IBM Cloud Docs
Revoking an account's access to a Private Path service

Revoking an account's access to a Private Path service

As a service provider, you are responsible for managing your consumer account IDs. Currently, tracking or validating account IDs is not supported. For more information, see Responsibilities for managing consumer account IDs.

You can revoke an account's access to a Private Path service using the UI, CLI, or API.

Revoking an account's access to a Private Path service in the UI

To Revoke an account's access to a Private Path service in the IBM Cloud console, follow these steps:

  1. From your browser, open the IBM Cloud console and log in to your account.
  2. Select the Navigation Menu Menu icon, then click Infrastructure > Network > Private Path services.
  3. Click the name of the Private Path service that includes the account policy that you want to update.
  4. On the Private Path service's Details page, click the Connections tab.
  5. Locate the Account ID of the account you want to revoke, and click the Menu icon navigation menu at the end of the row.
  6. Click Revoke.

Revoking an account's access to a Private Path service from the CLI

The following example shows how to use the CLI to revoke an account's access to a Private Path service.

Before you begin, make sure to set up your CLI environment.

You must first export the feature flag to use the CLI for Private Path beta release offerings.

To export the feature flag, enter the following commands:

export IBMCLOUD_IS_FEATURE_PRIVATE_PATH_SERVICE_GATEWAY=true
export IBMCLOUD_IS_FEATURE_PP_NLB_SUPPORT=true

To delete a Private Path service from the CLI, follow these steps:

  1. Enter the following command:
ibmcloud is private-path-service-gateway-endpoint-gateway-binding-revoke (PRIVATE_PATH_SERVICE_GATEWAY1 PRIVATE_PATH_SERVICE_GATEWAY2 ...) --account-id ACCOUNT_ID [--output JSON] [-q, --quiet]

Where:

PRIVATE_PATH_SERVICE_GATEWAY1
Indicates the ID or name of the Private Path service.
PRIVATE_PATH_SERVICE_GATEWAY2
Indicates the ID or name of the Private Path service.
--account-id
Indicates the ID of the account for this access policy.
--output
Specifies output format, only JSON is supported. One of: JSON.
-q, --quiet
Suppresses verbose output.

Command examples

  • Revoke access to a Private Path service for an account: ibmcloud is ppsg-ar r006-e64dab2d-8fd2-43bd-8390-229ba66e53c4 --account-id efe5afc483594adaa8325e2b4d1290df

  • Revoke access to a Private Path service for an account: ibmcloud is ppsg-ar cli-ppsg --account-id efe5afc483594adaa8325e2b4d1290df

Deleting a Private Path service with the API

To revoke access to a Private Path service for an account, follow these steps:

  1. Set up your API environment.

  2. Store the following values in variables to be used in the API command:

    • ppsgId - Get your Private Path service and then populate the variable:

      export ppsgId=<your_ppsg_id>
      
    • accountId - Get consumer account ID and then populate the variable:

      export accountId=<consumer_account_id>
      
    • Run this command to revoke the account:

      curl -X POST -sH "Authorization:${iam_token}" \
      "$vpc_api_endpoint/v1/private_path_service_gateways/{ppsgId}?version=$api_version&generation=2" \
      -d {
        "account": {
          "id": "$accountId"
        }
      }'
      

Revoking an account's access a Private Path service with Terraform

Terraform will support this feature after it reaches General Availability (GA) and is officially released.

The following example revokes an account's access to a Private Path network by using Terraform:

resource "ibm_is_private_path_service_gateway_revoke_account" "example" {
  account = "7f75c7b025e54bc5635f754b2f888665"
  private_path_service_gateway = ibm_is_private_path_service_gateway.ppsg.id
}