This is a cache of https://docs.openshift.com/acs/4.5/api/NetworkPolicyService.html. It is a snapshot of the page at 2024-11-25T18:13:17.933+0000.
NetworkPolicyService | API reference | Red Hat Advanced Cluster Security for Kubernetes 4.5
×

ApplyNetworkPolicy

POST /v1/networkpolicies/apply/{clusterId}

Description

Parameters

Path Parameters

Name Description Required Default Pattern

clusterId

X

null

Body Parameter

Name Description Required Default Pattern

body

StorageNetworkPolicyModification

X

Return Type

Object

Content Type

  • application/json

Responses

Table 1. HTTP Response Codes
Code Message Datatype

200

A successful response.

Object

0

An unexpected error response.

RuntimeError

Samples

ApplyNetworkPolicyYamlForDeployment

POST /v1/networkpolicies/apply/deployment/{deploymentId}

Description

Parameters

Path Parameters

Name Description Required Default Pattern

deploymentId

X

null

Body Parameter

Name Description Required Default Pattern

body

V1ApplyNetworkPolicyYamlForDeploymentRequest

X

Return Type

Object

Content Type

  • application/json

Responses

Table 2. HTTP Response Codes
Code Message Datatype

200

A successful response.

Object

0

An unexpected error response.

RuntimeError

Samples

GenerateNetworkPolicies

GET /v1/networkpolicies/generate/{clusterId}

Description

Parameters

Path Parameters

Name Description Required Default Pattern

clusterId

X

null

Query Parameters

Name Description Required Default Pattern

query

-

null

deleteExisting

-

UNKNOWN

networkDataSince

-

null

includePorts

-

null

Content Type

  • application/json

Responses

Table 3. HTTP Response Codes
Code Message Datatype

200

A successful response.

V1GenerateNetworkPoliciesResponse

0

An unexpected error response.

RuntimeError

Samples

GetAllowedPeersFromCurrentPolicyForDeployment

GET /v1/networkpolicies/allowedpeers/{id}

Description

Parameters

Path Parameters

Name Description Required Default Pattern

id

X

null

Content Type

  • application/json

Responses

Table 4. HTTP Response Codes
Code Message Datatype

200

A successful response.

V1GetAllowedPeersFromCurrentPolicyForDeploymentResponse

0

An unexpected error response.

RuntimeError

Samples

GetBaselineGeneratedNetworkPolicyForDeployment

POST /v1/networkpolicies/generate/baseline/{deploymentId}

Description

Parameters

Path Parameters

Name Description Required Default Pattern

deploymentId

X

null

Body Parameter

Name Description Required Default Pattern

body

V1GetBaselineGeneratedPolicyForDeploymentRequest

X

Content Type

  • application/json

Responses

Table 5. HTTP Response Codes
Code Message Datatype

200

A successful response.

V1GetBaselineGeneratedPolicyForDeploymentResponse

0

An unexpected error response.

RuntimeError

Samples

GetDiffFlowsBetweenPolicyAndBaselineForDeployment

GET /v1/networkpolicies/baselinecomparison/{id}

Description

Parameters

Path Parameters

Name Description Required Default Pattern

id

X

null

Content Type

  • application/json

Responses

Table 6. HTTP Response Codes
Code Message Datatype

200

A successful response.

V1GetDiffFlowsResponse

0

An unexpected error response.

RuntimeError

Samples

GetDiffFlowsFromUndoModificationForDeployment

GET /v1/networkpolicies/undobaselinecomparison/{id}

Description

Parameters

Path Parameters

Name Description Required Default Pattern

id

X

null

Content Type

  • application/json

Responses

Table 7. HTTP Response Codes
Code Message Datatype

200

A successful response.

V1GetDiffFlowsResponse

0

An unexpected error response.

RuntimeError

Samples

GetNetworkGraph

GET /v1/networkpolicies/cluster/{clusterId}

Description

Parameters

Path Parameters

Name Description Required Default Pattern

clusterId

X

null

Query Parameters

Name Description Required Default Pattern

query

-

null

includePorts

If set to true, include port-level information in the network policy graph.

-

null

scope.query

-

null

Return Type

Content Type

  • application/json

Responses

Table 8. HTTP Response Codes
Code Message Datatype

200

A successful response.

V1NetworkGraph

0

An unexpected error response.

RuntimeError

Samples

GetNetworkGraphEpoch

GET /v1/networkpolicies/graph/epoch

Description

Parameters

Query Parameters

Name Description Required Default Pattern

clusterId

-

null

Return Type

Content Type

  • application/json

Responses

Table 9. HTTP Response Codes
Code Message Datatype

200

A successful response.

V1NetworkGraphEpoch

0

An unexpected error response.

RuntimeError

Samples

GetNetworkPolicies

GET /v1/networkpolicies

Description

Parameters

Query Parameters

Name Description Required Default Pattern

clusterId

-

null

deploymentQuery

-

null

namespace

-

null

Content Type

  • application/json

Responses

Table 10. HTTP Response Codes
Code Message Datatype

200

A successful response.

V1NetworkPoliciesResponse

0

An unexpected error response.

RuntimeError

Samples

GetNetworkPolicy

GET /v1/networkpolicies/{id}

Description

Parameters

Path Parameters

Name Description Required Default Pattern

id

X

null

Return Type

Content Type

  • application/json

Responses

Table 11. HTTP Response Codes
Code Message Datatype

200

A successful response.

StorageNetworkPolicy

0

An unexpected error response.

RuntimeError

Samples

GetUndoModification

GET /v1/networkpolicies/undo/{clusterId}

Description

Parameters

Path Parameters

Name Description Required Default Pattern

clusterId

X

null

Content Type

  • application/json

Responses

Table 12. HTTP Response Codes
Code Message Datatype

200

A successful response.

V1GetUndoModificationResponse

0

An unexpected error response.

RuntimeError

Samples

GetUndoModificationForDeployment

GET /v1/networkpolicies/undo/deployment/{id}

Description

Parameters

Path Parameters

Name Description Required Default Pattern

id

X

null

Content Type

  • application/json

Responses

Table 13. HTTP Response Codes
Code Message Datatype

200

A successful response.

V1GetUndoModificationForDeploymentResponse

0

An unexpected error response.

RuntimeError

Samples

SendNetworkPolicyYAML

POST /v1/networkpolicies/simulate/{clusterId}/notify

Description

Parameters

Path Parameters

Name Description Required Default Pattern

clusterId

X

null

Body Parameter

Name Description Required Default Pattern

body

StorageNetworkPolicyModification

X

Query Parameters

Name Description Required Default Pattern

notifierIds

String

-

null

Return Type

Object

Content Type

  • application/json

Responses

Table 14. HTTP Response Codes
Code Message Datatype

200

A successful response.

Object

0

An unexpected error response.

RuntimeError

Samples

SimulateNetworkGraph

POST /v1/networkpolicies/simulate/{clusterId}

Description

Parameters

Path Parameters

Name Description Required Default Pattern

clusterId

X

null

Body Parameter

Name Description Required Default Pattern

body

StorageNetworkPolicyModification

X

Query Parameters

Name Description Required Default Pattern

query

-

null

includePorts

If set to true, include port-level information in the network policy graph.

-

null

includeNodeDiff

-

null

scope.query

-

null

Content Type

  • application/json

Responses

Table 15. HTTP Response Codes
Code Message Datatype

200

A successful response.

V1SimulateNetworkGraphResponse

0

An unexpected error response.

RuntimeError

Samples

Common object reference

DeploymentListenPort

Field Name Required Nullable Type Description Format

port

Long

int64

l4protocol

StorageL4Protocol

L4_PROTOCOL_UNKNOWN, L4_PROTOCOL_TCP, L4_PROTOCOL_UDP, L4_PROTOCOL_ICMP, L4_PROTOCOL_RAW, L4_PROTOCOL_SCTP, L4_PROTOCOL_ANY,

GenerateNetworkPoliciesRequestDeleteExistingPoliciesMode

Enum Values

UNKNOWN

NONE

GENERATED_ONLY

ALL

NetworkEntityInfoExternalSource

Update normalizeDupNameExtSrcs(…​) in central/networkgraph/aggregator/aggregator.go whenever this message is updated.

Field Name Required Nullable Type Description Format

name

String

cidr

String

default

Boolean

default indicates whether the external source is user-generated or system-generated.

ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field Name Required Nullable Type Description Format

typeUrl

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

value

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

RuntimeError

Field Name Required Nullable Type Description Format

error

String

code

Integer

int32

message

String

details

List of ProtobufAny

StorageIPBlock

Field Name Required Nullable Type Description Format

cidr

String

except

List of string

StorageL4Protocol

Enum Values

L4_PROTOCOL_UNKNOWN

L4_PROTOCOL_TCP

L4_PROTOCOL_UDP

L4_PROTOCOL_ICMP

L4_PROTOCOL_RAW

L4_PROTOCOL_SCTP

L4_PROTOCOL_ANY

StorageLabelSelector

Label selector components are joined with logical AND, see     https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/

Next available tag: 3

Field Name Required Nullable Type Description Format

matchLabels

Map of string

This is actually a oneof, but we can’t make it one due to backwards compatibility constraints.

requirements

List of StorageLabelSelectorRequirement

StorageLabelSelectorOperator

Enum Values

UNKNOWN

IN

NOT_IN

EXISTS

NOT_EXISTS

StorageLabelSelectorRequirement

Next available tag: 4
Field Name Required Nullable Type Description Format

key

String

op

StorageLabelSelectorOperator

UNKNOWN, IN, NOT_IN, EXISTS, NOT_EXISTS,

values

List of string

StorageNetworkBaselineConnectionProperties

NetworkBaselineConnectionProperties represents information about a baseline connection next available tag: 4
Field Name Required Nullable Type Description Format

ingress

Boolean

port

Long

int64

protocol

StorageL4Protocol

L4_PROTOCOL_UNKNOWN, L4_PROTOCOL_TCP, L4_PROTOCOL_UDP, L4_PROTOCOL_ICMP, L4_PROTOCOL_RAW, L4_PROTOCOL_SCTP, L4_PROTOCOL_ANY,

StorageNetworkEntityInfo

Field Name Required Nullable Type Description Format

type

StorageNetworkEntityInfoType

UNKNOWN_TYPE, DEPLOYMENT, INTERNET, LISTEN_ENDPOINT, EXTERNAL_SOURCE, INTERNAL_ENTITIES,

id

String

deployment

StorageNetworkEntityInfoDeployment

externalSource

NetworkEntityInfoExternalSource

StorageNetworkEntityInfoDeployment

Field Name Required Nullable Type Description Format

name

String

namespace

String

cluster

String

listenPorts

List of DeploymentListenPort

StorageNetworkEntityInfoType

  • INTERNAL_ENTITIES: INTERNAL_ENTITIES is for grouping all internal entities under a single network graph node

Enum Values

UNKNOWN_TYPE

DEPLOYMENT

INTERNET

LISTEN_ENDPOINT

EXTERNAL_SOURCE

INTERNAL_ENTITIES

StorageNetworkPolicy

Field Name Required Nullable Type Description Format

id

String

name

String

clusterId

String

clusterName

String

namespace

String

labels

Map of string

annotations

Map of string

spec

StorageNetworkPolicySpec

yaml

String

apiVersion

String

created

Date

date-time

StorageNetworkPolicyApplicationUndoRecord

Field Name Required Nullable Type Description Format

clusterId

String

user

String

applyTimestamp

Date

date-time

originalModification

StorageNetworkPolicyModification

undoModification

StorageNetworkPolicyModification

StorageNetworkPolicyEgressRule

Field Name Required Nullable Type Description Format

ports

List of StorageNetworkPolicyPort

to

List of StorageNetworkPolicyPeer

StorageNetworkPolicyingressRule

Field Name Required Nullable Type Description Format

ports

List of StorageNetworkPolicyPort

from

List of StorageNetworkPolicyPeer

StorageNetworkPolicyModification

Next available tag: 3
Field Name Required Nullable Type Description Format

applyYaml

String

toDelete

List of StorageNetworkPolicyReference

StorageNetworkPolicyPeer

Field Name Required Nullable Type Description Format

podSelector

StorageLabelSelector

namespaceSelector

StorageLabelSelector

ipBlock

StorageIPBlock

StorageNetworkPolicyPort

Field Name Required Nullable Type Description Format

protocol

StorageProtocol

UNSET_PROTOCOL, TCP_PROTOCOL, UDP_PROTOCOL, SCTP_PROTOCOL,

port

Integer

int32

portName

String

StorageNetworkPolicyReference

Next available tag: 3
Field Name Required Nullable Type Description Format

namespace

String

name

String

StorageNetworkPolicySpec

Field Name Required Nullable Type Description Format

podSelector

StorageLabelSelector

ingress

List of StorageNetworkPolicyingressRule

egress

List of StorageNetworkPolicyEgressRule

policyTypes

List of StorageNetworkPolicyType

StorageNetworkPolicyType

Enum Values

UNSET_NETWORK_POLICY_TYPE

ingress_NETWORK_POLICY_TYPE

EGRESS_NETWORK_POLICY_TYPE

StorageProtocol

Enum Values

UNSET_PROTOCOL

TCP_PROTOCOL

UDP_PROTOCOL

SCTP_PROTOCOL

V1ApplyNetworkPolicyYamlForDeploymentRequest

Field Name Required Nullable Type Description Format

deploymentId

String

modification

StorageNetworkPolicyModification

V1GenerateNetworkPoliciesResponse

Next available tag: 2
Field Name Required Nullable Type Description Format

modification

StorageNetworkPolicyModification

V1GetAllowedPeersFromCurrentPolicyForDeploymentResponse

Field Name Required Nullable Type Description Format

allowedPeers

List of V1NetworkBaselineStatusPeer

V1GetBaselineGeneratedPolicyForDeploymentRequest

Field Name Required Nullable Type Description Format

deploymentId

String

deleteExisting

GenerateNetworkPoliciesRequestDeleteExistingPoliciesMode

UNKNOWN, NONE, GENERATED_ONLY, ALL,

includePorts

Boolean

V1GetBaselineGeneratedPolicyForDeploymentResponse

Field Name Required Nullable Type Description Format

modification

StorageNetworkPolicyModification

V1GetDiffFlowsGroupedFlow

Field Name Required Nullable Type Description Format

entity

StorageNetworkEntityInfo

properties

List of StorageNetworkBaselineConnectionProperties

V1GetDiffFlowsReconciledFlow

Field Name Required Nullable Type Description Format

entity

StorageNetworkEntityInfo

added

List of StorageNetworkBaselineConnectionProperties

removed

List of StorageNetworkBaselineConnectionProperties

unchanged

List of StorageNetworkBaselineConnectionProperties

V1GetDiffFlowsResponse

Field Name Required Nullable Type Description Format

added

List of V1GetDiffFlowsGroupedFlow

removed

List of V1GetDiffFlowsGroupedFlow

reconciled

List of V1GetDiffFlowsReconciledFlow

V1GetUndoModificationForDeploymentResponse

Field Name Required Nullable Type Description Format

undoRecord

StorageNetworkPolicyApplicationUndoRecord

V1GetUndoModificationResponse

Field Name Required Nullable Type Description Format

undoRecord

StorageNetworkPolicyApplicationUndoRecord

V1NetworkBaselinePeerEntity

Field Name Required Nullable Type Description Format

id

String

type

StorageNetworkEntityInfoType

UNKNOWN_TYPE, DEPLOYMENT, INTERNET, LISTEN_ENDPOINT, EXTERNAL_SOURCE, INTERNAL_ENTITIES,

V1NetworkBaselineStatusPeer

Field Name Required Nullable Type Description Format

entity

V1NetworkBaselinePeerEntity

port

Long

The port and protocol of the destination of the given connection.

int64

protocol

StorageL4Protocol

L4_PROTOCOL_UNKNOWN, L4_PROTOCOL_TCP, L4_PROTOCOL_UDP, L4_PROTOCOL_ICMP, L4_PROTOCOL_RAW, L4_PROTOCOL_SCTP, L4_PROTOCOL_ANY,

ingress

Boolean

A boolean representing whether the query is for an ingress or egress connection. This is defined with respect to the current deployment. Thus: - If the connection in question is in the outEdges of the current deployment, this should be false. - If it is in the outEdges of the peer deployment, this should be true.

V1NetworkEdgeProperties

Field Name Required Nullable Type Description Format

port

Long

int64

protocol

StorageL4Protocol

L4_PROTOCOL_UNKNOWN, L4_PROTOCOL_TCP, L4_PROTOCOL_UDP, L4_PROTOCOL_ICMP, L4_PROTOCOL_RAW, L4_PROTOCOL_SCTP, L4_PROTOCOL_ANY,

lastActiveTimestamp

Date

date-time

V1NetworkEdgePropertiesBundle

Field Name Required Nullable Type Description Format

properties

List of V1NetworkEdgeProperties

V1NetworkGraph

Field Name Required Nullable Type Description Format

epoch

Long

int64

nodes

List of V1NetworkNode

V1NetworkGraphDiff

Field Name Required Nullable Type Description Format

DEPRECATEDNodeDiffs

Map of V1NetworkNodeDiff

nodeDiffs

Map of V1NetworkNodeDiff

V1NetworkGraphEpoch

Field Name Required Nullable Type Description Format

epoch

Long

int64

V1NetworkNode

Field Name Required Nullable Type Description Format

entity

StorageNetworkEntityInfo

internetAccess

Boolean

policyIds

List of string

nonIsolatedingress

Boolean

nonIsolatedEgress

Boolean

queryMatch

Boolean

outEdges

Map of V1NetworkEdgePropertiesBundle

V1NetworkNodeDiff

Field Name Required Nullable Type Description Format

policyIds

List of string

DEPRECATEDOutEdges

Map of V1NetworkEdgePropertiesBundle

outEdges

Map of V1NetworkEdgePropertiesBundle

nonIsolatedingress

Boolean

nonIsolatedEgress

Boolean

V1NetworkPoliciesResponse

Field Name Required Nullable Type Description Format

networkPolicies

List of StorageNetworkPolicy

V1NetworkPolicyInSimulation

Field Name Required Nullable Type Description Format

policy

StorageNetworkPolicy

status

V1NetworkPolicyInSimulationStatus

INVALID, UNCHANGED, MODIFIED, ADDED, DELETED,

oldPolicy

StorageNetworkPolicy

V1NetworkPolicyInSimulationStatus

Enum Values

INVALID

UNCHANGED

MODIFIED

ADDED

DELETED

V1SimulateNetworkGraphResponse

Field Name Required Nullable Type Description Format

simulatedGraph

V1NetworkGraph

policies

List of V1NetworkPolicyInSimulation

added

V1NetworkGraphDiff

removed

V1NetworkGraphDiff