doctl databases firewalls append <db-id> --rule type:value [flags]
a
Use this command to append a single rule to the existing firewall rules of a given database. This command requires the ID of a database cluster, which you can retrieve by calling:
doctl databases list
This command also requires a –rule flag. Each rule passed in to the –rule flag must be of format type:value - “type” is the type of resource that the firewall rule allows to access the database cluster. The possible values for type are: “droplet”, “k8s”, “ip_addr”, “tag”, or “app” - “value” is either the ID of the specific resource, the name of a tag applied to a group of resources, or the IP address that the firewall rule allows to access the database cluster
For example:
doctl databases firewalls append d1234-1c12-1234-b123-12345c4789 --rule tag:backend
This would append the firewall rule “tag:backend” for database of id d1234-1c12-1234-b123-12345c4789
Option | Description |
---|---|
--help
, -h
|
Help for this command |
--rule
|
(required) |
Command | Description |
---|---|
doctl databases firewalls | Display commands to manage firewall rules (called`trusted sources` in the control panel) for database clusters |
Option | Description |
---|---|
--access-token , -t
|
API V2 access token |
--api-url , -u
|
Override default API endpoint |
--config , -c
|
Specify a custom config file
Default:
|
--context
|
Specify a custom authentication context name |
--http-retry-max
|
Set maximum number of retries for requests that fail with a 429 or 500-level error
Default: 5
|
--http-retry-wait-max
|
Set the minimum number of seconds to wait before retrying a failed request
Default: 30
|
--http-retry-wait-min
|
Set the maximum number of seconds to wait before retrying a failed request
Default: 1
|
--interactive
|
Enable interactive behavior. Defaults to true if the terminal supports it (default false)
Default: false
|
--output , -o
|
Desired output format [text|json]
Default: text
|
--trace
|
Show a log of network activity while performing a command
Default: false
|
--verbose , -v
|
Enable verbose output
Default: false
|