",
  "last_modified_by_id": "IBMid-120000P1JM"
}

Success example

{
  "id": "65810ac762004f22ac19f8f8edf70a34",
  "crn": "crn:v1:bluemix:public:context-based-restrictions:global:a/12ab34cd56ef78ab90cd12ef34ab56cd::zone:65810ac762004f22ac19f8f8edf70a34",
  "name": "an example of zone",
  "description": "this is an example of zone",
  "account_id": "12ab34cd56ef78ab90cd12ef34ab56cd",
  "addresses": [
    {
      "type": "ipAddress",
      "value": "169.23.56.234"
    },
    {
      "type": "ipAddress",
      "value": "3ffe:1900:fe21:4545::"
    },
    {
      "type": "ipRange",
      "value": "169.23.22.0-169.23.22.255"
    },
    {
      "type": "ipRange",
      "value": "3ffe:1900:fe21:4545::-3ffe:1900:fe21:6767::"
    },
    {
      "type": "subnet",
      "value": "192.0.2.0/24"
    },
    {
      "type": "vpc",
      "value": "crn:v1:bluemix:public:is:us-south:a/12ab34cd56ef78ab90cd12ef34ab56cd::vpc:r134-d98a1702-b39a-449a-86d4-ef8dbacf281e"
    }
  ],
  "excluded": [
    {
      "type": "ipAddress",
      "value": "169.23.22.127"
    }
  ],
  "address_count": 6,
  "excluded_count": 1,
  "href": "https://cbr.cloud.ibm.com/v1/zones/65810ac762004f22ac19f8f8edf70a34",
  "created_at": "2020-11-23T02:01:59Z",
  "created_by_id": "IBMid-120000P1JM",
  "last_modified_at": "2020-11-23T02:01:59Z",
  "last_modified_by_id": "IBMid-120000P1JM"
}

Status 400

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 400,
  "errors": [
    {
      "code": "request_body_error",
      "message": "The request body has an error.",
      "cause": "property `account_id` is missing"
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 400,
  "errors": [
    {
      "code": "request_body_error",
      "message": "The request body has an error.",
      "cause": "property `account_id` is missing"
    }
  ]
}

Status 401

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 401,
  "errors": [
    {
      "code": "invalid_auth_token",
      "message": "The token failed to validate.",
      "target": {
        "name": "Authorization",
        "type": "header"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 401,
  "errors": [
    {
      "code": "invalid_auth_token",
      "message": "The token failed to validate.",
      "target": {
        "name": "Authorization",
        "type": "header"
      }
    }
  ]
}

Status 403

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 403,
  "errors": [
    {
      "code": "request_not_authorized",
      "message": "The request could not be authorized."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 403,
  "errors": [
    {
      "code": "request_not_authorized",
      "message": "The request could not be authorized."
    }
  ]
}

Status 409

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 409,
  "errors": [
    {
      "code": "zone_already_exists_in_store",
      "message": "A zone with the same name already exists. Assign each zone a unique name.",
      "target": {
        "name": "name",
        "type": "field",
        "value": "an-already-existing-zone-name"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 409,
  "errors": [
    {
      "code": "zone_already_exists_in_store",
      "message": "A zone with the same name already exists. Assign each zone a unique name.",
      "target": {
        "name": "name",
        "type": "field",
        "value": "an-already-existing-zone-name"
      }
    }
  ]
}

Status 429

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 429,
  "errors": [
    {
      "code": "too_many_requests",
      "message": "The client has sent too many requests in a given amount of time."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 429,
  "errors": [
    {
      "code": "too_many_requests",
      "message": "The client has sent too many requests in a given amount of time."
    }
  ]
}

Status 503

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 503,
  "errors": [
    {
      "code": "store_unavailable_error",
      "message": "The store is currently unavailable. Try again later."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 503,
  "errors": [
    {
      "code": "store_unavailable_error",
      "message": "The store is currently unavailable. Try again later."
    }
  ]
}

This operation lists network zones in the specified account.

GET /v1/zones

(contextBasedRestrictions *ContextBasedRestrictionsV1) ListZones(listZonesOptions *ListZonesOptions) (result *ZoneList, response *core.DetailedResponse, err error)

(contextBasedRestrictions *ContextBasedRestrictionsV1) ListZonesWithContext(ctx context.Context, listZonesOptions *ListZonesOptions) (result *ZoneList, response *core.DetailedResponse, err error)

ServiceCall<ZoneList> listZones(ListZonesOptions listZonesOptions)

listZones(params)

list_zones(
        self,
        account_id: str,
        *,
        x_correlation_id: Optional[str] = None,
        transaction_id: Optional[str] = None,
        name: Optional[str] = None,
        sort: Optional[str] = None,
        **kwargs,
    ) -> DetailedResponse

Authorization

To call this method, you must be assigned one or more IAM access roles that include the following action. You can check your access by going to Users > User > Access.

context-based-restrictions.zone.read

Request

Instantiate the ListZonesOptions struct and set the fields to provide parameter values for the ListZones method.

Use the ListZonesOptions.Builder to create a ListZonesOptions object that contains the parameter values for the listZones method.

Custom Headers

X-Correlation-Id
string
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression ^[a-zA-Z0-9 ,\-_]+$
Transaction-Id
string
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression ^[a-zA-Z0-9 ,\-_]+$

Query Parameters

account_id
Required*
string
The ID of the managing account.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression ^[a-zA-Z0-9\-]+$
name
string
The name of the zone.

Possible values: 1 ≤ length ≤ 100, Value must match regular expression ^\*?[a-zA-Z0-9 \-_]+\*?$
sort
string
Sorts results by using a valid sort field. To learn more, see Sorting.

Possible values: 1 ≤ length ≤ 32, Value must match regular expression ^[\-]?[a-z0-9_]+$

parameter

WithContext method only

ListZonesOptions

The ListZones options.

ListZonesOptions

The listZones options.

parameters

accountId
Required*
string
The ID of the managing account.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression /^[a-zA-Z0-9\\-]+$/
xCorrelationId
string
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
transactionId
string
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
name
string
The name of the zone.

Possible values: 1 ≤ length ≤ 100, Value must match regular expression /^\\*?[a-zA-Z0-9 \\-_]+\\*?$/
sort
string
Sorts results by using a valid sort field. To learn more, see Sorting.

Possible values: 1 ≤ length ≤ 32, Value must match regular expression /^[\\-]?[a-z0-9_]+$/

parameters

account_id
Required*
str
The ID of the managing account.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression /^[a-zA-Z0-9\\-]+$/
x_correlation_id
str
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
transaction_id
str
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
name
str
The name of the zone.

Possible values: 1 ≤ length ≤ 100, Value must match regular expression /^\\*?[a-zA-Z0-9 \\-_]+\\*?$/
sort
str
Sorts results by using a valid sort field. To learn more, see Sorting.

Possible values: 1 ≤ length ≤ 32, Value must match regular expression /^[\\-]?[a-z0-9_]+$/

Example request

curl -X GET --location --header "Authorization: Bearer {iam_token}"   --header "Accept: application/json"   "https://cbr.cloud.ibm.com/v1/zones?account_id={account_id}"

Example request

listZonesOptions := contextBasedRestrictionsService.NewListZonesOptions(
  accountID,
)

zoneList, response, err := contextBasedRestrictionsService.ListZones(listZonesOptions)
if err != nil {
  panic(err)
}
b, _ := json.MarshalIndent(zoneList, "", "  ")
fmt.Println(string(b))

Example request

ListZonesOptions listZonesOptions = new ListZonesOptions.Builder()
  .accountId(accountID)
  .build();

Response<ZoneList> response = contextBasedRestrictionsService.listZones(listZonesOptions).execute();
ZoneList zoneList = response.getResult();

System.out.println(zoneList);

Example request

const params = {
  accountId,
};

try {
  const res = await contextBasedRestrictionsService.listZones(params);
  console.log(JSON.stringify(res.result, null, 2));
} catch (err) {
  console.warn(err);
}

Example request

response = context_based_restrictions_service.list_zones(
  account_id=account_id,
)
zone_list = response.get_result()

print(json.dumps(zone_list, indent=2))

Response

Response Body

ZoneList

The response object of the ListZones operation.

ZoneList

The response object of the ListZones operation.

ZoneList

The response object of the ListZones operation.

ZoneList

The response object of the ListZones operation.

ZoneList

The response object of the ListZones operation.

Status Code

200
The network zones were successfully retrieved.
400
The network zones could not be retrieved due to an invalid or missing input parameter.
401
You are not authorized to make this request. The token is either missing, invalid, or expired.
403
The supplied authentication is not authorized to perform the operation.
429
Too Many Requests.
503
A backend service required to complete the operation is unavailable. Try again later.

Example responses

Status 200

{
  "count": 1,
  "zones": [
    {
      "id": "65810ac762004f22ac19f8f8edf70a34",
      "crn": "crn:v1:bluemix:public:context-based-restrictions:global:a/12ab34cd56ef78ab90cd12ef34ab56cd::zone:65810ac762004f22ac19f8f8edf70a34",
      "name": "an example of zone",
      "description": "this is an example of zone",
      "addresses_preview": [
        {
          "type": "ipAddress",
          "value": "169.23.56.234"
        },
        {
          "type": "ipAddress",
          "value": "3ffe:1900:fe21:4545::"
        },
        {
          "type": "ipRange",
          "value": "169.23.22.0-169.23.22.255"
        }
      ],
      "address_count": 6,
      "excluded_count": 1,
      "href": "https://cbr.cloud.ibm.com/v1/zones/65810ac762004f22ac19f8f8edf70a34",
      "created_at": "2020-11-23T02:01:59Z",
      "created_by_id": "IBMid-120000P1JM",
      "last_modified_at": "2020-11-23T02:01:59Z",
      "last_modified_by_id": "IBMid-120000P1JM"
    }
  ]
}

Success example

{
  "count": 1,
  "zones": [
    {
      "id": "65810ac762004f22ac19f8f8edf70a34",
      "crn": "crn:v1:bluemix:public:context-based-restrictions:global:a/12ab34cd56ef78ab90cd12ef34ab56cd::zone:65810ac762004f22ac19f8f8edf70a34",
      "name": "an example of zone",
      "description": "this is an example of zone",
      "addresses_preview": [
        {
          "type": "ipAddress",
          "value": "169.23.56.234"
        },
        {
          "type": "ipAddress",
          "value": "3ffe:1900:fe21:4545::"
        },
        {
          "type": "ipRange",
          "value": "169.23.22.0-169.23.22.255"
        }
      ],
      "address_count": 6,
      "excluded_count": 1,
      "href": "https://cbr.cloud.ibm.com/v1/zones/65810ac762004f22ac19f8f8edf70a34",
      "created_at": "2020-11-23T02:01:59Z",
      "created_by_id": "IBMid-120000P1JM",
      "last_modified_at": "2020-11-23T02:01:59Z",
      "last_modified_by_id": "IBMid-120000P1JM"
    }
  ]
}

Status 400

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 400,
  "errors": [
    {
      "code": "parameter_error",
      "message": "The parameter \"account_id\" in query has an error.",
      "target": {
        "name": "account_id",
        "type": "parameter",
        "value": "an-invalid-account-id"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 400,
  "errors": [
    {
      "code": "parameter_error",
      "message": "The parameter \"account_id\" in query has an error.",
      "target": {
        "name": "account_id",
        "type": "parameter",
        "value": "an-invalid-account-id"
      }
    }
  ]
}

Status 401

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 401,
  "errors": [
    {
      "code": "invalid_auth_token",
      "message": "The token failed to validate.",
      "target": {
        "name": "Authorization",
        "type": "header"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 401,
  "errors": [
    {
      "code": "invalid_auth_token",
      "message": "The token failed to validate.",
      "target": {
        "name": "Authorization",
        "type": "header"
      }
    }
  ]
}

Status 403

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 403,
  "errors": [
    {
      "code": "request_not_authorized",
      "message": "The request could not be authorized."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 403,
  "errors": [
    {
      "code": "request_not_authorized",
      "message": "The request could not be authorized."
    }
  ]
}

Status 429

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 429,
  "errors": [
    {
      "code": "too_many_requests",
      "message": "The client has sent too many requests in a given amount of time."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 429,
  "errors": [
    {
      "code": "too_many_requests",
      "message": "The client has sent too many requests in a given amount of time."
    }
  ]
}

Status 503

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 503,
  "errors": [
    {
      "code": "store_unavailable_error",
      "message": "The store is currently unavailable. Try again later."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 503,
  "errors": [
    {
      "code": "store_unavailable_error",
      "message": "The store is currently unavailable. Try again later."
    }
  ]
}

This operation retrieves the network zone identified by the specified zone ID.

GET /v1/zones/{zone_id}

(contextBasedRestrictions *ContextBasedRestrictionsV1) GetZone(getZoneOptions *GetZoneOptions) (result *Zone, response *core.DetailedResponse, err error)

(contextBasedRestrictions *ContextBasedRestrictionsV1) GetZoneWithContext(ctx context.Context, getZoneOptions *GetZoneOptions) (result *Zone, response *core.DetailedResponse, err error)

ServiceCall<Zone> getZone(GetZoneOptions getZoneOptions)

getZone(params)

get_zone(
        self,
        zone_id: str,
        *,
        x_correlation_id: Optional[str] = None,
        transaction_id: Optional[str] = None,
        **kwargs,
    ) -> DetailedResponse

Authorization

To call this method, you must be assigned one or more IAM access roles that include the following action. You can check your access by going to Users > User > Access.

context-based-restrictions.zone.read

Request

Instantiate the GetZoneOptions struct and set the fields to provide parameter values for the GetZone method.

Use the GetZoneOptions.Builder to create a GetZoneOptions object that contains the parameter values for the getZone method.

Custom Headers

X-Correlation-Id
string
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression ^[a-zA-Z0-9 ,\-_]+$
Transaction-Id
string
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression ^[a-zA-Z0-9 ,\-_]+$

Path Parameters

zone_id
Required*
string
The ID of a zone.

Possible values: length = 32, Value must match regular expression ^[a-fA-F0-9]{32}$

parameter

WithContext method only

GetZoneOptions

The GetZone options.

GetZoneOptions

The getZone options.

parameters

zoneId
Required*
string
The ID of a zone.

Possible values: length = 32, Value must match regular expression /^[a-fA-F0-9]{32}$/
xCorrelationId
string
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
transactionId
string
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/

parameters

zone_id
Required*
str
The ID of a zone.

Possible values: length = 32, Value must match regular expression /^[a-fA-F0-9]{32}$/
x_correlation_id
str
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
transaction_id
str
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/

Example request

curl -X GET --location --header "Authorization: Bearer {iam_token}"   --header "Accept: application/json"   "https://cbr.cloud.ibm.com/v1/zones/{zone_id}"

Example request

getZoneOptions := contextBasedRestrictionsService.NewGetZoneOptions(
  zoneID,
)

zone, response, err := contextBasedRestrictionsService.GetZone(getZoneOptions)
if err != nil {
  panic(err)
}
b, _ := json.MarshalIndent(zone, "", "  ")
fmt.Println(string(b))

Example request

GetZoneOptions getZoneOptions = new GetZoneOptions.Builder()
  .zoneId(zoneID)
  .build();

Response<Zone> response = contextBasedRestrictionsService.getZone(getZoneOptions).execute();
Zone zone = response.getResult();

System.out.println(zone);

Example request

const params = {
  zoneId,
};

try {
  const res = await contextBasedRestrictionsService.getZone(params);
  console.log(JSON.stringify(res.result, null, 2));
} catch (err) {
  console.warn(err);
}

Example request

response = context_based_restrictions_service.get_zone(
  zone_id=zone_id,
)
zone = response.get_result()

print(json.dumps(zone, indent=2))

Response

Response Body

Zone

An output zone

Zone

An output zone.

Zone

An output zone.

Zone

An output zone.

Zone

An output zone.

Status Code

200
The network zone was successfully retrieved.
400
The network zone could not be retrieved due to an invalid or missing input parameter.
401
You are not authorized to make this request. The token is either missing, invalid, or expired.
403
The supplied authentication is not authorized to perform the operation.
404
The network zone could not be found. Verify that the specified zone ID is valid.
429
Too Many Requests.
503
A backend service required to complete the operation is unavailable. Try again later.

Example responses

Status 200

{
  "id": "65810ac762004f22ac19f8f8edf70a34",
  "crn": "crn:v1:bluemix:public:context-based-restrictions:global:a/12ab34cd56ef78ab90cd12ef34ab56cd::zone:65810ac762004f22ac19f8f8edf70a34",
  "name": "an example of zone",
  "description": "this is an example of zone",
  "account_id": "12ab34cd56ef78ab90cd12ef34ab56cd",
  "addresses": [
    {
      "type": "ipAddress",
      "value": "169.23.56.234"
    },
    {
      "type": "ipAddress",
      "value": "3ffe:1900:fe21:4545::"
    },
    {
      "type": "ipRange",
      "value": "169.23.22.0-169.23.22.255"
    },
    {
      "type": "ipRange",
      "value": "3ffe:1900:fe21:4545::-3ffe:1900:fe21:6767::"
    },
    {
      "type": "vpc",
      "value": "crn:v1:bluemix:public:is:us-south:a/12ab34cd56ef78ab90cd12ef34ab56cd::vpc:r134-d98a1702-b39a-449a-86d4-ef8dbacf281e"
    }
  ],
  "excluded": [
    {
      "type": "ipAddress",
      "value": "169.23.22.127"
    }
  ],
  "address_count": 5,
  "excluded_count": 1,
  "href": "https://cbr.cloud.ibm.com/v1/zones/65810ac762004f22ac19f8f8edf70a34",
  "created_at": "2020-11-23T02:01:59Z",
  "created_by_id": "IBMid-120000P1JM",
  "last_modified_at": "2020-11-23T02:01:59Z",
  "last_modified_by_id": "IBMid-120000P1JM"
}

Success example

{
  "id": "65810ac762004f22ac19f8f8edf70a34",
  "crn": "crn:v1:bluemix:public:context-based-restrictions:global:a/12ab34cd56ef78ab90cd12ef34ab56cd::zone:65810ac762004f22ac19f8f8edf70a34",
  "name": "an example of zone",
  "description": "this is an example of zone",
  "account_id": "12ab34cd56ef78ab90cd12ef34ab56cd",
  "addresses": [
    {
      "type": "ipAddress",
      "value": "169.23.56.234"
    },
    {
      "type": "ipAddress",
      "value": "3ffe:1900:fe21:4545::"
    },
    {
      "type": "ipRange",
      "value": "169.23.22.0-169.23.22.255"
    },
    {
      "type": "ipRange",
      "value": "3ffe:1900:fe21:4545::-3ffe:1900:fe21:6767::"
    },
    {
      "type": "vpc",
      "value": "crn:v1:bluemix:public:is:us-south:a/12ab34cd56ef78ab90cd12ef34ab56cd::vpc:r134-d98a1702-b39a-449a-86d4-ef8dbacf281e"
    }
  ],
  "excluded": [
    {
      "type": "ipAddress",
      "value": "169.23.22.127"
    }
  ],
  "address_count": 5,
  "excluded_count": 1,
  "href": "https://cbr.cloud.ibm.com/v1/zones/65810ac762004f22ac19f8f8edf70a34",
  "created_at": "2020-11-23T02:01:59Z",
  "created_by_id": "IBMid-120000P1JM",
  "last_modified_at": "2020-11-23T02:01:59Z",
  "last_modified_by_id": "IBMid-120000P1JM"
}

Status 400

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 400,
  "errors": [
    {
      "code": "parameter_error",
      "message": "The parameter \"zone_id\" in path has an error.",
      "target": {
        "name": "zone_id",
        "type": "parameter",
        "value": "an-invalid-zone-id"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 400,
  "errors": [
    {
      "code": "parameter_error",
      "message": "The parameter \"zone_id\" in path has an error.",
      "target": {
        "name": "zone_id",
        "type": "parameter",
        "value": "an-invalid-zone-id"
      }
    }
  ]
}

Status 401

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 401,
  "errors": [
    {
      "code": "invalid_auth_token",
      "message": "The token failed to validate.",
      "target": {
        "name": "Authorization",
        "type": "header"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 401,
  "errors": [
    {
      "code": "invalid_auth_token",
      "message": "The token failed to validate.",
      "target": {
        "name": "Authorization",
        "type": "header"
      }
    }
  ]
}

Status 403

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 403,
  "errors": [
    {
      "code": "request_not_authorized",
      "message": "The request could not be authorized."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 403,
  "errors": [
    {
      "code": "request_not_authorized",
      "message": "The request could not be authorized."
    }
  ]
}

Status 404

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 404,
  "errors": [
    {
      "code": "zone_not_found_in_store",
      "message": "The zone '65810ac762004f22ac19f8f8edf70a34' is not found.",
      "target": {
        "name": "zone_id",
        "type": "parameter",
        "value": "65810ac762004f22ac19f8f8edf70a34"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 404,
  "errors": [
    {
      "code": "zone_not_found_in_store",
      "message": "The zone '65810ac762004f22ac19f8f8edf70a34' is not found.",
      "target": {
        "name": "zone_id",
        "type": "parameter",
        "value": "65810ac762004f22ac19f8f8edf70a34"
      }
    }
  ]
}

Status 429

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 429,
  "errors": [
    {
      "code": "too_many_requests",
      "message": "The client has sent too many requests in a given amount of time."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 429,
  "errors": [
    {
      "code": "too_many_requests",
      "message": "The client has sent too many requests in a given amount of time."
    }
  ]
}

Status 503

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 503,
  "errors": [
    {
      "code": "store_unavailable_error",
      "message": "The store is currently unavailable. Try again later."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 503,
  "errors": [
    {
      "code": "store_unavailable_error",
      "message": "The store is currently unavailable. Try again later."
    }
  ]
}

This operation replaces the network zone identified by the specified zone ID. Partial updates are not supported. The entire network zone object must be replaced.

PUT /v1/zones/{zone_id}

(contextBasedRestrictions *ContextBasedRestrictionsV1) ReplaceZone(replaceZoneOptions *ReplaceZoneOptions) (result *Zone, response *core.DetailedResponse, err error)

(contextBasedRestrictions *ContextBasedRestrictionsV1) ReplaceZoneWithContext(ctx context.Context, replaceZoneOptions *ReplaceZoneOptions) (result *Zone, response *core.DetailedResponse, err error)

ServiceCall<Zone> replaceZone(ReplaceZoneOptions replaceZoneOptions)

replaceZone(params)

replace_zone(
        self,
        zone_id: str,
        if_match: str,
        *,
        name: Optional[str] = None,
        account_id: Optional[str] = None,
        addresses: Optional[List['Address']] = None,
        description: Optional[str] = None,
        excluded: Optional[List['Address']] = None,
        x_correlation_id: Optional[str] = None,
        transaction_id: Optional[str] = None,
        **kwargs,
    ) -> DetailedResponse

Authorization

To call this method, you must be assigned one or more IAM access roles that include the following action. You can check your access by going to Users > User > Access.

context-based-restrictions.zone.update

Request

Instantiate the ReplaceZoneOptions struct and set the fields to provide parameter values for the ReplaceZone method.

Use the ReplaceZoneOptions.Builder to create a ReplaceZoneOptions object that contains the parameter values for the replaceZone method.

Custom Headers

If-Match
Required*
string
The current revision of the resource being updated. This can be found in the Create/Get/Update resource response ETag header.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression ^[a-fA-F0-9\-]+$
X-Correlation-Id
string
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression ^[a-zA-Z0-9 ,\-_]+$
Transaction-Id
string
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression ^[a-zA-Z0-9 ,\-_]+$

Path Parameters

zone_id
Required*
string
The ID of a zone.

Possible values: length = 32, Value must match regular expression ^[a-fA-F0-9]{32}$

Request Body

NewZone

The network zone to replace.

Examples:

View

parameter

WithContext method only

ReplaceZoneOptions

The ReplaceZone options.

ReplaceZoneOptions

The replaceZone options.

parameters

zoneId
Required*
string
The ID of a zone.

Possible values: length = 32, Value must match regular expression /^[a-fA-F0-9]{32}$/
ifMatch
Required*
string
The current revision of the resource being updated. This can be found in the Create/Get/Update resource response ETag header.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression /^[a-fA-F0-9\\-]+$/
name
string
The name of the zone.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression /^[^-!-,.-\/:-@[-^`{--]+$/
Examples:
value
_source
_lines
_html
accountId
string
The id of the account owning this zone.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression /^[a-zA-Z0-9\\-]+$/
Examples:
value
_source
_lines
_html
addresses
The list of addresses in the zone.

Possible values: 0 ≤ number of items ≤ 1000
Examples:
value
_source
_lines
_html
description
string
The description of the zone.

Possible values: 0 ≤ length ≤ 300, Value must match regular expression /^[^--]*$/
Examples:
value
_source
_lines
_html
excluded
The list of excluded addresses in the zone. Only addresses of type ipAddress, ipRange, and subnet can be excluded.

Possible values: number of items ≤ 1000
Examples:
value
_source
_lines
_html
xCorrelationId
string
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
transactionId
string
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/

parameters

zone_id
Required*
str
The ID of a zone.

Possible values: length = 32, Value must match regular expression /^[a-fA-F0-9]{32}$/
if_match
Required*
str
The current revision of the resource being updated. This can be found in the Create/Get/Update resource response ETag header.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression /^[a-fA-F0-9\\-]+$/
name
str
The name of the zone.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression /^[^-!-,.-\/:-@[-^`{--]+$/
Examples:
value
_source
_lines
_html
account_id
str
The id of the account owning this zone.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression /^[a-zA-Z0-9\\-]+$/
Examples:
value
_source
_lines
_html
addresses
The list of addresses in the zone.

Possible values: 0 ≤ number of items ≤ 1000
Examples:
value
_source
_lines
_html
description
str
The description of the zone.

Possible values: 0 ≤ length ≤ 300, Value must match regular expression /^[^--]*$/
Examples:
value
_source
_lines
_html
excluded
The list of excluded addresses in the zone. Only addresses of type ipAddress, ipRange, and subnet can be excluded.

Possible values: number of items ≤ 1000
Examples:
value
_source
_lines
_html
x_correlation_id
str
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
transaction_id
str
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/

Example request

curl -X PUT --location --header "Authorization: Bearer {iam_token}"   --header "Accept: application/json"   --header "If-Match: {if_match}"   --header "Content-Type: application/json"   --data '{ "name": "an example of zone", "description": "this is an example of zone", "account_id": "12ab34cd56ef78ab90cd12ef34ab56cd", "addresses": [ { "type": "ipAddress", "value": "169.23.56.234" }, { "type": "ipAddress", "value": "3ffe:1900:fe21:4545::" }, { "type": "ipRange", "value": "169.23.22.0-169.23.22.255" }, { "type": "ipRange", "value": "3ffe:1900:fe21:4545::-3ffe:1900:fe21:6767::" }, { "type": "vpc", "value": "crn:v1:bluemix:public:is:us-south:a/12ab34cd56ef78ab90cd12ef34ab56cd::vpc:r134-d98a1702-b39a-449a-86d4-ef8dbacf281e" } ], "excluded": [ { "type": "ipAddress", "value": "169.23.22.128" } ] }'   "https://cbr.cloud.ibm.com/v1/zones/{zone_id}"

Example request

addressModel := &contextbasedrestrictionsv1.AddressIPAddress{
  Type:  core.StringPtr("ipAddress"),
  Value: core.StringPtr("169.23.56.234"),
}

replaceZoneOptions := contextBasedRestrictionsService.NewReplaceZoneOptions(
  zoneID,
  zoneRev,
)
replaceZoneOptions.SetName("an example of updated zone")
replaceZoneOptions.SetAccountID(accountID)
replaceZoneOptions.SetDescription("this is an example of updated zone")
replaceZoneOptions.SetAddresses([]contextbasedrestrictionsv1.AddressIntf{addressModel})

zone, response, err := contextBasedRestrictionsService.ReplaceZone(replaceZoneOptions)
if err != nil {
  panic(err)
}
b, _ := json.MarshalIndent(zone, "", "  ")
fmt.Println(string(b))

Example request

AddressIPAddress addressModel = new AddressIPAddress.Builder()
  .type("ipAddress")
  .value("169.23.56.234")
  .build();
ReplaceZoneOptions replaceZoneOptions = new ReplaceZoneOptions.Builder()
  .zoneId(zoneID)
  .ifMatch(zoneRev)
  .name("an example of zone")
  .accountId(accountID)
  .description("this is an example of updated zone")
  .addresses(java.util.Arrays.asList(addressModel))
  .build();

Response<Zone> response = contextBasedRestrictionsService.replaceZone(replaceZoneOptions).execute();
Zone zone = response.getResult();

System.out.println(zone);

Example request

// Request models needed by this operation.

// AddressIPAddress
const addressModel = {
  type: 'ipAddress',
  value: '169.23.56.234',
};

const params = {
  zoneId,
  ifMatch: zoneRev,
  name: 'an example of updated zone',
  accountId,
  addresses: [addressModel],
  description: 'this is an example of updated zone',
};

try {
  const res = await contextBasedRestrictionsService.replaceZone(params);
  zoneId = res.result.id;
  zoneRev = res.headers.etag;

  console.log(JSON.stringify(res.result, null, 2));
} catch (err) {
  console.warn(err);
}

Example request

address_model = {
  'type': 'ipAddress',
  'value': '169.23.56.234',
}

response = context_based_restrictions_service.replace_zone(
  zone_id=zone_id,
  if_match=zone_rev,
  name='an example of zone',
  account_id=account_id,
  addresses=[address_model],
  description='this is an example of zone',
)
zone = response.get_result()

print(json.dumps(zone, indent=2))

Response

Response Body

Zone

An output zone

Zone

An output zone.

Zone

An output zone.

Zone

An output zone.

Zone

An output zone.

Status Code

200
The network zone was successfully replaced.
400
The network zone could not be replaced due to an invalid or missing input parameter.
401
You are not authorized to make this request. The token is either missing, invalid, or expired.
403
The supplied authentication is not authorized to perform the operation.
404
The network zone could not be found. Verify that the specified zone ID is valid.
412
The network zone revision is missing or invalid.
429
Too Many Requests.
503
A backend service required to complete the operation is unavailable. Try again later.

Example responses

Status 200

{
  "id": "65810ac762004f22ac19f8f8edf70a34",
  "crn": "crn:v1:bluemix:public:context-based-restrictions:global:a/12ab34cd56ef78ab90cd12ef34ab56cd::zone:65810ac762004f22ac19f8f8edf70a34",
  "name": "an example of zone",
  "description": "this is an example of zone",
  "account_id": "12ab34cd56ef78ab90cd12ef34ab56cd",
  "addresses": [
    {
      "type": "ipAddress",
      "value": "169.23.56.234"
    },
    {
      "type": "ipAddress",
      "value": "3ffe:1900:fe21:4545::"
    },
    {
      "type": "ipRange",
      "value": "169.23.22.0-169.23.22.255"
    },
    {
      "type": "ipRange",
      "value": "3ffe:1900:fe21:4545::-3ffe:1900:fe21:6767::"
    },
    {
      "type": "vpc",
      "value": "crn:v1:bluemix:public:is:us-south:a/12ab34cd56ef78ab90cd12ef34ab56cd::vpc:r134-d98a1702-b39a-449a-86d4-ef8dbacf281e"
    }
  ],
  "excluded": [
    {
      "type": "ipAddress",
      "value": "169.23.22.128"
    }
  ],
  "address_count": 5,
  "excluded_count": 1,
  "href": "https://cbr.cloud.ibm.com/v1/zones/65810ac762004f22ac19f8f8edf70a34",
  "created_at": "2020-11-23T02:01:59Z",
  "created_by_id": "IBMid-120000P1JM",
  "last_modified_at": "2020-11-23T02:05:00Z",
  "last_modified_by_id": "IBMid-120000P1JM"
}

Success example

{
  "id": "65810ac762004f22ac19f8f8edf70a34",
  "crn": "crn:v1:bluemix:public:context-based-restrictions:global:a/12ab34cd56ef78ab90cd12ef34ab56cd::zone:65810ac762004f22ac19f8f8edf70a34",
  "name": "an example of zone",
  "description": "this is an example of zone",
  "account_id": "12ab34cd56ef78ab90cd12ef34ab56cd",
  "addresses": [
    {
      "type": "ipAddress",
      "value": "169.23.56.234"
    },
    {
      "type": "ipAddress",
      "value": "3ffe:1900:fe21:4545::"
    },
    {
      "type": "ipRange",
      "value": "169.23.22.0-169.23.22.255"
    },
    {
      "type": "ipRange",
      "value": "3ffe:1900:fe21:4545::-3ffe:1900:fe21:6767::"
    },
    {
      "type": "vpc",
      "value": "crn:v1:bluemix:public:is:us-south:a/12ab34cd56ef78ab90cd12ef34ab56cd::vpc:r134-d98a1702-b39a-449a-86d4-ef8dbacf281e"
    }
  ],
  "excluded": [
    {
      "type": "ipAddress",
      "value": "169.23.22.128"
    }
  ],
  "address_count": 5,
  "excluded_count": 1,
  "href": "https://cbr.cloud.ibm.com/v1/zones/65810ac762004f22ac19f8f8edf70a34",
  "created_at": "2020-11-23T02:01:59Z",
  "created_by_id": "IBMid-120000P1JM",
  "last_modified_at": "2020-11-23T02:05:00Z",
  "last_modified_by_id": "IBMid-120000P1JM"
}

Status 400

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 400,
  "errors": [
    {
      "code": "invalid_ip_range_value_first_ip_greater_than_last_ip",
      "message": "Invalid `ipRange` value: the first IP address is greater than last IP address.",
      "target": {
        "name": "value",
        "type": "field",
        "value": "169.25.27.0-169.25.26.255"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 400,
  "errors": [
    {
      "code": "invalid_ip_range_value_first_ip_greater_than_last_ip",
      "message": "Invalid `ipRange` value: the first IP address is greater than last IP address.",
      "target": {
        "name": "value",
        "type": "field",
        "value": "169.25.27.0-169.25.26.255"
      }
    }
  ]
}

Status 401

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 401,
  "errors": [
    {
      "code": "invalid_auth_token",
      "message": "The token failed to validate.",
      "target": {
        "name": "Authorization",
        "type": "header"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 401,
  "errors": [
    {
      "code": "invalid_auth_token",
      "message": "The token failed to validate.",
      "target": {
        "name": "Authorization",
        "type": "header"
      }
    }
  ]
}

Status 403

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 403,
  "errors": [
    {
      "code": "request_not_authorized",
      "message": "The request could not be authorized."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 403,
  "errors": [
    {
      "code": "request_not_authorized",
      "message": "The request could not be authorized."
    }
  ]
}

Status 404

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 404,
  "errors": [
    {
      "code": "zone_not_found_in_store",
      "message": "The zone '65810ac762004f22ac19f8f8edf70a34' is not found.",
      "target": {
        "name": "zone_id",
        "type": "parameter",
        "value": "65810ac762004f22ac19f8f8edf70a34"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 404,
  "errors": [
    {
      "code": "zone_not_found_in_store",
      "message": "The zone '65810ac762004f22ac19f8f8edf70a34' is not found.",
      "target": {
        "name": "zone_id",
        "type": "parameter",
        "value": "65810ac762004f22ac19f8f8edf70a34"
      }
    }
  ]
}

Status 412

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 412,
  "errors": [
    {
      "code": "invalid_zone_revision",
      "message": "The zone revision is missing or invalid.",
      "target": {
        "name": "If-Match",
        "type": "header",
        "value": "an-invalid-revision"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 412,
  "errors": [
    {
      "code": "invalid_zone_revision",
      "message": "The zone revision is missing or invalid.",
      "target": {
        "name": "If-Match",
        "type": "header",
        "value": "an-invalid-revision"
      }
    }
  ]
}

Status 429

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 429,
  "errors": [
    {
      "code": "too_many_requests",
      "message": "The client has sent too many requests in a given amount of time."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 429,
  "errors": [
    {
      "code": "too_many_requests",
      "message": "The client has sent too many requests in a given amount of time."
    }
  ]
}

Status 503

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 503,
  "errors": [
    {
      "code": "store_unavailable_error",
      "message": "The store is currently unavailable. Try again later."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 503,
  "errors": [
    {
      "code": "store_unavailable_error",
      "message": "The store is currently unavailable. Try again later."
    }
  ]
}

This operation deletes the network zone identified by the specified zone ID.

DELETE /v1/zones/{zone_id}

(contextBasedRestrictions *ContextBasedRestrictionsV1) DeleteZone(deleteZoneOptions *DeleteZoneOptions) (response *core.DetailedResponse, err error)

(contextBasedRestrictions *ContextBasedRestrictionsV1) DeleteZoneWithContext(ctx context.Context, deleteZoneOptions *DeleteZoneOptions) (response *core.DetailedResponse, err error)

ServiceCall<Void> deleteZone(DeleteZoneOptions deleteZoneOptions)

deleteZone(params)

delete_zone(
        self,
        zone_id: str,
        *,
        x_correlation_id: Optional[str] = None,
        transaction_id: Optional[str] = None,
        **kwargs,
    ) -> DetailedResponse

Authorization

To call this method, you must be assigned one or more IAM access roles that include the following action. You can check your access by going to Users > User > Access.

context-based-restrictions.zone.delete

Request

Instantiate the DeleteZoneOptions struct and set the fields to provide parameter values for the DeleteZone method.

Use the DeleteZoneOptions.Builder to create a DeleteZoneOptions object that contains the parameter values for the deleteZone method.

Custom Headers

X-Correlation-Id
string
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression ^[a-zA-Z0-9 ,\-_]+$
Transaction-Id
string
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression ^[a-zA-Z0-9 ,\-_]+$

Path Parameters

zone_id
Required*
string
The ID of a zone.

Possible values: length = 32, Value must match regular expression ^[a-fA-F0-9]{32}$

parameter

WithContext method only

DeleteZoneOptions

The DeleteZone options.

DeleteZoneOptions

The deleteZone options.

parameters

zoneId
Required*
string
The ID of a zone.

Possible values: length = 32, Value must match regular expression /^[a-fA-F0-9]{32}$/
xCorrelationId
string
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
transactionId
string
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/

parameters

zone_id
Required*
str
The ID of a zone.

Possible values: length = 32, Value must match regular expression /^[a-fA-F0-9]{32}$/
x_correlation_id
str
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
transaction_id
str
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/

Example request

curl -X DELETE --location --header "Authorization: Bearer {iam_token}" "https://cbr.cloud.ibm.com/v1/zones/{zone_id}"

Example request

deleteZoneOptions := contextBasedRestrictionsService.NewDeleteZoneOptions(
  zoneID,
)

response, err := contextBasedRestrictionsService.DeleteZone(deleteZoneOptions)
if err != nil {
  panic(err)
}
if response.StatusCode != 204 {
  fmt.Printf("\nUnexpected response status code received from DeleteZone(): %d\n", response.StatusCode)
}

Example request

DeleteZoneOptions deleteZoneOptions = new DeleteZoneOptions.Builder()
  .zoneId(zoneID)
  .build();

Response<Void> response = contextBasedRestrictionsService.deleteZone(deleteZoneOptions).execute();

Example request

const params = {
  zoneId,
};

try {
  await contextBasedRestrictionsService.deleteZone(params);
} catch (err) {
  console.warn(err);
}

Example request

response = context_based_restrictions_service.delete_zone(
  zone_id=zone_id,
)

Response

Status Code

204
The network zone was successfully deleted.
400
The network zone could not be deleted due to an invalid or missing input parameter.
401
You are not authorized to make this request. The token is either missing, invalid, or expired.
403
The supplied authentication is not authorized to perform the operation.
404
The network zone could not be found. Verify that the specified zone ID is valid.
412
Precondition not satisfied. A network zone cannot be deleted if it is referenced by one or more rules.
429
Too Many Requests.
503
A backend service required to complete the operation is unavailable. Try again later.

Example responses

Status 400

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 400,
  "errors": [
    {
      "code": "parameter_error",
      "message": "The parameter \"zone_id\" in path has an error.",
      "target": {
        "name": "zone_id",
        "type": "parameter",
        "value": "an-invalid-zone-id"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 400,
  "errors": [
    {
      "code": "parameter_error",
      "message": "The parameter \"zone_id\" in path has an error.",
      "target": {
        "name": "zone_id",
        "type": "parameter",
        "value": "an-invalid-zone-id"
      }
    }
  ]
}

Status 401

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 401,
  "errors": [
    {
      "code": "invalid_auth_token",
      "message": "The token failed to validate.",
      "target": {
        "name": "Authorization",
        "type": "header"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 401,
  "errors": [
    {
      "code": "invalid_auth_token",
      "message": "The token failed to validate.",
      "target": {
        "name": "Authorization",
        "type": "header"
      }
    }
  ]
}

Status 403

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 403,
  "errors": [
    {
      "code": "request_not_authorized",
      "message": "The request could not be authorized."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 403,
  "errors": [
    {
      "code": "request_not_authorized",
      "message": "The request could not be authorized."
    }
  ]
}

Status 404

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 404,
  "errors": [
    {
      "code": "zone_not_found_in_store",
      "message": "The zone '65810ac762004f22ac19f8f8edf70a34' is not found.",
      "target": {
        "name": "zone_id",
        "type": "parameter",
        "value": "65810ac762004f22ac19f8f8edf70a34"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 404,
  "errors": [
    {
      "code": "zone_not_found_in_store",
      "message": "The zone '65810ac762004f22ac19f8f8edf70a34' is not found.",
      "target": {
        "name": "zone_id",
        "type": "parameter",
        "value": "65810ac762004f22ac19f8f8edf70a34"
      }
    }
  ]
}

Status 412

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 412,
  "errors": [
    {
      "code": "zone_used_by_rule",
      "message": "The zone '65810ac762004f22ac19f8f8edf70a34' is referenced by one or more rules and cannot be deleted."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 412,
  "errors": [
    {
      "code": "zone_used_by_rule",
      "message": "The zone '65810ac762004f22ac19f8f8edf70a34' is referenced by one or more rules and cannot be deleted."
    }
  ]
}

Status 429

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 429,
  "errors": [
    {
      "code": "too_many_requests",
      "message": "The client has sent too many requests in a given amount of time."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 429,
  "errors": [
    {
      "code": "too_many_requests",
      "message": "The client has sent too many requests in a given amount of time."
    }
  ]
}

Status 503

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 503,
  "errors": [
    {
      "code": "store_unavailable_error",
      "message": "The store is currently unavailable. Try again later."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 503,
  "errors": [
    {
      "code": "store_unavailable_error",
      "message": "The store is currently unavailable. Try again later."
    }
  ]
}

This operation lists all available service reference targets.

GET /v1/zones/serviceref_targets

(contextBasedRestrictions *ContextBasedRestrictionsV1) ListAvailableServicerefTargets(listAvailableServicerefTargetsOptions *ListAvailableServicerefTargetsOptions) (result *ServiceRefTargetList, response *core.DetailedResponse, err error)

(contextBasedRestrictions *ContextBasedRestrictionsV1) ListAvailableServicerefTargetsWithContext(ctx context.Context, listAvailableServicerefTargetsOptions *ListAvailableServicerefTargetsOptions) (result *ServiceRefTargetList, response *core.DetailedResponse, err error)

ServiceCall<ServiceRefTargetList> listAvailableServicerefTargets(ListAvailableServicerefTargetsOptions listAvailableServicerefTargetsOptions)

listAvailableServicerefTargets(params)

list_available_serviceref_targets(
        self,
        *,
        x_correlation_id: Optional[str] = None,
        transaction_id: Optional[str] = None,
        type: Optional[str] = None,
        **kwargs,
    ) -> DetailedResponse

Authorization

To call this method, you must be assigned one or more IAM access roles that include the following action. You can check your access by going to Users > User > Access.

This operation does not require you to be assigned an IAM access role.

N/A

Request

Instantiate the ListAvailableServicerefTargetsOptions struct and set the fields to provide parameter values for the ListAvailableServicerefTargets method.

Use the ListAvailableServicerefTargetsOptions.Builder to create a ListAvailableServicerefTargetsOptions object that contains the parameter values for the listAvailableServicerefTargets method.

Custom Headers

X-Correlation-Id
string
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression ^[a-zA-Z0-9 ,\-_]+$
Transaction-Id
string
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression ^[a-zA-Z0-9 ,\-_]+$

Query Parameters

type
string
Specifies the types of services to retrieve

Allowable values: [all,platform_service]
Default: all

parameter

WithContext method only

ListAvailableServicerefTargetsOptions

The ListAvailableServicerefTargets options.

ListAvailableServicerefTargetsOptions

The listAvailableServicerefTargets options.

parameters

xCorrelationId
string
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
transactionId
string
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
type
string
Specifies the types of services to retrieve.

Allowable values: [all,platform_service]
Default: all

parameters

x_correlation_id
str
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
transaction_id
str
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
type
str
Specifies the types of services to retrieve.

Allowable values: [all,platform_service]
Default: all

Example request

curl -X GET --location --header "Authorization: Bearer {iam_token}"   --header "Accept: application/json"   "https://cbr.cloud.ibm.com/v1/zones/serviceref_targets"

Example request

listAvailableServiceRefTargetsOptions := contextBasedRestrictionsService.NewListAvailableServicerefTargetsOptions()

serviceRefTargetList, response, err := contextBasedRestrictionsService.ListAvailableServicerefTargets(listAvailableServiceRefTargetsOptions)
if err != nil {
  panic(err)
}
b, _ := json.MarshalIndent(serviceRefTargetList, "", "  ")
fmt.Println(string(b))

Example request

ListAvailableServicerefTargetsOptions listAvailableServicerefTargetsOptions = new ListAvailableServicerefTargetsOptions.Builder()
  .build();

Response<ServiceRefTargetList> response = contextBasedRestrictionsService.listAvailableServicerefTargets(listAvailableServicerefTargetsOptions).execute();
ServiceRefTargetList serviceRefTargetList = response.getResult();

System.out.println(serviceRefTargetList);

Example request

try {
  const res = await contextBasedRestrictionsService.listAvailableServicerefTargets({});
  console.log(JSON.stringify(res.result, null, 2));
} catch (err) {
  console.warn(err);
}

Example request

response = context_based_restrictions_service.list_available_serviceref_targets()
service_ref_target_list = response.get_result()

print(json.dumps(service_ref_target_list, indent=2))

Response

Response Body

ServiceRefTargetList

A list of service reference targets

ServiceRefTargetList

A list of service reference targets.

ServiceRefTargetList

A list of service reference targets.

ServiceRefTargetList

A list of service reference targets.

ServiceRefTargetList

A list of service reference targets.

Status Code

200
The service reference targets were successfully retrieved.
400
The service reference targets could not be retrieved due to an invalid or missing input parameter.
401
You are not authorized to make this request. The token is either missing, invalid, or expired.
429
Too Many Requests.
503
A backend service required to complete the operation is unavailable. Try again later.

Example responses

Status 200

{
  "count": 2,
  "targets": [
    {
      "service_name": "iam-groups",
      "service_type": "platform_service"
    },
    {
      "service_name": "is",
      "locations": [
        {
          "display_name": "Europe",
          "kind": "geography",
          "name": "eu"
        },
        {
          "display_name": "Spain",
          "kind": "country",
          "name": "es"
        },
        {
          "display_name": "Madrid",
          "kind": "metro",
          "name": "mad"
        },
        {
          "display_name": "North America",
          "kind": "geography",
          "name": "na"
        },
        {
          "display_name": "United States",
          "kind": "country",
          "name": "us"
        },
        {
          "display_name": "Dallas",
          "kind": "metro",
          "name": "dal"
        },
        {
          "display_name": "Washington DC",
          "kind": "metro",
          "name": "wdc"
        }
      ]
    }
  ]
}

Success example

{
  "count": 2,
  "targets": [
    {
      "service_name": "iam-groups",
      "service_type": "platform_service"
    },
    {
      "service_name": "is",
      "locations": [
        {
          "display_name": "Europe",
          "kind": "geography",
          "name": "eu"
        },
        {
          "display_name": "Spain",
          "kind": "country",
          "name": "es"
        },
        {
          "display_name": "Madrid",
          "kind": "metro",
          "name": "mad"
        },
        {
          "display_name": "North America",
          "kind": "geography",
          "name": "na"
        },
        {
          "display_name": "United States",
          "kind": "country",
          "name": "us"
        },
        {
          "display_name": "Dallas",
          "kind": "metro",
          "name": "dal"
        },
        {
          "display_name": "Washington DC",
          "kind": "metro",
          "name": "wdc"
        }
      ]
    }
  ]
}

Status 400

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 400,
  "errors": [
    {
      "code": "parameter_error",
      "message": "The parameter \"type\" in query has an error.",
      "target": {
        "name": "type",
        "type": "parameter",
        "value": "an-invalid-type"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 400,
  "errors": [
    {
      "code": "parameter_error",
      "message": "The parameter \"type\" in query has an error.",
      "target": {
        "name": "type",
        "type": "parameter",
        "value": "an-invalid-type"
      }
    }
  ]
}

Status 401

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 401,
  "errors": [
    {
      "code": "invalid_auth_token",
      "message": "The token failed to validate.",
      "target": {
        "name": "Authorization",
        "type": "header"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 401,
  "errors": [
    {
      "code": "invalid_auth_token",
      "message": "The token failed to validate.",
      "target": {
        "name": "Authorization",
        "type": "header"
      }
    }
  ]
}

Status 429

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 429,
  "errors": [
    {
      "code": "too_many_requests",
      "message": "The client has sent too many requests in a given amount of time."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 429,
  "errors": [
    {
      "code": "too_many_requests",
      "message": "The client has sent too many requests in a given amount of time."
    }
  ]
}

Status 503

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 503,
  "errors": [
    {
      "code": "store_unavailable_error",
      "message": "The store is currently unavailable. Try again later."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 503,
  "errors": [
    {
      "code": "store_unavailable_error",
      "message": "The store is currently unavailable. Try again later."
    }
  ]
}

This operation gets the service reference target for a specified service name

This operation gets the service reference target for a specified service name.

GET /v1/zones/serviceref_targets/{service_name}

(contextBasedRestrictions *ContextBasedRestrictionsV1) GetServicerefTarget(getServicerefTargetOptions *GetServicerefTargetOptions) (result *ServiceRefTarget, response *core.DetailedResponse, err error)

(contextBasedRestrictions *ContextBasedRestrictionsV1) GetServicerefTargetWithContext(ctx context.Context, getServicerefTargetOptions *GetServicerefTargetOptions) (result *ServiceRefTarget, response *core.DetailedResponse, err error)

ServiceCall<ServiceRefTarget> getServicerefTarget(GetServicerefTargetOptions getServicerefTargetOptions)

getServicerefTarget(params)

get_serviceref_target(
        self,
        service_name: str,
        *,
        x_correlation_id: Optional[str] = None,
        transaction_id: Optional[str] = None,
        **kwargs,
    ) -> DetailedResponse

Authorization

To call this method, you must be assigned one or more IAM access roles that include the following action. You can check your access by going to Users > User > Access.

This operation does not require you to be assigned an IAM access role.

N/A

Request

Instantiate the GetServicerefTargetOptions struct and set the fields to provide parameter values for the GetServicerefTarget method.

Use the GetServicerefTargetOptions.Builder to create a GetServicerefTargetOptions object that contains the parameter values for the getServicerefTarget method.

Custom Headers

X-Correlation-Id
string
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression ^[a-zA-Z0-9 ,\-_]+$
Transaction-Id
string
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression ^[a-zA-Z0-9 ,\-_]+$

Path Parameters

service_name
Required*
string
The name of a service.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression ^[0-9a-z\-]+$

parameter

WithContext method only

GetServicerefTargetOptions

The GetServicerefTarget options.

GetServicerefTargetOptions

The getServicerefTarget options.

parameters

serviceName
Required*
string
The name of a service.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression /^[0-9a-z\\-]+$/
xCorrelationId
string
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
transactionId
string
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/

parameters

service_name
Required*
str
The name of a service.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression /^[0-9a-z\\-]+$/
x_correlation_id
str
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
transaction_id
str
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/

Example request

curl -X GET --location --header "Authorization: Bearer {iam_token}"   --header "Accept: application/json"   "https://cbr.cloud.ibm.com/v1/zones/serviceref_targets/{service_name}"

Example request

getServicerefTargetOptions := contextBasedRestrictionsService.NewGetServicerefTargetOptions(
  serviceName,
)

serviceRefTarget, response, err := contextBasedRestrictionsService.GetServicerefTarget(getServicerefTargetOptions)
if err != nil {
  panic(err)
}
b, _ := json.MarshalIndent(serviceRefTarget, "", "  ")
fmt.Println(string(b))

Example request

GetServicerefTargetOptions getServicerefTargetOptions = new GetServicerefTargetOptions.Builder()
  .serviceName(serviceName)
  .build();

Response<ServiceRefTarget> response = contextBasedRestrictionsService.getServicerefTarget(getServicerefTargetOptions).execute();
ServiceRefTarget serviceRefTarget = response.getResult();

System.out.println(serviceRefTarget);

Example request

const params = {
  serviceName: exampleServiceName,
};

let res;
try {
  res = await contextBasedRestrictionsService.getServicerefTarget(params);
  console.log(JSON.stringify(res.result, null, 2));
} catch (err) {
  console.warn(err);
}

Example request

response = context_based_restrictions_service.get_serviceref_target(
  service_name=service_name,
)
service_ref_target = response.get_result()

print(json.dumps(service_ref_target, indent=2))

Response

Response Body

ServiceRefTarget

Summary information about a service reference target

ServiceRefTarget

Summary information about a service reference target.

ServiceRefTarget

Summary information about a service reference target.

ServiceRefTarget

Summary information about a service reference target.

ServiceRefTarget

Summary information about a service reference target.

Status Code

200
The service reference target was successfully retrieved.
401
You are not authorized to make this request. The token is either missing, invalid, or expired.
404
No service reference target found for specified service name.
429
Too Many Requests.
503
A backend service required to complete the operation is unavailable. Try again later.

Example responses

Status 200

{
  "service_name": "is",
  "locations": [
    {
      "display_name": "Europe",
      "kind": "geography",
      "name": "eu"
    },
    {
      "display_name": "Spain",
      "kind": "country",
      "name": "es"
    },
    {
      "display_name": "Madrid",
      "kind": "metro",
      "name": "mad"
    },
    {
      "display_name": "North America",
      "kind": "geography",
      "name": "na"
    },
    {
      "display_name": "United States",
      "kind": "country",
      "name": "us"
    },
    {
      "display_name": "Dallas",
      "kind": "metro",
      "name": "dal"
    },
    {
      "display_name": "Washington DC",
      "kind": "metro",
      "name": "wdc"
    }
  ]
}

Success example

{
  "service_name": "is",
  "locations": [
    {
      "display_name": "Europe",
      "kind": "geography",
      "name": "eu"
    },
    {
      "display_name": "Spain",
      "kind": "country",
      "name": "es"
    },
    {
      "display_name": "Madrid",
      "kind": "metro",
      "name": "mad"
    },
    {
      "display_name": "North America",
      "kind": "geography",
      "name": "na"
    },
    {
      "display_name": "United States",
      "kind": "country",
      "name": "us"
    },
    {
      "display_name": "Dallas",
      "kind": "metro",
      "name": "dal"
    },
    {
      "display_name": "Washington DC",
      "kind": "metro",
      "name": "wdc"
    }
  ]
}

Status 401

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 401,
  "errors": [
    {
      "code": "invalid_auth_token",
      "message": "The token failed to validate.",
      "target": {
        "name": "Authorization",
        "type": "header"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 401,
  "errors": [
    {
      "code": "invalid_auth_token",
      "message": "The token failed to validate.",
      "target": {
        "name": "Authorization",
        "type": "header"
      }
    }
  ]
}

Status 404

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 404,
  "errors": [
    {
      "code": "service_ref_target_not_found",
      "message": "The service reference target for service name test-service-name is not found.",
      "target": {
        "name": "service_name",
        "type": "parameter",
        "value": "test-service-name"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 404,
  "errors": [
    {
      "code": "service_ref_target_not_found",
      "message": "The service reference target for service name test-service-name is not found.",
      "target": {
        "name": "service_name",
        "type": "parameter",
        "value": "test-service-name"
      }
    }
  ]
}

Status 429

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 429,
  "errors": [
    {
      "code": "too_many_requests",
      "message": "The client has sent too many requests in a given amount of time."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 429,
  "errors": [
    {
      "code": "too_many_requests",
      "message": "The client has sent too many requests in a given amount of time."
    }
  ]
}

Status 503

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 503,
  "errors": [
    {
      "code": "store_unavailable_error",
      "message": "The store is currently unavailable. Try again later."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 503,
  "errors": [
    {
      "code": "store_unavailable_error",
      "message": "The store is currently unavailable. Try again later."
    }
  ]
}

This operation creates a rule for the specified account.

POST /v1/rules

(contextBasedRestrictions *ContextBasedRestrictionsV1) CreateRule(createRuleOptions *CreateRuleOptions) (result *Rule, response *core.DetailedResponse, err error)

(contextBasedRestrictions *ContextBasedRestrictionsV1) CreateRuleWithContext(ctx context.Context, createRuleOptions *CreateRuleOptions) (result *Rule, response *core.DetailedResponse, err error)

ServiceCall<Rule> createRule(CreateRuleOptions createRuleOptions)

createRule(params)

create_rule(
        self,
        *,
        contexts: Optional[List['RuleContext']] = None,
        resources: Optional[List['Resource']] = None,
        description: Optional[str] = None,
        operations: Optional['NewRuleOperations'] = None,
        enforcement_mode: Optional[str] = None,
        x_correlation_id: Optional[str] = None,
        transaction_id: Optional[str] = None,
        **kwargs,
    ) -> DetailedResponse

Authorization

To call this method, you must be assigned one or more IAM access roles that include the following action. You can check your access by going to Users > User > Access.

cbr.rule.create

Request

Instantiate the CreateRuleOptions struct and set the fields to provide parameter values for the CreateRule method.

Use the CreateRuleOptions.Builder to create a CreateRuleOptions object that contains the parameter values for the createRule method.

Custom Headers

X-Correlation-Id
string
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression ^[a-zA-Z0-9 ,\-_]+$
Transaction-Id
string
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression ^[a-zA-Z0-9 ,\-_]+$

Request Body

NewRule

The rule to create.

Examples:

View

parameter

WithContext method only

CreateRuleOptions

The CreateRule options.

CreateRuleOptions

The createRule options.

parameters

contexts
The contexts this rule applies to.

Possible values: 0 ≤ number of items ≤ 1000
Examples:
value
_source
_lines
_html
resources
The resources this rule apply to.

Possible values: number of items = 1
Examples:
value
_source
_lines
_html
description
string
The description of the rule.

Possible values: 0 ≤ length ≤ 300, Value must match regular expression /^[^--]*$/
Examples:
value
_source
_lines
_html
operations
The operations this rule applies to.
enforcementMode
string
The rule enforcement mode:
- enabled - The restrictions are enforced and reported. This is the default.
- disabled - The restrictions are disabled. Nothing is enforced or reported.
- report - The restrictions are evaluated and reported, but not enforced.
Allowable values: [enabled,disabled,report]
Default: enabled
Examples:
value
_source
_lines
_html
xCorrelationId
string
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
transactionId
string
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/

parameters

contexts
The contexts this rule applies to.

Possible values: 0 ≤ number of items ≤ 1000
Examples:
value
_source
_lines
_html
resources
The resources this rule apply to.

Possible values: number of items = 1
Examples:
value
_source
_lines
_html
description
str
The description of the rule.

Possible values: 0 ≤ length ≤ 300, Value must match regular expression /^[^--]*$/
Examples:
value
_source
_lines
_html
operations
The operations this rule applies to.
enforcement_mode
str
The rule enforcement mode:
- enabled - The restrictions are enforced and reported. This is the default.
- disabled - The restrictions are disabled. Nothing is enforced or reported.
- report - The restrictions are evaluated and reported, but not enforced.
Allowable values: [enabled,disabled,report]
Default: enabled
Examples:
value
_source
_lines
_html
x_correlation_id
str
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
transaction_id
str
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/

Example request

curl -X POST --location --header "Authorization: Bearer {iam_token}"   --header "Accept: application/json"   --header "Content-Type: application/json"   --data '{ "description": "this is an example of rule", "resources": [ { "attributes": [ { "name": "accountId", "value": "12ab34cd56ef78ab90cd12ef34ab56cd" }, { "name": "serviceName", "value": "kms" } ] } ], "contexts": [ { "attributes": [ { "name": "networkZoneId", "value": "65810ac762004f22ac19f8f8edf70a34" } ] } ], "enforcement_mode": "enabled" }'   "https://cbr.cloud.ibm.com/v1/rules"

Example request

ruleContextAttributeModel := &contextbasedrestrictionsv1.RuleContextAttribute{
  Name:  core.StringPtr("networkZoneId"),
  Value: core.StringPtr(zoneID),
}

ruleContextModel := &contextbasedrestrictionsv1.RuleContext{
  Attributes: []contextbasedrestrictionsv1.RuleContextAttribute{*ruleContextAttributeModel},
}

resourceModel := &contextbasedrestrictionsv1.Resource{
  Attributes: []contextbasedrestrictionsv1.ResourceAttribute{
    {
      Name:  core.StringPtr("accountId"),
      Value: core.StringPtr(accountID),
    },
    {
      Name:  core.StringPtr("serviceName"),
      Value: core.StringPtr(serviceName),
    },
  },
  Tags: []contextbasedrestrictionsv1.ResourceTagAttribute{
    {
      Name:  core.StringPtr("tagName"),
      Value: core.StringPtr("tagValue"),
    },
  },
}

createRuleOptions := contextBasedRestrictionsService.NewCreateRuleOptions()
createRuleOptions.SetDescription("this is an example of rule")
createRuleOptions.SetContexts([]contextbasedrestrictionsv1.RuleContext{*ruleContextModel})
createRuleOptions.SetResources([]contextbasedrestrictionsv1.Resource{*resourceModel})
createRuleOptions.SetEnforcementMode(contextbasedrestrictionsv1.CreateRuleOptionsEnforcementModeEnabledConst)
rule, response, err := contextBasedRestrictionsService.CreateRule(createRuleOptions)
if err != nil {
  panic(err)
}
b, _ := json.MarshalIndent(rule, "", "  ")
fmt.Println(string(b))

Example request

RuleContextAttribute ruleContextAttributeModel = new RuleContextAttribute.Builder()
  .name("networkZoneId")
  .value(zoneID)
  .build();
RuleContext ruleContextModel = new RuleContext.Builder()
  .attributes(java.util.Arrays.asList(ruleContextAttributeModel))
  .build();
ResourceAttribute resourceAttributeModelAccountID = new ResourceAttribute.Builder()
  .name("accountId")
  .value(accountID)
  .build();
ResourceAttribute resourceAttributeModelServiceName = new ResourceAttribute.Builder()
  .name("serviceName")
  .value(serviceName)
  .build();
ResourceTagAttribute resourceTagAttributeModel = new ResourceTagAttribute.Builder()
  .name("tagName")
  .value("tagValue")
  .build();
Resource resourceModel = new Resource.Builder()
  .addAttributes(resourceAttributeModelAccountID)
  .addAttributes(resourceAttributeModelServiceName)
  .tags(java.util.Arrays.asList(resourceTagAttributeModel))
  .build();
CreateRuleOptions createRuleOptions = new CreateRuleOptions.Builder()
  .description("this is an example of rule")
  .addContexts(ruleContextModel)
  .addResources(resourceModel)
  .enforcementMode("enabled")
  .build();

Response<Rule> response = contextBasedRestrictionsService.createRule(createRuleOptions).execute();
Rule rule = response.getResult();

System.out.println(rule);
ruleID = rule.getId();
ruleRev = response.getHeaders().values("Etag").get(0);

Example request

// Request models needed by this operation.

// RuleContextAttribute
const ruleContextAttributeModel = {
  name: 'networkZoneId',
  value: zoneId,
};

// RuleContext
const ruleContextModel = {
  attributes: [ruleContextAttributeModel],
};

// ResourceAttribute
const resourceAttributeAccountIdModel = {
  name: 'accountId',
  value: accountId,
};

// Resource Attribute
const resourceAttributeServiceNameModel = {
  name: 'serviceName',
  value: serviceName,
  operator: 'stringEquals',
};

// Resource
const resourceModel = {
  attributes: [resourceAttributeAccountIdModel, resourceAttributeServiceNameModel],
};

const params = {
  contexts: [ruleContextModel],
  resources: [resourceModel],
  description: 'this is an example of rule',
  enforcementMode: 'enabled',
};

try {
  const res = await contextBasedRestrictionsService.createRule(params);
  ruleId = res.result.id;
  ruleRev = res.headers.etag;
  console.log(JSON.stringify(res.result, null, 2));
} catch (err) {
  console.warn(err);
}

Example request

rule_context_attribute_model = {
  'name': 'networkZoneId',
  'value': zone_id,
}

rule_context_model = {
  'attributes': [rule_context_attribute_model],
}

resource_attribute_model = {
  'name': 'accountId',
  'value': account_id,
}

resource_attribute_service_name_model = {
  'name': 'serviceName',
  'value': service_name,
}

resource_model = {
  'attributes': [resource_attribute_model, resource_attribute_service_name_model],
}

response = context_based_restrictions_service.create_rule(
  contexts=[rule_context_model],
  resources=[resource_model],
  description='this is an example of rule',
  enforcement_mode='enabled',
)
rule = response.get_result()

print(json.dumps(rule, indent=2))

Response

Response Body

Rule

An output rule

Rule

An output rule.

Rule

An output rule.

Rule

An output rule.

Rule

An output rule.

Status Code

201
Rule created.
400
The rule could not be created due to an invalid or missing input parameter or request body.
401
You are not authorized to make this request. The token is either missing, invalid, or expired.
403
The supplied authentication is not authorized to perform the operation.
429
Too Many Requests.
503
A backend service required to complete the operation is unavailable. Try again later.

Example responses

Status 201

{
  "id": "fb988c9387e84390ba98bce4744c0a9c",
  "crn": "crn:v1:bluemix:public:context-based-restrictions:global:a/12ab34cd56ef78ab90cd12ef34ab56cd::rule:fb988c9387e84390ba98bce4744c0a9c",
  "description": "this is an example of rule",
  "resources": [
    {
      "attributes": [
        {
          "name": "accountId",
          "value": "12ab34cd56ef78ab90cd12ef34ab56cd"
        },
        {
          "name": "serviceName",
          "value": "kms"
        }
      ]
    }
  ],
  "contexts": [
    {
      "attributes": [
        {
          "name": "networkZoneId",
          "value": "65810ac762004f22ac19f8f8edf70a34"
        }
      ]
    }
  ],
  "operations": {
    "api_types": [
      {
        "api_type_id": "crn:v1:bluemix:public:context-based-restrictions::::api-type:",
        "description": "Protects all service APIs.",
        "display_name": "All"
      },
      {
        "api_type_id": "crn:v1:bluemix:public:context-based-restrictions::::platform-api-type:",
        "description": "Protects all platform APIs.",
        "display_name": "All"
      }
    ]
  },
  "enforcement_mode": "enabled",
  "href": "https://cbr.cloud.ibm.com/v1/rules/fb988c9387e84390ba98bce4744c0a9c",
  "created_at": "2020-11-24T16:35:17Z",
  "created_by_id": "IBMid-120000P1JM",
  "last_modified_at": "2020-11-24T16:35:17Z",
  "last_modified_by_id": "IBMid-120000P1JM"
}

Success example

{
  "id": "fb988c9387e84390ba98bce4744c0a9c",
  "crn": "crn:v1:bluemix:public:context-based-restrictions:global:a/12ab34cd56ef78ab90cd12ef34ab56cd::rule:fb988c9387e84390ba98bce4744c0a9c",
  "description": "this is an example of rule",
  "resources": [
    {
      "attributes": [
        {
          "name": "accountId",
          "value": "12ab34cd56ef78ab90cd12ef34ab56cd"
        },
        {
          "name": "serviceName",
          "value": "kms"
        }
      ]
    }
  ],
  "contexts": [
    {
      "attributes": [
        {
          "name": "networkZoneId",
          "value": "65810ac762004f22ac19f8f8edf70a34"
        }
      ]
    }
  ],
  "operations": {
    "api_types": [
      {
        "api_type_id": "crn:v1:bluemix:public:context-based-restrictions::::api-type:",
        "description": "Protects all service APIs.",
        "display_name": "All"
      },
      {
        "api_type_id": "crn:v1:bluemix:public:context-based-restrictions::::platform-api-type:",
        "description": "Protects all platform APIs.",
        "display_name": "All"
      }
    ]
  },
  "enforcement_mode": "enabled",
  "href": "https://cbr.cloud.ibm.com/v1/rules/fb988c9387e84390ba98bce4744c0a9c",
  "created_at": "2020-11-24T16:35:17Z",
  "created_by_id": "IBMid-120000P1JM",
  "last_modified_at": "2020-11-24T16:35:17Z",
  "last_modified_by_id": "IBMid-120000P1JM"
}

Status 400

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 400,
  "errors": [
    {
      "code": "service_def_not_found",
      "message": "The definition of service 'a-service-that-does-not-exist' is not found.",
      "target": {
        "name": "serviceName",
        "type": "field",
        "value": "a-service-that-does-not-exist"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 400,
  "errors": [
    {
      "code": "service_def_not_found",
      "message": "The definition of service 'a-service-that-does-not-exist' is not found.",
      "target": {
        "name": "serviceName",
        "type": "field",
        "value": "a-service-that-does-not-exist"
      }
    }
  ]
}

Status 401

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 401,
  "errors": [
    {
      "code": "invalid_auth_token",
      "message": "The token failed to validate.",
      "target": {
        "name": "Authorization",
        "type": "header"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 401,
  "errors": [
    {
      "code": "invalid_auth_token",
      "message": "The token failed to validate.",
      "target": {
        "name": "Authorization",
        "type": "header"
      }
    }
  ]
}

Status 403

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 403,
  "errors": [
    {
      "code": "request_not_authorized",
      "message": "The request could not be authorized."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 403,
  "errors": [
    {
      "code": "request_not_authorized",
      "message": "The request could not be authorized."
    }
  ]
}

Status 429

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 429,
  "errors": [
    {
      "code": "too_many_requests",
      "message": "The client has sent too many requests in a given amount of time."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 429,
  "errors": [
    {
      "code": "too_many_requests",
      "message": "The client has sent too many requests in a given amount of time."
    }
  ]
}

Status 503

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 503,
  "errors": [
    {
      "code": "store_unavailable_error",
      "message": "The store is currently unavailable. Try again later."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 503,
  "errors": [
    {
      "code": "store_unavailable_error",
      "message": "The store is currently unavailable. Try again later."
    }
  ]
}

This operation lists rules in the specified account.

GET /v1/rules

(contextBasedRestrictions *ContextBasedRestrictionsV1) ListRules(listRulesOptions *ListRulesOptions) (result *RuleList, response *core.DetailedResponse, err error)

(contextBasedRestrictions *ContextBasedRestrictionsV1) ListRulesWithContext(ctx context.Context, listRulesOptions *ListRulesOptions) (result *RuleList, response *core.DetailedResponse, err error)

ServiceCall<RuleList> listRules(ListRulesOptions listRulesOptions)

listRules(params)

list_rules(
        self,
        account_id: str,
        *,
        x_correlation_id: Optional[str] = None,
        transaction_id: Optional[str] = None,
        region: Optional[str] = None,
        resource: Optional[str] = None,
        resource_type: Optional[str] = None,
        service_instance: Optional[str] = None,
        service_name: Optional[str] = None,
        service_type: Optional[str] = None,
        service_group_id: Optional[str] = None,
        zone_id: Optional[str] = None,
        sort: Optional[str] = None,
        enforcement_mode: Optional[str] = None,
        **kwargs,
    ) -> DetailedResponse

Authorization

To call this method, you must be assigned one or more IAM access roles that include the following action. You can check your access by going to Users > User > Access.

cbr.rule.read

Request

Instantiate the ListRulesOptions struct and set the fields to provide parameter values for the ListRules method.

Use the ListRulesOptions.Builder to create a ListRulesOptions object that contains the parameter values for the listRules method.

Custom Headers

X-Correlation-Id
string
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression ^[a-zA-Z0-9 ,\-_]+$
Transaction-Id
string
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression ^[a-zA-Z0-9 ,\-_]+$

Query Parameters

account_id
Required*
string
The ID of the managing account.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression ^[a-zA-Z0-9\-]+$
region
string
The region resource attribute.

Possible values: 1 ≤ length ≤ 32, Value must match regular expression ^[a-zA-Z0-9\-]+$
resource
string
The resource resource attribute.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression ^[\S\s]+$
resource_type
string
The resourceType resource attribute.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression ^[\S\s]+$
service_instance
string
The serviceInstance resource attribute.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression ^[0-9a-z\-/]+$
service_name
string
The serviceName resource attribute.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression ^[0-9a-z\-]+$
service_type
string
The rule's serviceType resource attribute.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression ^[0-9a-z_]+$
service_group_id
string
The rule's service_group_id resource attribute.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression ^[a-zA-Z0-9]+$
zone_id
string
The globally unique ID of the zone.

Possible values: length = 32, Value must match regular expression ^[a-fA-F0-9]{32}$
sort
string
Sorts results by using a valid sort field. To learn more, see Sorting.

Possible values: 1 ≤ length ≤ 32, Value must match regular expression ^[\-]?[a-z0-9_]+$
enforcement_mode
string
The rule's enforcement_mode attribute.

Allowable values: [enabled,disabled,report]

parameter

WithContext method only

ListRulesOptions

The ListRules options.

ListRulesOptions

The listRules options.

parameters

accountId
Required*
string
The ID of the managing account.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression /^[a-zA-Z0-9\\-]+$/
xCorrelationId
string
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
transactionId
string
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
region
string
The region resource attribute.

Possible values: 1 ≤ length ≤ 32, Value must match regular expression /^[a-zA-Z0-9\\-]+$/
resource
string
The resource resource attribute.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[\\S\\s]+$/
resourceType
string
The resourceType resource attribute.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression /^[\\S\\s]+$/
serviceInstance
string
The serviceInstance resource attribute.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression /^[0-9a-z\\-\/]+$/
serviceName
string
The serviceName resource attribute.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression /^[0-9a-z\\-]+$/
serviceType
string
The rule's serviceType resource attribute.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression /^[0-9a-z_]+$/
serviceGroupId
string
The rule's service_group_id resource attribute.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression /^[a-zA-Z0-9]+$/
zoneId
string
The globally unique ID of the zone.

Possible values: length = 32, Value must match regular expression /^[a-fA-F0-9]{32}$/
sort
string
Sorts results by using a valid sort field. To learn more, see Sorting.

Possible values: 1 ≤ length ≤ 32, Value must match regular expression /^[\\-]?[a-z0-9_]+$/
enforcementMode
string
The rule's enforcement_mode attribute.

Allowable values: [enabled,disabled,report]

parameters

account_id
Required*
str
The ID of the managing account.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression /^[a-zA-Z0-9\\-]+$/
x_correlation_id
str
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
transaction_id
str
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
region
str
The region resource attribute.

Possible values: 1 ≤ length ≤ 32, Value must match regular expression /^[a-zA-Z0-9\\-]+$/
resource
str
The resource resource attribute.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[\\S\\s]+$/
resource_type
str
The resourceType resource attribute.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression /^[\\S\\s]+$/
service_instance
str
The serviceInstance resource attribute.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression /^[0-9a-z\\-\/]+$/
service_name
str
The serviceName resource attribute.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression /^[0-9a-z\\-]+$/
service_type
str
The rule's serviceType resource attribute.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression /^[0-9a-z_]+$/
service_group_id
str
The rule's service_group_id resource attribute.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression /^[a-zA-Z0-9]+$/
zone_id
str
The globally unique ID of the zone.

Possible values: length = 32, Value must match regular expression /^[a-fA-F0-9]{32}$/
sort
str
Sorts results by using a valid sort field. To learn more, see Sorting.

Possible values: 1 ≤ length ≤ 32, Value must match regular expression /^[\\-]?[a-z0-9_]+$/
enforcement_mode
str
The rule's enforcement_mode attribute.

Allowable values: [enabled,disabled,report]

Example request

curl -X GET --location --header "Authorization: Bearer {iam_token}"   --header "Accept: application/json"   "https://cbr.cloud.ibm.com/v1/rules?account_id={account_id}"

Example request

listRulesOptions := contextBasedRestrictionsService.NewListRulesOptions(
  accountID,
)

ruleList, response, err := contextBasedRestrictionsService.ListRules(listRulesOptions)
if err != nil {
  panic(err)
}
b, _ := json.MarshalIndent(ruleList, "", "  ")
fmt.Println(string(b))

Example request

ListRulesOptions listRulesOptions = new ListRulesOptions.Builder()
  .accountId(accountID)
  .build();

Response<RuleList> response = contextBasedRestrictionsService.listRules(listRulesOptions).execute();
RuleList ruleList = response.getResult();

System.out.println(ruleList);

Example request

const params = {
  accountId,
};

try {
  const res = await contextBasedRestrictionsService.listRules(params);
  console.log(JSON.stringify(res.result, null, 2));
} catch (err) {
  console.warn(err);
}

Example request

response = context_based_restrictions_service.list_rules(
  account_id=account_id,
)
rule_list = response.get_result()

print(json.dumps(rule_list, indent=2))

Response

Response Body

RuleList

The response object of the ListRules operation.

RuleList

The response object of the ListRules operation.

RuleList

The response object of the ListRules operation.

RuleList

The response object of the ListRules operation.

RuleList

The response object of the ListRules operation.

Status Code

200
The rules were successfully retrieved.
400
The rules could not be retrieved due to an invalid or missing input parameter.
401
You are not authorized to make this request. The token is either missing, invalid, or expired.
403
The supplied authentication is not authorized to perform the operation.
429
Too Many Requests.
503
A backend service required to complete the operation is unavailable. Try again later.

Example responses

Status 200

{
  "count": 1,
  "rules": [
    {
      "id": "fb988c9387e84390ba98bce4744c0a9c",
      "crn": "crn:v1:bluemix:public:context-based-restrictions:global:a/12ab34cd56ef78ab90cd12ef34ab56cd::rule:fb988c9387e84390ba98bce4744c0a9c",
      "description": "this is an example of rule",
      "resources": [
        {
          "attributes": [
            {
              "name": "accountId",
              "value": "12ab34cd56ef78ab90cd12ef34ab56cd"
            },
            {
              "name": "serviceName",
              "value": "kms"
            }
          ]
        }
      ],
      "contexts": [
        {
          "attributes": [
            {
              "name": "networkZoneId",
              "value": "65810ac762004f22ac19f8f8edf70a34"
            }
          ]
        }
      ],
      "operations": {
        "api_types": [
          {
            "api_type_id": "crn:v1:bluemix:public:context-based-restrictions::::api-type:",
            "description": "Protects all service APIs.",
            "display_name": "All"
          },
          {
            "api_type_id": "crn:v1:bluemix:public:context-based-restrictions::::platform-api-type:",
            "description": "Protects all platform APIs.",
            "display_name": "All"
          }
        ]
      },
      "enforcement_mode": "enabled",
      "href": "https://cbr.cloud.ibm.com/v1/rules/fb988c9387e84390ba98bce4744c0a9c",
      "created_at": "2020-11-24T16:35:17Z",
      "created_by_id": "IBMid-120000P1JM",
      "last_modified_at": "2020-11-24T16:35:17Z",
      "last_modified_by_id": "IBMid-120000P1JM"
    }
  ]
}

Success example

{
  "count": 1,
  "rules": [
    {
      "id": "fb988c9387e84390ba98bce4744c0a9c",
      "crn": "crn:v1:bluemix:public:context-based-restrictions:global:a/12ab34cd56ef78ab90cd12ef34ab56cd::rule:fb988c9387e84390ba98bce4744c0a9c",
      "description": "this is an example of rule",
      "resources": [
        {
          "attributes": [
            {
              "name": "accountId",
              "value": "12ab34cd56ef78ab90cd12ef34ab56cd"
            },
            {
              "name": "serviceName",
              "value": "kms"
            }
          ]
        }
      ],
      "contexts": [
        {
          "attributes": [
            {
              "name": "networkZoneId",
              "value": "65810ac762004f22ac19f8f8edf70a34"
            }
          ]
        }
      ],
      "operations": {
        "api_types": [
          {
            "api_type_id": "crn:v1:bluemix:public:context-based-restrictions::::api-type:",
            "description": "Protects all service APIs.",
            "display_name": "All"
          },
          {
            "api_type_id": "crn:v1:bluemix:public:context-based-restrictions::::platform-api-type:",
            "description": "Protects all platform APIs.",
            "display_name": "All"
          }
        ]
      },
      "enforcement_mode": "enabled",
      "href": "https://cbr.cloud.ibm.com/v1/rules/fb988c9387e84390ba98bce4744c0a9c",
      "created_at": "2020-11-24T16:35:17Z",
      "created_by_id": "IBMid-120000P1JM",
      "last_modified_at": "2020-11-24T16:35:17Z",
      "last_modified_by_id": "IBMid-120000P1JM"
    }
  ]
}

Status 400

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 400,
  "errors": [
    {
      "code": "parameter_error",
      "message": "The parameter \"account_id\" in query has an error.",
      "target": {
        "name": "account_id",
        "type": "parameter",
        "value": "an-invalid-account-id"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 400,
  "errors": [
    {
      "code": "parameter_error",
      "message": "The parameter \"account_id\" in query has an error.",
      "target": {
        "name": "account_id",
        "type": "parameter",
        "value": "an-invalid-account-id"
      }
    }
  ]
}

Status 401

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 401,
  "errors": [
    {
      "code": "invalid_auth_token",
      "message": "The token failed to validate.",
      "target": {
        "name": "Authorization",
        "type": "header"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 401,
  "errors": [
    {
      "code": "invalid_auth_token",
      "message": "The token failed to validate.",
      "target": {
        "name": "Authorization",
        "type": "header"
      }
    }
  ]
}

Status 403

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 403,
  "errors": [
    {
      "code": "request_not_authorized",
      "message": "The request could not be authorized."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 403,
  "errors": [
    {
      "code": "request_not_authorized",
      "message": "The request could not be authorized."
    }
  ]
}

Status 429

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 429,
  "errors": [
    {
      "code": "too_many_requests",
      "message": "The client has sent too many requests in a given amount of time."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 429,
  "errors": [
    {
      "code": "too_many_requests",
      "message": "The client has sent too many requests in a given amount of time."
    }
  ]
}

Status 503

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 503,
  "errors": [
    {
      "code": "store_unavailable_error",
      "message": "The store is currently unavailable. Try again later."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 503,
  "errors": [
    {
      "code": "store_unavailable_error",
      "message": "The store is currently unavailable. Try again later."
    }
  ]
}

This operation retrieves the rule identified by the specified rule ID.

GET /v1/rules/{rule_id}

(contextBasedRestrictions *ContextBasedRestrictionsV1) GetRule(getRuleOptions *GetRuleOptions) (result *Rule, response *core.DetailedResponse, err error)

(contextBasedRestrictions *ContextBasedRestrictionsV1) GetRuleWithContext(ctx context.Context, getRuleOptions *GetRuleOptions) (result *Rule, response *core.DetailedResponse, err error)

ServiceCall<Rule> getRule(GetRuleOptions getRuleOptions)

getRule(params)

get_rule(
        self,
        rule_id: str,
        *,
        x_correlation_id: Optional[str] = None,
        transaction_id: Optional[str] = None,
        **kwargs,
    ) -> DetailedResponse

Authorization

To call this method, you must be assigned one or more IAM access roles that include the following action. You can check your access by going to Users > User > Access.

cbr.rule.read

Request

Instantiate the GetRuleOptions struct and set the fields to provide parameter values for the GetRule method.

Use the GetRuleOptions.Builder to create a GetRuleOptions object that contains the parameter values for the getRule method.

Custom Headers

X-Correlation-Id
string
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression ^[a-zA-Z0-9 ,\-_]+$
Transaction-Id
string
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression ^[a-zA-Z0-9 ,\-_]+$

Path Parameters

rule_id
Required*
string
The ID of a rule.

Possible values: length = 32, Value must match regular expression ^[a-fA-F0-9]{32}$

parameter

WithContext method only

GetRuleOptions

The GetRule options.

GetRuleOptions

The getRule options.

parameters

ruleId
Required*
string
The ID of a rule.

Possible values: length = 32, Value must match regular expression /^[a-fA-F0-9]{32}$/
xCorrelationId
string
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
transactionId
string
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/

parameters

rule_id
Required*
str
The ID of a rule.

Possible values: length = 32, Value must match regular expression /^[a-fA-F0-9]{32}$/
x_correlation_id
str
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
transaction_id
str
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/

Example request

curl -X GET --location --header "Authorization: Bearer {iam_token}"   --header "Accept: application/json"   "https://cbr.cloud.ibm.com/v1/rules/{rule_id}"

Example request

getRuleOptions := contextBasedRestrictionsService.NewGetRuleOptions(
  ruleID,
)

rule, response, err := contextBasedRestrictionsService.GetRule(getRuleOptions)
if err != nil {
  panic(err)
}
b, _ := json.MarshalIndent(rule, "", "  ")
fmt.Println(string(b))

Example request

GetRuleOptions getRuleOptions = new GetRuleOptions.Builder()
    .ruleId(ruleID)
    .build();

Response<Rule> response = contextBasedRestrictionsService.getRule(getRuleOptions).execute();
Rule rule = response.getResult();

System.out.println(rule);

Example request

const params = {
  ruleId,
};

try {
  const res = await contextBasedRestrictionsService.getRule(params);
  console.log(JSON.stringify(res.result, null, 2));
} catch (err) {
  console.warn(err);
}

Example request

response = context_based_restrictions_service.get_rule(
  rule_id=rule_id,
)
rule = response.get_result()

print(json.dumps(rule, indent=2))

Response

Response Body

Rule

An output rule

Rule

An output rule.

Rule

An output rule.

Rule

An output rule.

Rule

An output rule.

Status Code

200
The rule was successfully retrieved.
400
The rule could not be retrieved due to an invalid or missing input parameter.
401
You are not authorized to make this request. The token is either missing, invalid, or expired.
403
The supplied authentication is not authorized to perform the operation.
404
The rule could not be found. Verify that the specified rule ID is valid.
429
Too Many Requests.
503
A backend service required to complete the operation is unavailable. Try again later.

Example responses

Status 200

{
  "id": "fb988c9387e84390ba98bce4744c0a9c",
  "crn": "crn:v1:bluemix:public:context-based-restrictions:global:a/12ab34cd56ef78ab90cd12ef34ab56cd::rule:fb988c9387e84390ba98bce4744c0a9c",
  "description": "this is an example of rule",
  "resources": [
    {
      "attributes": [
        {
          "name": "accountId",
          "value": "12ab34cd56ef78ab90cd12ef34ab56cd"
        },
        {
          "name": "serviceName",
          "value": "kms"
        }
      ]
    }
  ],
  "contexts": [
    {
      "attributes": [
        {
          "name": "networkZoneId",
          "value": "65810ac762004f22ac19f8f8edf70a34"
        }
      ]
    }
  ],
  "operations": {
    "api_types": [
      {
        "api_type_id": "crn:v1:bluemix:public:context-based-restrictions::::api-type:",
        "description": "Protects all service APIs.",
        "display_name": "All"
      },
      {
        "api_type_id": "crn:v1:bluemix:public:context-based-restrictions::::platform-api-type:",
        "description": "Protects all platform APIs.",
        "display_name": "All"
      }
    ]
  },
  "enforcement_mode": "enabled",
  "href": "https://cbr.cloud.ibm.com/v1/rules/fb988c9387e84390ba98bce4744c0a9c",
  "created_at": "2020-11-24T16:35:17Z",
  "created_by_id": "IBMid-120000P1JM",
  "last_modified_at": "2020-11-24T16:35:17Z",
  "last_modified_by_id": "IBMid-120000P1JM"
}

Success example

{
  "id": "fb988c9387e84390ba98bce4744c0a9c",
  "crn": "crn:v1:bluemix:public:context-based-restrictions:global:a/12ab34cd56ef78ab90cd12ef34ab56cd::rule:fb988c9387e84390ba98bce4744c0a9c",
  "description": "this is an example of rule",
  "resources": [
    {
      "attributes": [
        {
          "name": "accountId",
          "value": "12ab34cd56ef78ab90cd12ef34ab56cd"
        },
        {
          "name": "serviceName",
          "value": "kms"
        }
      ]
    }
  ],
  "contexts": [
    {
      "attributes": [
        {
          "name": "networkZoneId",
          "value": "65810ac762004f22ac19f8f8edf70a34"
        }
      ]
    }
  ],
  "operations": {
    "api_types": [
      {
        "api_type_id": "crn:v1:bluemix:public:context-based-restrictions::::api-type:",
        "description": "Protects all service APIs.",
        "display_name": "All"
      },
      {
        "api_type_id": "crn:v1:bluemix:public:context-based-restrictions::::platform-api-type:",
        "description": "Protects all platform APIs.",
        "display_name": "All"
      }
    ]
  },
  "enforcement_mode": "enabled",
  "href": "https://cbr.cloud.ibm.com/v1/rules/fb988c9387e84390ba98bce4744c0a9c",
  "created_at": "2020-11-24T16:35:17Z",
  "created_by_id": "IBMid-120000P1JM",
  "last_modified_at": "2020-11-24T16:35:17Z",
  "last_modified_by_id": "IBMid-120000P1JM"
}

Status 400

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 400,
  "errors": [
    {
      "code": "parameter_error",
      "message": "The parameter \"rule_id\" in path has an error.",
      "target": {
        "name": "rule_id",
        "type": "parameter",
        "value": "an-invalid-rule-id"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 400,
  "errors": [
    {
      "code": "parameter_error",
      "message": "The parameter \"rule_id\" in path has an error.",
      "target": {
        "name": "rule_id",
        "type": "parameter",
        "value": "an-invalid-rule-id"
      }
    }
  ]
}

Status 401

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 401,
  "errors": [
    {
      "code": "invalid_auth_token",
      "message": "The token failed to validate.",
      "target": {
        "name": "Authorization",
        "type": "header"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 401,
  "errors": [
    {
      "code": "invalid_auth_token",
      "message": "The token failed to validate.",
      "target": {
        "name": "Authorization",
        "type": "header"
      }
    }
  ]
}

Status 403

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 403,
  "errors": [
    {
      "code": "request_not_authorized",
      "message": "The request could not be authorized."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 403,
  "errors": [
    {
      "code": "request_not_authorized",
      "message": "The request could not be authorized."
    }
  ]
}

Status 404

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 404,
  "errors": [
    {
      "code": "rule_not_found_in_store",
      "message": "The rule 'fb988c9387e84390ba98bce4744c0a9c' is not found.",
      "target": {
        "name": "rule_id",
        "type": "parameter",
        "value": "fb988c9387e84390ba98bce4744c0a9c"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 404,
  "errors": [
    {
      "code": "rule_not_found_in_store",
      "message": "The rule 'fb988c9387e84390ba98bce4744c0a9c' is not found.",
      "target": {
        "name": "rule_id",
        "type": "parameter",
        "value": "fb988c9387e84390ba98bce4744c0a9c"
      }
    }
  ]
}

Status 429

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 429,
  "errors": [
    {
      "code": "too_many_requests",
      "message": "The client has sent too many requests in a given amount of time."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 429,
  "errors": [
    {
      "code": "too_many_requests",
      "message": "The client has sent too many requests in a given amount of time."
    }
  ]
}

Status 503

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 503,
  "errors": [
    {
      "code": "store_unavailable_error",
      "message": "The store is currently unavailable. Try again later."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 503,
  "errors": [
    {
      "code": "store_unavailable_error",
      "message": "The store is currently unavailable. Try again later."
    }
  ]
}

This operation replaces the rule identified by the specified rule ID. Partial updates are not supported. The entire rule object must be replaced.

PUT /v1/rules/{rule_id}

(contextBasedRestrictions *ContextBasedRestrictionsV1) ReplaceRule(replaceRuleOptions *ReplaceRuleOptions) (result *Rule, response *core.DetailedResponse, err error)

(contextBasedRestrictions *ContextBasedRestrictionsV1) ReplaceRuleWithContext(ctx context.Context, replaceRuleOptions *ReplaceRuleOptions) (result *Rule, response *core.DetailedResponse, err error)

ServiceCall<Rule> replaceRule(ReplaceRuleOptions replaceRuleOptions)

replaceRule(params)

replace_rule(
        self,
        rule_id: str,
        if_match: str,
        *,
        contexts: Optional[List['RuleContext']] = None,
        resources: Optional[List['Resource']] = None,
        description: Optional[str] = None,
        operations: Optional['NewRuleOperations'] = None,
        enforcement_mode: Optional[str] = None,
        x_correlation_id: Optional[str] = None,
        transaction_id: Optional[str] = None,
        **kwargs,
    ) -> DetailedResponse

Authorization

To call this method, you must be assigned one or more IAM access roles that include the following action. You can check your access by going to Users > User > Access.

cbr.rule.update

Request

Instantiate the ReplaceRuleOptions struct and set the fields to provide parameter values for the ReplaceRule method.

Use the ReplaceRuleOptions.Builder to create a ReplaceRuleOptions object that contains the parameter values for the replaceRule method.

Custom Headers

If-Match
Required*
string
The current revision of the resource being updated. This can be found in the Create/Get/Update resource response ETag header.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression ^[a-fA-F0-9\-]+$
X-Correlation-Id
string
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression ^[a-zA-Z0-9 ,\-_]+$
Transaction-Id
string
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression ^[a-zA-Z0-9 ,\-_]+$

Path Parameters

rule_id
Required*
string
The ID of a rule.

Possible values: length = 32, Value must match regular expression ^[a-fA-F0-9]{32}$

Request Body

NewRule

The rule to replace.

Examples:

View

parameter

WithContext method only

ReplaceRuleOptions

The ReplaceRule options.

ReplaceRuleOptions

The replaceRule options.

parameters

ruleId
Required*
string
The ID of a rule.

Possible values: length = 32, Value must match regular expression /^[a-fA-F0-9]{32}$/
ifMatch
Required*
string
The current revision of the resource being updated. This can be found in the Create/Get/Update resource response ETag header.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression /^[a-fA-F0-9\\-]+$/
contexts
The contexts this rule applies to.

Possible values: 0 ≤ number of items ≤ 1000
Examples:
value
_source
_lines
_html
resources
The resources this rule apply to.

Possible values: number of items = 1
Examples:
value
_source
_lines
_html
description
string
The description of the rule.

Possible values: 0 ≤ length ≤ 300, Value must match regular expression /^[^--]*$/
Examples:
value
_source
_lines
_html
operations
The operations this rule applies to.
enforcementMode
string
The rule enforcement mode:
- enabled - The restrictions are enforced and reported. This is the default.
- disabled - The restrictions are disabled. Nothing is enforced or reported.
- report - The restrictions are evaluated and reported, but not enforced.
Allowable values: [enabled,disabled,report]
Default: enabled
Examples:
value
_source
_lines
_html
xCorrelationId
string
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
transactionId
string
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/

parameters

rule_id
Required*
str
The ID of a rule.

Possible values: length = 32, Value must match regular expression /^[a-fA-F0-9]{32}$/
if_match
Required*
str
The current revision of the resource being updated. This can be found in the Create/Get/Update resource response ETag header.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression /^[a-fA-F0-9\\-]+$/
contexts
The contexts this rule applies to.

Possible values: 0 ≤ number of items ≤ 1000
Examples:
value
_source
_lines
_html
resources
The resources this rule apply to.

Possible values: number of items = 1
Examples:
value
_source
_lines
_html
description
str
The description of the rule.

Possible values: 0 ≤ length ≤ 300, Value must match regular expression /^[^--]*$/
Examples:
value
_source
_lines
_html
operations
The operations this rule applies to.
enforcement_mode
str
The rule enforcement mode:
- enabled - The restrictions are enforced and reported. This is the default.
- disabled - The restrictions are disabled. Nothing is enforced or reported.
- report - The restrictions are evaluated and reported, but not enforced.
Allowable values: [enabled,disabled,report]
Default: enabled
Examples:
value
_source
_lines
_html
x_correlation_id
str
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
transaction_id
str
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/

Example request

curl -X PUT --location --header "Authorization: Bearer {iam_token}"   --header "Accept: application/json"   --header "If-Match: {if_match}"   --header "Content-Type: application/json"   --data '{ "description": "this is an example of rule", "resources": [ { "attributes": [ { "name": "accountId", "value": "12ab34cd56ef78ab90cd12ef34ab56cd" }, { "name": "serviceName", "value": "kms" } ] } ], "contexts": [ { "attributes": [ { "name": "networkZoneId", "value": "76921bd873115033bd2a0909fe081b45" } ] } ], "enforcement_mode": "disabled" }'   "https://cbr.cloud.ibm.com/v1/rules/{rule_id}"

Example request

ruleContextAttributeModel := &contextbasedrestrictionsv1.RuleContextAttribute{
  Name:  core.StringPtr("networkZoneId"),
  Value: core.StringPtr(zoneID),
}

ruleContextModel := &contextbasedrestrictionsv1.RuleContext{
  Attributes: []contextbasedrestrictionsv1.RuleContextAttribute{*ruleContextAttributeModel},
}

resourceModel := &contextbasedrestrictionsv1.Resource{
  Attributes: []contextbasedrestrictionsv1.ResourceAttribute{
    {
      Name:  core.StringPtr("accountId"),
      Value: core.StringPtr(accountID),
    },
    {
      Name:  core.StringPtr("serviceName"),
      Value: core.StringPtr(serviceName),
    },
  },
  Tags: []contextbasedrestrictionsv1.ResourceTagAttribute{
    {
      Name:  core.StringPtr("tagName"),
      Value: core.StringPtr("updatedTagValue"),
    },
  },
}

replaceRuleOptions := contextBasedRestrictionsService.NewReplaceRuleOptions(
  ruleID,
  ruleRev,
)
replaceRuleOptions.SetDescription("this is an example of rule")
replaceRuleOptions.SetContexts([]contextbasedrestrictionsv1.RuleContext{*ruleContextModel})
replaceRuleOptions.SetResources([]contextbasedrestrictionsv1.Resource{*resourceModel})
replaceRuleOptions.SetEnforcementMode(contextbasedrestrictionsv1.ReplaceRuleOptionsEnforcementModeDisabledConst)

rule, response, err := contextBasedRestrictionsService.ReplaceRule(replaceRuleOptions)
if err != nil {
  panic(err)
}
b, _ := json.MarshalIndent(rule, "", "  ")
fmt.Println(string(b))

Example request

RuleContextAttribute ruleContextAttributeModel = new RuleContextAttribute.Builder()
  .name("networkZoneId")
  .value(zoneID)
  .build();
RuleContext ruleContextModel = new RuleContext.Builder()
  .attributes(java.util.Arrays.asList(ruleContextAttributeModel))
  .build();
ResourceAttribute resourceAttributeModelAccountID = new ResourceAttribute.Builder()
  .name("accountId")
  .value(accountID)
  .build();
ResourceAttribute resourceAttributeModelServiceName = new ResourceAttribute.Builder()
  .name("serviceName")
  .value(serviceName)
  .build();
ResourceTagAttribute resourceTagAttributeModel = new ResourceTagAttribute.Builder()
  .name("tagName")
  .value("updatedTagValue")
  .build();
Resource resourceModel = new Resource.Builder()
  .addAttributes(resourceAttributeModelAccountID)
  .addAttributes(resourceAttributeModelServiceName)
  .addTags(resourceTagAttributeModel)
  .build();
ReplaceRuleOptions replaceRuleOptions = new ReplaceRuleOptions.Builder()
  .ruleId(ruleID)
  .ifMatch(ruleRev)
  .description("this is an example of updated rule")
  .addContexts(ruleContextModel)
  .addResources(resourceModel)
  .enforcementMode("disabled")
  .build();

Response<Rule> response = contextBasedRestrictionsService.replaceRule(replaceRuleOptions).execute();
Rule rule = response.getResult();

System.out.println(rule);

Example request

// Request models needed by this operation.

// RuleContextAttribute
const ruleContextAttributeModel = {
  name: 'networkZoneId',
  value: zoneId,
};

// RuleContext
const ruleContextModel = {
  attributes: [ruleContextAttributeModel],
};

// ResourceAttribute
const resourceAttributeAccountIdModel = {
  name: 'accountId',
  value: accountId,
};

// ResourceAttribute
const resourceAttributeServiceNameModel = {
  name: 'serviceName',
  value: serviceName,
};

const resourceTagAttributeModel = {
  name: 'TagName',
  value: 'aTagValue',
};

// Resource
const resourceModel = {
  attributes: [resourceAttributeAccountIdModel, resourceAttributeServiceNameModel],
  tags: [resourceTagAttributeModel],
};

const params = {
  ruleId,
  ifMatch: ruleRev,
  contexts: [ruleContextModel],
  resources: [resourceModel],
  description: 'this is an example of updated rule',
  enforcementMode: 'disabled',
};

try {
  const res = await contextBasedRestrictionsService.replaceRule(params);
  ruleId = res.result.id;
  ruleRev = res.headers.etag;
  console.log(JSON.stringify(res.result, null, 2));
} catch (err) {
  console.warn(err);
}

Example request

rule_context_attribute_model = {
  'name': 'networkZoneId',
  'value': zone_id,
}

rule_context_model = {
  'attributes': [rule_context_attribute_model],
}

resource_attribute_model = {
  'name': 'accountId',
  'value': account_id,
}

resource_attribute_service_name_model = {
  'name': 'serviceName',
  'value': service_name,
}

resource_tag_attribute_model = {
  'name': 'tagName',
  'value': 'tagValue',
}

resource_model = {
  'attributes': [resource_attribute_model, resource_attribute_service_name_model],
  'tags': [resource_tag_attribute_model],
}

response = context_based_restrictions_service.replace_rule(
  rule_id=rule_id,
  if_match=rule_rev,
  contexts=[rule_context_model],
  resources=[resource_model],
  description='this is an example of updated rule',
  enforcement_mode='disabled',
)
rule = response.get_result()

print(json.dumps(rule, indent=2))

Response

Response Body

Rule

An output rule

Rule

An output rule.

Rule

An output rule.

Rule

An output rule.

Rule

An output rule.

Status Code

200
The rule was successfully replaced.
400
The rule could not be replaced due to an invalid or missing input parameter.
401
You are not authorized to make this request. The token is either missing, invalid, or expired.
403
The supplied authentication is not authorized to perform the operation.
404
The rule could not be found. Verify that the specified rule ID is valid.
412
The rule revision is missing or invalid.
429
Too Many Requests.
503
A backend service required to complete the operation is unavailable. Try again later.

Example responses

Status 200

{
  "id": "fb988c9387e84390ba98bce4744c0a9c",
  "crn": "crn:v1:bluemix:public:context-based-restrictions:global:a/12ab34cd56ef78ab90cd12ef34ab56cd::rule:fb988c9387e84390ba98bce4744c0a9c",
  "description": "this is an example of rule",
  "resources": [
    {
      "attributes": [
        {
          "name": "accountId",
          "value": "12ab34cd56ef78ab90cd12ef34ab56cd"
        },
        {
          "name": "serviceName",
          "value": "kms"
        }
      ]
    }
  ],
  "contexts": [
    {
      "attributes": [
        {
          "name": "networkZoneId",
          "value": "76921bd873115033bd2a0909fe081b45"
        }
      ]
    }
  ],
  "operations": {
    "api_types": [
      {
        "api_type_id": "crn:v1:bluemix:public:context-based-restrictions::::api-type:",
        "description": "Protects all service APIs.",
        "display_name": "All"
      },
      {
        "api_type_id": "crn:v1:bluemix:public:context-based-restrictions::::platform-api-type:",
        "description": "Protects all platform APIs.",
        "display_name": "All"
      }
    ]
  },
  "enforcement_mode": "disabled",
  "href": "https://cbr.cloud.ibm.com/v1/rules/fb988c9387e84390ba98bce4744c0a9c",
  "created_at": "2020-11-24T16:35:17Z",
  "created_by_id": "IBMid-120000P1JM",
  "last_modified_at": "2020-11-24T16:55:01Z",
  "last_modified_by_id": "IBMid-120000P1JM"
}

Success example

{
  "id": "fb988c9387e84390ba98bce4744c0a9c",
  "crn": "crn:v1:bluemix:public:context-based-restrictions:global:a/12ab34cd56ef78ab90cd12ef34ab56cd::rule:fb988c9387e84390ba98bce4744c0a9c",
  "description": "this is an example of rule",
  "resources": [
    {
      "attributes": [
        {
          "name": "accountId",
          "value": "12ab34cd56ef78ab90cd12ef34ab56cd"
        },
        {
          "name": "serviceName",
          "value": "kms"
        }
      ]
    }
  ],
  "contexts": [
    {
      "attributes": [
        {
          "name": "networkZoneId",
          "value": "76921bd873115033bd2a0909fe081b45"
        }
      ]
    }
  ],
  "operations": {
    "api_types": [
      {
        "api_type_id": "crn:v1:bluemix:public:context-based-restrictions::::api-type:",
        "description": "Protects all service APIs.",
        "display_name": "All"
      },
      {
        "api_type_id": "crn:v1:bluemix:public:context-based-restrictions::::platform-api-type:",
        "description": "Protects all platform APIs.",
        "display_name": "All"
      }
    ]
  },
  "enforcement_mode": "disabled",
  "href": "https://cbr.cloud.ibm.com/v1/rules/fb988c9387e84390ba98bce4744c0a9c",
  "created_at": "2020-11-24T16:35:17Z",
  "created_by_id": "IBMid-120000P1JM",
  "last_modified_at": "2020-11-24T16:55:01Z",
  "last_modified_by_id": "IBMid-120000P1JM"
}

Status 400

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 400,
  "errors": [
    {
      "code": "service_not_context-based-restrictions_enabled",
      "message": "The service 'a-service-that-is-not-cbr-enabled' is not supported for context-based-restrictions control.",
      "target": {
        "name": "serviceName",
        "type": "field",
        "value": "a-service-that-is-not-cbr-enabled"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 400,
  "errors": [
    {
      "code": "service_not_context-based-restrictions_enabled",
      "message": "The service 'a-service-that-is-not-cbr-enabled' is not supported for context-based-restrictions control.",
      "target": {
        "name": "serviceName",
        "type": "field",
        "value": "a-service-that-is-not-cbr-enabled"
      }
    }
  ]
}

Status 401

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 401,
  "errors": [
    {
      "code": "invalid_auth_token",
      "message": "The token failed to validate.",
      "target": {
        "name": "Authorization",
        "type": "header"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 401,
  "errors": [
    {
      "code": "invalid_auth_token",
      "message": "The token failed to validate.",
      "target": {
        "name": "Authorization",
        "type": "header"
      }
    }
  ]
}

Status 403

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 403,
  "errors": [
    {
      "code": "request_not_authorized",
      "message": "The request could not be authorized."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 403,
  "errors": [
    {
      "code": "request_not_authorized",
      "message": "The request could not be authorized."
    }
  ]
}

Status 404

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 404,
  "errors": [
    {
      "code": "rule_not_found_in_store",
      "message": "The rule 'fb988c9387e84390ba98bce4744c0a9c' is not found.",
      "target": {
        "name": "zone_id",
        "type": "parameter",
        "value": "fb988c9387e84390ba98bce4744c0a9c"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 404,
  "errors": [
    {
      "code": "rule_not_found_in_store",
      "message": "The rule 'fb988c9387e84390ba98bce4744c0a9c' is not found.",
      "target": {
        "name": "zone_id",
        "type": "parameter",
        "value": "fb988c9387e84390ba98bce4744c0a9c"
      }
    }
  ]
}

Status 412

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 412,
  "errors": [
    {
      "code": "invalid_rule_revision",
      "message": "The rule revision is missing or invalid.",
      "target": {
        "name": "If-Match",
        "type": "header",
        "value": "an-invalid-revision"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 412,
  "errors": [
    {
      "code": "invalid_rule_revision",
      "message": "The rule revision is missing or invalid.",
      "target": {
        "name": "If-Match",
        "type": "header",
        "value": "an-invalid-revision"
      }
    }
  ]
}

Status 429

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 429,
  "errors": [
    {
      "code": "too_many_requests",
      "message": "The client has sent too many requests in a given amount of time."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 429,
  "errors": [
    {
      "code": "too_many_requests",
      "message": "The client has sent too many requests in a given amount of time."
    }
  ]
}

Status 503

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 503,
  "errors": [
    {
      "code": "store_unavailable_error",
      "message": "The store is currently unavailable. Try again later."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 503,
  "errors": [
    {
      "code": "store_unavailable_error",
      "message": "The store is currently unavailable. Try again later."
    }
  ]
}

This operation deletes the rule identified by the specified rule ID.

DELETE /v1/rules/{rule_id}

(contextBasedRestrictions *ContextBasedRestrictionsV1) DeleteRule(deleteRuleOptions *DeleteRuleOptions) (response *core.DetailedResponse, err error)

(contextBasedRestrictions *ContextBasedRestrictionsV1) DeleteRuleWithContext(ctx context.Context, deleteRuleOptions *DeleteRuleOptions) (response *core.DetailedResponse, err error)

ServiceCall<Void> deleteRule(DeleteRuleOptions deleteRuleOptions)

deleteRule(params)

delete_rule(
        self,
        rule_id: str,
        *,
        x_correlation_id: Optional[str] = None,
        transaction_id: Optional[str] = None,
        **kwargs,
    ) -> DetailedResponse

Authorization

To call this method, you must be assigned one or more IAM access roles that include the following action. You can check your access by going to Users > User > Access.

cbr.rule.delete

Request

Instantiate the DeleteRuleOptions struct and set the fields to provide parameter values for the DeleteRule method.

Use the DeleteRuleOptions.Builder to create a DeleteRuleOptions object that contains the parameter values for the deleteRule method.

Custom Headers

X-Correlation-Id
string
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression ^[a-zA-Z0-9 ,\-_]+$
Transaction-Id
string
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression ^[a-zA-Z0-9 ,\-_]+$

Path Parameters

rule_id
Required*
string
The ID of a rule.

Possible values: length = 32, Value must match regular expression ^[a-fA-F0-9]{32}$

parameter

WithContext method only

DeleteRuleOptions

The DeleteRule options.

DeleteRuleOptions

The deleteRule options.

parameters

ruleId
Required*
string
The ID of a rule.

Possible values: length = 32, Value must match regular expression /^[a-fA-F0-9]{32}$/
xCorrelationId
string
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
transactionId
string
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/

parameters

rule_id
Required*
str
The ID of a rule.

Possible values: length = 32, Value must match regular expression /^[a-fA-F0-9]{32}$/
x_correlation_id
str
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
transaction_id
str
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/

Example request

curl -X DELETE --location --header "Authorization: Bearer {iam_token}" "https://cbr.cloud.ibm.com/v1/rules/{rule_id}"

Example request

deleteRuleOptions := contextBasedRestrictionsService.NewDeleteRuleOptions(
  ruleID,
)

response, err := contextBasedRestrictionsService.DeleteRule(deleteRuleOptions)
if err != nil {
  panic(err)
}
if response.StatusCode != 204 {
  fmt.Printf("\nUnexpected response status code received from DeleteRule(): %d\n", response.StatusCode)
}

Example request

DeleteRuleOptions deleteRuleOptions = new DeleteRuleOptions.Builder()
  .ruleId(ruleID)
  .build();

Response<Void> response = contextBasedRestrictionsService.deleteRule(deleteRuleOptions).execute();

Example request

const params = {
  ruleId,
};

try {
  await contextBasedRestrictionsService.deleteRule(params);
} catch (err) {
  console.warn(err);
}

Example request

response = context_based_restrictions_service.delete_rule(
  rule_id=rule_id,
)

Response

Status Code

204
The rule was successfully deleted.
400
The rule could not be deleted due to an invalid or missing input parameter.
401
You are not authorized to make this request. The token is either missing, invalid, or expired.
403
The supplied authentication is not authorized to perform the operation.
404
The rule could not be found. Verify that the specified rule ID is valid.
429
Too Many Requests.
503
A backend service required to complete the operation is unavailable. Try again later.

Example responses

Status 400

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 400,
  "errors": [
    {
      "code": "parameter_error",
      "message": "The parameter \"rule_id\" in path has an error.",
      "target": {
        "name": "rule_id",
        "type": "parameter",
        "value": "an-invalid-rule-id"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 400,
  "errors": [
    {
      "code": "parameter_error",
      "message": "The parameter \"rule_id\" in path has an error.",
      "target": {
        "name": "rule_id",
        "type": "parameter",
        "value": "an-invalid-rule-id"
      }
    }
  ]
}

Status 401

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 401,
  "errors": [
    {
      "code": "invalid_auth_token",
      "message": "The token failed to validate.",
      "target": {
        "name": "Authorization",
        "type": "header"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 401,
  "errors": [
    {
      "code": "invalid_auth_token",
      "message": "The token failed to validate.",
      "target": {
        "name": "Authorization",
        "type": "header"
      }
    }
  ]
}

Status 403

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 403,
  "errors": [
    {
      "code": "request_not_authorized",
      "message": "The request could not be authorized."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 403,
  "errors": [
    {
      "code": "request_not_authorized",
      "message": "The request could not be authorized."
    }
  ]
}

Status 404

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 404,
  "errors": [
    {
      "code": "rule_not_found_in_store",
      "message": "The rule 'fb988c9387e84390ba98bce4744c0a9c' is not found.",
      "target": {
        "name": "zone_id",
        "type": "parameter",
        "value": "fb988c9387e84390ba98bce4744c0a9c"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 404,
  "errors": [
    {
      "code": "rule_not_found_in_store",
      "message": "The rule 'fb988c9387e84390ba98bce4744c0a9c' is not found.",
      "target": {
        "name": "zone_id",
        "type": "parameter",
        "value": "fb988c9387e84390ba98bce4744c0a9c"
      }
    }
  ]
}

Status 429

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 429,
  "errors": [
    {
      "code": "too_many_requests",
      "message": "The client has sent too many requests in a given amount of time."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 429,
  "errors": [
    {
      "code": "too_many_requests",
      "message": "The client has sent too many requests in a given amount of time."
    }
  ]
}

Status 503

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 503,
  "errors": [
    {
      "code": "store_unavailable_error",
      "message": "The store is currently unavailable. Try again later."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 503,
  "errors": [
    {
      "code": "store_unavailable_error",
      "message": "The store is currently unavailable. Try again later."
    }
  ]
}

This operation retrieves the settings for the specified account ID.

GET /v1/account_settings/{account_id}

(contextBasedRestrictions *ContextBasedRestrictionsV1) GetAccountSettings(getAccountSettingsOptions *GetAccountSettingsOptions) (result *AccountSettings, response *core.DetailedResponse, err error)

(contextBasedRestrictions *ContextBasedRestrictionsV1) GetAccountSettingsWithContext(ctx context.Context, getAccountSettingsOptions *GetAccountSettingsOptions) (result *AccountSettings, response *core.DetailedResponse, err error)

ServiceCall<AccountSettings> getAccountSettings(GetAccountSettingsOptions getAccountSettingsOptions)

getAccountSettings(params)

get_account_settings(
        self,
        account_id: str,
        *,
        x_correlation_id: Optional[str] = None,
        transaction_id: Optional[str] = None,
        **kwargs,
    ) -> DetailedResponse

Authorization

To call this method, you must be assigned one or more IAM access roles that include the following action. You can check your access by going to Users > User > Access.

context-based-restrictions.account-settings.read

Request

Instantiate the GetAccountSettingsOptions struct and set the fields to provide parameter values for the GetAccountSettings method.

Use the GetAccountSettingsOptions.Builder to create a GetAccountSettingsOptions object that contains the parameter values for the getAccountSettings method.

Custom Headers

X-Correlation-Id
string
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression ^[a-zA-Z0-9 ,\-_]+$
Transaction-Id
string
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression ^[a-zA-Z0-9 ,\-_]+$

Path Parameters

account_id
Required*
string
The ID of the account the settings are for.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression ^[a-zA-Z0-9\-]+$

parameter

WithContext method only

GetAccountSettingsOptions

The GetAccountSettings options.

GetAccountSettingsOptions

The getAccountSettings options.

parameters

accountId
Required*
string
The ID of the account the settings are for.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression /^[a-zA-Z0-9\\-]+$/
xCorrelationId
string
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
transactionId
string
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/

parameters

account_id
Required*
str
The ID of the account the settings are for.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression /^[a-zA-Z0-9\\-]+$/
x_correlation_id
str
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
transaction_id
str
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/

Example request

curl -X GET --location --header "Authorization: Bearer {iam_token}"   --header "Accept: application/json"   "https://cbr.cloud.ibm.com/v1/account_settings/{account_id}"

Example request

getAccountSettingsOptions := contextBasedRestrictionsService.NewGetAccountSettingsOptions(
  accountID,
)

accountSettings, response, err := contextBasedRestrictionsService.GetAccountSettings(getAccountSettingsOptions)
if err != nil {
  panic(err)
}
b, _ := json.MarshalIndent(accountSettings, "", "  ")
fmt.Println(string(b))

Example request

      GetAccountSettingsOptions getAccountSettingsOptions = new GetAccountSettingsOptions.Builder()
          .accountId(accountID)
          .build();

      Response<AccountSettings> response = contextBasedRestrictionsService.getAccountSettings(getAccountSettingsOptions).execute();
      AccountSettings accountSettings = response.getResult();

      System.out.println(accountSettings);
GetAccountSettingsOptions getAccountSettingsOptions = new GetAccountSettingsOptions.Builder()
  .accountId(accountId)
  .build();

Response<AccountSettings> response = ibmCloudShellService.getAccountSettings(getAccountSettingsOptions).execute();
AccountSettings accountSettings = response.getResult();

System.out.println(accountSettings);

GetAccountSettingsOptions getAccountSettingsOptions = new GetAccountSettingsOptions.Builder()
  .accountId(testAccountId)
  .build();

Response<AccountSettings> response = iamAccessGroupsService.getAccountSettings(getAccountSettingsOptions).execute();
AccountSettings accountSettings = response.getResult();

System.out.println(accountSettings);

Example request

const params = {
  accountId: testAccountId,
};

try {
  const res = await iamAccessGroupsService.getAccountSettings(params);
  console.log(JSON.stringify(res.result, null, 2));
} catch (err) {
  console.warn(err);
}


const params = {
  accountId: accountId,
};

try {
  const res = await ibmCloudShellService.getAccountSettings(params);
  console.log(JSON.stringify(res.result, null, 2));
} catch (err) {
  console.warn(err)
}


const params = {
  accountId,
};

try {
  const res = await contextBasedRestrictionsService.getAccountSettings(params);
  console.log(JSON.stringify(res.result, null, 2));
} catch (err) {
  console.warn(err);
}

Example request

response = iam_access_groups_service.get_account_settings(
  account_id=test_account_id,
)
account_settings = response.get_result()

print(json.dumps(account_settings, indent=2))


response = context_based_restrictions_service.get_account_settings(
  account_id=account_id,
)
account_settings = response.get_result()

print(json.dumps(account_settings, indent=2))


account_settings = ibm_cloud_shell_service.get_account_settings(account_id=account_id).get_result()

print(json.dumps(account_settings, indent=2))

Response

Response Body

AccountSettings

An output account settings

AccountSettings

An output account settings.

AccountSettings

An output account settings.

AccountSettings

An output account settings.

AccountSettings

An output account settings.

Status Code

200
The account settings were successfully retrieved.
400
The account settings could not be retrieved due to an invalid or missing input parameter.
401
You are not authorized to make this request. The token is either missing, invalid, or expired.
403
The supplied authentication is not authorized to perform the operation.
429
Too Many Requests.
503
A backend service required to complete the operation is unavailable. Try again later.

Example responses

Status 200

{
  "id": "cbrAccountSettings-12ab34cd56ef78ab90cd12ef34ab56cd",
  "crn": "crn:v1:bluemix:public:context-based-restrictions:global:a/12ab34cd56ef78ab90cd12ef34ab56cd::account-settings:",
  "zone_count_limit": 500,
  "rule_count_limit": 4020,
  "tags_rule_count_limit": 500,
  "current_zone_count": 123,
  "current_rule_count": 234,
  "current_tags_rule_count": 45,
  "href": "https://cbr.cloud.ibm.com/v1/account_settings/12ab34cd56ef78ab90cd12ef34ab56cd"
}

Success example

{
  "id": "cbrAccountSettings-12ab34cd56ef78ab90cd12ef34ab56cd",
  "crn": "crn:v1:bluemix:public:context-based-restrictions:global:a/12ab34cd56ef78ab90cd12ef34ab56cd::account-settings:",
  "zone_count_limit": 500,
  "rule_count_limit": 4020,
  "tags_rule_count_limit": 500,
  "current_zone_count": 123,
  "current_rule_count": 234,
  "current_tags_rule_count": 45,
  "href": "https://cbr.cloud.ibm.com/v1/account_settings/12ab34cd56ef78ab90cd12ef34ab56cd"
}

Status 400

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 400,
  "errors": [
    {
      "code": "parameter_error",
      "message": "The parameter \"account_id\" in path has an error.",
      "target": {
        "name": "account_id",
        "type": "parameter",
        "value": "an-invalid-account-id"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 400,
  "errors": [
    {
      "code": "parameter_error",
      "message": "The parameter \"account_id\" in path has an error.",
      "target": {
        "name": "account_id",
        "type": "parameter",
        "value": "an-invalid-account-id"
      }
    }
  ]
}

Status 401

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 401,
  "errors": [
    {
      "code": "invalid_auth_token",
      "message": "The token failed to validate.",
      "target": {
        "name": "Authorization",
        "type": "header"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 401,
  "errors": [
    {
      "code": "invalid_auth_token",
      "message": "The token failed to validate.",
      "target": {
        "name": "Authorization",
        "type": "header"
      }
    }
  ]
}

Status 403

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 403,
  "errors": [
    {
      "code": "request_not_authorized",
      "message": "The request could not be authorized."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 403,
  "errors": [
    {
      "code": "request_not_authorized",
      "message": "The request could not be authorized."
    }
  ]
}

Status 429

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 429,
  "errors": [
    {
      "code": "too_many_requests",
      "message": "The client has sent too many requests in a given amount of time."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 429,
  "errors": [
    {
      "code": "too_many_requests",
      "message": "The client has sent too many requests in a given amount of time."
    }
  ]
}

Status 503

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 503,
  "errors": [
    {
      "code": "store_unavailable_error",
      "message": "The store is currently unavailable. Try again later."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 503,
  "errors": [
    {
      "code": "store_unavailable_error",
      "message": "The store is currently unavailable. Try again later."
    }
  ]
}

This operation lists all available service operations.

GET /v1/operations

(contextBasedRestrictions *ContextBasedRestrictionsV1) ListAvailableServiceOperations(listAvailableServiceOperationsOptions *ListAvailableServiceOperationsOptions) (result *OperationsList, response *core.DetailedResponse, err error)

(contextBasedRestrictions *ContextBasedRestrictionsV1) ListAvailableServiceOperationsWithContext(ctx context.Context, listAvailableServiceOperationsOptions *ListAvailableServiceOperationsOptions) (result *OperationsList, response *core.DetailedResponse, err error)

ServiceCall<OperationsList> listAvailableServiceOperations(ListAvailableServiceOperationsOptions listAvailableServiceOperationsOptions)

listAvailableServiceOperations(params)

list_available_service_operations(
        self,
        *,
        x_correlation_id: Optional[str] = None,
        transaction_id: Optional[str] = None,
        service_name: Optional[str] = None,
        service_group_id: Optional[str] = None,
        resource_type: Optional[str] = None,
        **kwargs,
    ) -> DetailedResponse

Request

Instantiate the ListAvailableServiceOperationsOptions struct and set the fields to provide parameter values for the ListAvailableServiceOperations method.

Use the ListAvailableServiceOperationsOptions.Builder to create a ListAvailableServiceOperationsOptions object that contains the parameter values for the listAvailableServiceOperations method.

Custom Headers

X-Correlation-Id
string
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression ^[a-zA-Z0-9 ,\-_]+$
Transaction-Id
string
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression ^[a-zA-Z0-9 ,\-_]+$

Query Parameters

service_name
string
The name of the service.

Possible values: Value must match regular expression ^[-0-9a-z]+$
service_group_id
string
The id of the service group.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression ^[a-zA-Z0-9]+$
resource_type
string
The type of resource.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression ^[\S\s]+$

parameter

WithContext method only

ListAvailableServiceOperationsOptions

The ListAvailableServiceOperations options.

ListAvailableServiceOperationsOptions

The listAvailableServiceOperations options.

parameters

xCorrelationId
string
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
transactionId
string
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
serviceName
string
The name of the service.

Possible values: Value must match regular expression /^[-0-9a-z]+$/
serviceGroupId
string
The id of the service group.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression /^[a-zA-Z0-9]+$/
resourceType
string
The type of resource.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression /^[\\S\\s]+$/

parameters

x_correlation_id
str
The supplied or generated value of this header is logged for a request and repeated in a response header for the corresponding response. The same value is used for downstream requests and retries of those requests. If a value of this headers is not supplied in a request, the service generates a random (version 4) UUID.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
transaction_id
str
The Transaction-Id header behaves as the X-Correlation-Id header. It is supported for backward compatibility with other IBM platform services that support the Transaction-Id header only. If both X-Correlation-Id and Transaction-Id are provided, X-Correlation-Id has the precedence over Transaction-Id.

Possible values: 1 ≤ length ≤ 1024, Value must match regular expression /^[a-zA-Z0-9 ,\\-_]+$/
service_name
str
The name of the service.

Possible values: Value must match regular expression /^[-0-9a-z]+$/
service_group_id
str
The id of the service group.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression /^[a-zA-Z0-9]+$/
resource_type
str
The type of resource.

Possible values: 1 ≤ length ≤ 128, Value must match regular expression /^[\\S\\s]+$/

Example request

curl -X GET --location --header "Authorization: Bearer {iam_token}"   --header "Accept: application/json"   "https://cbr.cloud.ibm.com/v1/operations?service_name={service_name}"

Example request

listAvailableServiceOperationsOptions := contextBasedRestrictionsService.NewListAvailableServiceOperationsOptions()
listAvailableServiceOperationsOptions.SetServiceName("containers-kubernetes")

operationsList, response, err := contextBasedRestrictionsService.ListAvailableServiceOperations(listAvailableServiceOperationsOptions)
if err != nil {
  panic(err)
}
b, _ := json.MarshalIndent(operationsList, "", "  ")
fmt.Println(string(b))

Example request

ListAvailableServiceOperationsOptions listAvailableServiceOperationsOptions = new ListAvailableServiceOperationsOptions.Builder()
  .serviceName("containers-kubernetes")
  .build();

Response<OperationsList> response = contextBasedRestrictionsService.listAvailableServiceOperations(listAvailableServiceOperationsOptions).execute();
OperationsList operationsList = response.getResult();

System.out.println(operationsList);

Example request

const params = {
  serviceName: 'containers-kubernetes',
};

let res;
try {
  res = await contextBasedRestrictionsService.listAvailableServiceOperations(params);
  console.log(JSON.stringify(res.result, null, 2));
} catch (err) {
  console.warn(err);
}

Example request

operations_list = context_based_restrictions_service.list_available_service_operations(
  service_name='containers-kubernetes'
).get_result()

print(json.dumps(operations_list, indent=2))

Response

Response Body

OperationsList

The response object of the list_available_service_operations operation.

OperationsList

The response object of the list_available_service_operations operation.

OperationsList

The response object of the list_available_service_operations operation.

OperationsList

The response object of the list_available_service_operations operation.

OperationsList

The response object of the list_available_service_operations operation.

Status Code

200
The service operations were successfully retrieved.
400
The service operations could not be retrieved due to an invalid or missing input parameter.
401
You are not authorized to make this request. The token is either missing, invalid, or expired.
429
Too many requests.
503
A backend service required to complete the operation is unavailable. Try again later.

Example responses

Status 200

{
  "api_types": [
    {
      "actions": [
        {
          "action_id": "codeengine.computeenvironment.create",
          "description": "Allows you to create a Code Engine Compute Environment."
        },
        {
          "action_id": "codeengine.computeenvironment.delete",
          "description": "Allows you to delete compute environments."
        },
        {
          "action_id": "codeengine.computeenvironment.projects.create",
          "description": "Allows you to create projects in this compute environment."
        },
        {
          "action_id": "codeengine.computeenvironment.projects.delete",
          "description": "Allows you to delete projects in this compute environment."
        },
        {
          "action_id": "codeengine.config.read",
          "description": "Configuration Information Point API access"
        },
        {
          "action_id": "codeengine.dashboard.view",
          "description": "View Dashboard"
        },
        {
          "action_id": "codeengine.tenant.entities.create",
          "description": "Create project contents, such as applications, job definitions, and jobs"
        },
        {
          "action_id": "codeengine.tenant.entities.delete",
          "description": "Delete existing items from within a project"
        },
        {
          "action_id": "codeengine.tenant.entities.read",
          "description": "List and view existing items within a project"
        },
        {
          "action_id": "codeengine.tenant.entities.update",
          "description": "Modify existing items already contained by a project, such as applications, jobs, or job definitions.  This does not include the ability to create or delete these items."
        },
        {
          "action_id": "codeengine.tenant.read",
          "description": "View project details"
        }
      ],
      "api_type_id": "crn:v1:bluemix:public:context-based-restrictions::::api-type:",
      "description": "Protects all service APIs.",
      "display_name": "All",
      "enforcement_modes": [
        "disabled",
        "enabled",
        "report"
      ],
      "type": "service"
    },
    {
      "actions": [
        {
          "action_id": "global-search-tagging.tag.attach-access-tag",
          "description": "The ability to attach access management tags to a resource"
        },
        {
          "action_id": "global-search-tagging.tag.attach-user-tag",
          "description": "The ability to attach a user tag to the resource"
        },
        {
          "action_id": "global-search-tagging.tag.detach-access-tag",
          "description": "The ability to detach access management tags from a resource"
        },
        {
          "action_id": "global-search-tagging.tag.detach-user-tag",
          "description": "The ability to detach a user tag from the resource"
        },
        {
          "action_id": "resource-controller.alias.create",
          "description": "The ability to create aliases."
        },
        {
          "action_id": "resource-controller.alias.delete",
          "description": "The ability to delete existing aliases."
        },
        {
          "action_id": "resource-controller.alias.retrieve",
          "description": "The ability to see aliases."
        },
        {
          "action_id": "resource-controller.alias.update",
          "description": "The ability to update or edit existing aliases."
        },
        {
          "action_id": "resource-controller.binding.create",
          "description": "The ability to create bindings."
        },
        {
          "action_id": "resource-controller.binding.delete",
          "description": "The ability to delete existing bindings."
        },
        {
          "action_id": "resource-controller.binding.retrieve",
          "description": "The ability to see bindings."
        },
        {
          "action_id": "resource-controller.binding.update",
          "description": "The ability to update or edit existing bindings."
        },
        {
          "action_id": "resource-controller.credential.retrieve_all",
          "description": "The ability to retrieve all credentials for instances."
        },
        {
          "action_id": "resource-controller.instance.create",
          "description": "The ability to create instances."
        },
        {
          "action_id": "resource-controller.instance.delete",
          "description": "The ability to delete existing instances."
        },
        {
          "action_id": "resource-controller.instance.retrieve",
          "description": "The ability to see instances."
        },
        {
          "action_id": "resource-controller.instance.retrieve_history",
          "description": "The ability to see the history for instances."
        },
        {
          "action_id": "resource-controller.instance.update",
          "description": "The ability to update or edit existing instances."
        },
        {
          "action_id": "resource-controller.instance.update_plan",
          "description": "The ability to update the plan or configuration of existing instances."
        },
        {
          "action_id": "resource-controller.key.create",
          "description": "The ability to create keys."
        },
        {
          "action_id": "resource-controller.key.delete",
          "description": "The ability to delete existing keys."
        },
        {
          "action_id": "resource-controller.key.manager_create",
          "description": "The ability to create keys by KeyManager."
        },
        {
          "action_id": "resource-controller.key.manager_delete",
          "description": "The ability to delete existing keys by KeyManager."
        },
        {
          "action_id": "resource-controller.key.manager_retrieve",
          "description": "The ability to retrieve keys by KeyManager."
        },
        {
          "action_id": "resource-controller.key.manager_update",
          "description": "The ability to update or edit existing keys by KeyManager."
        },
        {
          "action_id": "resource-controller.key.retrieve",
          "description": "The ability to retrieve keys."
        },
        {
          "action_id": "resource-controller.key.update",
          "description": "The ability to update or edit existing keys."
        }
      ],
      "api_type_id": "crn:v1:bluemix:public:context-based-restrictions::::platform-api-type:",
      "description": "Protects all platform APIs.",
      "display_name": "All",
      "enforcement_modes": [
        "disabled",
        "enabled",
        "report"
      ],
      "type": "platform"
    },
    {
      "actions": [
        {
          "action_id": "global-search-tagging.tag.attach-access-tag",
          "description": "The ability to attach access management tags to a resource"
        },
        {
          "action_id": "global-search-tagging.tag.attach-user-tag",
          "description": "The ability to attach a user tag to the resource"
        },
        {
          "action_id": "global-search-tagging.tag.detach-access-tag",
          "description": "The ability to detach access management tags from a resource"
        },
        {
          "action_id": "global-search-tagging.tag.detach-user-tag",
          "description": "The ability to detach a user tag from the resource"
        },
        {
          "action_id": "resource-controller.alias.create",
          "description": "The ability to create aliases."
        },
        {
          "action_id": "resource-controller.alias.delete",
          "description": "The ability to delete existing aliases."
        },
        {
          "action_id": "resource-controller.alias.retrieve",
          "description": "The ability to see aliases."
        },
        {
          "action_id": "resource-controller.alias.update",
          "description": "The ability to update or edit existing aliases."
        },
        {
          "action_id": "resource-controller.binding.create",
          "description": "The ability to create bindings."
        },
        {
          "action_id": "resource-controller.binding.delete",
          "description": "The ability to delete existing bindings."
        },
        {
          "action_id": "resource-controller.binding.retrieve",
          "description": "The ability to see bindings."
        },
        {
          "action_id": "resource-controller.binding.update",
          "description": "The ability to update or edit existing bindings."
        },
        {
          "action_id": "resource-controller.credential.retrieve_all",
          "description": "The ability to retrieve all credentials for instances."
        },
        {
          "action_id": "resource-controller.instance.create",
          "description": "The ability to create instances."
        },
        {
          "action_id": "resource-controller.instance.delete",
          "description": "The ability to delete existing instances."
        },
        {
          "action_id": "resource-controller.instance.retrieve",
          "description": "The ability to see instances."
        },
        {
          "action_id": "resource-controller.instance.retrieve_history",
          "description": "The ability to see the history for instances."
        },
        {
          "action_id": "resource-controller.instance.update",
          "description": "The ability to update or edit existing instances."
        },
        {
          "action_id": "resource-controller.instance.update_plan",
          "description": "The ability to update the plan or configuration of existing instances."
        },
        {
          "action_id": "resource-controller.key.create",
          "description": "The ability to create keys."
        },
        {
          "action_id": "resource-controller.key.delete",
          "description": "The ability to delete existing keys."
        },
        {
          "action_id": "resource-controller.key.manager_create",
          "description": "The ability to create keys by KeyManager."
        },
        {
          "action_id": "resource-controller.key.manager_delete",
          "description": "The ability to delete existing keys by KeyManager."
        },
        {
          "action_id": "resource-controller.key.manager_retrieve",
          "description": "The ability to retrieve keys by KeyManager."
        },
        {
          "action_id": "resource-controller.key.manager_update",
          "description": "The ability to update or edit existing keys by KeyManager."
        },
        {
          "action_id": "resource-controller.key.retrieve",
          "description": "The ability to retrieve keys."
        },
        {
          "action_id": "resource-controller.key.update",
          "description": "The ability to update or edit existing keys."
        }
      ],
      "api_type_id": "crn:v1:bluemix:public:context-based-restrictions::::platform-api-type:resource-management",
      "description": "Protects access to platform APIs related to resource instances such as attaching tags and managing service credentials.",
      "display_name": "Resource Management",
      "enforcement_modes": [
        "disabled",
        "enabled",
        "report"
      ],
      "type": "platform"
    }
  ]
}

Success example

{
  "api_types": [
    {
      "actions": [
        {
          "action_id": "codeengine.computeenvironment.create",
          "description": "Allows you to create a Code Engine Compute Environment."
        },
        {
          "action_id": "codeengine.computeenvironment.delete",
          "description": "Allows you to delete compute environments."
        },
        {
          "action_id": "codeengine.computeenvironment.projects.create",
          "description": "Allows you to create projects in this compute environment."
        },
        {
          "action_id": "codeengine.computeenvironment.projects.delete",
          "description": "Allows you to delete projects in this compute environment."
        },
        {
          "action_id": "codeengine.config.read",
          "description": "Configuration Information Point API access"
        },
        {
          "action_id": "codeengine.dashboard.view",
          "description": "View Dashboard"
        },
        {
          "action_id": "codeengine.tenant.entities.create",
          "description": "Create project contents, such as applications, job definitions, and jobs"
        },
        {
          "action_id": "codeengine.tenant.entities.delete",
          "description": "Delete existing items from within a project"
        },
        {
          "action_id": "codeengine.tenant.entities.read",
          "description": "List and view existing items within a project"
        },
        {
          "action_id": "codeengine.tenant.entities.update",
          "description": "Modify existing items already contained by a project, such as applications, jobs, or job definitions.  This does not include the ability to create or delete these items."
        },
        {
          "action_id": "codeengine.tenant.read",
          "description": "View project details"
        }
      ],
      "api_type_id": "crn:v1:bluemix:public:context-based-restrictions::::api-type:",
      "description": "Protects all service APIs.",
      "display_name": "All",
      "enforcement_modes": [
        "disabled",
        "enabled",
        "report"
      ],
      "type": "service"
    },
    {
      "actions": [
        {
          "action_id": "global-search-tagging.tag.attach-access-tag",
          "description": "The ability to attach access management tags to a resource"
        },
        {
          "action_id": "global-search-tagging.tag.attach-user-tag",
          "description": "The ability to attach a user tag to the resource"
        },
        {
          "action_id": "global-search-tagging.tag.detach-access-tag",
          "description": "The ability to detach access management tags from a resource"
        },
        {
          "action_id": "global-search-tagging.tag.detach-user-tag",
          "description": "The ability to detach a user tag from the resource"
        },
        {
          "action_id": "resource-controller.alias.create",
          "description": "The ability to create aliases."
        },
        {
          "action_id": "resource-controller.alias.delete",
          "description": "The ability to delete existing aliases."
        },
        {
          "action_id": "resource-controller.alias.retrieve",
          "description": "The ability to see aliases."
        },
        {
          "action_id": "resource-controller.alias.update",
          "description": "The ability to update or edit existing aliases."
        },
        {
          "action_id": "resource-controller.binding.create",
          "description": "The ability to create bindings."
        },
        {
          "action_id": "resource-controller.binding.delete",
          "description": "The ability to delete existing bindings."
        },
        {
          "action_id": "resource-controller.binding.retrieve",
          "description": "The ability to see bindings."
        },
        {
          "action_id": "resource-controller.binding.update",
          "description": "The ability to update or edit existing bindings."
        },
        {
          "action_id": "resource-controller.credential.retrieve_all",
          "description": "The ability to retrieve all credentials for instances."
        },
        {
          "action_id": "resource-controller.instance.create",
          "description": "The ability to create instances."
        },
        {
          "action_id": "resource-controller.instance.delete",
          "description": "The ability to delete existing instances."
        },
        {
          "action_id": "resource-controller.instance.retrieve",
          "description": "The ability to see instances."
        },
        {
          "action_id": "resource-controller.instance.retrieve_history",
          "description": "The ability to see the history for instances."
        },
        {
          "action_id": "resource-controller.instance.update",
          "description": "The ability to update or edit existing instances."
        },
        {
          "action_id": "resource-controller.instance.update_plan",
          "description": "The ability to update the plan or configuration of existing instances."
        },
        {
          "action_id": "resource-controller.key.create",
          "description": "The ability to create keys."
        },
        {
          "action_id": "resource-controller.key.delete",
          "description": "The ability to delete existing keys."
        },
        {
          "action_id": "resource-controller.key.manager_create",
          "description": "The ability to create keys by KeyManager."
        },
        {
          "action_id": "resource-controller.key.manager_delete",
          "description": "The ability to delete existing keys by KeyManager."
        },
        {
          "action_id": "resource-controller.key.manager_retrieve",
          "description": "The ability to retrieve keys by KeyManager."
        },
        {
          "action_id": "resource-controller.key.manager_update",
          "description": "The ability to update or edit existing keys by KeyManager."
        },
        {
          "action_id": "resource-controller.key.retrieve",
          "description": "The ability to retrieve keys."
        },
        {
          "action_id": "resource-controller.key.update",
          "description": "The ability to update or edit existing keys."
        }
      ],
      "api_type_id": "crn:v1:bluemix:public:context-based-restrictions::::platform-api-type:",
      "description": "Protects all platform APIs.",
      "display_name": "All",
      "enforcement_modes": [
        "disabled",
        "enabled",
        "report"
      ],
      "type": "platform"
    },
    {
      "actions": [
        {
          "action_id": "global-search-tagging.tag.attach-access-tag",
          "description": "The ability to attach access management tags to a resource"
        },
        {
          "action_id": "global-search-tagging.tag.attach-user-tag",
          "description": "The ability to attach a user tag to the resource"
        },
        {
          "action_id": "global-search-tagging.tag.detach-access-tag",
          "description": "The ability to detach access management tags from a resource"
        },
        {
          "action_id": "global-search-tagging.tag.detach-user-tag",
          "description": "The ability to detach a user tag from the resource"
        },
        {
          "action_id": "resource-controller.alias.create",
          "description": "The ability to create aliases."
        },
        {
          "action_id": "resource-controller.alias.delete",
          "description": "The ability to delete existing aliases."
        },
        {
          "action_id": "resource-controller.alias.retrieve",
          "description": "The ability to see aliases."
        },
        {
          "action_id": "resource-controller.alias.update",
          "description": "The ability to update or edit existing aliases."
        },
        {
          "action_id": "resource-controller.binding.create",
          "description": "The ability to create bindings."
        },
        {
          "action_id": "resource-controller.binding.delete",
          "description": "The ability to delete existing bindings."
        },
        {
          "action_id": "resource-controller.binding.retrieve",
          "description": "The ability to see bindings."
        },
        {
          "action_id": "resource-controller.binding.update",
          "description": "The ability to update or edit existing bindings."
        },
        {
          "action_id": "resource-controller.credential.retrieve_all",
          "description": "The ability to retrieve all credentials for instances."
        },
        {
          "action_id": "resource-controller.instance.create",
          "description": "The ability to create instances."
        },
        {
          "action_id": "resource-controller.instance.delete",
          "description": "The ability to delete existing instances."
        },
        {
          "action_id": "resource-controller.instance.retrieve",
          "description": "The ability to see instances."
        },
        {
          "action_id": "resource-controller.instance.retrieve_history",
          "description": "The ability to see the history for instances."
        },
        {
          "action_id": "resource-controller.instance.update",
          "description": "The ability to update or edit existing instances."
        },
        {
          "action_id": "resource-controller.instance.update_plan",
          "description": "The ability to update the plan or configuration of existing instances."
        },
        {
          "action_id": "resource-controller.key.create",
          "description": "The ability to create keys."
        },
        {
          "action_id": "resource-controller.key.delete",
          "description": "The ability to delete existing keys."
        },
        {
          "action_id": "resource-controller.key.manager_create",
          "description": "The ability to create keys by KeyManager."
        },
        {
          "action_id": "resource-controller.key.manager_delete",
          "description": "The ability to delete existing keys by KeyManager."
        },
        {
          "action_id": "resource-controller.key.manager_retrieve",
          "description": "The ability to retrieve keys by KeyManager."
        },
        {
          "action_id": "resource-controller.key.manager_update",
          "description": "The ability to update or edit existing keys by KeyManager."
        },
        {
          "action_id": "resource-controller.key.retrieve",
          "description": "The ability to retrieve keys."
        },
        {
          "action_id": "resource-controller.key.update",
          "description": "The ability to update or edit existing keys."
        }
      ],
      "api_type_id": "crn:v1:bluemix:public:context-based-restrictions::::platform-api-type:resource-management",
      "description": "Protects access to platform APIs related to resource instances such as attaching tags and managing service credentials.",
      "display_name": "Resource Management",
      "enforcement_modes": [
        "disabled",
        "enabled",
        "report"
      ],
      "type": "platform"
    }
  ]
}

Status 400

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 400,
  "errors": [
    {
      "code": "parameter_error",
      "message": "The parameter \"service_name\" in query has an error.",
      "target": {
        "name": "service_name",
        "type": "parameter",
        "value": "an_invalid_service_name"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 400,
  "errors": [
    {
      "code": "parameter_error",
      "message": "The parameter \"service_name\" in query has an error.",
      "target": {
        "name": "service_name",
        "type": "parameter",
        "value": "an_invalid_service_name"
      }
    }
  ]
}

Status 401

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 401,
  "errors": [
    {
      "code": "invalid_auth_token",
      "message": "The token failed to validate.",
      "target": {
        "name": "Authorization",
        "type": "header"
      }
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 401,
  "errors": [
    {
      "code": "invalid_auth_token",
      "message": "The token failed to validate.",
      "target": {
        "name": "Authorization",
        "type": "header"
      }
    }
  ]
}

Status 429

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 429,
  "errors": [
    {
      "code": "too_many_requests",
      "message": "The client has sent too many requests in a given amount of time."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 429,
  "errors": [
    {
      "code": "too_many_requests",
      "message": "The client has sent too many requests in a given amount of time."
    }
  ]
}

Status 503

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 503,
  "errors": [
    {
      "code": "backend_service_unavailable",
      "message": "Unexpected error retrieving service definition."
    }
  ]
}

Error example

{
  "trace": "b05ed07e-c4d9-4285-841c-1e954c0b4a0e",
  "status_code": 503,
  "errors": [
    {
      "code": "backend_service_unavailable",
      "message": "Unexpected error retrieving service definition."
    }
  ]
}

Introduction

Network Zones

Rules

Endpoint URLs

Authentication

Auditing

Error handling

Transaction-Id

Related APIs

Methods

Create a network zone

Authorization

Request

Custom Headers

X-Correlation-Id

Transaction-Id

Request Body

name

account_id

addresses

description

excluded

parameter

ctx

CreateZoneOptions

Name

AccountID

Description

Addresses

Type

Value

Excluded

Type

Value

XCorrelationID

TransactionID

CreateZoneOptions

name

accountId

description

addresses

type

value

excluded

type

value

xCorrelationId

transactionId

parameters

name

accountId

addresses

type

value

description

excluded

type

value

xCorrelationId

transactionId

parameters

name

account_id

addresses

type

value

description

excluded

type

value

x_correlation_id

transaction_id

Response

Response Body

id

crn

address_count

excluded_count

name

account_id