Change Crypto Domain Configuration

The Change Crypto Domain Configuration operation can be used to change the configuration of a single crypto domain that is already configured.

HTTP method and URI

POST /api/partitions/{partition-id}/operations/change-crypto-domain-configuration

In this request, the URI variable {partition-id} is the object ID of the target Partition object.

Request body contents

The request body is a JSON object with the following fields:

Field name Type Rqd/Opt Description
domain-index Integer Required Index of the domain to be changed. See Table 2.
access-mode String Enum Required The new value of the access-mode property of the crypto domain configuration identified by the domain-index. See Table 2.

The structure of crypto domain configuration objects is described in crypto-configuration object properties.

Description

This operation changes the access mode for a crypto domain configuration that is currently included in the crypto configuration of the partition.

If this operation changes the value of any property for which property-change notifications are due, those notifications are issued asynchronously to this operation.

A 404 (Not Found) status code is returned if the object-id in the URI {partition-id} does not designate an existing Partition object, or the API user does not have object-access permission to it. If the API user doesn't have action/task permission to Partition Details task 403 (Forbidden) status code is returned. If the partition is in one of the transitional states ("starting" or "stopping"), or if the CPC is not in a valid state, a 409 (Conflict) status code is returned.

Authorization requirements

This operation has the following authorization requirements:
  • Object-access permission to the Partition object designated by {partition-id}.
  • Action/task permission to the Partition Details task.

HTTP status and reason codes

On success, HTTP status code 204 (No Content) is returned and no response body is provided.

The following HTTP status codes are returned for the indicated errors, and the response body is a standard error response body providing the reason code indicated and associated error message.

Table 1. Change Crypto Domain Configuration: HTTP status and reason codes
HTTP error status code Reason code Description
400 (Bad Request) Various Errors were detected during common request validation. See Common request validation reason codes for a list of the possible reason codes.
403 (Forbidden) 1 The API user does not have the required permission for this operation.
404 (Not Found) 1 The partition with object-id {partition-id} does not exist, or the API user does not have object-access permission to it.
409 (Conflict) 1 The operation cannot be performed because the object designated by the request URI is not in the correct state.
2 The operation cannot be performed because the object designated by the request URI is currently busy performing some other operation.
6 The state of the CPC hosting the partition is not valid to perform the operation (must be in one of the following states: "active", "service-required", "degraded", or "exceptions").
10 The operation cannot be performed because the affected SE is in the process of being shut down.
111 The resulting crypto configuration is invalid because it does not contain at least one domain configuration with "control-usage".
112 The resulting crypto configuration contains at least one domain index with "control-usage" which is already configured for "control-usage" by another partition.
115 The index used in the request is not part of the crypto configuration of the targeted partition.
125 One or more domains of type "control-usage" could not be removed from the crypto configuration because the designated partition is active and the corresponding crypto configuration includes one ore more crypto adapters in state "online". To allow the removal of usage domains, either stop the partition or configure off all crypto adapters in state "online" within the operating system running in the partition.
503 (Service Unavailable) 1 The request could not be processed because the HMC is not currently communicating with an SE needed to perform the requested operation.

Additional standard status and reason codes can be returned, as described in Invoking API operations.

Example HTTP interaction

Figure 1. Change Crypto Domain Configuration: Request
POST /api/partitions/7eedd6e4-e0fb-11e5-9731-42f2e9cfe851/operations/change-crypto-
  domain-configuration HTTP/1.1
x-api-session: 4eiaktj22cbpeiya9yxax1af21u0lwyodll9iicrhy6egy3trp
content-type: application/json
content-length: 51
{
   "access-mode":"control-usage",
   "domain-index":1
}
Figure 2. Change Crypto Domain Configuration: Response
204 No Content
server: zSeries management console API web server / 2.0
cache-control: no-cache
date: Thu, 03 Mar 2016 06:01:20 GMT

<No response body>