IBM Cloud Docs
Updating and deleting an account policy

Updating and deleting an account policy

As a service provider, you are responsible for managing your consumer account IDs. Currently, tracking or validating account IDs is not supported. For more information, see Responsibilities for managing consumer account IDs.

You can update or delete a Private Path service account policy at any time using the UI, CLI, or API.

Updating and deleting an account policy in the UI

To update an account policy in the IBM Cloud console, follow these steps:

  1. From your browser, open the IBM Cloud console and log in to your account.

  2. Select the Navigation Menu Menu icon, then click Infrastructure > Network > Private Path services.

  3. Click the name of the Private Path service that includes the account policy that you want to update.

  4. On the Private Path service's Details page, click the Policies tab.

  5. Locate the account with the policy that you want to update, then click the Edit Edit icon or Delete Delete icon icon.

    In the Edit policy panel, you can update the policy name and the request policy (Review, Permit, or Deny).

  6. Click Save to save your changes.

Updating and deleting an account policy from the CLI

The following examples show how to use the CLI to update and delete an account policy.

Before you begin, make sure to set up your CLI environment.

You must first export the feature flag to use the CLI for Private Path beta release offerings.

To export the feature flag, enter the following commands:

export IBMCLOUD_IS_FEATURE_PRIVATE_PATH_SERVICE_GATEWAY=true
export IBMCLOUD_IS_FEATURE_PP_NLB_SUPPORT=true

Updating an account policy from the CLI

To update an account policy from the CLI, follow these steps:

  1. Enter the following command:
 ibmcloud is private-path-service-gateway-account-policy-update PRIVATE_PATH_SERVICE_GATEWAY ACCOUNT_POLICY [--access-policy deny | permit | review]
[--output JSON] [-q, --quiet]

Where:

PRIVATE_PATH_SERVICE_GATEWAY
Indicates the ID or name of the Private Path service.
ACCOUNT_POLICY
Indicates the ID of the account policy for the Private Path service.
access-policy
Indicates the access policy for the account. One of: deny, permit, review.
--output
Specify the output format, only JSON is supported. One of: JSON.
-q, --quiet
Suppress verbose output.

Deleting an account policy from the CLI

To delete one or more account policies from the CLI, follow these steps:

  1. Enter the following command:
ibmcloud is private-path-service-gateway-account-policy-delete PRIVATE_PATH_SERVICE_GATEWAY (ACCOUNT_POLICY1 ACCOUNT_POLICY2 ...)
    [--output JSON] [-f, --force] [-q, --quiet]

Where:

PRIVATE_PATH_SERVICE_GATEWAY
Identifies ID or name of the Private Path service.
ACCOUNT_POLICY1
Identifies ID of the account policy for the Private Path service.
ACCOUNT_POLICY2
Identifies ID of the account policy for the Private Path service.
--output
Specifies output format, only JSON is supported. One of: JSON.
--force, -f
Forces the operation without confirmation.
-q, --quiet
Suppresses verbose output.

Command examples

  • Update to a permit policy: ibmcloud is ppsg-apu r006-f5926633-81d0-429e-bcf8-91151ade00bf 2d1bace7b46e4815a81e52c6ffeba5cf

  • Update to a review policy: ibmcloud is ppsg-apu cli-ppsg-0 e13b4574db1743b1b7897bebca551db1 --access-policy review

  • Delete an account policy: ibmcloud is ppsg-apd r006-2e671f14-19fc-4089-9ad3-973176711259 efe5afc483594adaa8325e2b4d1290df

  • Delete an account policy: ibmcloud is private-path-service-gateway-account-policy-delete cli-ppsg-0 2d1bace7b46e4815a81e52c6ffeba5cf e13b4574db1743b1b7897bebca551db1

Updating an account policy with the API

To update an account policy with the API, follow these steps:

  1. Set up your API environment.

  2. Store the following values in variables to be used in the API command:

    • ppsgId - Get your Private Path service and then populate the variable:

      export ppsgId=<your_ppsg_id>

    • accountPolicyId - Get your account policy ID and then populate the variable:

      export accountPolicyId=<your_account_policy_id>

The following example shows how to use the API to update an account policy.

  ```sh {: codeblock}
  curl -X PATCH -sH "Authorization:${iam_token}" \
  "$vpc_api_endpoint/v1/private_path_service_gateways/$ppsgId/account_policies/$accountPolicyId?version=$api_version&generation=2" \
  -d {
    "access_policy": "deny"
  }
  '
  ```

The following example shows how to use the API to delete an account policy.

  ```sh {: codeblock}
  curl -X DELETE -sH "Authorization:${iam_token}" \
  "$vpc_api_endpoint/v1/private_path_service_gateways/$ppsgId/account_policies/$accountPolicyId?version=$api_version&generation=2"
  ```

Updating and deleting an account policy with Terraform

Terraform will support this feature after it reaches General Availability (GA) and is officially released.

The following example updates or deletes an account policy's access to a Private Path network by using Terraform:

resource "ibm_is_private_path_service_gateway_account_policy" "ppsgAccountPolicy" {
    private_path_service_gateway = ibm_is_private_path_service_gateway.ppsg.id
    access_policy = "permit"    ## modified to deny
    account = "7f75c7b025e54bc5635f754b2f888665"
}