Skip to main content

Save Change Request

Save a Change Request by sending an HTTPS POST request to https://graph.prod.firemon.cloud/graphql

The change request will be saved, and the process of evaluation against all enforced Boundaries will begin, asynchronously.

The status of the change request can be checked by using the Get Change Request query.

The Authorization header of the request should be the IdToken obtained by authentication.

The body of the request should be in the following format:

{
  "query": "mutation saveChangeRequest($input: ChangeRequestInput!) { saveChangeRequest(input: $input) { id }",
  "operationName": "saveChangeRequest",
  "variables": {
    "input": {
      "id": "", // To create a new change request leave id blank. To update an existing change request provide its id.
      "name": "",
      "projectId": "", // Leave blank to create the request in the root project.
      "rules": [
        {
          "action": "Allow", // Allow or Deny
          "sources": [
            {
              "type": "Cidr", // Any, Cidr, ConnectGroup or Inventoryitem

              // If type is Cidr:
              "cidr": "",

              // If type is ConnectGroup:
              "groupId": "",

              // If type is Inventoryitem. These fields are all found on InventoryItems:
              "itemKey": {
                "accountId": "",
                "region": "",
                "type": "",
                "id": ""
              }
            }
          ],
          "destinations": [], // Same format as sources above.
          "services": [
            {
              "type": "TCP", // AllICMPv4, AllICMPv6, AllTCP, AllTraffic, AllUDP, CustomProtocol, ICMPv4, ICMPv6, TCP, UDP, or PortRangeSize

              // If type is CustomProtocol:
              "protocol": 0,

              // If type is ICMPv4 or ICMPv6:
              "icmpType": 0,
              "icmpCode": 0,

              // If type is TCP or UDP:
              "portStart": 0,
              "portEnd": 0,

              // If type is PortRangeSize:
              "maxSize": 0
            }
          ],
          "justification": "",
          "comment": "",
          "owner": "",
          "expiration": ""
        }
      ]
    }
  }
}

An example:

{
  "query": "mutation saveChangeRequest($input: ChangeRequestInput!) { saveChangeRequest(input: $input) { id }}",
  "operationName": "saveChangeRequest",
  "variables": {
    "input": {
      "id": "",
      "name": "Allow all outbound HTTS from Lab",
      "projectId": "",
      "rules": [
        {
          "action": "Allow",
          "sources": [
            {
              "type": "Cidr",
              "cidr": "10.10.10.0/24"
            }
          ],
          "destinations": [
            {
              "type": "Any"
            }
          ],
          "services": [
            {
              "type": "TCP",
              "portStart": 443,
              "portEnd": 443
            }
          ]
        }
      ]
    }
  }
}

An example using cURL

curl --request POST \
  --url https://eyiqmnnb6bhmnfbrjkbt5wvdpq.appsync-api.us-west-2.amazonaws.com/graphql \
  --header 'Authorization: IdToken' \
  --header 'Content-Type: application/json' \
  --data '{"query":"mutation saveChangeRequest($input: ChangeRequestInput!) { saveChangeRequest(input: $input) { id }}","operationName":"saveChangeRequest","variables":{"input":{"id":"e1a1d40b-3e11-45bd-8bd7-7f706e6ab940","name":"test","projectId":"","rules":[{"action":"Allow","sources":[{"type":"Cidr","cidr":"10.10.10.0/24"}],"destinations":[{"type":"Any"}],"services":[{"type":"TCP","portStart":443,"portEnd":443}]}]}}}'