Creating and updating a configuration policy by using REST Administration APIs

System administrators can create and update configuration policies by using REST Administration APIs.

You can create or update a configuration policy by using a REST Administration API, or by using the Amlen WebUI. For more information about using the Amlen WebUI to create or update a configuration policy, see Configuring the admin endpoint by using the Amlen WebUI.

You can use the Eclipse Amlen REST API POST method to create or update one or more configuration policy objects. If the configuration policy that is specified in the request does not exist in the configuration table, then the configuration policy is created. Otherwise the configuration policy configuration is updated.

To create or update one or more configuration policy objects, use the Eclipse Amlen REST API POST method.

Use the following Eclipse Amlen configuration policy configuration URI:

http://<admin-endpoint-IP:Port>/ima/v1/configuration/

Provide ConfigurationPolicy object configuration data in the payload of the POST method by using the following schema. Content-type is set to application/json. Ensure that capitalization and double quotation marks are used as shown.


{    
  "ConfigurationPolicy": {
    "<NameOfConfigurationPolicy>": {
       "Description": "string",
       "ActionList": "string",
       "GroupID": "string",
       "ClientAddress": "string",
       "UserID": "string",
       "CommonNames": "string"
     }
   }
}

Where:

NameOfConfigurationPolicy

Required.

Specifies the name of the configuration policy.

The name must not have leading or trailing spaces and cannot contain control characters, commas, double quotation marks, backslashes, or equal signs. The first character must not be a number or any of the following special characters:

! # $ % & ' ( ) * + - . / : ; < > ? @

After the configuration policy is created, you cannot change this name.

Description

Optional.

Specifies a description for the configuration policy.

If you do not want a description, omit "Description":"description".

ActionList

Required if you are creating a configuration policy.

Specifies the level of authority that is granted to the user, or users, authorized by the configuration policy to perform administrative or monitoring tasks. You must specify at least one of the following levels of authority:

Configure
Grants authority to modify the server configuration.
View
Grants authority to view the server configuration.
Monitor
Grants authority to view monitoring data.
Manage
Grants authority to issue service requests, such as restarting the server

The following table shows the levels of authority that are required when you use the Eclipse Amlen REST API to administer and monitor Eclipse Amlen:

Table 1. Authorities required for REST API methods for administering and monitoring Eclipse Amlen.
REST method	Domain	Objects/Actions	Required Authority
POST	/ima/v1/configuration	All configuration objects	Configure
GET	/ima/v1/configuration	All configuration objects	Configure, View, Monitor, or Manage
DELETE	/ima/v1/configuration	Nameable composite configuration objects	Configure
PUT	ima/v1/file	Upload files such as certificate	Configure or Manage
GET	ima/v1/monitor	Server, memory, store, endpoint, connection, subscription	Configure, View, Monitor, or Manage
POST	ima/v1/service	start, stop, restart, import, export, commit, rollback, forget, remove, close, trace, license	Manage or Configure
GET	ima/v1/service	status	Configure, View, Monitor, or Manage
DELETE	ima/v1/service	Subscription, MQTTClient, client set	Configure

You must specify at least one of the following filters:

ClientAddress: Specifies the client IP addresses that are allowed to connect to Eclipse Amlen.; The IP address can contain an asterisk (*), or a comma-separated list of IPv4 or IPv6 addresses or ranges. For example, 192.0.2.32, 192.0.0.0, 192.0.2.0-192.0.2.100. The range must be specified from low to high.; However, each IPv6 address must be enclosed in brackets [ ] either when expressed singly or in a range of addresses. IPv6 addresses cannot contain asterisks.; The maximum number of client addresses that you can specify is 20.; To use the default value, where all client IP addresses are allowed to connect, omit "ClientAddress":"IP_Address" or specify "ClientAddress":"*".
UserID: Specifies the messaging user ID that is allowed to connect to Eclipse Amlen.; You can use an asterisk (*) at the end of the value to match 0 or more characters.; To use the default value, where all user ID values are allowed to connect, omit "UserID": "UserID".
GroupID: Specifies the messaging group that is allowed to connect to Eclipse Amlen.; You can use an asterisk (*) at the end of the value to match 0 or more characters.; To use the default value, where all user ID values are allowed to connect, omit "GroupID":"GroupID".
CommonNames: Specifies the client certificate common name that must be used to connect to Eclipse Amlen.; You can use an asterisk (*) at the end of the value to match 0 or more characters.; To use the default value, where all user ID values are allowed to connect, omit "CommonNames": "CommonNames".

The following example shows a POST method to create a configuration policy called "MyConfigurationPolicy" by using cURL:


curl -X POST  \
   -H 'Content-Type: application/json'  \
   -d  '{    
         "ConfigurationPolicy": {       
           "MyConfigurationPolicy": {
             "Description": "Demonstration configuration policy ",            
             "ActionList":  "Configure,View,Monitor,Manage",
             "GroupID": "Group1",
             "ClientAddress": "9.3.179.*",            
             "UserID": "IMAUser"
            }
          }
        }
      '  \
http://127.0.0.1:9089/ima/v1/configuration/

The following example shows an example response to the POST method:


{        
  "Version": "v1",
  "Code": "CWLNA6011",
  "Message": "The requested configuration change has completed successfully."
}