|
| 1 | +--- |
| 2 | +layout: blog-single |
| 3 | +title: "Add an IP Address to a Fastly ACL via the CLI with Magento" |
| 4 | +date: July 20, 2023 |
| 5 | +image: |
| 6 | +tags: [Magento] |
| 7 | +related_posts: |
| 8 | +--- |
| 9 | + |
| 10 | +Recently I was in a bit of a pickle on a new Magento project that my company was taking over. |
| 11 | + |
| 12 | +Access to the staging site was restricted via Fastly. I had SSH access to the environment, but my IP address was not allowed via the ACL, so I couldn't connect to the website's backend UI to grant myself access. |
| 13 | + |
| 14 | +I wound up figuring out how to manage this via the CLI. Since I struggled a bit with figuring this out I figured I'd shared my findings here. |
| 15 | + |
| 16 | +<!-- excerpt_separator --> |
| 17 | + |
| 18 | +### The Endpoint to Call |
| 19 | + |
| 20 | +IP addresses can be added to an ACL via the ["Create an ACL entry"](https://developer.fastly.com/reference/api/acls/acl-entry/#create-acl-entry) resource. |
| 21 | + |
| 22 | +The request looks like this |
| 23 | + |
| 24 | +``` |
| 25 | +POST /service/[service_id]/acl/[acl_id]/entry |
| 26 | +``` |
| 27 | + |
| 28 | +The IP address is then passed in the request body along with other parameters such as a comment |
| 29 | + |
| 30 | +### Figuring Out The Service ID |
| 31 | + |
| 32 | +Assuming you are using Magento Cloud the Service ID (and Fastly Key) can be found in the `/mnt/shared/fastly_tokens.txt` file. "API Token" is the `FASTLY_KEY` and "Serivce ID" is the `SERVICE_ID`. |
| 33 | + |
| 34 | +### Finding the ACL ID |
| 35 | + |
| 36 | +First, get the active version. You can do this as follows, assuming you have `jq` installed. |
| 37 | + |
| 38 | +``` |
| 39 | +# Get the active version. In this example 105 is active |
| 40 | +$ curl --silent -H "Fastly-Key: FASTLY_KEY" https://api.fastly.com/service/SERVICE_ID/version \ |
| 41 | + | jq '.[] | if .active then .number else empty end' |
| 42 | +105 |
| 43 | +``` |
| 44 | + |
| 45 | +Next review the list of ACLs for that version |
| 46 | + |
| 47 | +``` |
| 48 | +$ curl --silent -H "Fastly-Key: FASTLY_KEY" https://api.fastly.com/service/SERVICE_ID/version/VERSION/acl | jq |
| 49 | +``` |
| 50 | + |
| 51 | +Here you will find the id of the ACL you want to append to |
| 52 | + |
| 53 | +### Adding the IP |
| 54 | + |
| 55 | +You can certainly issue a curl request, but another option is to do this with `n98-magerun2 dev:console`, which is how I did it. The commands I ran looked like this... |
| 56 | + |
| 57 | +``` |
| 58 | +$ XDG_CONFIG_HOME=~/var/ var/n98-magerun2.phar dev:console |
| 59 | +>>> $api = $di->get('Fastly\Cdn\Model\Api') |
| 60 | +>>> $api->upsertAclItem(ACL_ID, IP_TO_INSERT, null, COMMENT) |
| 61 | +``` |
| 62 | + |
0 commit comments