doctl databases firewalls append

Go to Navigation

Usage

doctl databases firewalls append <database-cluster-id> --rule <type>:<value> [flags]

Aliases

a

Description

Appends a single rule to the existing firewall rules of the specified database.

This command requires the --rule flag specifying the resource or resources allowed to access the database cluster. The rule passed to the --rule flag must be in a : format where: - type is the type of resource that the firewall rule allows to access the database cluster. Possible values are: droplet, k8s", ip_addr, tag, app-value` is either the ID of a specific resource, the name of a tag applied to a group of resources, or the IP address that the firewall rule allows to access the database cluster.

Example

The following example appends a firewall rule to a database cluster with the ID ca9f591d-f38h-5555-a0ef-1c02d1d1e35 that allows any resources with the example-tag to access the database:

doctl databases firewalls append ca9f591d-f38h-5555-a0ef-1c02d1d1e35 --rule tag:example-tag

Flags

Option Description
--help , -h Help for this command
--rule (required)
Command Description
doctl databases firewalls Display commands to manage firewall rules (called`trusted sources` in the control panel) for database clusters

Global Flags

Option Description
--access-token, -t API V2 access token
--api-url, -u Override default API endpoint
--config, -c Specify a custom config file
Default:
  • macOS: ${HOME}/Library/Application Support/doctl/config.yaml
  • Linux: ${XDG_CONFIG_HOME}/doctl/config.yaml
  • Windows: %APPDATA%\doctl\config.yaml
--context Specify a custom authentication context name
--http-retry-max Set maximum number of retries for requests that fail with a 429 or 500-level error
Default: 5
--http-retry-wait-max Set the minimum number of seconds to wait before retrying a failed request
Default: 30
--http-retry-wait-min Set the maximum number of seconds to wait before retrying a failed request
Default: 1
--interactive Enable interactive behavior. Defaults to true if the terminal supports it (default false)
Default: false
--output, -o Desired output format [text|json]
Default: text
--trace Show a log of network activity while performing a command
Default: false
--verbose, -v Enable verbose output
Default: false