From 94182670338aa9a3c51843e75e10e7e6722e0aa1 Mon Sep 17 00:00:00 2001 From: Daniel Weinshenker Date: Wed, 14 May 2025 17:06:11 -0700 Subject: [PATCH] DBAAS: Update trusted sources limits and add description --- .../resources/databases/databases_create_cluster.yml | 1 + .../databases/databases_update_firewall_rules.yml | 11 +++++------ .../examples/curl/databases_update_firewall_rules.yml | 2 +- .../examples/go/databases_update_firewall_rules.yml | 1 + .../python/databases_update_firewall_rules.yml | 3 ++- .../resources/databases/models/firewall_rule.yml | 5 +++++ .../resources/databases/responses/firewall_rules.yml | 1 + 7 files changed, 16 insertions(+), 8 deletions(-) diff --git a/specification/resources/databases/databases_create_cluster.yml b/specification/resources/databases/databases_create_cluster.yml index 7983ea7bf..61c5b6e06 100644 --- a/specification/resources/databases/databases_create_cluster.yml +++ b/specification/resources/databases/databases_create_cluster.yml @@ -74,6 +74,7 @@ requestBody: rules: - type: ip_addr value: "192.168.1.1" + description: "my home IP address" - type: k8s value: ff2a6c52-5a44-4b63-b99c-0e98e7a63d61 - type: droplet diff --git a/specification/resources/databases/databases_update_firewall_rules.yml b/specification/resources/databases/databases_update_firewall_rules.yml index 6b6125fe5..809dede8c 100644 --- a/specification/resources/databases/databases_update_firewall_rules.yml +++ b/specification/resources/databases/databases_update_firewall_rules.yml @@ -9,12 +9,10 @@ description: >- able to open connections to the database. You may limit connections to specific Droplets, Kubernetes clusters, or IP addresses. When a tag is provided, any Droplet or Kubernetes node with that tag applied to it will - have access. The firewall is limited to 100 rules (or trusted sources). When - possible, we recommend - [placing your databases into a VPC network](https://docs.digitalocean.com/products/networking/vpc/) - to limit access to them instead of using a firewall. - - A successful + have access. The firewall is limited to 2000 IPs or CIDR addresses. Each rule can resolve to multiple IP addresses (type k8s, for example). + When possible, we recommend [placing your databases into a VPC network](https://docs.digitalocean.com/products/networking/vpc/) + to limit access to them instead of using a firewall. In addition, we recommend using CIDR addresses when possible instead of individual IPs, + as both types contribute the same amount to the 2000 limit. tags: - Databases @@ -35,6 +33,7 @@ requestBody: rules: - type: ip_addr value: '192.168.1.1' + description: 'my home IP address' - type: k8s value: ff2a6c52-5a44-4b63-b99c-0e98e7a63d61 - type: droplet diff --git a/specification/resources/databases/examples/curl/databases_update_firewall_rules.yml b/specification/resources/databases/examples/curl/databases_update_firewall_rules.yml index dbe7b92e5..c8b921b7c 100644 --- a/specification/resources/databases/examples/curl/databases_update_firewall_rules.yml +++ b/specification/resources/databases/examples/curl/databases_update_firewall_rules.yml @@ -3,5 +3,5 @@ source: |- curl -X PUT \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $DIGITALOCEAN_TOKEN" \ - -d '{"rules": [{"type": "ip_addr","value": "192.168.1.1"},{"type": "droplet","value": "163973392"},{"type": "k8s","value": "ff2a6c52-5a44-4b63-b99c-0e98e7a63d61"},{"type": "tag","value": "backend"}]}' \ + -d '{"rules": [{"type": "ip_addr","value": "192.168.1.1", "description": "my home IP address"},{"type": "droplet","value": "163973392"},{"type": "k8s","value": "ff2a6c52-5a44-4b63-b99c-0e98e7a63d61"},{"type": "tag","value": "backend"}]}' \ "https://api.digitalocean.com/v2/databases/9cc10173-e9ea-4176-9dbc-a4cee4c4ff30/firewall" diff --git a/specification/resources/databases/examples/go/databases_update_firewall_rules.yml b/specification/resources/databases/examples/go/databases_update_firewall_rules.yml index 5ae60d2c7..bf45b8e9e 100644 --- a/specification/resources/databases/examples/go/databases_update_firewall_rules.yml +++ b/specification/resources/databases/examples/go/databases_update_firewall_rules.yml @@ -18,6 +18,7 @@ source: |- { Type: "ip_addr", Value: "192.168.1.1", + Description: "my home IP address", }, { Type: "droplet", diff --git a/specification/resources/databases/examples/python/databases_update_firewall_rules.yml b/specification/resources/databases/examples/python/databases_update_firewall_rules.yml index cfc6af1e0..d60f78290 100644 --- a/specification/resources/databases/examples/python/databases_update_firewall_rules.yml +++ b/specification/resources/databases/examples/python/databases_update_firewall_rules.yml @@ -9,7 +9,8 @@ source: |- "rules": [ { "type": "ip_addr", - "value": "192.168.1.1" + "value": "192.168.1.1", + "description": "my home IP address" }, { "type": "k8s", diff --git a/specification/resources/databases/models/firewall_rule.yml b/specification/resources/databases/models/firewall_rule.yml index d93e723d9..50c157e7b 100644 --- a/specification/resources/databases/models/firewall_rule.yml +++ b/specification/resources/databases/models/firewall_rule.yml @@ -31,6 +31,11 @@ properties: The ID of the specific resource, the name of a tag applied to a group of resources, or the IP address that the firewall rule allows to access the database cluster. + description: + type: string + example: my home address IP + description: >- + A label to describe the firewall rule. created_at: type: string format: date-time diff --git a/specification/resources/databases/responses/firewall_rules.yml b/specification/resources/databases/responses/firewall_rules.yml index a6367d2e2..f797d2fbb 100644 --- a/specification/resources/databases/responses/firewall_rules.yml +++ b/specification/resources/databases/responses/firewall_rules.yml @@ -27,6 +27,7 @@ content: cluster_uuid: 9cc10173-e9ea-4176-9dbc-a4cee4c4ff30 type: ip_addr value: 192.168.1.1 + description: 'my home IP address' created_at: '2019-11-14T20:30:28Z' - uuid: b9b42276-8295-4313-b40f-74173a7f46e6 cluster_uuid: 9cc10173-e9ea-4176-9dbc-a4cee4c4ff30