Update Firewall Policy Rule
const url = 'https://example.com/network/v1/workspaces/example/engines/qibdo/vpcs/example/firewall-policies/example:patchRule';const options = { method: 'POST', headers: {'Content-Type': 'application/json'}, body: '{"description":"example","direction":"example","action":"example","matches":[{"protocol":"example","port_ranges":[{"min":1,"max":1}]}],"source_cidrs":[{"address":"example","prefix":1}],"destination_cidrs":[{"address":"example","prefix":1}],"priority":1,"disabled":true,"logging_enabled":true}'};
try { const response = await fetch(url, options); const data = await response.json(); console.log(data);} catch (error) { console.error(error);}curl --request POST \ --url https://example.com/network/v1/workspaces/example/engines/qibdo/vpcs/example/firewall-policies/example:patchRule \ --header 'Content-Type: application/json' \ --data '{ "description": "example", "direction": "example", "action": "example", "matches": [ { "protocol": "example", "port_ranges": [ { "min": 1, "max": 1 } ] } ], "source_cidrs": [ { "address": "example", "prefix": 1 } ], "destination_cidrs": [ { "address": "example", "prefix": 1 } ], "priority": 1, "disabled": true, "logging_enabled": true }'Updates an existing rule on a firewall policy (AIP-134 partial update via an AIP-136 custom method).
Parameters
Section titled “ Parameters ”Path Parameters
Section titled “Path Parameters ”The unique identifier of the workspace that the policy belongs to
The unique identifier of the parent VPC
The unique identifier of the parent firewall policy
Query Parameters
Section titled “Query Parameters ”The unique identifier of the firewall rule to update
The set of fields to update. If omitted, all mutable fields are overwritten.
Request Body required
Section titled “Request Body required ”QibdoFirewallPolicyRule — an OVN-shaped traffic control rule within a QibdoFirewallPolicy. The match syntax (protocol + port ranges, source/destination CIDR arrays) is OVN-specific; future engines (AWS SG, GCP firewall) will introduce their own rule schema.
object
Unique identifier for this rule.
An optional human-readable description of the rule.
The traffic direction this rule applies to (INGRESS or EGRESS).
The action to take when this rule matches (ALLOW or DENY).
Protocol + port-range matches describing which traffic this rule applies to. A rule matches if ANY listed ProtocolMatch matches. At least one match is required.
ProtocolMatch describes one protocol + port-range combination that a QibdoFirewallPolicyRule can match. A rule carries a list of these to support multi-protocol / multi-port matching (GCP-style allowed[] / denied[]).
object
IANA protocol name (e.g., “tcp”, “udp”, “icmp”) or number. Use “all” for any.
Port ranges this match applies to. Empty list means “all ports for this protocol”. Not applicable when protocol is “icmp”, “icmpv6”, or “all”.
PortRange is an inclusive range of transport-layer port numbers.
object
Lowest port in the range (inclusive). 0–65535.
Highest port in the range (inclusive). 0–65535. Must be >= min.
Source CIDR blocks for INGRESS rules. OR semantics; empty = any source.
IpAddress — an IPv4 or IPv6 address, disambiguated by the address string
format. prefix carries the CIDR prefix length (0-32 for IPv4, 0-128 for
IPv6); set to 32 or 128 for single-host addresses such as a subnet gateway.
object
Destination CIDR blocks for EGRESS rules. OR semantics; empty = any destination.
IpAddress — an IPv4 or IPv6 address, disambiguated by the address string
format. prefix carries the CIDR prefix length (0-32 for IPv4, 0-128 for
IPv6); set to 32 or 128 for single-host addresses such as a subnet gateway.
object
The priority of this rule. Lower numbers indicate higher priority. Range: 0-32767.
Whether this rule is disabled. When true, the rule is not enforced.
Whether traffic matching this rule should be logged for security auditing.
OVN-assigned rule identifier. Populated once OVN provisions the rule.
When this rule was created.
When this rule was last updated.
Example generated
{ "description": "example", "direction": "example", "action": "example", "matches": [ { "protocol": "example", "port_ranges": [ { "min": 1, "max": 1 } ] } ], "source_cidrs": [ { "address": "example", "prefix": 1 } ], "destination_cidrs": [ { "address": "example", "prefix": 1 } ], "priority": 1, "disabled": true, "logging_enabled": true}Responses
Section titled “ Responses ”OK
Network Operation
An acknowledgment of a mutation request, carrying tracking metadata, errors, and warnings. Follows GCP’s Operations pattern (AIP-151).
object
Operation ID
Unique identifier for this operation.
Resource ID
The ID of the resource affected by this operation. May be empty for async operations where the resource does not yet exist.
Resource Type
The type of resource (e.g., “com.qibdo.cloud.network:vpc”).
Operation Type
The kind of mutation that was requested.
Status
Current lifecycle state of the operation.
Insert Time
When the operation was first created.
Start Time
When the operation started executing.
End Time
When the operation completed (either successfully or with errors).
Errors
Business rule errors encountered during the operation.
Network Operation Error
A structured error returned inside an operation when a business rule fails.
object
Error Code
Numeric identifier following the S_SSS_EEE convention.
Description
Human-readable explanation of the error.
Warnings
Non-fatal notices about the operation.
Network Operation Warning
A non-fatal notice attached to an operation.
object
Warning Code
Numeric identifier following the S_SSS_EEE convention.
Description
Human-readable explanation of the warning.
Progress
Percentage of completion (0-100).
Example
{ "operation_type": "NETWORK_OPERATION_TYPE_UNSPECIFIED", "status": "NETWORK_OPERATION_STATUS_UNSPECIFIED"}default
Section titled “default ”Default error response
The Status type defines a logical error model that is suitable for different programming environments, including REST APIs and RPC APIs. It is used by gRPC. Each Status message contains three pieces of data: error code, error message, and error details. You can find out more about this error model and how to work with it in the API Design Guide.
object
The status code, which should be an enum value of [google.rpc.Code][google.rpc.Code].
A developer-facing error message, which should be in English. Any user-facing error message should be localized and sent in the [google.rpc.Status.details][google.rpc.Status.details] field, or localized by the client.
A list of messages that carry the error details. There is a common set of message types for APIs to use.
Contains an arbitrary serialized message along with a @type that describes the type of the serialized message.
object
The type of the serialized message.
Example generated
{ "code": 1, "message": "example", "details": [ { "@type": "example" } ]}