For AI agents: The documentation index is at https://docs.digitalocean.com/llms.txt. Markdown versions of pages use the same URL with index.html.md in place of the HTML page (for example, append index.html.md to the directory path instead of opening the HTML document).

Usage

client.databases.update_firewall_rules(
    database_cluster_uuid="9cc10173-e9ea-4176-9dbc-a4cee4c4ff30",
    body={
        "rules": [...],
    },
)

Description

To update a database cluster’s firewall rules (known as “trusted sources” in the control panel), send a PUT request to /v2/databases/{database_cluster_uuid}/firewall specifying which resources should be able to open connections to the database. You may limit connections to specific Droplets, Kubernetes clusters, or IP addresses. When a tag is provided, any Droplet or Kubernetes node with that tag applied to it will have access. The firewall is limited to 100 rules (or trusted sources). When possible, we recommend placing your databases into a VPC network to limit access to them instead of using a firewall. A successful

Parameters

database_cluster_uuid string required

A unique identifier for a database cluster.

rules array of objects optional

Show child properties

uuid string optional

Example: 79f26d28-ea8a-41f2-8ad8-8cfcdd020095

A unique ID for the firewall rule itself.

cluster_uuid string optional read-only

Example: 9cc10173-e9ea-4176-9dbc-a4cee4c4ff30

A unique ID for the database cluster to which the rule is applied.

type string required

The type of resource that the firewall rule allows to access the database cluster.

One of: droplet, k8s, ip_addr, tag, app

value string required

Example: ff2a6c52-5a44-4b63-b99c-0e98e7a63d61

The ID of the specific resource, the name of a tag applied to a group of resources, or the IP address that the firewall rule allows to access the database cluster.

created_at string optional read-only

Example: 2019-01-11T18:37:36Z

A time value given in ISO8601 combined date and time format that represents when the firewall rule was created.

description string optional

Example: an IP address for local development

A human-readable description of the rule.

Request Sample

import os
from pydo import Client

client = Client(token=os.environ.get("DIGITALOCEAN_TOKEN"))

req = {
  "rules": [
    {
      "type": "ip_addr",
      "value": "192.168.1.1",
      "description": "a development IP address",
    },
    {
      "type": "k8s",
      "value": "ff2a6c52-5a44-4b63-b99c-0e98e7a63d61"
    },
    {
      "type": "droplet",
      "value": "163973392"
    },
    {
      "type": "tag",
      "value": "backend"
    }
  ]
}
update_resp = client.databases.update_firewall_rules(database_cluster_uuid="a7a8bas", body=req)

More Information

See /v2/databases/{database_cluster_uuid}/firewall in the API reference for additional detail on responses, headers, parameters, and more.