none
Azure REST API - Add and Update ACL's

    Question

  • Hi,

    I'm using the REST API in Java to manipulate Endpoints and ACLs on an instance.

    I'm able to update Endpoints like update name of an endpoint etc using the URL below

    https://management.core.windows.net/<subscription-id>/services/hostedservices/<cloudservicename>/deployments/<depl name>/roles/<rolename>

    and payload below

    <?xml version="1.0" encoding="UTF-8" standalone="no"?><ns1:PersistentVMRole xmlns:ns1="http://schemas.microsoft.com/windowsazure"><ns1:ConfigurationSets><ns1:ConfigurationSet><ns1:ConfigurationSetType>NetworkConfiguration</ns1:ConfigurationSetType><ns1:InputEndpoints><ns1:InputEndpoint><ns1:LocalPort>53</ns1:LocalPort><ns1:Name>whatsionaname</ns1:Name><ns1:Port>53</ns1:Port><ns1:Protocol>tcp</ns1:Protocol><ns1:EndpointACL><ns1:Rules><ns1:Rule><ns1:Order>1</ns1:Order><ns1:Action>permit</ns1:Action><ns1:RemoteSubnet>0.0.0.0/24</ns1:RemoteSubnet><ns1:Description>apidescription</ns1:Description></ns1:Rule><ns1:Rule><ns1:Order>2</ns1:Order><ns1:Action>deny</ns1:Action><ns1:RemoteSubnet>0.0.0.0/16</ns1:RemoteSubnet><ns1:Description>somedesc</ns1:Description></ns1:Rule></ns1:Rules></ns1:EndpointACL></ns1:InputEndpoint></ns1:InputEndpoints></ns1:ConfigurationSet></ns1:ConfigurationSets></ns1:PersistentVMRole>

    This returns status code as 202 and the Endpoints are updated properly in Azure console. But, the ACL's are not created for that endpoint.

    Tried several combinations with the x-ms version also 2013-03-01 and 2013-06-01

    reqMap.put("x-ms-version", "2013-06-01");
    reqMap.put("Content-Type", "application/xml");

    But none seems to work wrt ACL's. However, all operations related to endpoints in the same payload are working fine.

    Could you pls throw some light on why this is the case and if I'm doing anything wrong?

    Thanks.



    • Edited by EnthuAzure Tuesday, September 16, 2014 10:47 AM Grammatical mistakes
    Tuesday, September 16, 2014 10:46 AM

Answers

  • Hi EnthuAzure,

    Thank you post the issue to MSDN forum.

    At present, we can only get or set ACL on VMs' endpoints with Azure PowerShell and Azure Management Portal. And it not support azure rest API. If you hope it supports rest api, you can try to submit the feature and vote to below:http://feedback.azure.com/forums/34192--general-feedback 

    Besides, here is an article "Setting an Endpoint ACL on a Windows Azure VM" online with Burp for you.

    Best Regards,

    Fuxiang


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. <br/> Click <a href="http://support.microsoft.com/common/survey.aspx?showpage=1&scid=sw%3Ben%3B3559&theme=tech"> HERE</a> to participate the survey.


    Wednesday, September 17, 2014 10:18 AM
    Moderator

All replies

  • Seems like update ACL's cannot be done through REST API's in Java.

    http://stackoverflow.com/questions/19166231/windows-azure-rest-api-update-role-doesnt-take-effect

    http://stackoverflow.com/questions/24636533/programmatically-updating-windows-azure-paas-acls-with-management-api

    Hasn't support been provided yet for those? Someone please answer since no answer exists in the internet and it will be useful for a lot of folks in future.

    Thanks.

    Tuesday, September 16, 2014 5:41 PM
  • Hi EnthuAzure,

    Thank you post the issue to MSDN forum.

    At present, we can only get or set ACL on VMs' endpoints with Azure PowerShell and Azure Management Portal. And it not support azure rest API. If you hope it supports rest api, you can try to submit the feature and vote to below:http://feedback.azure.com/forums/34192--general-feedback 

    Besides, here is an article "Setting an Endpoint ACL on a Windows Azure VM" online with Burp for you.

    Best Regards,

    Fuxiang


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. <br/> Click <a href="http://support.microsoft.com/common/survey.aspx?showpage=1&scid=sw%3Ben%3B3559&theme=tech"> HERE</a> to participate the survey.


    Wednesday, September 17, 2014 10:18 AM
    Moderator