Authorize Security Group Rule
Last Updated:2021-12-16
- This API is used to authorize the new security group rule in the security group.
- The rule in the same security group takes the remark, protocol, direction, portRange, sourceIp|destIp, and sourceGroupId|destGroupId as the uniqueness index. If the same rule does not exist in the security group, the rule reports a 409 error.
Request Structure
PUT /v{version}/securityGroup/{securityGroupId}?{action}&clientToken={clientToken}&sgVersion={sgVersion} HTTP/1.1
Host: bcc.bj.baidubce.com
Authorization: authorization string
{
"rule":
{
"remark": "Remark",
"protocol": protocol,
"portRange": portRange,
"direction": direction,
"sourceIp": sourceIp,
"sourceGroupId": sourceGroupId
}
}Request Header Field
No other special header fields are available except for the public header fields.
Request Parameters
| Parameter Name | Type | Required? | Parameter Position | Description |
|---|---|---|---|---|
| version | String | Yes | URL parameter | API version number |
| sgVersion | long | No | Query parameters | Version number of security group |
| action | String | Yes | Query parameter | Operation on the security group, whose current value is authorizeRule. |
| clientToken | String | Yes | Query parameter | Idempotent Token, which is an ASCII string with the length no more than 64 bits. For details, see Idempotency of ClientToken. |
| securityGroupId | String | Yes | URL parameter | Security group ID to authorize new security group rules. |
| rule | SecurityGroupRuleModel | Yes | RequestBody parameter | Security group rule to be authorized |
Return Header Field
No other special header fields are available except for the public header field.
Return Parameters
No specific parameters are returned.
Error Code
| Error Code | Error Description | HTTP Status Code | Explanation |
|---|---|---|---|
| BadRequest | protocol is invalid. | 400 | The protocol type is incorrect. |
| SecurityGroup.RulePortOrderInvalid | The order of security group rule port is incorrect. | 400 | The order of the security group rule port is incorrect. |
| SecurityGroup.RulePortRangeInvalid | The value of the security group rule port is exceeded. | 400 | The value of the security group rule port exceeds the limit. |
| SecurityGroup.RulePortInvalid | The value of the security group rule port must be a number. | 400 | The security group rule port is not number. |
| SecurityGroup.RuleCIDRAddressError | The security group rule ip (cidr) address is incorrect. | 400 | The security group rule source (destination) address is incorrect. |
| SecurityGroup.RuleDirectionError | The security group rule direction is incorrect. | 400 | The security group rule direction is incorrect. |
| NoSuchObject | The specified object is not found, or resource does not exist. | 404 | The object security group does not exist. |
| SecurityGroup.RuleNumberExceededLimit | Security groups that contain rule number exceed the limit. | 413 | The number of rules in the security group exceeds the limit. |
| SecurityGroup.RuleDuplicated | Security group rule is duplicated. | 409 | The security group rule is duplicative. |
| VersionMismatch | The sgVersion is mismatched. | 400 | The version number of the specified security group rule is identical to the current latest version number. If no sgVersion parameter exists in the request, do not return the error code. |
Request Example
PUT /v2/securityGroup/g-nky7qeom?authorizeRule&clientToken=be31b98c-5e41-4838-9830-9be700de5a20 HTTP/1.1
Host: bcc.bj.baidubce.com
Authorization: bce-auth-v1/f81d3b34e48048fbb2634dc7882d7e21/2015-08-11T04:17:29Z/3600/host/74c506f68c65e26c633bfa104c863fffac5190fdec1ec24b7c03eb5d67d2e1de
{
"rule":
{
"remark": "Remark",
"protocol": "tcp",
"portRange": "1-65535",
"direction": "ingress",
"sourceIp": "",
"sourceGroupId": ""
}
}Return Example
HTTP/1.1 200 OK
x-bce-request-id: 1214cca7-4ad5-451d-9215-71cb844c0a50
Date: Wed, 03 Dec 2014 06:42:19 GMT
Content-Type: application/json;charset=UTF-8
Server: BWS