From 23f210d1477a4dd43d939714a2f3c78fa30d466c Mon Sep 17 00:00:00 2001 From: Marek Gradzki Date: Fri, 26 Aug 2016 15:02:28 +0200 Subject: HONEYCOMB-139: update postman collection with examples of requests for IETF-ACLs management Change-Id: Ide6b2d93b34f5877a0189d1e214fb78b02239ac5 Signed-off-by: Marek Gradzki --- v3po/postman_rest_collection.json | 219 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 219 insertions(+) diff --git a/v3po/postman_rest_collection.json b/v3po/postman_rest_collection.json index e01ddf768..4b25dcbf6 100644 --- a/v3po/postman_rest_collection.json +++ b/v3po/postman_rest_collection.json @@ -34,6 +34,25 @@ "owner": "695772", "collectionId": "e9ba4e80-fb4d-1eae-07e7-97b323164130" }, + { + "id": "41b896e9-a032-ab00-a612-76c7a1321029", + "name": "IETF ACL", + "description": "Provides example requests for ietf-access-control-list management", + "order": [ + "d072ca75-359e-7597-dfa2-83f5eecc87f5", + "349dc870-ce99-d2e2-a1f2-fc00748de7ea", + "4a317117-f64b-7556-32b6-ae7cef3b1d5a", + "61a7b48d-3d73-0b16-d85c-22948f1ebc67", + "33c3b5c9-209b-969d-ae6e-30b30ee79ea8", + "01a1d375-dab8-853c-e3f4-cf7f21483606", + "42bd8af4-7f34-0692-e1bb-2228db4a7f31", + "48ae03ed-91d5-e89a-364a-cfca93bbd584", + "d3523e7a-6e8f-aca2-9806-2612718fefeb", + "d2f5e4cf-24fb-c4cd-a842-8e80694aa100" + ], + "owner": "695772", + "collectionId": "e9ba4e80-fb4d-1eae-07e7-97b323164130" + }, { "id": "415867f0-cdab-3ae4-9e42-a5b444829f5e", "name": "Bridge Domain management", @@ -1483,6 +1502,206 @@ "folder": "0427ac53-1e1f-941c-d946-bc957138e36d", "rawModeData": "" }, + { + "id": "d072ca75-359e-7597-dfa2-83f5eecc87f5", + "headers": "Authorization: Basic YWRtaW46YWRtaW4=\nContent-Type: application/json\n", + "url": "http://localhost:8181/restconf/config/ietf-access-control-list:access-lists/acl/ietf-access-control-list:eth-acl/acl1", + "preRequestScript": "", + "pathVariables": {}, + "method": "PUT", + "data": [], + "dataMode": "raw", + "version": 2, + "tests": "", + "currentHelper": "normal", + "helperAttributes": {}, + "time": 1471942268865, + "name": "Write acl1 list (L2)", + "description": "", + "collectionId": "c1e36b0e-9960-992d-10d9-70e84c7ec53d", + "responses": [], + "rawModeData": "{\r\n \"acl\": [\r\n {\r\n \"acl-type\": \"ietf-access-control-list:eth-acl\",\r\n \"acl-name\": \"acl1\",\r\n \"access-list-entries\": {\r\n \"ace\": [\r\n {\r\n \"rule-name\": \"rule1\",\r\n \"matches\": {\r\n \"destination-mac-address\": \"AA:BB:CC:DD:00:00\",\r\n \"destination-mac-address-mask\": \"FF:FF:FF:FF:00:00\",\r\n \"source-mac-address\": \"00:00:00:00:AA:BB\",\r\n \"source-mac-address-mask\": \"00:00:00:00:FF:FF\"\r\n },\r\n \"actions\": {\r\n \"deny\": {}\r\n }\r\n },\r\n {\r\n \"rule-name\": \"rule2\",\r\n \"matches\": {\r\n \"source-mac-address\": \"01:02:03:04:05:06\"\r\n },\r\n \"actions\": {\r\n \"deny\": {}\r\n }\r\n },\r\n {\r\n \"rule-name\": \"rule3\",\r\n \"matches\": {\r\n \"destination-mac-address\": \"11:22:33:44:55:66\"\r\n },\r\n \"actions\": {\r\n \"deny\": {}\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n}" + }, + { + "id": "349dc870-ce99-d2e2-a1f2-fc00748de7ea", + "headers": "Authorization: Basic YWRtaW46YWRtaW4=\nContent-Type: application/json\n", + "url": "http://localhost:8181/restconf/config/ietf-access-control-list:access-lists/acl/ietf-access-control-list:eth-acl/acl2", + "preRequestScript": "", + "pathVariables": {}, + "method": "PUT", + "data": [], + "dataMode": "raw", + "version": 2, + "tests": "", + "currentHelper": "normal", + "helperAttributes": {}, + "time": 1471940027513, + "name": "Write acl2 list (L2)", + "description": "", + "collectionId": "c1e36b0e-9960-992d-10d9-70e84c7ec53d", + "responses": [], + "rawModeData": "{\r\n \"acl\": [\r\n {\r\n \"acl-type\": \"ietf-access-control-list:eth-acl\",\r\n \"acl-name\": \"acl2\",\r\n \"access-list-entries\": {\r\n \"ace\": [\r\n {\r\n \"rule-name\": \"rule1\",\r\n \"matches\": {\r\n \"destination-mac-address\": \"11:11:11:11:11:11\",\r\n \"source-mac-address\": \"22:22:22:22:22:22\"\r\n },\r\n \"actions\": {\r\n \"deny\": {}\r\n }\r\n },\r\n {\r\n \"rule-name\": \"rule2\",\r\n \"matches\": {\r\n \"destination-mac-address\": \"33:33:33:33:33:33\"\r\n },\r\n \"actions\": {\r\n \"deny\": {}\r\n }\r\n },\r\n {\r\n \"rule-name\": \"rule3\",\r\n \"matches\": {\r\n \"source-mac-address\": \"44:44:44:44:44:44\"\r\n },\r\n \"actions\": {\r\n \"deny\": {}\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n}" + }, + { + "id": "4a317117-f64b-7556-32b6-ae7cef3b1d5a", + "headers": "Authorization: Basic YWRtaW46YWRtaW4=\nContent-Type: application/json\n", + "url": "http://localhost:8181/restconf/config/ietf-access-control-list:access-lists/acl/ietf-access-control-list:ipv4-acl/acl3", + "preRequestScript": "", + "pathVariables": {}, + "method": "PUT", + "data": [], + "dataMode": "raw", + "version": 2, + "tests": "", + "currentHelper": "normal", + "helperAttributes": {}, + "time": 1472135918219, + "name": "Write acl3 list (IP4)", + "description": "", + "collectionId": "c1e36b0e-9960-992d-10d9-70e84c7ec53d", + "responses": [], + "rawModeData": "{\r\n \"acl\": [\r\n {\r\n \"acl-type\": \"ietf-access-control-list:ipv4-acl\",\r\n \"acl-name\": \"acl3\",\r\n \"access-list-entries\": {\r\n \"ace\": [\r\n {\r\n \"rule-name\": \"rule1\",\r\n \"matches\": {\r\n \"destination-ipv4-network\": \"1.2.3.1/24\",\r\n \"protocol\": \"4\",\r\n \"dscp\": \"11\",\r\n \"source-ipv4-network\": \"1.2.4.2/24\"\r\n },\r\n \"actions\": {\r\n \"deny\": {}\r\n }\r\n },\r\n {\r\n \"rule-name\": \"rule2\",\r\n \"matches\": {\r\n \"destination-ipv4-network\": \"1.1.1.1/16\",\r\n \"protocol\": \"4\",\r\n \"dscp\": \"63\",\r\n \"source-ipv4-network\": \"2.2.2.2/32\"\r\n },\r\n \"actions\": {\r\n \"deny\": {}\r\n }\r\n },\r\n {\r\n \"rule-name\": \"rule3\",\r\n \"matches\": {\r\n \"source-ipv4-network\": \"1.2.3.4/32\"\r\n },\r\n \"actions\": {\r\n \"deny\": {}\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n}" + }, + { + "id": "61a7b48d-3d73-0b16-d85c-22948f1ebc67", + "headers": "Authorization: Basic YWRtaW46YWRtaW4=\nContent-Type: application/json\n", + "url": "http://localhost:8181/restconf/config/ietf-access-control-list:access-lists/acl/ietf-access-control-list:ipv6-acl/acl4", + "preRequestScript": "", + "pathVariables": {}, + "method": "PUT", + "data": [], + "dataMode": "raw", + "version": 2, + "tests": "", + "currentHelper": "normal", + "helperAttributes": {}, + "time": 1472199072153, + "name": "Write acl4 list (IP6)", + "description": "", + "collectionId": "c1e36b0e-9960-992d-10d9-70e84c7ec53d", + "responses": [], + "rawModeData": "{\r\n \"acl\": [\r\n {\r\n \"acl-type\": \"ietf-access-control-list:ipv6-acl\",\r\n \"acl-name\": \"acl4\",\r\n \"access-list-entries\": {\r\n \"ace\": [\r\n {\r\n \"rule-name\": \"rule1\",\r\n \"matches\": {\r\n \"destination-ipv6-network\": \"1111:2222:3333:4444:5555:6666:7777:8888/64\",\r\n \"protocol\": \"6\",\r\n \"dscp\": \"11\",\r\n \"source-ipv6-network\": \"aaaa:bbbb:cccc:dddd:5555:6666:7777:8888/32\"\r\n },\r\n \"actions\": {\r\n \"deny\": {}\r\n }\r\n },\r\n {\r\n \"rule-name\": \"rule2\",\r\n \"matches\": {\r\n \"destination-ipv6-network\": \"1111:2222:3333:4444:5555:6666:7777:8888/96\",\r\n \"protocol\": \"6\",\r\n \"dscp\": \"11\",\r\n \"source-ipv6-network\": \"aaaa:bbbb:cccc:dddd:5555:6666:7777:8888/8\"\r\n },\r\n \"actions\": {\r\n \"deny\": {}\r\n }\r\n },\r\n {\r\n \"rule-name\": \"rule3\",\r\n \"matches\": {\r\n \"destination-ipv6-network\": \"1111:2222:3333:4444:5555:6666:7777:8888/128\"\r\n },\r\n \"actions\": {\r\n \"deny\": {}\r\n }\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n}" + }, + { + "id": "33c3b5c9-209b-969d-ae6e-30b30ee79ea8", + "headers": "Authorization: Basic YWRtaW46YWRtaW4=\nContent-Type: application/json\n", + "url": "http://localhost:8181/restconf/config/ietf-access-control-list:access-lists/acl/ietf-access-control-list:eth-acl/acl1", + "preRequestScript": "", + "pathVariables": {}, + "method": "GET", + "data": [], + "dataMode": "raw", + "version": 2, + "tests": "", + "currentHelper": "normal", + "helperAttributes": {}, + "time": 1471595112052, + "name": "Read acl1 list (cfg)", + "description": "", + "collectionId": "c1e36b0e-9960-992d-10d9-70e84c7ec53d", + "responses": [], + "rawModeData": "{\r\n \r\n \"interface\": [\r\n {\r\n \"name\": \"testInterface\",\r\n \"description\": \"for testing purposes\",\r\n \"type\": \"iana-if-type:ethernetCsmacd\",\r\n \"enabled\": \"true\",\r\n \"link-up-down-trap-enable\": \"enabled\",\r\n \"ietf-ip:ipv4\": {\r\n \"enabled\": \"true\",\r\n \"mtu\": \"1500\",\r\n \"address\": [\r\n {\r\n \"ip\": \"1.2.3.0\",\r\n \"netmask\": \"255.255.255.0\"\r\n }\r\n ]\r\n }\r\n }\r\n ]\r\n \r\n}" + }, + { + "id": "01a1d375-dab8-853c-e3f4-cf7f21483606", + "headers": "Authorization: Basic YWRtaW46YWRtaW4=\nContent-Type: application/json\n", + "url": "http://localhost:8181/restconf/config/ietf-interfaces:interfaces/interface/local0/v3po:ietf-acl", + "preRequestScript": "", + "pathVariables": {}, + "method": "PUT", + "data": [], + "dataMode": "raw", + "version": 2, + "tests": "", + "currentHelper": "normal", + "helperAttributes": {}, + "time": 1471935414498, + "name": "Enable L2 aACL on local0 interface", + "description": "Creates chain of classfy tabless/sessions in VPP and assigns them to local0 interface.\n\nCan be verified with:\nvppctl show classify table verbose\n\nthen:\nvppctl show inacl type l2", + "collectionId": "c1e36b0e-9960-992d-10d9-70e84c7ec53d", + "responses": [], + "rawModeData": "{\n \"v3po:ietf-acl\": {\n \"access-lists\": {\n \"acl\": [\n {\n \"type\" : \"ietf-access-control-list:eth-acl\",\n \"name\" : \"acl1\"\n },\n {\n \"type\" : \"ietf-access-control-list:eth-acl\",\n \"name\" : \"acl2\"\n }\n ]\n }\n }\n}" + }, + { + "id": "42bd8af4-7f34-0692-e1bb-2228db4a7f31", + "headers": "Authorization: Basic YWRtaW46YWRtaW4=\nContent-Type: application/json\n", + "url": "http://localhost:8181/restconf/config/ietf-interfaces:interfaces/interface/local0/v3po:ietf-acl", + "preRequestScript": "", + "pathVariables": {}, + "method": "PUT", + "data": [], + "dataMode": "raw", + "version": 2, + "tests": "", + "currentHelper": "normal", + "helperAttributes": {}, + "time": 1472135956801, + "name": "Enable L3 IP4 ACL on local0 interface", + "description": "Creates chain of classfy tabless/sessions in VPP and assigns them to local0 interface.\n\nCan be verified with:\nvppctl show classify table verbose\n\nthen:\nvppctl show inacl type ip4", + "collectionId": "c1e36b0e-9960-992d-10d9-70e84c7ec53d", + "responses": [], + "rawModeData": "{\n \"v3po:ietf-acl\": {\n \"access-lists\": {\n \"acl\": [\n {\n \"type\" : \"ietf-access-control-list:ipv4-acl\",\n \"name\" : \"acl3\"\n }\n ]\n }\n }\n}" + }, + { + "id": "48ae03ed-91d5-e89a-364a-cfca93bbd584", + "headers": "Authorization: Basic YWRtaW46YWRtaW4=\nContent-Type: application/json\n", + "url": "http://localhost:8181/restconf/config/ietf-interfaces:interfaces/interface/local0/v3po:ietf-acl", + "preRequestScript": "", + "pathVariables": {}, + "method": "PUT", + "data": [], + "dataMode": "raw", + "version": 2, + "tests": "", + "currentHelper": "normal", + "helperAttributes": {}, + "time": 1472212582064, + "name": "Enable L3 IP6 ACL on local0 interface", + "description": "Creates chain of classfy tabless/sessions in VPP and assigns them to local0 interface.\n\nCan be verified with:\nvppctl show classify table verbose\n\nthen:\nvppctl show inacl type ip6", + "collectionId": "c1e36b0e-9960-992d-10d9-70e84c7ec53d", + "responses": [], + "rawModeData": "{\n \"v3po:ietf-acl\": {\n \"access-lists\": {\n \"acl\": [\n {\n \"type\" : \"ietf-access-control-list:ipv6-acl\",\n \"name\" : \"acl4\"\n }\n ]\n }\n }\n}" + }, + { + "id": "d3523e7a-6e8f-aca2-9806-2612718fefeb", + "headers": "Authorization: Basic YWRtaW46YWRtaW4=\nContent-Type: application/json\n", + "url": "http://localhost:8181/restconf/config/ietf-interfaces:interfaces/interface/local0/v3po:ietf-acl", + "preRequestScript": "", + "pathVariables": {}, + "method": "DELETE", + "data": [], + "dataMode": "raw", + "version": 2, + "tests": "", + "currentHelper": "normal", + "helperAttributes": {}, + "time": 1472215679330, + "name": "Disable ACLs on local0", + "description": "Disables all ACLs assigned to local0 interface.\n\nTo verify, invoke:\n\nvppctl show classify table verbose\n\nand:\n\nvppctl show inacl type l2\nvppctl show inacl type ip4\nvppctl show inacl type ip6", + "collectionId": "c1e36b0e-9960-992d-10d9-70e84c7ec53d", + "responses": [], + "rawModeData": "" + }, + { + "id": "d2f5e4cf-24fb-c4cd-a842-8e80694aa100", + "headers": "Authorization: Basic YWRtaW46YWRtaW4=\nContent-Type: application/json\n", + "url": "http://localhost:8181/restconf/config/ietf-access-control-list:access-lists/acl/ietf-access-control-list:eth-acl/acl1", + "preRequestScript": "", + "pathVariables": {}, + "method": "DELETE", + "data": [], + "dataMode": "raw", + "version": 2, + "tests": "", + "currentHelper": "normal", + "helperAttributes": {}, + "time": 1471942346155, + "name": "Delete acl1 list", + "description": "Removes acl1 list from config data tree.\nRequest fails if acl1 is assigned to some interface", + "collectionId": "c1e36b0e-9960-992d-10d9-70e84c7ec53d", + "responses": [], + "rawModeData": "" + }, { "id": "f7cf288f-03c4-2b16-c54e-7668a49f6080", "headers": "Authorization: Basic YWRtaW46YWRtaW4=\nContent-Type: application/json\n", -- cgit 1.2.3-korg