Context-based restrictions CLI plug-in
The IBM Cloud® context-based restrictions command line interface (CLI) provides extra capabilities for context-based restrictions. You can use this CLI plug-in to manage access restrictions for IBM Cloud® resources based on the network location of access requests.
Before you begin
- Install the IBM Cloud CLI. For more information, see Getting started with the IBM Cloud CLI. The prefix for running commands by using the IBM Cloud CLI is
ibmcloud
. - Before you run commands, log in to IBM Cloud with the
ibmcloud login
command to generate an access token and authenticate your session.
Installing the context-based restrictions plug-in
To install the context-based restrictions plug-in, run the following command:
ibmcloud plugin install cbr
In the command line, you are notified when updates to the ibmcloud
CLI and cbr
CLI plug-in are available. Ensure that you keep your CLI up to date so that you can use all the available commands and flags.
If you want to view the current version of your cbr
CLI plug-in, run ibmcloud plugin list
.
Zones
Operations on network zones.
ibmcloud cbr zone-create
This operation creates a network zone for the specified account.
ibmcloud cbr zone-create [--name NAME] [--description DESCRIPTION] [--addresses ADDRESSES] [--vpc VPC] [--service-ref SERVICEREF] [--excluded EXCLUDED] [--empty-address-list] [--file FILE]
Example
ibmcloud cbr zone-create --name example-zone --description "Example zone description" --addresses 192.0.2.1,3ffe:1900:fe21:4545::,192.2.3.5-192.2.3.10,3ffe:1900:fe21:4547::-3ffe:1900:fe21:6767:
ibmcloud cbr zone-create --name example-zone-with-service-ref --service-ref service_name=kms,location=us-south
ibmcloud cbr zone-create --name example-zone-with-vpc --vpc crn:v1:staging:public:is:us-south:a/12ab34cd56ef78ab90cd12ef34ab56cd::vpc:r123-abc456de-f789-abc1-23de-f456abc789ab
Example output
id 9adc34f2867a43452a517b3c2de78b95
crn crn:v1:bluemix:public:cbr:global:a/0123456789::zone:9adc34f2867a43452a517b3c2de78b95
address_count 7
excluded_count 0
name test
account_id 0123456789
description
Addresses 1 IP Address, 1 IP Range, 1 Subnet, 2 VPCs, 2 Service References
Excluded No addresses
href https://cbr.cloud.ibm.com/v1/zones/9adc34f2867a43452a517b3c2de78b95
created_at 2024-03-06T22:20:25.000Z
created_by_id iam-ServiceId-0123456789
last_modified_at 2024-03-06T22:20:25.000Z
last_modified_by_id iam-ServiceId-0123456789
Command options
--name
(string)- The name of the zone.
--description
(string)- The description of the zone.
--addresses
(string)- The list of addresses in the zone. Only addresses of type
ipAddress
,ipRange
, andsubnet
are allowed in a comma delimited format. IPv4 and IPv6 are supported. --service-ref
(string)- The service refs in the zone. Input in the form
service_name=VALUE,service_name=VALUE,...
. - To find a list of available service refs, run the
ibmcloud cbr service-ref-targets
command. --vpc
(string)- The VPCs allowed in the zone. Input in the form
value,value,...
. --excluded
(string)- The list of excluded addresses in the zone. Only addresses of type
ipAddress
,ipRange
, andsubnet
are allowed in a comma delimited format. --empty-address-list
(bool)- Explicitly specifies that the zone will have no addresses. This cannot be used in tandem with the
addresses
,service-ref
,vpc
, orexcluded
flags. --file
(string)- The supplied file is used to create the zone. This flag is unique and cannot be used with other flags. The file needs to follow the JSON schema for the zone create API. For more information, see the Context-based restrictions API.
ibmcloud cbr zones
This operation lists network zones in the specified account.
ibmcloud cbr zones [--name NAME] [--sort SORT]
Example
ibmcloud cbr zones
Example output
id name address_count excluded_count
9adc34f2867a43452a517b3c2de78b95 test 7 0
12ab34cd56ef78ab90cd12ef34ab56cd example 2 0
Command options
--name
(string)- The name of the zone.
--sort
(string)- Sorts results by using a valid sort field. To learn more, see Sorting.
ibmcloud cbr zone
This operation retrieves the network zone that is identified by the specified zone ID.
ibmcloud cbr zone ZONE-ID
Example
ibmcloud cbr zone 9adc34f2867a43452a517b3c2de78b95
Example output
id 9adc34f2867a43452a517b3c2de78b95
crn crn:v1:bluemix:public:cbr:global:a/0123456789::zone:9adc34f2867a43452a517b3c2de78b95
address_count 7
excluded_count 0
name test
account_id 0123456789
description
Addresses 1 IP Address, 1 IP Range, 1 Subnet, 2 VPCs, 2 Service References
Excluded No addresses
href https://cbr.cloud.ibm.com/v1/zones/9adc34f2867a43452a517b3c2de78b95
created_at 2024-03-06T22:20:25.000Z
created_by_id iam-ServiceId-0123456789
last_modified_at 2024-03-06T22:20:25.000Z
last_modified_by_id iam-ServiceId-0123456789
ibmcloud cbr zone-update
This operation replaces the network zone that is identified by the specified zone ID. Partial updates are not supported and the entire network zone object is replaced.
ibmcloud cbr zone-update ZONE-ID [--name NAME] [--description DESCRIPTION] [--addresses ADDRESSES] [--vpc VPC] [--service-ref SERVICEREF] [--excluded EXCLUDED] [--empty-address-list] [--file FILE]
Example
ibmcloud cbr zone-update 9adc34f2867a43452a517b3c2de78b95 --name 'Example Zone Name' --addresses 166.22.23.0-166.22.23.108,3ffe:1900:fe21:4545:: --excluded 166.22.23.100
ibmcloud cbr zone-update 9adc34f2867a43452a517b3c2de78b95 --name example-zone-with-service-ref --service-ref service_name=kms,location=us-south
ibmcloud cbr zone-update 9adc34f2867a43452a517b3c2de78b95 --name example-zone-with-vpc --vpc crn:v1:staging:public:is:us-south:a/12ab34cd56ef78ab90cd12ef34ab56cd::vpc:r123-abc456de-f789-abc1-23de-f456abc789ab
Example output
id 9adc34f2867a43452a517b3c2de78b95
crn crn:v1:bluemix:public:cbr:global:a/0123456789::zone:9adc34f2867a43452a517b3c2de78b95
address_count 7
excluded_count 0
name test update
account_id 0123456789
description
Addresses 1 IP Address, 1 IP Range, 1 Subnet, 2 VPCs, 2 Service References
Excluded No addresses
href https://cbr.cloud.ibm.com/v1/zones/9adc34f2867a43452a517b3c2de78b95
created_at 2024-03-06T22:20:25.000Z
created_by_id iam-ServiceId-0123456789
last_modified_at 2024-03-06T22:29:19.000Z
last_modified_by_id iam-ServiceId-0123456789
Command options
--name
(string)- The name of the zone.
--description
(string)- The description of the zone.
--addresses
(string)- The list of addresses in the zone. Only addresses of type
ipAddress
,ipRange
, andsubnet
are allowed in a comma delimited format. IPv4 and IPv6 are supported. --service-ref
(string)- The service refs in the zone. Input in the form
name=value,name=value,...
. --vpc
(string)- The VPCs allowed in the zone. Input in the form
value,value,...
. --excluded
(string)- The list of excluded addresses in the zone. Only addresses of type
ipAddress
,ipRange
, andsubnet
are allowed in a comma delimited format. --empty-address-list
(bool)- Explicitly specifies that the zone will have no addresses. This cannot be used in tandem with the
addresses
,service-ref
,vpc
, orexcluded
flags. --file
(string)- The supplied file is used to update the zone. This flag is unique and cannot be used with other flags. The file needs to follow the JSON schema for the zone update API. For more information, see the Context-based restrictions API.
ibmcloud cbr zone-patch
This operation performs a partial update of the network zone that is identified by the specified zone ID.
ibmcloud cbr zone-patch ZONE-ID [--name NAME] [--description DESCRIPTION]
Example
ibmcloud cbr zone-patch 9adc34f2867a43452a517b3c2de78b95 --name 'Example Zone Name' --description updated
Example output
id 9adc34f2867a43452a517b3c2de78b95
crn crn:v1:bluemix:public:cbr:global:a/0123456789::zone:9adc34f2867a43452a517b3c2de78b95
address_count 7
excluded_count 0
name test update
account_id 0123456789
description updated
Addresses 1 IP Address, 1 IP Range, 1 Subnet, 2 VPCs, 2 Service References
Excluded No addresses
href https://cbr.cloud.ibm.com/v1/zones/9adc34f2867a43452a517b3c2de78b95
created_at 2024-03-06T22:20:25.000Z
created_by_id iam-ServiceId-0123456789
last_modified_at 2024-03-06T22:29:19.000Z
last_modified_by_id iam-ServiceId-0123456789
Command options
--name
(string)- The name of the zone.
--description
(string)- The description of the zone.
ibmcloud cbr zone-delete
This operation deletes the network zone that is identified by the specified zone ID.
ibmcloud cbr zone-delete ZONE-ID
Example
ibmcloud cbr zone-delete 65810ac762004f22ac19f8f8edf70a34
ibmcloud cbr service-ref-targets
This operation lists all of the available service reference targets.
ibmcloud cbr service-ref-targets [--type TYPE]
Example
ibmcloud cbr service-ref-targets
Example output
service_name service_type locations
ace - -
apprapp - na, us, dal
apprapp-dev - na, us, dal
cloud-object-storage - na, us, sjc
cloudantnosqldb - ap, au, syd, +27
codeengine - ap, au, syd, +6
compliance platform_service na, us, dal, +1
containers-kubernetes - na, us, dal
directlink - -
event-notifications - na, us, dal
globalcatalog-collection - -
iam-groups platform_service -
is - eu, es, mad, +4
kms - -
logdna - ap, au, syd, +17
logdnaat - ap, au, syd, +17
messagehub - eu, uk, lon, +3
messagehub-vnext-integration - eu, uk, lon, +3
schematics - eu, de, fra, +6
secrets-manager - -
server-protect - eu, es, mad, +4
sysdig-monitor - eu, uk, lon, +3
sysdig-secure - eu, uk, lon, +3
toolchain - ap, au, syd, +6
user-management platform_service -
Command options
--type
(string)- Specifies the types of services to retrieve. The default value is
all
. Allowable values are:all
,platform_service
.
ibmcloud cbr service-ref-target
This operation gets the service reference target for a specified service name.
ibmcloud cbr service-ref-target SERVICE-NAME
Example
ibmcloud cbr service-ref-target compliance
Example output
Service Name compliance
Service Type: platform_service
Locations:
Name Display Name Kind
na North America geography
us United States country
dal Dallas metro
wdc Washington DC metro
Rules
Operations on context-based restriction rules.
ibmcloud cbr rule-create
This operation creates a rule for the specified account.
ibmcloud cbr rule-create [--description DESCRIPTION] [--resource-attributes RESOURCES] [--context-attributes CONTEXTS] [--api-types API-TYPES] [--enforcement-mode ENFORCEMENT-MODE] [--service-name SERVICE-NAME] [--service-group-id SERVICE-GROUP-ID] [--service-instance SERVICE-INSTANCE] [--region REGION] [--resource-type RESOURCE-TYPE] [--resource RESOURCE] [--resource-group-id RESOURCE-GROUP-ID] [--tags TAGS] [--zone-id ZONE-ID] [--empty-context-list] [--file FILE]
Example
ibmcloud cbr rule-create --description 'Example Rule Description' --service-name kms --context-attributes endpointType=private --zone-id 93de8d3f588ab2c457ff576c364d1145
ibmcloud cbr rule-create --service-name example-service --context-attributes mfa=LEVEL2,endpointType=public,networkZoneId=12ab34cd56ef78ab90cd12ef34ab56cd
Example output
id 2c54cb0fefb0050c88f72d68c400fbec
crn crn:v1:bluemix:public:cbr:global:a/0123456789::rule:2c54cb0fefb0050c88f72d68c400fbec
description test
operations 1 API Type
contexts 1 Context
resources
serviceInstance 1234567891234
serviceName cloud-object-storage
href https://cbr.cloud.ibm.com/v1/rules/2c54cb0fefb0050c88f72d68c400fbec
created_at 2024-03-07T15:36:52.000Z
created_by_id iam-ServiceId-0123456789
last_modified_at 2024-03-07T15:36:52.000Z
last_modified_by_id iam-ServiceId-0123456789
enforcement_mode enabled
Command options
--description
(string)- The description of the rule.
--resource-attributes
(string)- The resource-attributes this rule applies to in the form of
name=value,name=value,...
. Attribute operators can only be specified using the '--file' flag instead. --context-attributes
(string)- The context-attributes this rule applies to in the form of
name=value,name=value,...
. --api-types
(string)- The APIs a rule applies to. For supported service API types, use the
service
command on the resource. --enforcement-mode
(string)- How the rule is enforced. The CLI accepts the values
enabled
(default),disabled
, andreport
. For more informaiton about enforcement, see Rule enforcement. --service-name
(string)- Shorthand for creating IBM Cloud resource attribute
serviceName
. --service-group-id
(string)- The
service_group_id
resource attribute. --service-instance
(string)- GUID of the service instance. This option is exclusive with the --file option.
--region
(string)- Shorthand for creating IBM Cloud resource attribute
region
. For supported regions, runibmcloud regions
. --resource-type
(string)- Shorthand for creating IBM Cloud resource attribute
resourceType
. --resource
(string)- Shorthand for creating IBM Cloud resource attribute
resource
. --resource-group-id
(string)- Shorthand for creating IBM Cloud resource attribute
resourceGroupId
. --tags
(string)- The access tags of the resource in the form of
name:value,name:value,...
. --zone-id
(string)- Shorthand for adding context attribute
networkZoneId
to the first context. --empty-context-list
(bool)- Explicitly specifies that the rule will have no contexts. This cannot be used in tandem with the
context-attributes
orzone-id
flags. --file
(string)- The supplied file is used to create the rule. This flag is unique and cannot be used with other flags. The file needs to follow the JSON schema for the rule create API. For more information, see the Context-based restrictions API.
ibmcloud cbr rules
This operation lists rules in the specified account.
ibmcloud cbr rules [--enforcement-mode ENFORCEMENT-MODE] [--service-name SERVICE-NAME] [--service-group-id SERVICE-GROUP-ID] [--service-instance SERVICE-INSTANCE] [--region REGION] [--resource-type RESOURCE-TYPE] [--resource RESOURCE] [--zone-id ZONE-ID] [--sort SORT]
Example
ibmcloud cbr rules
Example output
id service_name enforcement description
2c54cb0fefb0050c88f72d68c400fbec cloud-object-storage enabled test
a4135a90bb507bf6d96cf4c6f009d151 kms disabled example
Command options
--enforcement-mode
(string)- How the rule is enforced. The CLI accepts the values
enabled
(default),disabled
, andreport
. For more informaiton about enforcement, see Rule enforcement. --region
(string)- The
region
resource attribute. --resource
(string)- The
resource
resource attribute. --resource-type
(string)- The
resourceType
resource attribute. --service-instance
(string)- The GUID of the service instance.
--service-name
(string)- The
serviceName
resource attribute. --service-group-id
(string)- The
service_group_id
resource attribute. --zone-id
(string)- The globally unique ID of the zone.
--sort
(string)- Sorts results by using a valid sort field. To learn more, see Sorting.
ibmcloud cbr rule
This operation retrieves the rule that is identified by the specified rule ID.
ibmcloud cbr rule RULE-ID
Example
ibmcloud cbr rule 30fd58c9b75f40e854b89c432318b4a2
Example output
id 2c54cb0fefb0050c88f72d68c400fbec
crn crn:v1:bluemix:public:cbr:global:a/0123456789::rule:2c54cb0fefb0050c88f72d68c400fbec
description test
operations 1 API Type
contexts 1 Context
resources
serviceInstance 1234567891234
serviceName cloud-object-storage
href https://cbr.cloud.ibm.com/v1/rules/2c54cb0fefb0050c88f72d68c400fbec
created_at 2024-03-07T15:36:52.000Z
created_by_id iam-ServiceId-0123456789
last_modified_at 2024-03-07T15:36:52.000Z
last_modified_by_id iam-ServiceId-0123456789
enforcement_mode enabled
ibmcloud cbr rule-update
This operation replaces the rule that is identified by the specified rule ID. Partial updates are not supported and the entire rule object is replaced.
ibmcloud cbr rule-update RULE-ID [--description DESCRIPTION] [--resource-attributes RESOURCES] [--context-attributes CONTEXTS] [--api-types API-TYPES] [--enforcement-mode ENFORCEMENT-MODE] [--service-name SERVICE-NAME] [--service-instance SERVICE-INSTANCE] [--region REGION] [--resource-type RESOURCE-TYPE] [--resource RESOURCE] [--resource-group-id RESOURCE-GROUP-ID] [--tags TAGS] [--zone-id ZONE-ID] [--empty-context-list] [--file FILE]
Example
ibmcloud cbr rule-update 30fd58c9b75f40e854b89c432318b4a2 --description 'Example rule description' --service-name kms --context-attributes endpointType=private --zone-id 93de8d3f588ab2c457ff576c364d1145
Example output
id 2c54cb0fefb0050c88f72d68c400fbec
crn crn:v1:bluemix:public:cbr:global:a/0123456789::rule:2c54cb0fefb0050c88f72d68c400fbec
description updated
operations 1 API Type
contexts 1 Context
resources
serviceInstance 1234567891234
serviceName cloud-object-storage
href https://cbr.cloud.ibm.com/v1/rules/2c54cb0fefb0050c88f72d68c400fbec
created_at 2024-03-07T15:36:52.000Z
created_by_id iam-ServiceId-0123456789
last_modified_at 2024-03-07T15:41:18.000Z
last_modified_by_id iam-ServiceId-0123456789
enforcement_mode enabled
Command options
--description
(string)- The description of the rule.
--resource-attributes
(string)- The resource-attributes this rule applies to in the form of
name=value,name=value,...
. Attribute operators can only be specified using the '--file' flag instead. --context-attributes
(string)- The context-attributes this rule applies to in the form of
name=value,name=value,...
. --api-types
(string)- The APIs a rule applies to. For supported service API types, use the
service
command on the resource. --enforcement-mode
(string)- How the rule is enforced. The CLI accepts the values
enabled
(default),disabled
, andreport
. For more informaiton about enforcement, see Rule enforcement. --service-name
(string)- Shorthand for creating IBM Cloud resource attribute
serviceName
. --service-group-id
(string)- The
service_group_id
resource attribute. --service-instance
(string)- GUID of the service instance. This option is exclusive with the --file option.
--region
(string)- Shorthand for creating IBM Cloud resource attribute
region
. For supported regions, runibmcloud regions
. --resource-type
(string)- Shorthand for creating IBM Cloud resource attribute
resourceType
. --resource
(string)- Shorthand for creating IBM Cloud resource attribute
resource
. --resource-group-id
(string)- Shorthand for creating IBM Cloud resource attribute
resourceGroupId
. --tags
(string)- The access tags of the resource in the form of
name:value,name:value,...
. --zone-id
(string)- Shorthand for adding context attribute
networkZoneId
to the first context. --empty-context-list
(bool)- Explicitly specifies that the rule will have no contexts. This cannot be used in tandem with the
context-attributes
orzone-id
flags. --file
(string)- The supplied file is used to create the rule. This flag is unique and cannot be used with other flags. The file needs to follow the JSON schema for the rule create API. For more information, see the Context-based restrictions API.
ibmcloud cbr rule-patch
This operation performas a partial update of the rule that is identified by the specified rule ID.
ibmcloud cbr rule-patch RULE-ID [--description DESCRIPTION] [--enforcement-mode ENFORCEMENT-MODE]
Example
ibmcloud cbr rule-patch 30fd58c9b75f40e854b89c432318b4a2 --description 'Example rule description' --enforcement-mode disabled
Example output
id 2c54cb0fefb0050c88f72d68c400fbec
crn crn:v1:bluemix:public:cbr:global:a/0123456789::rule:2c54cb0fefb0050c88f72d68c400fbec
description updated
operations 1 API Type
contexts 1 Context
resources
serviceInstance 1234567891234
serviceName cloud-object-storage
href https://cbr.cloud.ibm.com/v1/rules/2c54cb0fefb0050c88f72d68c400fbec
created_at 2024-03-07T15:36:52.000Z
created_by_id iam-ServiceId-0123456789
last_modified_at 2024-03-07T15:41:18.000Z
last_modified_by_id iam-ServiceId-0123456789
enforcement_mode enabled
Command options
--description
(string)- The description of the rule.
--enforcement-mode
(string)- How the rule is enforced. The CLI accepts the values
enabled
(default),disabled
, andreport
. For more informaiton about enforcement, see Rule enforcement.
ibmcloud cbr rule-delete
This operation deletes the rule that is identified by the specified rule ID.
ibmcloud cbr rule-delete RULE-ID
Example
ibmcloud cbr rule-delete 30fd58c9b75f40e854b89c432318b4a2
Services
ibmcloud cbr services
This operation lists services that can create context-based restriction rules.
ibmcloud cbr services
Example
ibmcloud cbr services
Example output
Display Name Name API Types
Activity Tracker Event Routing atracker 1 API Type
All IAM Account Management Services IAM 3 API Types
App Configuration apprapp 3 API Types
Catalog Management globalcatalog-collection 3 API Types
Cloud Activity Tracker logdnaat 3 API Types
Cloud Logs logs 1 API Type
Cloud Monitoring sysdig-monitor 1 API Type
Cloud Object Storage cloud-object-storage 1 API Type
Code Engine codeengine 3 API Types
Container Registry container-registry 1 API Type
Context-Based Restrictions context-based-restrictions 1 API Type
Databases for EDB databases-for-enterprisedb 3 API Types
Databases for Elasticsearch databases-for-elasticsearch 3 API Types
Databases for etcd databases-for-etcd 3 API Types
Databases for MongoDB databases-for-mongodb 3 API Types
Databases for MySQL databases-for-mysql 3 API Types
Databases for PostgreSQL databases-for-postgresql 3 API Types
Databases for Redis databases-for-redis 3 API Types
Direct Link directlink 1 API Type
DNS Services dns-svcs 3 API Types
Event Notifications event-notifications 5 API Types
Event Streams messagehub 1 API Type
Hyper Protect Crypto Services hs-crypto 3 API Types
IAM Access Groups Service iam-groups 1 API Type
IAM Access Management Service iam-access-management 1 API Type
IAM Identity Service iam-identity 3 API Types
Key Protect kms 3 API Types
Kubernetes Service containers-kubernetes 3 API Types
Log Analysis logdna 3 API Types
Messages for RabbitMQ messages-for-rabbitmq 3 API Types
MQ mqcloud 2 API Types
Schematics schematics 1 API Type
Secrets Manager secrets-manager 3 API Types
Security and Compliance Center compliance 3 API Types
Security and Compliance Center Workload Protection sysdig-secure 1 API Type
Tagging Service ghost-tags 1 API Type
Transit Gateway transit 1 API Type
User Management user-management 1 API Type
VPC Infrastructure Services is 1 API Type
ibmcloud cbr service
This operation retrieves a service that can create context-based restriction rules. When querying with a JSON or YAML output, you can view the full list of actions for each API Type.
ibmcloud cbr service SERVICE [--resource-type RESOURCE-TYPE]
Example
ibmcloud cbr service context-based-restrictions
Example output
Display Name: Context-Based Restrictions
Service Name: context-based-restrictions
API Types:
Name API Type ID Type Actions Description
All crn:v1:bluemix:public:context-based-restrictions::::api-type: service 10 actions Protects all service APIs.
Resource Types:
rule
zone
Command options
--resource-type
(string)- A sub-resource of the service that has additional context-based restriction rule configurations. Note that not all services have additional sub-resource configurations.
ibmcloud cbr rule-options
This operation gets rule options for a service that can create context-based restriction rules.
ibmcloud cbr rule-options SERVICE [--api-types API-TYPES] [--resource-type RESOURCE-TYPE] [--full]
Example
ibmcloud cbr rule-options context-based-restrictions --api-types crn:v1:bluemix:public:context-based-restrictions::::api-type: --full
Example output
Operations:
API Types:
crn:v1:bluemix:public:context-based-restrictions::::api-type:
Enforcement Modes: disabled, enabled, report
Context Attributes:
endpointType
values:
private
public
mfa
values:
IAM_ACCOUNT_SETTING
LEVEL1
LEVEL2
LEVEL3
networkZoneId
Resource Attributes:
accountId
resourceGroupId
resourceType
values:
rule
zone
serviceName
values:
context-based-restrictions
Command options
--api-types
(string)- The API types a rule would apply to. Can pass multiple as a comma separated list. This defaults to protecting all service APIs represented by 'crn:v1:bluemix:public:context-based-restrictions::::api-type:' if unspecified.
--resource-type
(string)- A sub-resource of the service that has additional context-based restriction rule configurations. Note that not all services have additional sub-resource configurations.
--full
(bool)- Provides a more detailed output for options, such as valid attribute values and attribute operators. If attribute operators are not listed, the stringEquals operator is supported by default.
ibmcloud cbr api-types
Deprecated
This command is deprecated. Use service
to get API types instead.
[Deprecated] This operation lists all available API types. This operation is now deprecated and it is recommended to use the service command instead.
ibmcloud cbr api-types {--service-name SERVICE-NAME | --service-group-id SERVICE-GROUP-ID} [--resource-type RESOURCE-TYPE]
Example
ibmcloud cbr api-types --service-name context-based-restrictions
Example output
api_type_id display_name type description enforcement_modes actions
crn:v1:bluemix:public:context-based-restrictions::::api-type: All service Protects all service APIs. disabled, enabled, report 10 actions
Command options
--service-name
(string)- Specifes the service to lookup API types for.
--resource-type
(string)- The resource type of the service.
--service-group-id
(string)- Specifes the service group to lookup API types for.