Managing access list
Use the DevOps API to add and remove addresses for your database access list. You can also enable and disable your access list.
You can use the DevOps API to perform the actions your role permissions allow.
The following roles use the application token to execute DevOps API queries:
-
Organization Administrator
-
Database Administrator
Prerequisites
-
Create an application token to authenticate your service account in the DevOps API.
-
Once you have authenticated your service account, you can add and remove IP addresses and CIDRs for your access list in the DevOps API.
-
You must have your access list on to be able to manage your access list via the DevOps API.
Adding addresses to your database access list
-
Check existing access lists within your organization or database to see which addresses are already on your access list(s):
Access lists are configured for each database within an organization. You must add each address to every database access list for which you want the address to have access.
curl --request GET \ --url 'https://api.astra.datastax.com/v2/access-lists' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer <application_token>'
curl --request GET \ --url 'https://api.astra.datastax.com/v2/databases/<databaseId>/access-list' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer <application_token>'
[ { "organizationId": "303a3598-0905-4b5d-9db2-4bf2f9790973", "databaseId": "8fbcfe1d-56fa-4ed0-9aff-f57029feef1b", "addresses": [ { "address": "137.187.23.0/24", "enabled": true, "description": "This address allows the database connections from the production environment.", "lastUpdateDateTime": "2021-01-21T17:32:28Z" } ], "configurations": { "accessListEnabled": true } } ]
For more, see Get all access lists for an organization and Get access list for a database in the DevOps API.
-
Get a template for your access list:
curl --request GET \ --url 'https://api.astra.datastax.com/v2/access-list/template' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer <application_token>'
[ { "organizationId": "303a3598-0905-4b5d-9db2-4bf2f9790973", "databaseId": "8fbcfe1d-56fa-4ed0-9aff-f57029feef1b", "addresses": [ { "address": "137.187.23.0/24", "enabled": true, "description": "This address allows the database connections from the production environment.", "lastUpdateDateTime": "2021-01-21T17:32:28Z" } ], "configurations": { "accessListEnabled": true } } ]
For more, see Get template of access list in the DevOps API.
-
Complete your access list to submit.
-
Add your access list addresses:
curl --request POST \ --url 'https://api.astra.datastax.com/v2/databases/<databaseId>/access-list' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer <application_token>' \ --data '{ [ "address": "125.187.17.0/24", "enabled": true, "description": "Development" ] }'
For more, see Add addresses to access list for a database in the DevOps API.
-
Confirm the new addresses have been added to your access list:
curl --request GET \ --url 'https://api.astra.datastax.com/v2/databases/<databaseId>/access-list' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer <application_token>'
[ { "organizationId": "303a3598-0905-4b5d-9db2-4bf2f9790973", "databaseId": "8fbcfe1d-56fa-4ed0-9aff-f57029feef1b", "addresses": [ { "address": "137.187.23.0/24", "enabled": true, "description": "This address allows the database connections from the production environment.", "lastUpdateDateTime": "2021-01-21T17:32:28Z" }, { "address": "125.187.17.0/24", "enabled": true, "description": "Development" }, ], "configurations": { "accessListEnabled": true } } ]
Replacing your existing access list
-
Check existing access lists within your organization or database to see which addresses are already on your access list:
curl --request GET \ --url 'https://api.astra.datastax.com/v2/access-lists' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer <application_token>'
curl --request GET \ --url 'https://api.astra.datastax.com/v2/databases/<databaseId>/access-list' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer <application_token>'
[ { "organizationId": "303a3598-0905-4b5d-9db2-4bf2f9790973", "databaseId": "8fbcfe1d-56fa-4ed0-9aff-f57029feef1b", "addresses": [ { "address": "137.187.23.0/24", "enabled": true, "description": "This address allows the database connections from the production environment.", "lastUpdateDateTime": "2021-01-21T17:32:28Z" } ], "configurations": { "accessListEnabled": true } } ]
For more, see Get all access lists for an organization and Get access list for a database in the DevOps API.
-
Submit your revised access list:
curl --request PUT \ --url 'https://api.astra.datastax.com/v2/databases/<databaseId>/access-list' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer <application_token>' \ --data '{ "addresses": [ { "address": "125.187.17.0/24", "enabled": true, "description": "Development" "lastUpdateDateTime": "2021-01-21T17:32:28Z" } ], "configurations": { "accessListEnabled": true } }'
curl --request PATCH \ --url 'https://api.astra.datastax.com/v2/databases/<databaseId>/access-list' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer <application_token>' \ --data '{ "addresses": [ { "address": "125.187.17.0/24", "enabled": true, "description": "Development" } ], "configurations": { "accessListEnabled": true } }'
For more, see Replace access list for your database and Update existing fields in access list for database in the DevOps API.
-
Confirm the new addresses have been added to your access list:
curl --request GET \ --url 'https://api.astra.datastax.com/v2/databases/<databaseId>/access-list' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer <application_token>'
[ { "organizationId": "303a3598-0905-4b5d-9db2-4bf2f9790973", "databaseId": "8fbcfe1d-56fa-4ed0-9aff-f57029feef1b", "addresses": [ { "address": "137.187.23.0/24", "enabled": true, "description": "This address allows the database connections from the production environment.", "lastUpdateDateTime": "2021-01-21T17:32:28Z" }, { "address": "125.187.17.0/24", "enabled": true, "description": "Development" }, ], "configurations": { "accessListEnabled": true } } ]
Deleting address or access lists
If you do not specify which addresses to delete, the entire access list is deleted. When the entire access list is deleted, public access is no longer restricted. |
-
Check existing access lists within your organization or database to see which addresses are already on your access list:
curl --request GET \ --url 'https://api.astra.datastax.com/v2/access-lists' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer <application_token>'
curl --request GET \ --url 'https://api.astra.datastax.com/v2/databases/<databaseId>/access-list' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer <application_token>'
[ { "organizationId": "303a3598-0905-4b5d-9db2-4bf2f9790973", "databaseId": "8fbcfe1d-56fa-4ed0-9aff-f57029feef1b", "addresses": [ { "address": "137.187.23.0/24", "enabled": true, "description": "This address allows the database connections from the production environment.", "lastUpdateDateTime": "2021-01-21T17:32:28Z" }, { "address": "125.187.17.0/24", "enabled": true, "description": "Development" }, ], "configurations": { "accessListEnabled": true } } ]
-
Delete an address from your access list:
curl --request DELETE \ --url 'https://api.astra.datastax.com/v2/databases/<databaseId>/access-list' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer <application_token>' \ --data '{ "addresses": [ { "address": "125.187.17.0/24" } ] }'
curl --request DELETE \ --url 'https://api.astra.datastax.com/v2/databases/<databaseId>/access-list' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer <application_token>'
-
Confirm the address no longer exists:
curl --request GET \ --url 'https://api.astra.datastax.com/v2/access-lists' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer <application_token>'
curl --request GET \ --url 'https://api.astra.datastax.com/v2/databases/<databaseId>/access-list' \ --header 'Accept: application/json' \ --header 'Authorization: Bearer <application_token>'
[ { "organizationId": "303a3598-0905-4b5d-9db2-4bf2f9790973", "databaseId": "8fbcfe1d-56fa-4ed0-9aff-f57029feef1b", "addresses": [ { "address": "137.187.23.0/24", "enabled": true, "description": "This address allows the database connections from the production environment.", "lastUpdateDateTime": "2021-01-21T17:32:28Z" } ], "configurations": { "accessListEnabled": true } } ]
For more, see Delete addresses or access list for database in the DevOps API.
What’s next?
Explore the DevOps API.