NSX-T Data Center Global Manager REST API
ALBAcceptedCipherEnums (schema)
AcceptedCipherEnums type
Valid ENUM values for ALBAcceptedCipherEnums
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBAcceptedCipherEnums | AcceptedCipherEnums type Valid ENUM values for ALBAcceptedCipherEnums |
string | Enum: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_GCM_SHA256 |
ALBActiveStandbySeTag (schema)
ActiveStandbySeTag type
Valid ENUM values for ALBActiveStandbySeTag
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBActiveStandbySeTag | ActiveStandbySeTag type Valid ENUM values for ALBActiveStandbySeTag |
string | Enum: ACTIVE_STANDBY_SE_1, ACTIVE_STANDBY_SE_2 |
ALBAlertScriptConfig (schema)
AlertScriptConfig
Advanced load balancer AlertScriptConfig object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| action_script | Action script User Defined Alert Action Script. Please refer to kb.avinetworks.com for more information. |
string | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBAlertScriptConfig | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ALBAnalyticsPolicy (schema)
AnalyticsPolicy
Advanced load balancer AnalyticsPolicy object
| Name | Description | Type | Notes |
|---|---|---|---|
| all_headers | All headers Log all headers. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| client_insights | Client insights Gain insights from sampled client to server HTTP requests and responses. Enum options - NO_INSIGHTS, PASSIVE, ACTIVE. Default value when not specified in API or module is interpreted by ALB Controller as NO_INSIGHTS. |
ALBClientInsights | Default: "NO_INSIGHTS" |
| client_insights_sampling | Client insights sampling Placeholder for description of property client_insights_sampling of obj type AnalyticsPolicy field type str type ref. |
ALBClientInsightsSampling | |
| client_log_filters | Client log filters Placeholder for description of property client_log_filters of obj type AnalyticsPolicy field type str type array. |
array of ALBClientLogFilter | |
| full_client_logs | Full client logs Placeholder for description of property full_client_logs of obj type AnalyticsPolicy field type str type ref. |
ALBFullClientLogs | |
| metrics_realtime_update | Metrics realtime update Settings to turn on realtime metrics and set duration for realtime updates. |
ALBMetricsRealTimeUpdate | |
| significant_log_throttle | Significant log throttle This setting limits the number of significant logs generated per second for this VS on each SE. Default is 10 logs per second. Set it to zero (0) to deactivate throttling. Unit is PER_SECOND. Default value when not specified in API or module is interpreted by ALB Controller as 10. |
integer | Default: "10" |
| udf_log_throttle | Udf log throttle This setting limits the total number of UDF logs generated per second for this VS on each SE. UDF logs are generated due to the configured client log filters or the rules with logging enabled. Default is 10 logs per second. Set it to zero (0) to deactivate throttling. Unit is PER_SECOND. Default value when not specified in API or module is interpreted by ALB Controller as 10. |
integer | Default: "10" |
ALBAnalyticsProfile (schema)
AnalyticsProfile
Advanced load balancer AnalyticsProfile object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| apdex_response_threshold | Apdex response threshold If a client receives an HTTP response in less than the Satisfactory Latency Threshold, the request is considered Satisfied. It is considered Tolerated if it is not Satisfied and less than Tolerated Latency Factor multiplied by the Satisfactory Latency Threshold. Greater than this number and the client's request is considered Frustrated. Allowed values are 1-30000. Unit is MILLISECONDS. Allowed in Basic(Allowed values- 500) edition, Essentials(Allowed values- 500) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 500. |
integer | Minimum: 1 Maximum: 30000 Default: "500" |
| apdex_response_tolerated_factor | Apdex response tolerated factor Client tolerated response latency factor. Client must receive a response within this factor times the satisfactory threshold (apdex_response_threshold) to be considered tolerated. Allowed values are 1-1000. Allowed in Basic(Allowed values- 4) edition, Essentials(Allowed values- 4) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 4.0. |
number | Default: "4.0" |
| apdex_rtt_threshold | Apdex rtt threshold Satisfactory client to Avi Round Trip Time(RTT). Allowed values are 1-2000. Unit is MILLISECONDS. Allowed in Basic(Allowed values- 250) edition, Essentials(Allowed values- 250) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 250. |
integer | Minimum: 1 Maximum: 2000 Default: "250" |
| apdex_rtt_tolerated_factor | Apdex rtt tolerated factor Tolerated client to Avi Round Trip Time(RTT) factor. It is a multiple of apdex_rtt_tolerated_factor. Allowed values are 1-1000. Allowed in Basic(Allowed values- 4) edition, Essentials(Allowed values- 4) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 4.0. |
number | Default: "4.0" |
| apdex_rum_threshold | Apdex rum threshold If a client is able to load a page in less than the Satisfactory Latency Threshold, the PageLoad is considered Satisfied. It is considered tolerated if it is greater than Satisfied but less than the Tolerated Latency multiplied by Satisifed Latency. Greater than this number and the client's request is considered Frustrated. A PageLoad includes the time for DNS lookup, download of all HTTP objects, and page render time. Allowed values are 1-30000. Unit is MILLISECONDS. Allowed in Basic(Allowed values- 5000) edition, Essentials(Allowed values- 5000) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 5000. |
integer | Minimum: 1 Maximum: 30000 Default: "5000" |
| apdex_rum_tolerated_factor | Apdex rum tolerated factor Virtual service threshold factor for tolerated Page Load Time (PLT) as multiple of apdex_rum_threshold. Allowed values are 1-1000. Allowed in Basic(Allowed values- 4) edition, Essentials(Allowed values- 4) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 4.0. |
number | Default: "4.0" |
| apdex_server_response_threshold | Apdex server response threshold A server HTTP response is considered Satisfied if latency is less than the Satisfactory Latency Threshold. The response is considered tolerated when it is greater than Satisfied but less than the Tolerated Latency Factor (STAR) S_Latency. Greater than this number and the server response is considered Frustrated. Allowed values are 1-30000. Unit is MILLISECONDS. Allowed in Basic(Allowed values- 400) edition, Essentials(Allowed values- 400) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 400. |
integer | Minimum: 1 Maximum: 30000 Default: "400" |
| apdex_server_response_tolerated_factor | Apdex server response tolerated factor Server tolerated response latency factor. Servermust response within this factor times the satisfactory threshold (apdex_server_response_threshold) to be considered tolerated. Allowed values are 1-1000. Allowed in Basic(Allowed values- 4) edition, Essentials(Allowed values- 4) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 4.0. |
number | Default: "4.0" |
| apdex_server_rtt_threshold | Apdex server rtt threshold Satisfactory client to Avi Round Trip Time(RTT). Allowed values are 1-2000. Unit is MILLISECONDS. Allowed in Basic(Allowed values- 125) edition, Essentials(Allowed values- 125) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 125. |
integer | Minimum: 1 Maximum: 2000 Default: "125" |
| apdex_server_rtt_tolerated_factor | Apdex server rtt tolerated factor Tolerated client to Avi Round Trip Time(RTT) factor. It is a multiple of apdex_rtt_tolerated_factor. Allowed values are 1-1000. Allowed in Basic(Allowed values- 4) edition, Essentials(Allowed values- 4) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 4.0. |
number | Default: "4.0" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| client_log_config | Client log config Configure which logs are sent to the Avi Controller from SEs and how they are processed. |
ALBClientLogConfiguration | |
| client_log_streaming_config | Client log streaming config Configure to stream logs to an external server. Allowed in Basic edition, Essentials edition, Enterprise edition. |
ALBClientLogStreamingConfig | |
| conn_lossy_ooo_threshold | Conn lossy ooo threshold A connection between client and Avi is considered lossy when more than this percentage of out of order packets are received. Allowed values are 1-100. Unit is PERCENT. Allowed in Basic(Allowed values- 50) edition, Essentials(Allowed values- 50) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 50. |
integer | Minimum: 1 Maximum: 100 Default: "50" |
| conn_lossy_timeo_rexmt_threshold | Conn lossy timeo rexmt threshold A connection between client and Avi is considered lossy when more than this percentage of packets are retransmitted due to timeout. Allowed values are 1-100. Unit is PERCENT. Allowed in Basic(Allowed values- 20) edition, Essentials(Allowed values- 20) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 20. |
integer | Minimum: 1 Maximum: 100 Default: "20" |
| conn_lossy_total_rexmt_threshold | Conn lossy total rexmt threshold A connection between client and Avi is considered lossy when more than this percentage of packets are retransmitted. Allowed values are 1-100. Unit is PERCENT. Allowed in Basic(Allowed values- 50) edition, Essentials(Allowed values- 50) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 50. |
integer | Minimum: 1 Maximum: 100 Default: "50" |
| conn_lossy_zero_win_size_event_threshold | Conn lossy zero win size event threshold A client connection is considered lossy when percentage of times a packet could not be trasmitted due to TCP zero window is above this threshold. Allowed values are 0-100. Unit is PERCENT. Allowed in Basic(Allowed values- 2) edition, Essentials(Allowed values- 2) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 2. |
integer | Minimum: 0 Maximum: 100 Default: "2" |
| conn_server_lossy_ooo_threshold | Conn server lossy ooo threshold A connection between Avi and server is considered lossy when more than this percentage of out of order packets are received. Allowed values are 1-100. Unit is PERCENT. Allowed in Basic(Allowed values- 50) edition, Essentials(Allowed values- 50) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 50. |
integer | Minimum: 1 Maximum: 100 Default: "50" |
| conn_server_lossy_timeo_rexmt_threshold | Conn server lossy timeo rexmt threshold A connection between Avi and server is considered lossy when more than this percentage of packets are retransmitted due to timeout. Allowed values are 1-100. Unit is PERCENT. Allowed in Basic(Allowed values- 20) edition, Essentials(Allowed values- 20) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 20. |
integer | Minimum: 1 Maximum: 100 Default: "20" |
| conn_server_lossy_total_rexmt_threshold | Conn server lossy total rexmt threshold A connection between Avi and server is considered lossy when more than this percentage of packets are retransmitted. Allowed values are 1-100. Unit is PERCENT. Allowed in Basic(Allowed values- 50) edition, Essentials(Allowed values- 50) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 50. |
integer | Minimum: 1 Maximum: 100 Default: "50" |
| conn_server_lossy_zero_win_size_event_threshold | Conn server lossy zero win size event threshold A server connection is considered lossy when percentage of times a packet could not be trasmitted due to TCP zero window is above this threshold. Allowed values are 0-100. Unit is PERCENT. Allowed in Basic(Allowed values- 2) edition, Essentials(Allowed values- 2) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 2. |
integer | Minimum: 0 Maximum: 100 Default: "2" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enable_adaptive_config | Enable adaptive config Enable adaptive configuration for optimizing resource usage. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| enable_advanced_analytics | Enable advanced analytics Enables Advanced Analytics features like Anomaly detection. If set to false, anomaly computation (and associated rules/events) for VS, Pool and Server metrics will be deactivated. However, setting it to false reduces cpu and memory requirements for Analytics subsystem. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Special default for Basic edition is false, Essentials edition is false, Enterprise is True. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| enable_ondemand_metrics | Enable ondemand metrics Virtual Service (VS) metrics are processed only when there is live data traffic on the VS. In case, VS is idle for a period of time as specified by ondemand_metrics_idle_timeout then metrics processing is suspended for that VS. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| enable_se_analytics | Enable se analytics Enable node (service engine) level analytics forvs metrics. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| enable_server_analytics | Enable server analytics Enables analytics on backend servers. This may be desired in container environment when there are large number of ephemeral servers. Additionally, no healthscore of servers is computed when server analytics is enabled. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| enable_vs_analytics | Enable vs analytics Enable VirtualService (frontend) Analytics. This flag enables metrics and healthscore for Virtualservice. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| exclude_client_close_before_request_as_error | Exclude client close before request as error Exclude client closed connection before an HTTP request could be completed from being classified as an error. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| exclude_dns_policy_drop_as_significant | Exclude dns policy drop as significant Exclude dns policy drops from the list of errors. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| exclude_gs_down_as_error | Exclude gs down as error Exclude queries to GSLB services that are operationally down from the list of errors. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| exclude_http_error_codes | Exclude http error codes List of HTTP status codes to be excluded from being classified as an error. Error connections or responses impacts health score, are included as significant logs, and may be classified as part of a DoS attack. |
array of integer | |
| exclude_invalid_dns_domain_as_error | Exclude invalid dns domain as error Exclude dns queries to domains outside the domains configured in the DNS application profile from the list of errors. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| exclude_invalid_dns_query_as_error | Exclude invalid dns query as error Exclude invalid dns queries from the list of errors. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| exclude_issuer_revoked_ocsp_responses_as_error | Exclude issuer revoked ocsp responses as error Exclude the Issuer-Revoked OCSP Responses from the list of errors. Allowed in Basic(Allowed values- true) edition, Essentials(Allowed values- true) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| exclude_no_dns_record_as_error | Exclude no dns record as error Exclude queries to domains that did not have configured services/records from the list of errors. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| exclude_no_valid_gs_member_as_error | Exclude no valid gs member as error Exclude queries to GSLB services that have no available members from the list of errors. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| exclude_persistence_change_as_error | Exclude persistence change as error Exclude persistence server changed while load balancing' from the list of errors. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| exclude_revoked_ocsp_responses_as_error | Exclude revoked ocsp responses as error Exclude the Revoked OCSP certificate status responses from the list of errors. Allowed in Basic(Allowed values- true) edition, Essentials(Allowed values- true) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| exclude_server_dns_error_as_error | Exclude server dns error as error Exclude server dns error response from the list of errors. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| exclude_server_tcp_reset_as_error | Exclude server tcp reset as error Exclude server TCP reset from errors. It is common for applications like MS Exchange. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| exclude_sip_error_codes | Exclude sip error codes List of SIP status codes to be excluded from being classified as an error. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of integer | |
| exclude_stale_ocsp_responses_as_error | Exclude stale ocsp responses as error Exclude the Stale OCSP certificate status responses from the list of errors. Allowed in Basic(Allowed values- true) edition, Essentials(Allowed values- true) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| exclude_syn_retransmit_as_error | Exclude syn retransmit as error Exclude 'server unanswered syns' from the list of errors. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| exclude_tcp_reset_as_error | Exclude tcp reset as error Exclude TCP resets by client from the list of potential errors. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| exclude_unavailable_ocsp_responses_as_error | Exclude unavailable ocsp responses as error Exclude the unavailable OCSP Responses from the list of errors. Allowed in Basic(Allowed values- true) edition, Essentials(Allowed values- true) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| exclude_unsupported_dns_query_as_error | Exclude unsupported dns query as error Exclude unsupported dns queries from the list of errors. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| healthscore_max_server_limit | Healthscore max server limit Skips health score computation of pool servers when number of servers in a pool is more than this setting. Allowed values are 0-5000. Special values are 0- 'server health score is deactivated'. Allowed in Basic(Allowed values- 0) edition, Essentials(Allowed values- 0) edition, Enterprise edition. Special default for Basic edition is 0, Essentials edition is 0, Enterprise is 20. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Minimum: 0 Maximum: 5000 Default: "0" |
| hs_event_throttle_window | Hs event throttle window Time window (in secs) within which only unique health change events should occur. Allowed in Basic(Allowed values- 1209600) edition, Essentials(Allowed values- 1209600) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 1209600. |
integer | Default: "1209600" |
| hs_max_anomaly_penalty | Hs max anomaly penalty Maximum penalty that may be deducted from health score for anomalies. Allowed values are 0-100. Allowed in Basic(Allowed values- 10) edition, Essentials(Allowed values- 10) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 10. |
integer | Minimum: 0 Maximum: 100 Default: "10" |
| hs_max_resources_penalty | Hs max resources penalty Maximum penalty that may be deducted from health score for high resource utilization. Allowed values are 0-100. Allowed in Basic(Allowed values- 25) edition, Essentials(Allowed values- 25) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 25. |
integer | Minimum: 0 Maximum: 100 Default: "25" |
| hs_max_security_penalty | Hs max security penalty Maximum penalty that may be deducted from health score based on security assessment. Allowed values are 0-100. Allowed in Basic(Allowed values- 100) edition, Essentials(Allowed values- 100) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 100. |
integer | Minimum: 0 Maximum: 100 Default: "100" |
| hs_min_dos_rate | Hs min dos rate DoS connection rate below which the DoS security assessment will not kick in. Allowed in Basic(Allowed values- 1000) edition, Essentials(Allowed values- 1000) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 1000. |
integer | Default: "1000" |
| hs_performance_boost | Hs performance boost Adds free performance score credits to health score. It can be used for compensating health score for known slow applications. Allowed values are 0-100. Allowed in Basic(Allowed values- 0) edition, Essentials(Allowed values- 0) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Minimum: 0 Maximum: 100 Default: "0" |
| hs_pscore_traffic_threshold_l4_client | Hs pscore traffic threshold l4 client Threshold number of connections in 5min, below which apdexr, apdexc, rum_apdex, and other network quality metrics are not computed. Allowed in Basic(Allowed values- 10) edition, Essentials(Allowed values- 10) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 10.0. |
number | Default: "10.0" |
| hs_pscore_traffic_threshold_l4_server | Hs pscore traffic threshold l4 server Threshold number of connections in 5min, below which apdexr, apdexc, rum_apdex, and other network quality metrics are not computed. Allowed in Basic(Allowed values- 10) edition, Essentials(Allowed values- 10) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 10.0. |
number | Default: "10.0" |
| hs_security_certscore_expired | Hs security certscore expired Score assigned when the certificate has expired. Allowed values are 0-5. Allowed in Basic(Allowed values- 0.0) edition, Essentials(Allowed values- 0.0) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 0.0. |
number | Default: "0.0" |
| hs_security_certscore_gt30d | Hs security certscore gt30d Score assigned when the certificate expires in more than 30 days. Allowed values are 0-5. Allowed in Basic(Allowed values- 5.0) edition, Essentials(Allowed values- 5.0) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 5.0. |
number | Default: "5.0" |
| hs_security_certscore_le07d | Hs security certscore le07d Score assigned when the certificate expires in less than or equal to 7 days. Allowed values are 0-5. Allowed in Basic(Allowed values- 2.0) edition, Essentials(Allowed values- 2.0) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 2.0. |
number | Default: "2.0" |
| hs_security_certscore_le30d | Hs security certscore le30d Score assigned when the certificate expires in less than or equal to 30 days. Allowed values are 0-5. Allowed in Basic(Allowed values- 4.0) edition, Essentials(Allowed values- 4.0) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 4.0. |
number | Default: "4.0" |
| hs_security_chain_invalidity_penalty | Hs security chain invalidity penalty Penalty for allowing certificates with invalid chain. Allowed values are 0-5. Allowed in Basic(Allowed values- 1.0) edition, Essentials(Allowed values- 1.0) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 1.0. |
number | Default: "1.0" |
| hs_security_cipherscore_eq000b | Hs security cipherscore eq000b Score assigned when the minimum cipher strength is 0 bits. Allowed values are 0-5. Allowed in Basic(Allowed values- 0.0) edition, Essentials(Allowed values- 0.0) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 0.0. |
number | Default: "0.0" |
| hs_security_cipherscore_ge128b | Hs security cipherscore ge128b Score assigned when the minimum cipher strength is greater than equal to 128 bits. Allowed values are 0-5. Allowed in Basic(Allowed values- 5.0) edition, Essentials(Allowed values- 5.0) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 5.0. |
number | Default: "5.0" |
| hs_security_cipherscore_lt128b | Hs security cipherscore lt128b Score assigned when the minimum cipher strength is less than 128 bits. Allowed values are 0-5. Allowed in Basic(Allowed values- 3.5) edition, Essentials(Allowed values- 3.5) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 3.5. |
number | Default: "3.5" |
| hs_security_encalgo_score_none | Hs security encalgo score none Score assigned when no algorithm is used for encryption. Allowed values are 0-5. Allowed in Basic(Allowed values- 0.0) edition, Essentials(Allowed values- 0.0) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 0.0. |
number | Default: "0.0" |
| hs_security_encalgo_score_rc4 | Hs security encalgo score rc4 Score assigned when RC4 algorithm is used for encryption. Allowed values are 0-5. Allowed in Basic(Allowed values- 2.5) edition, Essentials(Allowed values- 2.5) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 2.5. |
number | Default: "2.5" |
| hs_security_hsts_penalty | Hs security hsts penalty Penalty for not enabling HSTS. Allowed values are 0-5. Allowed in Basic(Allowed values- 1.0) edition, Essentials(Allowed values- 1.0) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 1.0. |
number | Default: "1.0" |
| hs_security_nonpfs_penalty | Hs security nonpfs penalty Penalty for allowing non-PFS handshakes. Allowed values are 0-5. Allowed in Basic(Allowed values- 1.0) edition, Essentials(Allowed values- 1.0) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 1.0. |
number | Default: "1.0" |
| hs_security_ocsp_revoked_score | Hs security ocsp revoked score Score assigned when OCSP Certificate Status is set to Revoked or Issuer Revoked. Allowed values are 0.0-5.0. Allowed in Basic(Allowed values- 0.0) edition, Essentials(Allowed values- 0.0) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 0.0. |
number | Default: "0.0" |
| hs_security_selfsignedcert_penalty | Hs security selfsignedcert penalty Deprecated. Allowed values are 0-5. Allowed in Basic(Allowed values- 1.0) edition, Essentials(Allowed values- 1.0) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 1.0. |
number | Default: "1.0" |
| hs_security_ssl30_score | Hs security ssl30 score Score assigned when supporting SSL3.0 encryption protocol. Allowed values are 0-5. Allowed in Basic(Allowed values- 3.5) edition, Essentials(Allowed values- 3.5) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 3.5. |
number | Default: "3.5" |
| hs_security_tls10_score | Hs security tls10 score Score assigned when supporting TLS1.0 encryption protocol. Allowed values are 0-5. Allowed in Basic(Allowed values- 5.0) edition, Essentials(Allowed values- 5.0) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 5.0. |
number | Default: "5.0" |
| hs_security_tls11_score | Hs security tls11 score Score assigned when supporting TLS1.1 encryption protocol. Allowed values are 0-5. Allowed in Basic(Allowed values- 5.0) edition, Essentials(Allowed values- 5.0) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 5.0. |
number | Default: "5.0" |
| hs_security_tls12_score | Hs security tls12 score Score assigned when supporting TLS1.2 encryption protocol. Allowed values are 0-5. Allowed in Basic(Allowed values- 5.0) edition, Essentials(Allowed values- 5.0) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 5.0. |
number | Default: "5.0" |
| hs_security_tls13_score | Hs security tls13 score Score assigned when supporting TLS1.3 encryption protocol. Allowed values are 0-5. Allowed in Basic(Allowed values- 5.0) edition, Essentials(Allowed values- 5.0) edition, Enterprise edition. |
number | |
| hs_security_weak_signature_algo_penalty | Hs security weak signature algo penalty Penalty for allowing weak signature algorithm(s). Allowed values are 0-5. Allowed in Basic(Allowed values- 1.0) edition, Essentials(Allowed values- 1.0) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 1.0. |
number | Default: "1.0" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| ondemand_metrics_idle_timeout | Ondemand metrics idle timeout This flag sets the time duration of no live data traffic after which Virtual Service metrics processing is suspended. It is applicable only when enable_ondemand_metrics is set to false. Unit is SECONDS. Default value when not specified in API or module is interpreted by ALB Controller as 1800. |
integer | Default: "1800" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| ranges | Ranges List of HTTP status code ranges to be excluded from being classified as an error. |
array of ALBHTTPStatusRange | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBAnalyticsProfile | string | |
| resp_code_block | Resp code block Block of HTTP response codes to be excluded from being classified as an error. Enum options - AP_HTTP_RSP_4XX, AP_HTTP_RSP_5XX. |
array of ALBAnalyticsProfileRespCodeBlock | |
| sensitive_log_profile | Sensitive log profile Rules applied to the HTTP application log for filtering sensitive information. Allowed in Basic edition, Essentials edition, Enterprise edition. |
ALBSensitiveLogProfile | |
| sip_log_depth | Sip log depth Maximum number of SIP messages added in logs for a SIP transaction. By default, this value is 20. Allowed values are 1-1000. Allowed in Basic(Allowed values- 20) edition, Essentials(Allowed values- 20) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 20. |
integer | Minimum: 1 Maximum: 1000 Default: "20" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ALBAnalyticsProfileApiResponse (schema)
AnalyticsProfileApiResponse
AnalyticsProfileApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of AnalyticsProfile Array of AnalyticsProfile |
array of ALBAnalyticsProfile | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALBAnalyticsProfileRespCodeBlock (schema)
AnalyticsProfileRespCodeBlock type
Valid ENUM values for ALBAnalyticsProfileRespCodeBlock
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBAnalyticsProfileRespCodeBlock | AnalyticsProfileRespCodeBlock type Valid ENUM values for ALBAnalyticsProfileRespCodeBlock |
string | Enum: AP_HTTP_RSP_4XX, AP_HTTP_RSP_5XX |
ALBAppCookiePersistenceProfile (schema)
AppCookiePersistenceProfile
Advanced load balancer AppCookiePersistenceProfile object
| Name | Description | Type | Notes |
|---|---|---|---|
| encryption_key | Encryption key Key to use for cookie encryption. |
string | |
| prst_hdr_name | Prst hdr name Header or cookie name for application cookie persistence. |
string | Required |
| timeout | Timeout The length of time after a client's connections have closed before expiring the client's persistence to a server. Allowed values are 1-720. Unit is MIN. Default value when not specified in API or module is interpreted by ALB Controller as 20. |
integer | Minimum: 1 Maximum: 720 Default: "20" |
ALBAppLearningConfidenceLabel (schema)
AppLearningConfidenceLabel type
Valid ENUM values for ALBAppLearningConfidenceLabel
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBAppLearningConfidenceLabel | AppLearningConfidenceLabel type Valid ENUM values for ALBAppLearningConfidenceLabel |
string | Enum: CONFIDENCE_VERY_HIGH, CONFIDENCE_HIGH, CONFIDENCE_PROBABLE, CONFIDENCE_LOW, CONFIDENCE_NONE |
ALBAppLearningConfidenceOverride (schema)
AppLearningConfidenceOverride
Advanced load balancer AppLearningConfidenceOverride object
| Name | Description | Type | Notes |
|---|---|---|---|
| confid_high_value | Confid high value Confidence threshold for label CONFIDENCE_HIGH. Default value when not specified in API or module is interpreted by ALB Controller as 9500. |
integer | Default: "9500" |
| confid_low_value | Confid low value Confidence threshold for label CONFIDENCE_LOW. Default value when not specified in API or module is interpreted by ALB Controller as 7500. |
integer | Default: "7500" |
| confid_probable_value | Confid probable value Confidence threshold for label CONFIDENCE_PROBABLE. Default value when not specified in API or module is interpreted by ALB Controller as 9000. |
integer | Default: "9000" |
| confid_very_high_value | Confid very high value Confidence threshold for label CONFIDENCE_VERY_HIGH. Default value when not specified in API or module is interpreted by ALB Controller as 9999. |
integer | Default: "9999" |
ALBAppLearningParams (schema)
AppLearningParams
Advanced load balancer AppLearningParams object
| Name | Description | Type | Notes |
|---|---|---|---|
| enable_per_uri_learning | Enable per uri learning Learn the params per URI path. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| max_params | Max params Maximum number of params to learn for an application. Allowed values are 10-1000. Default value when not specified in API or module is interpreted by ALB Controller as 100. |
integer | Minimum: 10 Maximum: 1000 Default: "100" |
| max_uris | Max uris Maximum number of URI paths to learn for an application. Allowed values are 10-10000. Default value when not specified in API or module is interpreted by ALB Controller as 500. |
integer | Minimum: 10 Maximum: 10000 Default: "500" |
| min_hits_to_learn | Min hits to learn Minimum number of occurances required for a Param to qualify for learning. Default value when not specified in API or module is interpreted by ALB Controller as 10000. |
integer | Default: "10000" |
| sampling_percent | Sampling percent Percent of the requests subjected to Application learning. Allowed values are 1-100. Unit is PERCENT. Default value when not specified in API or module is interpreted by ALB Controller as 1. |
integer | Minimum: 1 Maximum: 100 Default: "1" |
| update_interval | Update interval Frequency with which SE publishes Application learning data to controller. Allowed values are 1-60. Unit is MIN. Default value when not specified in API or module is interpreted by ALB Controller as 30. |
integer | Minimum: 1 Maximum: 60 Default: "30" |
ALBApplicationPersistenceProfile (schema)
ApplicationPersistenceProfile
Advanced load balancer ApplicationPersistenceProfile object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| app_cookie_persistence_profile | App cookie persistence profile Specifies the Application Cookie Persistence profile parameters. |
ALBAppCookiePersistenceProfile | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| hdr_persistence_profile | Hdr persistence profile Specifies the custom HTTP Header Persistence profile parameters. |
ALBHdrPersistenceProfile | |
| http_cookie_persistence_profile | Http cookie persistence profile Specifies the HTTP Cookie Persistence profile parameters. |
ALBHttpCookiePersistenceProfile | |
| id | Unique identifier of this resource | string | Sortable |
| ip_persistence_profile | Ip persistence profile Specifies the Client IP Persistence profile parameters. |
ALBIPPersistenceProfile | |
| is_federated | Is federated This field describes the object's replication scope. If the field is set to false, then the object is visible within the controller-cluster and its associated service-engines. If the field is set to true, then the object is replicated across the federation. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| persistence_type | Persistence type Method used to persist clients to the same server for a duration of time or a session. Enum options - PERSISTENCE_TYPE_CLIENT_IP_ADDRESS, PERSISTENCE_TYPE_HTTP_COOKIE, PERSISTENCE_TYPE_TLS, PERSISTENCE_TYPE_CLIENT_IPV6_ADDRESS, PERSISTENCE_TYPE_CUSTOM_HTTP_HEADER, PERSISTENCE_TYPE_APP_COOKIE, PERSISTENCE_TYPE_GSLB_SITE. Allowed in Basic(Allowed values- PERSISTENCE_TYPE_CLIENT_IP_ADDRESS,PERSISTENCE_TYPE_HTTP_COOKIE) edition, Essentials(Allowed values- PERSISTENCE_TYPE_CLIENT_IP_ADDRESS,PERSISTENCE_TYPE_HTTP_COOKIE) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as PERSISTENCE_TYPE_CLIENT_IP_ADDRESS. |
ALBPersistenceProfileType | Required Default: "PERSISTENCE_TYPE_CLIENT_IP_ADDRESS" |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBApplicationPersistenceProfile | string | |
| server_hm_down_recovery | Server hm down recovery Specifies behavior when a persistent server has been marked down by a health monitor. Enum options - HM_DOWN_PICK_NEW_SERVER, HM_DOWN_ABORT_CONNECTION, HM_DOWN_CONTINUE_PERSISTENT_SERVER. Allowed in Basic(Allowed values- HM_DOWN_PICK_NEW_SERVER) edition, Essentials(Allowed values- HM_DOWN_PICK_NEW_SERVER) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as HM_DOWN_PICK_NEW_SERVER. |
ALBPersistentServerHMDownRecovery | Default: "HM_DOWN_PICK_NEW_SERVER" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ALBApplicationPersistenceProfileApiResponse (schema)
ApplicationPersistenceProfileApiResponse
ApplicationPersistenceProfileApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of ApplicationPersistenceProfile Array of ApplicationPersistenceProfile |
array of ALBApplicationPersistenceProfile | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALBApplicationProfile (schema)
ApplicationProfile
Advanced load balancer ApplicationProfile object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| cloud_config_cksum | Cloud config cksum Checksum of application profiles. Internally set by cloud connector. |
string | |
| created_by | Created by Name of the application profile creator. |
string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| dns_service_profile | Dns service profile Specifies various DNS service related controls for virtual service. |
ALBDnsServiceApplicationProfile | |
| dos_rl_profile | Dos rl profile Specifies various security related controls for virtual service. |
ALBDosRateLimitProfile | |
| http_profile | Http profile Specifies the HTTP application proxy profile parameters. |
ALBHTTPApplicationProfile | |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| preserve_client_ip | Preserve client ip Specifies if client IP needs to be preserved for backend connection. Not compatible with Connection Multiplexing. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| preserve_client_port | Preserve client port Specifies if we need to preserve client port while preserving client IP for backend connections. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| preserve_dest_ip_port | Preserve dest ip port Specifies if destination IP and port needs to be preserved for backend connection. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBApplicationProfile | string | |
| sip_service_profile | Sip service profile Specifies various SIP service related controls for virtual service. Allowed in Basic edition, Essentials edition, Enterprise edition. |
ALBSipServiceApplicationProfile | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_app_profile | Tcp app profile Specifies the TCP application proxy profile parameters. |
ALBTCPApplicationProfile | |
| type | Type Specifies which application layer proxy is enabled for the virtual service. Enum options - APPLICATION_PROFILE_TYPE_L4, APPLICATION_PROFILE_TYPE_HTTP, APPLICATION_PROFILE_TYPE_SYSLOG, APPLICATION_PROFILE_TYPE_DNS, APPLICATION_PROFILE_TYPE_SSL, APPLICATION_PROFILE_TYPE_SIP. Allowed in Basic(Allowed values- APPLICATION_PROFILE_TYPE_L4,APPLICATION_PROFILE_TYPE_HTTP) edition, Essentials(Allowed values- APPLICATION_PROFILE_TYPE_L4) edition, Enterprise edition. |
ALBApplicationProfileType | Required |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ALBApplicationProfileApiResponse (schema)
ApplicationProfileApiResponse
ApplicationProfileApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of ApplicationProfile Array of ApplicationProfile |
array of ALBApplicationProfile | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALBApplicationProfileType (schema)
ApplicationProfileType type
Valid ENUM values for ALBApplicationProfileType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBApplicationProfileType | ApplicationProfileType type Valid ENUM values for ALBApplicationProfileType |
string | Enum: APPLICATION_PROFILE_TYPE_L4, APPLICATION_PROFILE_TYPE_HTTP, APPLICATION_PROFILE_TYPE_SYSLOG, APPLICATION_PROFILE_TYPE_DNS, APPLICATION_PROFILE_TYPE_SSL, APPLICATION_PROFILE_TYPE_SIP |
ALBAttackMitigationAction (schema)
AttackMitigationAction
Advanced load balancer AttackMitigationAction object
| Name | Description | Type | Notes |
|---|---|---|---|
| deny | Deny Deny the attack packets further processing and drop them. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
ALBAttackType (schema)
AttackType type
Valid ENUM values for ALBAttackType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBAttackType | AttackType type Valid ENUM values for ALBAttackType |
string | Enum: LAND, SMURF, ICMP_PING_FLOOD, UNKOWN_PROTOCOL, TEARDROP, IP_FRAG_OVERRUN, IP_FRAG_TOOSMALL, IP_FRAG_FULL, IP_FRAG_INCOMPLETE, PORT_SCAN, TCP_NON_SYN_FLOOD_OLD, SYN_FLOOD, BAD_RST_FLOOD, MALFORMED_FLOOD, FAKE_SESSION, ZERO_WINDOW_STRESS, SMALL_WINDOW_STRESS, DOS_HTTP_TIMEOUT, DOS_HTTP_ERROR, DOS_HTTP_ABORT, DOS_SSL_ERROR, DOS_APP_ERROR, DOS_REQ_IP_RL_DROP, DOS_REQ_URI_RL_DROP, DOS_REQ_URI_SCAN_BAD_RL_DROP, DOS_REQ_URI_SCAN_UNKNOWN_RL_DROP, DOS_REQ_IP_URI_RL_DROP, DOS_CONN_IP_RL_DROP, DOS_SLOW_URL, TCP_NON_SYN_FLOOD, DOS_REQ_CIP_SCAN_BAD_RL_DROP, DOS_REQ_CIP_SCAN_UNKNOWN_RL_DROP, DOS_REQ_IP_RL_DROP_BAD, DOS_REQ_URI_RL_DROP_BAD, DOS_REQ_IP_URI_RL_DROP_BAD, POLICY_DROPS, DOS_CONN_RL_DROP, DOS_REQ_RL_DROP, DOS_REQ_HDR_RL_DROP, DOS_REQ_CUSTOM_RL_DROP, DNS_ATTACK_REFLECTION |
ALBAuthAttributeMatch (schema)
AuthAttributeMatch
Advanced load balancer AuthAttributeMatch object
| Name | Description | Type | Notes |
|---|---|---|---|
| attribute_name | Attribute name Attribute name whose values will be looked up in the access lists. |
string | Required |
| attribute_value_list | Attribute value list Attribute Values used to determine access when authentication applies. Allowed in Basic edition, Essentials edition, Enterprise edition. |
ALBStringMatch | Required |
ALBAuthLdapSearchScope (schema)
AuthLdapSearchScope type
Valid ENUM values for ALBAuthLdapSearchScope
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBAuthLdapSearchScope | AuthLdapSearchScope type Valid ENUM values for ALBAuthLdapSearchScope |
string | Enum: AUTH_LDAP_SCOPE_BASE, AUTH_LDAP_SCOPE_ONE, AUTH_LDAP_SCOPE_SUBTREE |
ALBAuthLdapSecurityMode (schema)
AuthLdapSecurityMode type
Valid ENUM values for ALBAuthLdapSecurityMode
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBAuthLdapSecurityMode | AuthLdapSecurityMode type Valid ENUM values for ALBAuthLdapSecurityMode |
string | Enum: AUTH_LDAP_SECURE_NONE, AUTH_LDAP_SECURE_USE_LDAPS |
ALBAuthProfile (schema)
AuthProfile
Advanced load balancer AuthProfile object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| http | Http HTTP user authentication params. |
ALBAuthProfileHTTPClientParams | |
| id | Unique identifier of this resource | string | Sortable |
| ldap | Ldap LDAP server and directory settings. |
ALBLdapAuthSettings | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBAuthProfile | string | |
| saml | Saml SAML settings. |
ALBSamlSettings | |
| tacacs_plus | Tacacs plus TACACS+ settings. |
ALBTacacsPlusAuthSettings | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| type | Type Type of the Auth Profile. Enum options - AUTH_PROFILE_LDAP, AUTH_PROFILE_TACACS_PLUS, AUTH_PROFILE_SAML, AUTH_PROFILE_PINGACCESS, AUTH_PROFILE_JWT. |
ALBAuthProfileType | Required |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ALBAuthProfileApiResponse (schema)
AuthProfileApiResponse
AuthProfileApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of AuthProfile Array of AuthProfile |
array of ALBAuthProfile | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALBAuthProfileHTTPClientParams (schema)
AuthProfileHTTPClientParams
Advanced load balancer AuthProfileHTTPClientParams object
| Name | Description | Type | Notes |
|---|---|---|---|
| cache_expiration_time | Cache expiration time The max allowed length of time a clients authentication is cached. Allowed values are 1-30. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 5. |
integer | Minimum: 1 Maximum: 30 Default: "5" |
| request_header | Request header Insert an HTTP header. This field is used to define the header name. The value of the header is set to the client's HTTP Auth user ID. |
string | |
| require_user_groups | Require user groups A user should be a member of these groups. Each group is defined by the DN. For example, CN=testgroup,OU=groups,dc=example,dc=avinetworks,DC=com. |
array of string |
ALBAuthProfileType (schema)
AuthProfileType type
Valid ENUM values for ALBAuthProfileType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBAuthProfileType | AuthProfileType type Valid ENUM values for ALBAuthProfileType |
string | Enum: AUTH_PROFILE_LDAP, AUTH_PROFILE_TACACS_PLUS, AUTH_PROFILE_SAML, AUTH_PROFILE_PINGACCESS, AUTH_PROFILE_JWT |
ALBAuthSamlEntityType (schema)
AuthSamlEntityType type
Valid ENUM values for ALBAuthSamlEntityType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBAuthSamlEntityType | AuthSamlEntityType type Valid ENUM values for ALBAuthSamlEntityType |
string | Enum: AUTH_SAML_CLUSTER_VIP, AUTH_SAML_DNS_FQDN, AUTH_SAML_APP_VS |
ALBAuthTacacsPlusAttributeValuePair (schema)
AuthTacacsPlusAttributeValuePair
Advanced load balancer AuthTacacsPlusAttributeValuePair object
| Name | Description | Type | Notes |
|---|---|---|---|
| mandatory | Mandatory mandatory. |
boolean | |
| name | Name attribute name. |
string | |
| value | Value attribute value. |
string |
ALBAuthTacacsPlusService (schema)
AuthTacacsPlusService type
Valid ENUM values for ALBAuthTacacsPlusService
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBAuthTacacsPlusService | AuthTacacsPlusService type Valid ENUM values for ALBAuthTacacsPlusService |
string | Enum: AUTH_TACACS_PLUS_SERVICE_NONE, AUTH_TACACS_PLUS_SERVICE_LOGIN, AUTH_TACACS_PLUS_SERVICE_ENABLE, AUTH_TACACS_PLUS_SERVICE_PPP, AUTH_TACACS_PLUS_SERVICE_ARAP, AUTH_TACACS_PLUS_SERVICE_PT, AUTH_TACACS_PLUS_SERVICE_RCMD, AUTH_TACACS_PLUS_SERVICE_X25, AUTH_TACACS_PLUS_SERVICE_NASI, AUTH_TACACS_PLUS_SERVICE_FWPROXY |
ALBAuthToken (schema)
Auth Token
ALB Auth Token
| Name | Description | Type | Notes |
|---|---|---|---|
| expires_at | Expiry time of the token Expiry time of the token will be set by LCM at the time of Enforcement Point Creation. |
string | |
| hours | hours Hours to validate the token |
string | Required |
| token | Token for Avi Controller Token for Avi Controller. |
string | |
| username | username controller username. |
string | Required |
ALBAuthenticationAction (schema)
AuthenticationAction
Advanced load balancer AuthenticationAction object
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Type Authentication Action to be taken for a matched Rule. Enum options - SKIP_AUTHENTICATION, USE_DEFAULT_AUTHENTICATION. Default value when not specified in API or module is interpreted by ALB Controller as USE_DEFAULT_AUTHENTICATION. |
ALBAuthenticationActionEnum | Default: "USE_DEFAULT_AUTHENTICATION" |
ALBAuthenticationActionEnum (schema)
AuthenticationActionEnum type
Valid ENUM values for ALBAuthenticationActionEnum
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBAuthenticationActionEnum | AuthenticationActionEnum type Valid ENUM values for ALBAuthenticationActionEnum |
string | Enum: SKIP_AUTHENTICATION, USE_DEFAULT_AUTHENTICATION |
ALBAuthenticationMatch (schema)
AuthenticationMatch
Advanced load balancer AuthenticationMatch object
| Name | Description | Type | Notes |
|---|---|---|---|
| client_ip | Client ip Configure client ip addresses. |
ALBIpAddrMatch | |
| host_hdr | Host hdr Configure the host header. |
ALBHostHdrMatch | |
| path | Path Configure request paths. |
ALBPathMatch |
ALBAuthenticationPolicy (schema)
AuthenticationPolicy
Advanced load balancer AuthenticationPolicy object
| Name | Description | Type | Notes |
|---|---|---|---|
| authn_rules | Authn rules Add rules to apply auth profile to specific targets. |
array of ALBAuthenticationRule | |
| default_auth_profile_path | Default auth profile path Auth Profile to use for validating users. It is a reference to an object of type AuthProfile. |
string | Required |
ALBAuthenticationRule (schema)
AuthenticationRule
Advanced load balancer AuthenticationRule object
| Name | Description | Type | Notes |
|---|---|---|---|
| action | Action Enable or disable authentication for matched targets. |
ALBAuthenticationAction | |
| enable | Enable Enable or disable the rule. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| index | Index Index of the rule. |
integer | Required |
| match | Match Add match criteria to the rule. Allowed in Basic edition, Essentials edition, Enterprise edition. |
ALBAuthenticationMatch | |
| name | Name Name of the rule. |
string | Required |
ALBAuthorizationAction (schema)
AuthorizationAction
Advanced load balancer AuthorizationAction object
| Name | Description | Type | Notes |
|---|---|---|---|
| status_code | Status code HTTP status code to use for local response when an policy rule is matched. Enum options - HTTP_RESPONSE_STATUS_CODE_401, HTTP_RESPONSE_STATUS_CODE_403. |
ALBAuthorizationActionHttpStatusCode | |
| type | Type Defines the action taken when an authorization policy rule is matched. By default, access is allowed to the requested resource. Enum options - ALLOW_ACCESS, CLOSE_CONNECTION, HTTP_LOCAL_RESPONSE. Default value when not specified in API or module is interpreted by ALB Controller as ALLOW_ACCESS. |
ALBAuthorizationActionEnum | Default: "ALLOW_ACCESS" |
ALBAuthorizationActionEnum (schema)
AuthorizationActionEnum type
Valid ENUM values for ALBAuthorizationActionEnum
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBAuthorizationActionEnum | AuthorizationActionEnum type Valid ENUM values for ALBAuthorizationActionEnum |
string | Enum: ALLOW_ACCESS, CLOSE_CONNECTION, HTTP_LOCAL_RESPONSE |
ALBAuthorizationActionHttpStatusCode (schema)
AuthorizationActionHttpStatusCode type
Valid ENUM values for ALBAuthorizationActionHttpStatusCode
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBAuthorizationActionHttpStatusCode | AuthorizationActionHttpStatusCode type Valid ENUM values for ALBAuthorizationActionHttpStatusCode |
string | Enum: HTTP_RESPONSE_STATUS_CODE_401, HTTP_RESPONSE_STATUS_CODE_403 |
ALBAuthorizationMatch (schema)
AuthorizationMatch
Advanced load balancer AuthorizationMatch object
| Name | Description | Type | Notes |
|---|---|---|---|
| attr_matches | Attr matches Attributes whose values need to be matched. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBAuthAttributeMatch | |
| host_hdr | Host hdr Host header value to be matched. |
ALBHostHdrMatch | |
| method | Method HTTP methods to be matched. |
ALBMethodMatch | |
| path | Path Paths/URLs to be matched. |
ALBPathMatch |
ALBAuthorizationPolicy (schema)
AuthorizationPolicy
Advanced load balancer AuthorizationPolicy object
| Name | Description | Type | Notes |
|---|---|---|---|
| authz_rules | Authz rules Authorization Policy Rules. |
array of ALBAuthorizationRule |
ALBAuthorizationRule (schema)
AuthorizationRule
Advanced load balancer AuthorizationRule object
| Name | Description | Type | Notes |
|---|---|---|---|
| action | Action Authorization action when rule is matched. |
ALBAuthorizationAction | Required |
| enable | Enable Enable or disable the rule. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| index | Index Index of the Authorization Policy rule. |
integer | Required |
| match | Match Authorization match criteria for the rule. Allowed in Basic edition, Essentials edition, Enterprise edition. |
ALBAuthorizationMatch | Required |
| name | Name Name of the rule. |
string | Required |
ALBAutoScaleLaunchConfig (schema)
AutoScaleLaunchConfig
Advanced load balancer AutoScaleLaunchConfig object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| image_id | Image id Unique ID of the Amazon Machine Image (AMI) or OpenStack VM ID. |
string | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| mesos | Mesos Placeholder for description of property mesos of obj type AutoScaleLaunchConfig field type str type ref. |
ALBAutoScaleMesosSettings | |
| openstack | Openstack Placeholder for description of property openstack of obj type AutoScaleLaunchConfig field type str type ref. |
ALBAutoScaleOpenStackSettings | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBAutoScaleLaunchConfig | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| use_external_asg | Use external asg If set to True, ServerAutoscalePolicy will use the autoscaling group (external_autoscaling_groups) from Pool to perform scale up and scale down. Pool should have single autoscaling group configured. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
ALBAutoScaleLaunchConfigApiResponse (schema)
AutoScaleLaunchConfigApiResponse
AutoScaleLaunchConfigApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of AutoScaleLaunchConfig Array of AutoScaleLaunchConfig |
array of ALBAutoScaleLaunchConfig | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALBAutoScaleMesosSettings (schema)
AutoScaleMesosSettings
Advanced load balancer AutoScaleMesosSettings object
| Name | Description | Type | Notes |
|---|---|---|---|
| force | Force Apply scaleout even when there are deployments inprogress. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
ALBAutoScaleOpenStackSettings (schema)
AutoScaleOpenStackSettings
Advanced load balancer AutoScaleOpenStackSettings object
| Name | Description | Type | Notes |
|---|---|---|---|
| heat_scale_down_url | Heat scale down url Avi Controller will use this URL to scale downthe pool. Cloud connector will automatically update the membership. This is an alpha feature. |
string | |
| heat_scale_up_url | Heat scale up url Avi Controller will use this URL to scale upthe pool. Cloud connector will automatically update the membership. This is an alpha feature. |
string |
ALBCRL (schema)
CRL
Advanced load balancer CRL object
| Name | Description | Type | Notes |
|---|---|---|---|
| body | Body Certificate Revocation list from a given issuer in PEM format. This can either be configured directly or via the server_url. |
string | |
| common_name | Common name Common name of the issuer in the Certificate Revocation list. |
string | |
| distinguished_name | Distinguished name Distinguished name of the issuer in the Certificate Revocation list. |
string | |
| etag | Etag Cached etag to optimize the download of the CRL. |
string | |
| fingerprint | Fingerprint Fingerprint of the CRL. Used to avoid configuring duplicates. |
string | |
| last_refreshed | Last refreshed Last time CRL was refreshed by the system. This is an internal field used by the system. |
string | |
| last_update | Last update The date when this CRL was last issued. |
string | |
| next_update | Next update The date when a newer CRL will be available. Also conveys the date after which the CRL should be considered obsolete. |
string | |
| server_url | Server url URL of a server that issues the Certificate Revocation list. If this is configured, CRL will be periodically downloaded either based on the configured update interval or the next update interval in the CRL. CRL itself is stored in the body. |
string | |
| text | Text Certificate Revocation list in plain text for readability. |
string | |
| update_interval | Update interval Interval in minutes to check for CRL update. If not specified, interval will be 1 day. Allowed values are 30-525600. Unit is MIN. |
integer | Minimum: 30 Maximum: 525600 |
ALBCertificateAuthority (schema)
CertificateAuthority
Advanced load balancer CertificateAuthority object
| Name | Description | Type | Notes |
|---|---|---|---|
| ca_path | Ca path It is a reference to an object of type SSLKeyAndCertificate. |
string | |
| name | Name Name of the object. |
string |
ALBCertificateManagementProfile (schema)
CertificateManagementProfile
Advanced load balancer CertificateManagementProfile object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBCertificateManagementProfile | string | |
| script_params | Script params Placeholder for description of property script_params of obj type CertificateManagementProfile field type str type array. |
array of ALBCustomParams | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ALBClientInsights (schema)
ClientInsights type
Valid ENUM values for ALBClientInsights
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBClientInsights | ClientInsights type Valid ENUM values for ALBClientInsights |
string | Enum: NO_INSIGHTS, PASSIVE, ACTIVE |
ALBClientInsightsSampling (schema)
ClientInsightsSampling
Advanced load balancer ClientInsightsSampling object
| Name | Description | Type | Notes |
|---|---|---|---|
| client_ip | Client ip Client IP addresses to check when inserting RUM script. |
ALBIpAddrMatch | |
| sample_uris | Sample uris URL patterns to check when inserting RUM script. |
ALBStringMatch | |
| skip_uris | Skip uris URL patterns to avoid when inserting RUM script. |
ALBStringMatch |
ALBClientLogConfiguration (schema)
ClientLogConfiguration
Advanced load balancer ClientLogConfiguration object
| Name | Description | Type | Notes |
|---|---|---|---|
| enable_significant_log_collection | Enable significant log collection Enable significant log collection. By default, this flag is enabled, which means that Avi SEs collect significant logs and forward them to Controller for further processing. For example, these logs correspond to error conditions such as when the response code for a request is 500. Users can deactivate this flag to turn off default significant log collection. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Special default for Basic edition is false, Essentials edition is false, Enterprise is True. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| filtered_log_processing | Filtered log processing Filtered logs are logs that match any client log filters or rules with logging enabled. Such logs are processed by the Logs Analytics system according to this setting. Enum options - LOGS_PROCESSING_NONE, LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND, LOGS_PROCESSING_AUTO_SYNC_AND_INDEX, LOGS_PROCESSING_AUTO_SYNC_BUT_INDEX_ON_DEMAND. Default value when not specified in API or module is interpreted by ALB Controller as LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND. |
ALBLogsProcessingType | Default: "LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND" |
| non_significant_log_processing | Non significant log processing Logs that are neither significant nor filtered, are processed by the Logs Analytics system according to this setting. Enum options - LOGS_PROCESSING_NONE, LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND, LOGS_PROCESSING_AUTO_SYNC_AND_INDEX, LOGS_PROCESSING_AUTO_SYNC_BUT_INDEX_ON_DEMAND. Default value when not specified in API or module is interpreted by ALB Controller as LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND. |
ALBLogsProcessingType | Default: "LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND" |
| significant_log_processing | Significant log processing Significant logs are processed by the Logs Analytics system according to this setting. Enum options - LOGS_PROCESSING_NONE, LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND, LOGS_PROCESSING_AUTO_SYNC_AND_INDEX, LOGS_PROCESSING_AUTO_SYNC_BUT_INDEX_ON_DEMAND. Default value when not specified in API or module is interpreted by ALB Controller as LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND. |
ALBLogsProcessingType | Default: "LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND" |
ALBClientLogFilter (schema)
ClientLogFilter
Advanced load balancer ClientLogFilter object
| Name | Description | Type | Notes |
|---|---|---|---|
| all_headers | All headers Placeholder for description of property all_headers of obj type ClientLogFilter field type str type boolean. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| client_ip | Client ip Placeholder for description of property client_ip of obj type ClientLogFilter field type str type ref. |
ALBIpAddrMatch | |
| duration | Duration Special values are 0 - 'infinite'. Unit is MIN. Default value when not specified in API or module is interpreted by ALB Controller as 30. |
integer | Default: "30" |
| enabled | Enabled Placeholder for description of property enabled of obj type ClientLogFilter field type str type boolean. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Required Default: "False" |
| index | Index Number of index. |
integer | Required |
| name | Name Name of the object. |
string | Required |
| uri | Uri Placeholder for description of property uri of obj type ClientLogFilter field type str type ref. |
ALBStringMatch |
ALBClientLogStreamingConfig (schema)
ClientLogStreamingConfig
Advanced load balancer ClientLogStreamingConfig object
| Name | Description | Type | Notes |
|---|---|---|---|
| external_server | External server IP address or hostnames (FQDNs) of destination servers. If an FQDN is provided, this should be resolvable on Avi Service Engines. Multiple servers are supported by furnishing a comma-separated list of IP addresses or host names, for example, 11.11.11.11,23.12.12.4. Optionally, a separate port can be specified for each external server in the list, for example, 11.11.11.11 234,12.12.12.12 343. |
string | Required |
| external_server_port | External server port The service port to use for the external servers. If multiple external servers have been specified, the single port number specified here will apply to all those servers for which an explicit port number has not been specified in the external server list. Default value when not specified in API or module is interpreted by ALB Controller as 514. |
integer | Default: "514" |
| format_config | Format config Configuration to specify the format of streamed logs. By default, each log is encoded in JSON format. |
ALBClientLogStreamingFormat | |
| log_types_to_send | Log types to send Type of logs to stream to the external server. Default is LOGS_ALL, i.e., send all logs. Enum options - LOGS_SIGNIFICANT_ONLY, LOGS_UDF_ONLY, LOGS_UDF_SIGNIFICANT, LOGS_ALL. Default value when not specified in API or module is interpreted by ALB Controller as LOGS_ALL. |
ALBLogsType | Default: "LOGS_ALL" |
| max_logs_per_second | Max logs per second Maximum number of logs per second streamed to the remote server. By default, 100 logs per second are streamed. Set this to zero(0) to not enforce any limit. Default value when not specified in API or module is interpreted by ALB Controller as 100. |
integer | Default: "100" |
| protocol | Protocol Protocol to use for streaming logs. Enum options - LOG_STREAMING_PROTOCOL_UDP, LOG_STREAMING_PROTOCOL_SYSLOG_OVER_UDP, LOG_STREAMING_PROTOCOL_TCP, LOG_STREAMING_PROTOCOL_SYSLOG_OVER_TCP, LOG_STREAMING_PROTOCOL_RAW_OVER_UDP, LOG_STREAMING_PROTOCOL_TLS, LOG_STREAMING_PROTOCOL_SYSLOG_OVER_TLS. Default value when not specified in API or module is interpreted by ALB Controller as LOG_STREAMING_PROTOCOL_UDP. |
ALBClientLogStreamingProtocol | Default: "LOG_STREAMING_PROTOCOL_UDP" |
| syslog_config | Syslog config Syslog configuration if a Syslog-based protocol is specified for streaming. |
ALBStreamingSyslogConfig |
ALBClientLogStreamingFormat (schema)
ClientLogStreamingFormat
Advanced load balancer ClientLogStreamingFormat object
| Name | Description | Type | Notes |
|---|---|---|---|
| format | Format Format for the streamed logs. Enum options - LOG_STREAMING_FORMAT_JSON_FULL, LOG_STREAMING_FORMAT_JSON_SELECTED. |
ALBLogStreamingFormatType | Required |
| included_fields | Included fields List of log fields to be streamed, when selective fields (LOG_STREAMING_FORMAT_JSON_SELECTED) option is chosen. Only top-level fields in application or connection logs are supported. |
array of string |
ALBClientLogStreamingProtocol (schema)
ClientLogStreamingProtocol type
Valid ENUM values for ALBClientLogStreamingProtocol
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBClientLogStreamingProtocol | ClientLogStreamingProtocol type Valid ENUM values for ALBClientLogStreamingProtocol |
string | Enum: LOG_STREAMING_PROTOCOL_UDP, LOG_STREAMING_PROTOCOL_SYSLOG_OVER_UDP, LOG_STREAMING_PROTOCOL_TCP, LOG_STREAMING_PROTOCOL_SYSLOG_OVER_TCP, LOG_STREAMING_PROTOCOL_RAW_OVER_UDP, LOG_STREAMING_PROTOCOL_TLS, LOG_STREAMING_PROTOCOL_SYSLOG_OVER_TLS |
ALBCloneServer (schema)
CloneServer
Advanced load balancer CloneServer object
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_address | Ip address IP Address of the Clone Server. |
ALBIpAddr | |
| mac | Mac MAC Address of the Clone Server. |
string | |
| network_name | Network name Network to clone the traffic to. It is a reference to an object of type Network. |
string | |
| subnet | Subnet Subnet of the network to clone the traffic to. |
ALBIpAddrPrefix |
ALBCloudType (schema)
CloudType type
Valid ENUM values for ALBCloudType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBCloudType | CloudType type Valid ENUM values for ALBCloudType |
string | Enum: CLOUD_NONE, CLOUD_VCENTER, CLOUD_OPENSTACK, CLOUD_AWS, CLOUD_VCA, CLOUD_APIC, CLOUD_MESOS, CLOUD_LINUXSERVER, CLOUD_DOCKER_UCP, CLOUD_RANCHER, CLOUD_OSHIFT_K8S, CLOUD_AZURE, CLOUD_GCP, CLOUD_NSXT |
ALBComparisonOperator (schema)
ComparisonOperator type
Valid ENUM values for ALBComparisonOperator
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBComparisonOperator | ComparisonOperator type Valid ENUM values for ALBComparisonOperator |
string | Enum: CO_EQ, CO_GT, CO_GE, CO_LT, CO_LE, CO_NE |
ALBCompressionFilter (schema)
CompressionFilter
Advanced load balancer CompressionFilter object
| Name | Description | Type | Notes |
|---|---|---|---|
| devices_path | Devices path It is a reference to an object of type StringGroup. |
string | |
| index | Index Number of index. |
integer | Required |
| ip_addr_prefixes | Ip addr prefixes Placeholder for description of property ip_addr_prefixes of obj type CompressionFilter field type str type array. |
array of ALBIpAddrPrefix | |
| ip_addr_ranges | Ip addr ranges Placeholder for description of property ip_addr_ranges of obj type CompressionFilter field type str type array. |
array of ALBIpAddrRange | |
| ip_addrs | Ip addrs Placeholder for description of property ip_addrs of obj type CompressionFilter field type str type array. |
array of ALBIpAddr | |
| ip_addrs_path | Ip addrs path It is a reference to an object of type IpAddrGroup. |
string | |
| level | Level Enum options - AGGRESSIVE_COMPRESSION, NORMAL_COMPRESSION, NO_COMPRESSION. Default value when not specified in API or module is interpreted by ALB Controller as NORMAL_COMPRESSION. |
ALBCompressionFilterLevel | Required Default: "NORMAL_COMPRESSION" |
| match | Match Whether to apply Filter when group criteria is matched or not. Enum options - IS_IN, IS_NOT_IN. Default value when not specified in API or module is interpreted by ALB Controller as IS_IN. |
ALBMatchOperation | Default: "IS_IN" |
| name | Name Name of the object. |
string | Required |
| user_agent | User agent Placeholder for description of property user_agent of obj type CompressionFilter field type str type array. |
array of string |
ALBCompressionFilterLevel (schema)
CompressionFilterLevel type
Valid ENUM values for ALBCompressionFilterLevel
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBCompressionFilterLevel | CompressionFilterLevel type Valid ENUM values for ALBCompressionFilterLevel |
string | Enum: AGGRESSIVE_COMPRESSION, NORMAL_COMPRESSION, NO_COMPRESSION |
ALBCompressionProfile (schema)
CompressionProfile
Advanced load balancer CompressionProfile object
| Name | Description | Type | Notes |
|---|---|---|---|
| compressible_content_path | Compressible content path Compress only content types listed in this string group. Content types not present in this list are not compressed. It is a reference to an object of type StringGroup. |
string | |
| compression | Compression Compress HTTP response content if it wasn't already compressed. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Required Default: "False" |
| filter | Filter Custom filters used when auto compression is not selected. |
array of ALBCompressionFilter | |
| remove_accept_encoding_header | Remove accept encoding header Offload compression from the servers to AVI. Saves compute cycles on the servers. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Required Default: "True" |
| type | Type Compress content automatically or add custom filters to define compressible content and compression levels. Enum options - AUTO_COMPRESSION, CUSTOM_COMPRESSION. Default value when not specified in API or module is interpreted by ALB Controller as AUTO_COMPRESSION. |
ALBCompressionType | Required Default: "AUTO_COMPRESSION" |
ALBCompressionType (schema)
CompressionType type
Valid ENUM values for ALBCompressionType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBCompressionType | CompressionType type Valid ENUM values for ALBCompressionType |
string | Enum: AUTO_COMPRESSION, CUSTOM_COMPRESSION |
ALBCongestionAlgo (schema)
CongestionAlgo type
Valid ENUM values for ALBCongestionAlgo
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBCongestionAlgo | CongestionAlgo type Valid ENUM values for ALBCongestionAlgo |
string | Enum: CC_ALGO_NEW_RENO, CC_ALGO_CUBIC, CC_ALGO_HTCP |
ALBConnPoolProperties (schema)
ConnPoolProperties
Advanced load balancer ConnPoolProperties object
| Name | Description | Type | Notes |
|---|---|---|---|
| upstream_connpool_conn_idle_tmo | Upstream connpool conn idle tmo Connection idle timeout. Allowed in Basic(Allowed values- 60000) edition, Essentials(Allowed values- 60000) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 60000. |
integer | Default: "60000" |
| upstream_connpool_conn_life_tmo | Upstream connpool conn life tmo Connection life timeout. Allowed in Basic(Allowed values- 600000) edition, Essentials(Allowed values- 600000) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 600000. |
integer | Default: "600000" |
| upstream_connpool_conn_max_reuse | Upstream connpool conn max reuse Maximum number of times a connection can be reused. Special values are 0- 'unlimited'. Allowed in Basic(Allowed values- 0) edition, Essentials(Allowed values- 0) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Default: "0" |
| upstream_connpool_server_max_cache | Upstream connpool server max cache Maximum number of connections a server can cache. Special values are 0- 'unlimited'. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Default: "0" |
ALBContentRewriteProfile (schema)
ContentRewriteProfile
Advanced load balancer ContentRewriteProfile object
| Name | Description | Type | Notes |
|---|---|---|---|
| response_rewrite_enabled | Response rewrite enabled Enable rewrite on response body. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| rewritable_content_path | Rewritable content path Rewrite only content types listed in this string group. Content types not present in this list are not rewritten. It is a reference to an object of type StringGroup. |
string | |
| rsp_match_replace_pair | Rsp match replace pair Strings to be matched and replaced with on the response body. This should be configured when response_rewrite_enabled is set to true. |
array of ALBMatchReplacePair |
ALBControllerConfiguration (schema)
ALBControllerConfiguration
Alb Controller config details
| Name | Description | Type | Notes |
|---|---|---|---|
| cluster_ip | Cluster IP of Advanced Load Balancer controller cluster The cluster IP of the Advanced Load Balancer controller node cluster. This is mandatory parameter and required for single node controller deployments as well. |
IPAddress | Required |
| dns_servers | DNS servers. List of DNS servers. |
array of IPv4Address | |
| infra_admin_password | Advanced Load Balancer controller admin password Password for the controller node admin user. For deployment, this property is required. The password specified must be at least 8 characters in length. |
secure_string | Required |
| infra_admin_username | Username Username for server authentication. |
secure_string | Required |
| ntp_servers | NTP servers. List of NTP servers. |
array of HostnameOrIPv4Address | |
| owned_by | owned_by The policy initiates workflow by LCM/VCF |
string | Required Enum: LCM, VCF |
ALBControllerVersion (schema)
ALBControllerVersion
ALB Controller Version
| Name | Description | Type | Notes |
|---|---|---|---|
| alb_api_version | Alb API Version It is ALB API version supported by NSX-ALB. |
string | |
| alb_controller_version | Alb Controller Version It is ALB Controller version deployed by NSX-ALB. |
string |
ALBCookieMatch (schema)
CookieMatch
Advanced load balancer CookieMatch object
| Name | Description | Type | Notes |
|---|---|---|---|
| match_case | Match case Case sensitivity to use for the match. Enum options - SENSITIVE, INSENSITIVE. Default value when not specified in API or module is interpreted by ALB Controller as INSENSITIVE. |
ALBMatchCase | Default: "INSENSITIVE" |
| match_criteria | Match criteria Criterion to use for matching the cookie in the HTTP request. Enum options - HDR_EXISTS, HDR_DOES_NOT_EXIST, HDR_BEGINS_WITH, HDR_DOES_NOT_BEGIN_WITH, HDR_CONTAINS, HDR_DOES_NOT_CONTAIN, HDR_ENDS_WITH, HDR_DOES_NOT_END_WITH, HDR_EQUALS, HDR_DOES_NOT_EQUAL. |
ALBHdrMatchOperation | Required |
| name | Name Name of the cookie. |
string | Required |
| value | Value String value in the cookie. |
string |
ALBCustomParams (schema)
CustomParams
Advanced load balancer CustomParams object
| Name | Description | Type | Notes |
|---|---|---|---|
| is_dynamic | Is dynamic Placeholder for description of property is_dynamic of obj type CustomParams field type str type boolean. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| is_sensitive | Is sensitive Placeholder for description of property is_sensitive of obj type CustomParams field type str type boolean. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| name | Name Name of the object. |
string | Required |
| value | Value value of CustomParams. |
string |
ALBDiscoveredNetwork (schema)
DiscoveredNetwork
Advanced load balancer DiscoveredNetwork object
| Name | Description | Type | Notes |
|---|---|---|---|
| network_name | Network name Discovered network for this IP. It is a reference to an object of type Network. |
string | Required |
| subnet | Subnet Discovered subnet for this IP. |
array of ALBIpAddrPrefix | |
| subnet6 | Subnet6 Discovered IPv6 subnet for this IP. |
array of ALBIpAddrPrefix |
ALBDnsAAAARdata (schema)
DnsAAAARdata
Advanced load balancer DnsAAAARdata object
| Name | Description | Type | Notes |
|---|---|---|---|
| ip6_address | Ip6 address IPv6 address for FQDN. |
ALBIpAddr | Required |
ALBDnsARdata (schema)
DnsARdata
Advanced load balancer DnsARdata object
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_address | Ip address IP address for FQDN. |
ALBIpAddr | Required |
ALBDnsAttack (schema)
DnsAttack
Advanced load balancer DnsAttack object
| Name | Description | Type | Notes |
|---|---|---|---|
| attack_vector | Attack vector The DNS attack vector. Enum options - DNS_REFLECTION, DNS_NXDOMAIN, DNS_AMPLIFICATION_EGRESS. |
ALBDnsAttackVector | Required |
| enabled | Enabled Enable or disable the mitigation of the attack vector. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| max_mitigation_age | Max mitigation age Time in minutes after which mitigation will be deactivated. Allowed values are 1-4294967295. Special values are 0- 'blocked for ever'. Unit is MIN. Default value when not specified in API or module is interpreted by ALB Controller as 60. |
integer | Minimum: 0 Maximum: 4294967295 Default: "60" |
| mitigation_action | Mitigation action Mitigation action to perform for this DNS attack vector. |
ALBAttackMitigationAction | |
| threshold | Threshold Threshold, in terms of DNS packet per second, for the DNS attack vector. |
integer |
ALBDnsAttackVector (schema)
DnsAttackVector type
Valid ENUM values for ALBDnsAttackVector
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBDnsAttackVector | DnsAttackVector type Valid ENUM values for ALBDnsAttackVector |
string | Enum: DNS_REFLECTION, DNS_NXDOMAIN, DNS_AMPLIFICATION_EGRESS |
ALBDnsAttacks (schema)
DnsAttacks
Advanced load balancer DnsAttacks object
| Name | Description | Type | Notes |
|---|---|---|---|
| attacks | Attacks Mode of dealing with the attacks - perform detection only, or detect and mitigate the attacks. |
array of ALBDnsAttack | |
| oper_mode | Oper mode Mode of dealing with the attacks - perform detection only, or detect and mitigate the attacks. Enum options - DETECTION, MITIGATION. |
ALBOperationMode |
ALBDnsClientIpMatch (schema)
DnsClientIpMatch
Advanced load balancer DnsClientIpMatch object
| Name | Description | Type | Notes |
|---|---|---|---|
| client_ip | Client ip IP addresses to match against client IP. |
ALBIpAddrMatch | Required |
| use_edns_client_subnet_ip | Use edns client subnet ip Use the IP address from the EDNS client subnet option, if available, as the source IP address of the client. It should be noted that the edns subnet IP may not be a /32 IP address. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
ALBDnsCnameRdata (schema)
DnsCnameRdata
Advanced load balancer DnsCnameRdata object
| Name | Description | Type | Notes |
|---|---|---|---|
| cname | Cname Canonical name. |
string | Required |
ALBDnsErrorResponseType (schema)
DnsErrorResponseType type
Valid ENUM values for ALBDnsErrorResponseType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBDnsErrorResponseType | DnsErrorResponseType type Valid ENUM values for ALBDnsErrorResponseType |
string | Enum: DNS_ERROR_RESPONSE_ERROR, DNS_ERROR_RESPONSE_NONE |
ALBDnsGeoLocationMatch (schema)
DnsGeoLocationMatch
Advanced load balancer DnsGeoLocationMatch object
| Name | Description | Type | Notes |
|---|---|---|---|
| geolocation_name | Geolocation name Geographical location of the client IP to be used in the match. This location is of the format Country/State/City e.g. US/CA/Santa Clara. |
string | |
| geolocation_tag | Geolocation tag Geolocation tag for the client IP. This could be any string value for the client IP, e.g. client IPs from US East Coast geolocation would be tagged as 'East Coast'. |
string | |
| match_criteria | Match criteria Criterion to use for matching the client IP's geographical location. Enum options - IS_IN, IS_NOT_IN. |
ALBMatchOperation | Required |
| use_edns_client_subnet_ip | Use edns client subnet ip Use the IP address from the EDNS client subnet option, if available, to derive geo location of the DNS query. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
ALBDnsInfo (schema)
DnsInfo
Advanced load balancer DnsInfo object
| Name | Description | Type | Notes |
|---|---|---|---|
| algorithm | Algorithm Specifies the algorithm to pick the IP address(es) to be returned, when multiple entries are configured. This does not apply if num_records_in_response is 0. Default is consistent hash. Enum options - DNS_RECORD_RESPONSE_ROUND_ROBIN, DNS_RECORD_RESPONSE_CONSISTENT_HASH. Default value when not specified in API or module is interpreted by ALB Controller as DNS_RECORD_RESPONSE_CONSISTENT_HASH. |
ALBDnsRecordResponseAlgorithm | Default: "DNS_RECORD_RESPONSE_CONSISTENT_HASH" |
| cname | Cname Canonical name in CNAME record. |
ALBDnsCnameRdata | |
| fqdn | Fqdn Fully qualified domain name. |
string | |
| metadata | Metadata Any metadata associated with this record. |
string | |
| num_records_in_response | Num records in response Specifies the number of records returned for this FQDN. Enter 0 to return all records. Default is 0. Allowed values are 0-20. Special values are 0- 'Return all records'. |
integer | Minimum: 0 Maximum: 20 |
| ttl | Ttl Time to live for fqdn record. Default value is chosen from DNS profile for this cloud if no value provided. |
integer | |
| type | Type DNS record type. Enum options - DNS_RECORD_OTHER, DNS_RECORD_A, DNS_RECORD_NS, DNS_RECORD_CNAME, DNS_RECORD_SOA, DNS_RECORD_PTR, DNS_RECORD_HINFO, DNS_RECORD_MX, DNS_RECORD_TXT, DNS_RECORD_RP, DNS_RECORD_DNSKEY, DNS_RECORD_AAAA, DNS_RECORD_SRV, DNS_RECORD_OPT, DNS_RECORD_RRSIG, DNS_RECORD_AXFR, DNS_RECORD_ANY. Default value when not specified in API or module is interpreted by ALB Controller as DNS_RECORD_A. |
ALBDnsRecordType | Default: "DNS_RECORD_A" |
ALBDnsMessageSection (schema)
DnsMessageSection type
Valid ENUM values for ALBDnsMessageSection
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBDnsMessageSection | DnsMessageSection type Valid ENUM values for ALBDnsMessageSection |
string | Enum: DNS_MESSAGE_SECTION_QUESTION, DNS_MESSAGE_SECTION_ANSWER, DNS_MESSAGE_SECTION_AUTHORITY, DNS_MESSAGE_SECTION_ADDITIONAL |
ALBDnsMxRdata (schema)
DnsMxRdata
Advanced load balancer DnsMxRdata object
| Name | Description | Type | Notes |
|---|---|---|---|
| host | Host Fully qualified domain name of a mailserver. The host name maps directly to one or more address records in the DNS table, and must not point to any CNAME records (RFC 2181). |
string | Required |
| priority | Priority The priority field identifies which mail server should be preferred. Allowed values are 0-65535. |
integer | Required Minimum: 0 Maximum: 65535 |
ALBDnsNsRdata (schema)
DnsNsRdata
Advanced load balancer DnsNsRdata object
| Name | Description | Type | Notes |
|---|---|---|---|
| ip6_address | Ip6 address IPv6 address for Name Server. |
ALBIpAddr | |
| ip_address | Ip address IP address for Name Server. |
ALBIpAddr | |
| nsname | Nsname Name Server name. |
string | Required |
ALBDnsPolicies (schema)
DnsPolicies
Advanced load balancer DnsPolicies object
| Name | Description | Type | Notes |
|---|---|---|---|
| dns_policy_path | Dns policy path path of the dns policy. It is a reference to an object of type DnsPolicy. |
string | Required |
| index | Index Index of the dns policy. |
integer | Required |
ALBDnsPolicy (schema)
DnsPolicy
Advanced load balancer DnsPolicy object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| created_by | Created by Creator name. |
string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBDnsPolicy | string | |
| rule | Rule DNS rules. |
array of ALBDnsRule | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ALBDnsPolicyApiResponse (schema)
DnsPolicyApiResponse
DnsPolicyApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of DnsPolicy Array of DnsPolicy |
array of ALBDnsPolicy | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALBDnsQueryNameMatch (schema)
DnsQueryNameMatch
Advanced load balancer DnsQueryNameMatch object
| Name | Description | Type | Notes |
|---|---|---|---|
| match_criteria | Match criteria Criterion to use for string matching the DNS query domain name in the question section. Enum options - BEGINS_WITH, DOES_NOT_BEGIN_WITH, CONTAINS, DOES_NOT_CONTAIN, ENDS_WITH, DOES_NOT_END_WITH, EQUALS, DOES_NOT_EQUAL, REGEX_MATCH, REGEX_DOES_NOT_MATCH. Allowed in Basic(Allowed values- BEGINS_WITH,DOES_NOT_BEGIN_WITH,CONTAINS,DOES_NOT_CONTAIN,ENDS_WITH,DOES_NOT_END_WITH,EQUALS,DOES_NOT_EQUAL) edition, Essentials(Allowed values- BEGINS_WITH,DOES_NOT_BEGIN_WITH,CONTAINS,DOES_NOT_CONTAIN,ENDS_WITH,DOES_NOT_END_WITH,EQUALS,DOES_NOT_EQUAL) edition, Enterprise edition. |
ALBStringOperation | Required |
| query_domain_names | Query domain names Domain name to match against that specified in the question section of the DNS query. |
array of string | |
| string_group_paths | String group paths path of the string group(s) for matching against DNS query domain name in the question section. It is a reference to an object of type StringGroup. |
array of string |
ALBDnsQueryTypeMatch (schema)
DnsQueryTypeMatch
Advanced load balancer DnsQueryTypeMatch object
| Name | Description | Type | Notes |
|---|---|---|---|
| match_criteria | Match criteria Criterion to use for matching the DNS query typein the question section. Enum options - IS_IN, IS_NOT_IN. |
ALBMatchOperation | Required |
| query_type | Query type DNS query types in the request query. Enum options - DNS_RECORD_OTHER, DNS_RECORD_A, DNS_RECORD_NS, DNS_RECORD_CNAME, DNS_RECORD_SOA, DNS_RECORD_PTR, DNS_RECORD_HINFO, DNS_RECORD_MX, DNS_RECORD_TXT, DNS_RECORD_RP, DNS_RECORD_DNSKEY, DNS_RECORD_AAAA, DNS_RECORD_SRV, DNS_RECORD_OPT, DNS_RECORD_RRSIG, DNS_RECORD_AXFR, DNS_RECORD_ANY. |
array of ALBDnsRecordType |
ALBDnsRateLimiter (schema)
DnsRateLimiter
Advanced load balancer DnsRateLimiter object
| Name | Description | Type | Notes |
|---|---|---|---|
| action | Action Action to perform upon rate limiting. |
ALBDnsRuleRLAction | Required |
| rate_limiter_object | Rate limiter object Rate limiting object. |
ALBRateLimiter | Required |
ALBDnsRcode (schema)
DnsRcode type
Valid ENUM values for ALBDnsRcode
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBDnsRcode | DnsRcode type Valid ENUM values for ALBDnsRcode |
string | Enum: DNS_RCODE_NOERROR, DNS_RCODE_FORMERR, DNS_RCODE_SERVFAIL, DNS_RCODE_NXDOMAIN, DNS_RCODE_NOTIMP, DNS_RCODE_REFUSED, DNS_RCODE_YXDOMAIN, DNS_RCODE_YXRRSET, DNS_RCODE_NXRRSET, DNS_RCODE_NOTAUTH, DNS_RCODE_NOTZONE |
ALBDnsRecord (schema)
DnsRecord
Advanced load balancer DnsRecord object
| Name | Description | Type | Notes |
|---|---|---|---|
| algorithm | Algorithm Specifies the algorithm to pick the IP address(es) to be returned, when multiple entries are configured. This does not apply if num_records_in_response is 0. Default is round-robin. Enum options - DNS_RECORD_RESPONSE_ROUND_ROBIN, DNS_RECORD_RESPONSE_CONSISTENT_HASH. Default value when not specified in API or module is interpreted by ALB Controller as DNS_RECORD_RESPONSE_ROUND_ROBIN. |
ALBDnsRecordResponseAlgorithm | Default: "DNS_RECORD_RESPONSE_ROUND_ROBIN" |
| cname | Cname Canonical name in CNAME record. |
ALBDnsCnameRdata | |
| delegated | Delegated Configured FQDNs are delegated domains (i.e. they represent a zone cut). Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| description | Description Details of DNS record. |
string | |
| fqdn | Fqdn Fully Qualified Domain Name. Minimum of 1 items required. |
array of string | Required |
| ip6_address | Ip6 address IPv6 address in AAAA record. Maximum of 4 items allowed. |
array of ALBDnsAAAARdata | |
| ip_address | Ip address IP address in A record. Maximum of 4 items allowed. |
array of ALBDnsARdata | |
| metadata | Metadata Internal metadata for the DNS record. |
string | |
| mx_records | Mx records MX record. Maximum of 4 items allowed. |
array of ALBDnsMxRdata | |
| ns | Ns Name Server information in NS record. Maximum of 13 items allowed. |
array of ALBDnsNsRdata | |
| num_records_in_response | Num records in response Specifies the number of records returned by the DNS service. Enter 0 to return all records. Default is 0. Allowed values are 0-20. Special values are 0- 'Return all records'. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Minimum: 0 Maximum: 20 Default: "0" |
| service_locator | Service locator Service locator info in SRV record. Maximum of 4 items allowed. |
array of ALBDnsSrvRdata | |
| ttl | Ttl Time To Live for this DNS record. |
integer | |
| txt_records | Txt records Text record. Maximum of 4 items allowed. |
array of ALBDnsTxtRdata | |
| type | Type DNS record type. Enum options - DNS_RECORD_OTHER, DNS_RECORD_A, DNS_RECORD_NS, DNS_RECORD_CNAME, DNS_RECORD_SOA, DNS_RECORD_PTR, DNS_RECORD_HINFO, DNS_RECORD_MX, DNS_RECORD_TXT, DNS_RECORD_RP, DNS_RECORD_DNSKEY, DNS_RECORD_AAAA, DNS_RECORD_SRV, DNS_RECORD_OPT, DNS_RECORD_RRSIG, DNS_RECORD_AXFR, DNS_RECORD_ANY. |
ALBDnsRecordType | Required |
| wildcard_match | Wildcard match Enable wild-card match of fqdn if an exact match is not found in the DNS table, the longest match is chosen by wild-carding the fqdn in the DNS request. Default is false. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
ALBDnsRecordResponseAlgorithm (schema)
DnsRecordResponseAlgorithm type
Valid ENUM values for ALBDnsRecordResponseAlgorithm
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBDnsRecordResponseAlgorithm | DnsRecordResponseAlgorithm type Valid ENUM values for ALBDnsRecordResponseAlgorithm |
string | Enum: DNS_RECORD_RESPONSE_ROUND_ROBIN, DNS_RECORD_RESPONSE_CONSISTENT_HASH |
ALBDnsRecordType (schema)
DnsRecordType type
Valid ENUM values for ALBDnsRecordType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBDnsRecordType | DnsRecordType type Valid ENUM values for ALBDnsRecordType |
string | Enum: DNS_RECORD_OTHER, DNS_RECORD_A, DNS_RECORD_NS, DNS_RECORD_CNAME, DNS_RECORD_SOA, DNS_RECORD_PTR, DNS_RECORD_HINFO, DNS_RECORD_MX, DNS_RECORD_TXT, DNS_RECORD_RP, DNS_RECORD_DNSKEY, DNS_RECORD_AAAA, DNS_RECORD_SRV, DNS_RECORD_OPT, DNS_RECORD_RRSIG, DNS_RECORD_AXFR, DNS_RECORD_ANY |
ALBDnsRrSet (schema)
DnsRrSet
Advanced load balancer DnsRrSet object
| Name | Description | Type | Notes |
|---|---|---|---|
| cname | Cname Canonical name in CNAME record. |
ALBDnsCnameRdata | |
| fqdn | Fqdn Fully Qualified Domain Name. |
string | Required |
| ip6_addresses | Ip6 addresses IPv6 address in AAAA record. |
array of ALBDnsAAAARdata | |
| ip_addresses | Ip addresses IP address in A record. |
array of ALBDnsARdata | |
| nses | Nses Name Server information in NS record. |
array of ALBDnsNsRdata | |
| ttl | Ttl Time To Live for this DNS record. Allowed values are 0-2147483647. |
integer | Required Minimum: 0 Maximum: 2147483647 |
| type | Type DNS record type. Enum options - DNS_RECORD_OTHER, DNS_RECORD_A, DNS_RECORD_NS, DNS_RECORD_CNAME, DNS_RECORD_SOA, DNS_RECORD_PTR, DNS_RECORD_HINFO, DNS_RECORD_MX, DNS_RECORD_TXT, DNS_RECORD_RP, DNS_RECORD_DNSKEY, DNS_RECORD_AAAA, DNS_RECORD_SRV, DNS_RECORD_OPT, DNS_RECORD_RRSIG, DNS_RECORD_AXFR, DNS_RECORD_ANY. |
ALBDnsRecordType | Required |
ALBDnsRule (schema)
DnsRule
Advanced load balancer DnsRule object
| Name | Description | Type | Notes |
|---|---|---|---|
| action | Action Action to be performed upon successful matching. |
ALBDnsRuleAction | |
| enable | Enable Enable or disable the rule. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| index | Index Index of the rule. |
integer | Required |
| log | Log Log DNS query upon rule match. |
boolean | |
| match | Match Add match criteria to the rule. |
ALBDnsRuleMatchTarget | |
| name | Name Name of the rule. |
string | Required |
ALBDnsRuleAction (schema)
DnsRuleAction
Advanced load balancer DnsRuleAction object
| Name | Description | Type | Notes |
|---|---|---|---|
| allow | Allow Allow or drop the DNS query. |
ALBDnsRuleActionAllowDrop | |
| dns_rate_limiter | Dns rate limiter Rate limits the DNS requests. |
ALBDnsRateLimiter | |
| gslb_site_selection | Gslb site selection Select a specific GSLB site for the DNS query. This action should be used only when GSLB services have been configured for the DNS virtual service. |
ALBDnsRuleActionGslbSiteSelection | |
| pool_switching | Pool switching Select a pool or pool group for the passthrough DNS query which cannot be served locally but could be served by upstream servers. |
ALBDnsRuleActionPoolSwitching | |
| response | Response Generate a response for the DNS query. |
ALBDnsRuleActionResponse |
ALBDnsRuleActionAllowDrop (schema)
DnsRuleActionAllowDrop
Advanced load balancer DnsRuleActionAllowDrop object
| Name | Description | Type | Notes |
|---|---|---|---|
| allow | Allow Allow the DNS query. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| reset_conn | Reset conn Reset the TCP connection of the DNS query, if allow is set to false to drop the query. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
ALBDnsRuleActionGslbSiteSelection (schema)
DnsRuleActionGslbSiteSelection
Advanced load balancer DnsRuleActionGslbSiteSelection object
| Name | Description | Type | Notes |
|---|---|---|---|
| fallback_site_names | Fallback site names GSLB fallback sites to use in case the desired site is down. Maximum of 64 items allowed. |
array of string | |
| is_site_preferred | Is site preferred When set to true, GSLB site is a preferred site. This setting comes into play when the site is down, as well as no configured fallback site is available (all fallback sites are also down), then any one available site is selected based on the default algorithm for GSLB pool member selection. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| site_name | Site name GSLB site name. |
string | Required |
ALBDnsRuleActionPoolSwitching (schema)
DnsRuleActionPoolSwitching
Advanced load balancer DnsRuleActionPoolSwitching object
| Name | Description | Type | Notes |
|---|---|---|---|
| pool_group_path | Pool group path Reference of the pool group to serve the passthrough DNS query which cannot be served locally. It is a reference to an object of type PoolGroup. |
string | |
| pool_path | Pool path Reference of the pool to serve the passthrough DNS query which cannot be served locally. It is a reference to an object of type Pool. |
string |
ALBDnsRuleActionResponse (schema)
DnsRuleActionResponse
Advanced load balancer DnsRuleActionResponse object
| Name | Description | Type | Notes |
|---|---|---|---|
| authoritative | Authoritative DNS response is authoritative. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| rcode | Rcode DNS response code. Enum options - DNS_RCODE_NOERROR, DNS_RCODE_FORMERR, DNS_RCODE_SERVFAIL, DNS_RCODE_NXDOMAIN, DNS_RCODE_NOTIMP, DNS_RCODE_REFUSED, DNS_RCODE_YXDOMAIN, DNS_RCODE_YXRRSET, DNS_RCODE_NXRRSET, DNS_RCODE_NOTAUTH, DNS_RCODE_NOTZONE. Default value when not specified in API or module is interpreted by ALB Controller as DNS_RCODE_NOERROR. |
ALBDnsRcode | Default: "DNS_RCODE_NOERROR" |
| resource_record_sets | Resource record sets DNS resource record sets - (resource record set share the DNS domain name, type, and class). |
array of ALBDnsRuleDnsRrSet | |
| truncation | Truncation DNS response is truncated. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
ALBDnsRuleDnsRrSet (schema)
DnsRuleDnsRrSet
Advanced load balancer DnsRuleDnsRrSet object
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_record_set | Resource record set DNS resource record set - (records in the resource record set share the DNS domain name, type, and class). |
ALBDnsRrSet | Required |
| section | Section DNS message section for the resource record set. Enum options - DNS_MESSAGE_SECTION_QUESTION, DNS_MESSAGE_SECTION_ANSWER, DNS_MESSAGE_SECTION_AUTHORITY, DNS_MESSAGE_SECTION_ADDITIONAL. Default value when not specified in API or module is interpreted by ALB Controller as DNS_MESSAGE_SECTION_ANSWER. |
ALBDnsMessageSection | Default: "DNS_MESSAGE_SECTION_ANSWER" |
ALBDnsRuleMatchTarget (schema)
DnsRuleMatchTarget
Advanced load balancer DnsRuleMatchTarget object
| Name | Description | Type | Notes |
|---|---|---|---|
| client_ip_address | Client ip address IP addresses to match against client IP or the EDNS client subnet IP. |
ALBDnsClientIpMatch | |
| geo_location | Geo location Geographical location attribute to match against that of the client IP. |
ALBDnsGeoLocationMatch | |
| protocol | Protocol DNS transport protocol match. |
ALBDnsTransportProtocolMatch | |
| query_name | Query name Domain names to match against query name. |
ALBDnsQueryNameMatch | |
| query_type | Query type DNS query types to match against request query type. |
ALBDnsQueryTypeMatch |
ALBDnsRuleRLAction (schema)
DnsRuleRLAction
Advanced load balancer DnsRuleRLAction object
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Type Type of action to be enforced upon hitting the rate limit. Enum options - DNS_RL_ACTION_NONE, DNS_RL_ACTION_DROP_REQ. Default value when not specified in API or module is interpreted by ALB Controller as DNS_RL_ACTION_NONE. |
ALBDnsRuleRLActionType | Default: "DNS_RL_ACTION_NONE" |
ALBDnsRuleRLActionType (schema)
DnsRuleRLActionType type
Valid ENUM values for ALBDnsRuleRLActionType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBDnsRuleRLActionType | DnsRuleRLActionType type Valid ENUM values for ALBDnsRuleRLActionType |
string | Enum: DNS_RL_ACTION_NONE, DNS_RL_ACTION_DROP_REQ |
ALBDnsServiceApplicationProfile (schema)
DnsServiceApplicationProfile
Advanced load balancer DnsServiceApplicationProfile object
| Name | Description | Type | Notes |
|---|---|---|---|
| aaaa_empty_response | Aaaa empty response Respond to AAAA queries with empty response when there are only IPV4 records. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| admin_email | Admin email Email address of the administrator responsible for this zone. This field is used in SOA records (rname) pertaining to all domain names specified as authoritative domain names. If not configured, the default value 'hostmaster' is used in SOA responses. Default value when not specified in API or module is interpreted by ALB Controller as hostmaster. |
string | Default: "hostmaster" |
| dns_over_tcp_enabled | Dns over tcp enabled Enable DNS query/response over TCP. This enables analytics for pass-through queries as well. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| dns_zones | Dns zones DNS zones hosted on this Virtual Service. Maximum of 100 items allowed. |
array of ALBDnsZone | |
| domain_names | Domain names Subdomain names serviced by this Virtual Service. These are configured as Ends-With semantics. Maximum of 100 items allowed. |
array of string | |
| ecs_stripping_enabled | Ecs stripping enabled Enable stripping of EDNS client subnet (ecs) option towards client if DNS service inserts ecs option in the DNS query towards upstream servers. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| edns | Edns Enable DNS service to be aware of EDNS (Extension mechanism for DNS). EDNS extensions are parsed and shown in logs. For GSLB services, the EDNS client subnet option can be used to influence Load Balancing. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| edns_client_subnet_prefix_len | Edns client subnet prefix len Specifies the IP address prefix length to use in the EDNS client subnet (ECS) option. When the incoming request does not have any ECS option and the prefix length is specified, an ECS option is inserted in the request passed to upstream server. If the incoming request already has an ECS option, the prefix length (and correspondingly the address) in the ECS option is updated, with the minimum of the prefix length present in the incoming and the configured prefix length, before passing the request to upstream server. Allowed values are 1-32. |
integer | Minimum: 1 Maximum: 32 |
| error_response | Error response Drop or respond to client when the DNS service encounters an error processing a client query. By default, such a request is dropped without any response, or passed through to a passthrough pool, if configured. When set to respond, an appropriate response is sent to client, e.g. NXDOMAIN response for non-existent records, empty NOERROR response for unsupported queries, etc. Enum options - DNS_ERROR_RESPONSE_ERROR, DNS_ERROR_RESPONSE_NONE. Default value when not specified in API or module is interpreted by ALB Controller as DNS_ERROR_RESPONSE_NONE. |
ALBDnsErrorResponseType | Default: "DNS_ERROR_RESPONSE_NONE" |
| name_server | Name server The or primary source of data for this zone. This field is used in SOA records (mname) pertaining to all domain names specified as authoritative domain names. If not configured, domain name is used as name server in SOA response. |
string | |
| negative_caching_ttl | Negative caching ttl Specifies the TTL value (in seconds) for SOA (Start of Authority) (corresponding to a authoritative domain owned by this DNS Virtual Service) record's minimum TTL served by the DNS Virtual Service. Allowed values are 0-86400. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 30. |
integer | Minimum: 0 Maximum: 86400 Default: "30" |
| num_dns_ip | Num dns ip Specifies the number of IP addresses returned by the DNS Service. Enter 0 to return all IP addresses. Allowed values are 1-20. Special values are 0- 'Return all IP addresses'. Default value when not specified in API or module is interpreted by ALB Controller as 1. |
integer | Minimum: 0 Maximum: 20 Default: "1" |
| ttl | Ttl Specifies the TTL value (in seconds) for records served by DNS Service. Allowed values are 0-86400. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 30. |
integer | Minimum: 0 Maximum: 86400 Default: "30" |
ALBDnsSrvRdata (schema)
DnsSrvRdata
Advanced load balancer DnsSrvRdata object
| Name | Description | Type | Notes |
|---|---|---|---|
| port | Port Service port. Allowed values are 0-65535. |
integer | Required Minimum: 0 Maximum: 65535 |
| priority | Priority Priority of the target hosting the service, low value implies higher priority for this service record. Allowed values are 0-65535. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Minimum: 0 Maximum: 65535 Default: "0" |
| target | Target Canonical hostname, of the machine hosting the service, with no trailing period. 'default.host' is valid but not 'default.host.'. Default value when not specified in API or module is interpreted by ALB Controller as default.host. |
string | Default: "default.host" |
| weight | Weight Relative weight for service records with same priority, high value implies higher preference for this service record. Allowed values are 0-65535. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Minimum: 0 Maximum: 65535 Default: "0" |
ALBDnsTransportProtocol (schema)
DnsTransportProtocol type
Valid ENUM values for ALBDnsTransportProtocol
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBDnsTransportProtocol | DnsTransportProtocol type Valid ENUM values for ALBDnsTransportProtocol |
string | Enum: DNS_OVER_UDP, DNS_OVER_TCP |
ALBDnsTransportProtocolMatch (schema)
DnsTransportProtocolMatch
Advanced load balancer DnsTransportProtocolMatch object
| Name | Description | Type | Notes |
|---|---|---|---|
| match_criteria | Match criteria Criterion to use for matching the DNS transport protocol. Enum options - IS_IN, IS_NOT_IN. |
ALBMatchOperation | Required |
| protocol | Protocol Protocol to match against transport protocol used by DNS query. Enum options - DNS_OVER_UDP, DNS_OVER_TCP. |
ALBDnsTransportProtocol | Required |
ALBDnsTxtRdata (schema)
DnsTxtRdata
Advanced load balancer DnsTxtRdata object
| Name | Description | Type | Notes |
|---|---|---|---|
| text_str | Text str Text data associated with the FQDN. |
string | Required |
ALBDnsZone (schema)
DnsZone
Advanced load balancer DnsZone object
| Name | Description | Type | Notes |
|---|---|---|---|
| admin_email | Admin email Email address of the administrator responsible for this zone. This field is used in SOA records as rname (RFC 1035). If not configured, it is inherited from the DNS service profile. |
string | |
| domain_name | Domain name Domain name authoritatively serviced by this Virtual Service. Queries for FQDNs that are sub domains of this domain and do not have any DNS record in Avi are dropped or NXDomain response sent. For domains which are present, SOA parameters are sent in answer section of response if query type is SOA. |
string | Required |
| name_server | Name server The primary name server for this zone. This field is used in SOA records as mname (RFC 1035). If not configured, it is inherited from the DNS service profile. If even that is not configured, the domain name is used instead. |
string |
ALBDosRateLimitProfile (schema)
DosRateLimitProfile
Advanced load balancer DosRateLimitProfile object
| Name | Description | Type | Notes |
|---|---|---|---|
| dos_profile | Dos profile Profile for DoS attack detection. |
ALBDosThresholdProfile | |
| rl_profile | Rl profile Profile for Connections/Requests rate limiting. |
ALBRateLimiterProfile |
ALBDosThreshold (schema)
DosThreshold
Advanced load balancer DosThreshold object
| Name | Description | Type | Notes |
|---|---|---|---|
| attack | Attack Attack type. Enum options - LAND, SMURF, ICMP_PING_FLOOD, UNKOWN_PROTOCOL, TEARDROP, IP_FRAG_OVERRUN, IP_FRAG_TOOSMALL, IP_FRAG_FULL, IP_FRAG_INCOMPLETE, PORT_SCAN, TCP_NON_SYN_FLOOD_OLD, SYN_FLOOD, BAD_RST_FLOOD, MALFORMED_FLOOD, FAKE_SESSION, ZERO_WINDOW_STRESS, SMALL_WINDOW_STRESS, DOS_HTTP_TIMEOUT, DOS_HTTP_ERROR, DOS_HTTP_ABORT... |
ALBAttackType | Required |
| max_value | Max value Maximum number of packets or connections or requests in a given interval of time to be deemed as attack. |
integer | Required |
| min_value | Min value Minimum number of packets or connections or requests in a given interval of time to be deemed as attack. |
integer | Required |
ALBDosThresholdProfile (schema)
DosThresholdProfile
Advanced load balancer DosThresholdProfile object
| Name | Description | Type | Notes |
|---|---|---|---|
| thresh_info | Thresh info Attack type, min and max values for DoS attack detection. |
array of ALBDosThreshold | |
| thresh_period | Thresh period Timer value in seconds to collect DoS attack metrics based on threshold on the Service Engine for this Virtual Service. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 5. |
integer | Required Default: "5" |
ALBDsrProfile (schema)
DsrProfile
Advanced load balancer DsrProfile object
| Name | Description | Type | Notes |
|---|---|---|---|
| dsr_encap_type | Dsr encap type Encapsulation type to use when DSR is L3. Enum options - ENCAP_IPINIP. Default value when not specified in API or module is interpreted by ALB Controller as ENCAP_IPINIP. |
ALBEncapType | Default: "ENCAP_IPINIP" |
| dsr_type | Dsr type DSR type L2/L3. Enum options - DSR_TYPE_L2, DSR_TYPE_L3. Default value when not specified in API or module is interpreted by ALB Controller as DSR_TYPE_L3. |
ALBDsrType | Default: "DSR_TYPE_L3" |
ALBDsrType (schema)
DsrType type
Valid ENUM values for ALBDsrType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBDsrType | DsrType type Valid ENUM values for ALBDsrType |
string | Enum: DSR_TYPE_L2, DSR_TYPE_L3 |
ALBEncapType (schema)
EncapType type
Valid ENUM values for ALBEncapType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBEncapType | EncapType type Valid ENUM values for ALBEncapType |
string | Enum: ENCAP_IPINIP |
ALBEnforcementPointState (schema)
Enforcement point state for ALB
Valid ENUM values for ALBEnforcementPointState
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBEnforcementPointState | Enforcement point state for ALB Valid ENUM values for ALBEnforcementPointState |
string | Enum: ACTIVATE, DEACTIVATE_PROVIDER, DEACTIVATE_API |
ALBEquivalentLabels (schema)
EquivalentLabels
Advanced load balancer EquivalentLabels object
| Name | Description | Type | Notes |
|---|---|---|---|
| labels | Labels Equivalent labels. |
array of string |
ALBErrorPage (schema)
ErrorPage
Advanced load balancer ErrorPage object
| Name | Description | Type | Notes |
|---|---|---|---|
| enable | Enable Enable or disable the error page. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| error_page_body_path | Error page body path Custom error page body used to sent to the client. It is a reference to an object of type ErrorPageBody. |
string | |
| error_redirect | Error redirect Redirect sent to client when match. |
string | |
| index | Index Index of the error page. |
integer | |
| match | Match Add match criteria for http status codes to the error page. Allowed in Basic edition, Essentials edition, Enterprise edition. |
ALBHTTPStatusMatch |
ALBErrorPageBody (schema)
ErrorPageBody
Advanced load balancer ErrorPageBody object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| error_page_body | Error page body Error page body sent to client when match. |
string | |
| format | Format Format of an error page body HTML or JSON. Enum options - ERROR_PAGE_FORMAT_HTML, ERROR_PAGE_FORMAT_JSON. Default value when not specified in API or module is interpreted by ALB Controller as ERROR_PAGE_FORMAT_HTML. |
ALBErrorPageFormat | Default: "ERROR_PAGE_FORMAT_HTML" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBErrorPageBody | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ALBErrorPageBodyApiResponse (schema)
ErrorPageBodyApiResponse
ErrorPageBodyApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of ErrorPageBody Array of ErrorPageBody |
array of ALBErrorPageBody | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALBErrorPageFormat (schema)
ErrorPageFormat type
Valid ENUM values for ALBErrorPageFormat
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBErrorPageFormat | ErrorPageFormat type Valid ENUM values for ALBErrorPageFormat |
string | Enum: ERROR_PAGE_FORMAT_HTML, ERROR_PAGE_FORMAT_JSON |
ALBErrorPageProfile (schema)
ErrorPageProfile
Advanced load balancer ErrorPageProfile object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| error_pages | Error pages Defined Error Pages for HTTP status codes. |
array of ALBErrorPage | |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBErrorPageProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ALBErrorPageProfileApiResponse (schema)
ErrorPageProfileApiResponse
ErrorPageProfileApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of ErrorPageProfile Array of ErrorPageProfile |
array of ALBErrorPageProfile | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALBFailAction (schema)
FailAction
Advanced load balancer FailAction object
| Name | Description | Type | Notes |
|---|---|---|---|
| local_rsp | Local rsp Local response to HTTP requests when pool experiences a failure. |
ALBFailActionHTTPLocalResponse | |
| redirect | Redirect URL to redirect HTTP requests to when pool experiences a failure. |
ALBFailActionHTTPRedirect | |
| type | Type Enables a response to client when pool experiences a failure. By default TCP connection is closed. Enum options - FAIL_ACTION_HTTP_REDIRECT, FAIL_ACTION_HTTP_LOCAL_RSP, FAIL_ACTION_CLOSE_CONN. Allowed in Basic(Allowed values- FAIL_ACTION_CLOSE_CONN,FAIL_ACTION_HTTP_REDIRECT) edition, Essentials(Allowed values- FAIL_ACTION_CLOSE_CONN) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as FAIL_ACTION_CLOSE_CONN. |
ALBFailActionEnum | Required Default: "FAIL_ACTION_CLOSE_CONN" |
ALBFailActionEnum (schema)
FailActionEnum type
Valid ENUM values for ALBFailActionEnum
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBFailActionEnum | FailActionEnum type Valid ENUM values for ALBFailActionEnum |
string | Enum: FAIL_ACTION_HTTP_REDIRECT, FAIL_ACTION_HTTP_LOCAL_RSP, FAIL_ACTION_CLOSE_CONN |
ALBFailActionHTTPLocalResponse (schema)
FailActionHTTPLocalResponse
Advanced load balancer FailActionHTTPLocalResponse object
| Name | Description | Type | Notes |
|---|---|---|---|
| file | File Placeholder for description of property file of obj type FailActionHTTPLocalResponse field type str type ref. |
ALBHTTPLocalFile | |
| status_code | Status code Enum options - FAIL_HTTP_STATUS_CODE_200, FAIL_HTTP_STATUS_CODE_503. Default value when not specified in API or module is interpreted by ALB Controller as FAIL_HTTP_STATUS_CODE_503. |
ALBFailHttpStatusCode | Default: "FAIL_HTTP_STATUS_CODE_503" |
ALBFailActionHTTPRedirect (schema)
FailActionHTTPRedirect
Advanced load balancer FailActionHTTPRedirect object
| Name | Description | Type | Notes |
|---|---|---|---|
| host | Host host of FailActionHTTPRedirect. |
string | Required |
| path | Path path of FailActionHTTPRedirect. |
string | |
| protocol | Protocol Enum options - HTTP, HTTPS. Allowed in Basic(Allowed values- HTTP) edition, Enterprise edition. Special default for Basic edition is HTTP, Enterprise is HTTPS. Default value when not specified in API or module is interpreted by ALB Controller as HTTP. |
ALBHTTPProtocol | Default: "HTTP" |
| query | Query query of FailActionHTTPRedirect. |
string | |
| status_code | Status code Enum options - HTTP_REDIRECT_STATUS_CODE_301, HTTP_REDIRECT_STATUS_CODE_302, HTTP_REDIRECT_STATUS_CODE_307. Allowed in Basic(Allowed values- HTTP_REDIRECT_STATUS_CODE_302) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as HTTP_REDIRECT_STATUS_CODE_302. |
ALBHTTPRedirectStatusCode | Default: "HTTP_REDIRECT_STATUS_CODE_302" |
ALBFailHttpStatusCode (schema)
FailHttpStatusCode type
Valid ENUM values for ALBFailHttpStatusCode
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBFailHttpStatusCode | FailHttpStatusCode type Valid ENUM values for ALBFailHttpStatusCode |
string | Enum: FAIL_HTTP_STATUS_CODE_200, FAIL_HTTP_STATUS_CODE_503 |
ALBFlowLabelType (schema)
FlowLabelType type
Valid ENUM values for ALBFlowLabelType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBFlowLabelType | FlowLabelType type Valid ENUM values for ALBFlowLabelType |
string | Enum: NO_LABEL, APPLICATION_LABEL, SERVICE_LABEL |
ALBFullClientLogs (schema)
FullClientLogs
Advanced load balancer FullClientLogs object
| Name | Description | Type | Notes |
|---|---|---|---|
| duration | Duration How long should the system capture all logs, measured in minutes. Set to 0 for infinite. Special values are 0 - 'infinite'. Unit is MIN. Default value when not specified in API or module is interpreted by ALB Controller as 30. |
integer | Default: "30" |
| enabled | Enabled Capture all client logs including connections and requests. When deactivated, only errors will be logged. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Special default for Basic edition is false, Essentials edition is false, Enterprise is False. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Required Default: "False" |
| throttle | Throttle This setting limits the number of non-significant logs generated per second for this VS on each SE. Default is 10 logs per second. Set it to zero (0) to deactivate throttling. Unit is PER_SECOND. Default value when not specified in API or module is interpreted by ALB Controller as 10. |
integer | Default: "10" |
ALBGeoLocation (schema)
GeoLocation
Advanced load balancer GeoLocation object
| Name | Description | Type | Notes |
|---|---|---|---|
| latitude | Latitude Latitude of the location. This is represented as degrees.minutes. The range is from -90.0 (south) to +90.0 (north). Allowed values are -90.0-+90.0. |
number | |
| longitude | Longitude Longitude of the location. This is represented as degrees.minutes. The range is from -180.0 (west) to +180.0 (east). Allowed values are -180.0-+180.0. |
number | |
| name | Name Location name in the format Country/State/City. |
string | |
| tag | Tag Location tag string - example USEast. |
string |
ALBHSMAwsCloudHsm (schema)
HSMAwsCloudHsm
Advanced load balancer HSMAwsCloudHsm object
| Name | Description | Type | Notes |
|---|---|---|---|
| client_config | Client config client_config of HSMAwsCloudHsm. |
string | |
| cluster_cert | Cluster cert AWS CloudHSM Cluster Certificate. |
string | |
| crypto_user_name | Crypto user name Username of the Crypto User. This will be used to access the keys on the HSM . |
string | |
| crypto_user_password | Crypto user password Password of the Crypto User. This will be used to access the keys on the HSM . |
secure_string | |
| hsm_ip | Hsm ip IP address of the HSM in the cluster. If there are more than one HSMs, only one is sufficient. |
array of string | |
| mgmt_config | Mgmt config mgmt_config of HSMAwsCloudHsm. |
string |
ALBHSMSafenetClientInfo (schema)
HSMSafenetClientInfo
Advanced load balancer HSMSafenetClientInfo object
| Name | Description | Type | Notes |
|---|---|---|---|
| chrystoki_conf | Chrystoki conf Generated File - Chrystoki.conf . |
string | |
| client_cert | Client cert Client Certificate generated by createCert. |
string | |
| client_ip | Client ip Name prepended to client key and certificate filename. |
string | Required |
| client_priv_key | Client priv key Client Private Key generated by createCert. |
secure_string | |
| session_major_number | Session major number Major number of the sesseion. |
integer | |
| session_minor_number | Session minor number Minor number of the sesseion. |
integer |
ALBHSMSafenetLuna (schema)
HSMSafenetLuna
Advanced load balancer HSMSafenetLuna object
| Name | Description | Type | Notes |
|---|---|---|---|
| ha_group_num | Ha group num Group Number of generated HA Group. |
integer | |
| is_ha | Is ha Set to indicate HA across more than one servers. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Required Default: "False" |
| node_info | Node info Node specific information. |
array of ALBHSMSafenetClientInfo | |
| server | Server SafeNet/Gemalto HSM Servers used for crypto operations. |
array of ALBHSMSafenetLunaServer | |
| server_pem | Server pem Generated File - server.pem. |
string | |
| use_dedicated_network | Use dedicated network If enabled, dedicated network is used to communicate with HSM,else, the management network is used. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
ALBHSMSafenetLunaServer (schema)
HSMSafenetLunaServer
Advanced load balancer HSMSafenetLunaServer object
| Name | Description | Type | Notes |
|---|---|---|---|
| index | Index Number of index. |
integer | Required |
| partition_passwd | Partition passwd Password of the partition assigned to this client. |
secure_string | |
| partition_serial_number | Partition serial number Serial number of the partition assigned to this client. |
string | |
| remote_ip | Remote ip IP address of the Safenet/Gemalto HSM device. |
string | Required |
| server_cert | Server cert CA certificate of the server. |
string | Required |
ALBHSMThalesNetHsm (schema)
HSMThalesNetHsm
Advanced load balancer HSMThalesNetHsm object
| Name | Description | Type | Notes |
|---|---|---|---|
| esn | Esn Electronic serial number of the netHSM device. Use Thales anonkneti utility to find the netHSM ESN. |
string | Required |
| keyhash | Keyhash Hash of the key that netHSM device uses to authenticate itself. Use Thales anonkneti utility to find the netHSM keyhash. |
string | Required |
| module_id | Module id Local module id of the netHSM device. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Default: "0" |
| priority | Priority Priority class of the nethsm in an high availability setup. 1 is the highest priority and 100 is the lowest priority. Allowed values are 1-100. Default value when not specified in API or module is interpreted by ALB Controller as 100. |
integer | Required Minimum: 1 Maximum: 100 Default: "100" |
| remote_ip | Remote ip IP address of the netHSM device. |
ALBIpAddr | Required |
| remote_port | Remote port Port at which the netHSM device accepts the connection. Allowed values are 1-65535. Default value when not specified in API or module is interpreted by ALB Controller as 9004. |
integer | Minimum: 1 Maximum: 65535 Default: "9004" |
ALBHSMThalesRFS (schema)
HSMThalesRFS
Advanced load balancer HSMThalesRFS object
| Name | Description | Type | Notes |
|---|---|---|---|
| ip | Ip IP address of the RFS server from where to sync the Thales encrypted private key. |
ALBIpAddr | Required |
| port | Port Port at which the RFS server accepts the sync request from clients for Thales encrypted private key. Allowed values are 1-65535. Default value when not specified in API or module is interpreted by ALB Controller as 9004. |
integer | Minimum: 1 Maximum: 65535 Default: "9004" |
ALBHSMType (schema)
HSMType type
Valid ENUM values for ALBHSMType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBHSMType | HSMType type Valid ENUM values for ALBHSMType |
string | Enum: HSM_TYPE_THALES_NETHSM, HSM_TYPE_SAFENET_LUNA, HSM_TYPE_AWS_CLOUDHSM |
ALBHTTP2ApplicationProfile (schema)
HTTP2ApplicationProfile
Advanced load balancer HTTP2ApplicationProfile object
| Name | Description | Type | Notes |
|---|---|---|---|
| http2_initial_window_size | Http2 initial window size The initial flow control window size in KB for HTTP/2 streams. Allowed values are 64-32768. Unit is KB. Default value when not specified in API or module is interpreted by ALB Controller as 64. |
integer | Minimum: 64 Maximum: 32768 Default: "64" |
| max_http2_concurrent_streams_per_connection | Max http2 concurrent streams per connection The max number of concurrent streams over a client side HTTP/2 connection. Allowed values are 1-256. Default value when not specified in API or module is interpreted by ALB Controller as 128. |
integer | Minimum: 1 Maximum: 256 Default: "128" |
| max_http2_control_frames_per_connection | Max http2 control frames per connection The max number of control frames that client can send over an HTTP/2 connection. '0' means unlimited. Allowed values are 0-10000. Special values are 0- 'Unlimited control frames on a client side HTTP/2 connection'. Default value when not specified in API or module is interpreted by ALB Controller as 1000. |
integer | Minimum: 0 Maximum: 10000 Default: "1000" |
| max_http2_empty_data_frames_per_connection | Max http2 empty data frames per connection The max number of empty data frames that client can send over an HTTP/2 connection. '0' means unlimited. Allowed values are 0-10000. Special values are 0- 'Unlimited empty data frames over a client side HTTP/2 connection'. Default value when not specified in API or module is interpreted by ALB Controller as 1000. |
integer | Minimum: 0 Maximum: 10000 Default: "1000" |
| max_http2_header_field_size | Max http2 header field size The maximum size in bytes of the compressed request header field. The limit applies equally to both name and value. Allowed values are 1-8192. Unit is BYTES. Default value when not specified in API or module is interpreted by ALB Controller as 4096. |
integer | Minimum: 1 Maximum: 8192 Default: "4096" |
| max_http2_queued_frames_to_client_per_connection | Max http2 queued frames to client per connection The max number of frames that can be queued waiting to be sent over a client side HTTP/2 connection at any given time. '0' means unlimited. Allowed values are 0-10000. Special values are 0- 'Unlimited frames can be queued on a client side HTTP/2 connection'. Default value when not specified in API or module is interpreted by ALB Controller as 1000. |
integer | Minimum: 0 Maximum: 10000 Default: "1000" |
| max_http2_requests_per_connection | Max http2 requests per connection The maximum number of requests over a client side HTTP/2 connection. Allowed values are 0-10000. Special values are 0- 'Unlimited requests on a client side HTTP/2 connection'. Default value when not specified in API or module is interpreted by ALB Controller as 1000. |
integer | Minimum: 0 Maximum: 10000 Default: "1000" |
ALBHTTPApplicationProfile (schema)
HTTPApplicationProfile
Advanced load balancer HTTPApplicationProfile object
| Name | Description | Type | Notes |
|---|---|---|---|
| allow_dots_in_header_name | Allow dots in header name Allow use of dot (.) in HTTP header names, for instance Header.app.special PickAppVersionX. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| cache_config | Cache config HTTP Caching config to use with this HTTP Profile. |
ALBHttpCacheConfig | |
| client_body_timeout | Client body timeout The maximum length of time allowed between consecutive read operations for a client request body. The value '0' specifies no timeout. This setting generally impacts the length of time allowed for a client to send a POST. Allowed values are 0-100000000. Unit is MILLISECONDS. Allowed in Basic(Allowed values- 30000) edition, Essentials(Allowed values- 30000) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 30000. |
integer | Minimum: 0 Maximum: 100000000 Default: "30000" |
| client_header_timeout | Client header timeout The maximum length of time allowed for a client to transmit an entire request header. This helps mitigate various forms of SlowLoris attacks. Allowed values are 10-100000000. Unit is MILLISECONDS. Allowed in Basic(Allowed values- 10000) edition, Essentials(Allowed values- 10000) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 10000. |
integer | Minimum: 10 Maximum: 100000000 Default: "10000" |
| client_max_body_size | Client max body size Maximum size for the client request body. This limits the size of the client data that can be uploaded/posted as part of a single HTTP Request. Default 0 => Unlimited. Unit is KB. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Default: "0" |
| client_max_header_size | Client max header size Maximum size in Kbytes of a single HTTP header in the client request. Allowed values are 1-64. Unit is KB. Allowed in Basic(Allowed values- 12) edition, Essentials(Allowed values- 12) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 12. |
integer | Minimum: 1 Maximum: 64 Default: "12" |
| client_max_request_size | Client max request size Maximum size in Kbytes of all the client HTTP request headers. Allowed values are 1-256. Unit is KB. Default value when not specified in API or module is interpreted by ALB Controller as 48. |
integer | Minimum: 1 Maximum: 256 Default: "48" |
| compression_profile | Compression profile HTTP Compression settings to use with this HTTP Profile. |
ALBCompressionProfile | |
| connection_multiplexing_enabled | Connection multiplexing enabled Allows HTTP requests, not just TCP connections, to be load balanced across servers. Proxied TCP connections to servers may be reused by multiple clients to improve performance. Not compatible with Preserve Client IP. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| disable_keepalive_posts_msie6 | Disable keepalive posts msie6 Disable keep-alive client side connections for older browsers based off MS Internet Explorer 6.0 (MSIE6). For some applications, this might break NTLM authentication for older clients based off MSIE6. For such applications, set this option to false to allow keep-alive connections. Allowed in Basic(Allowed values- true) edition, Essentials(Allowed values- true) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| disable_sni_hostname_check | Disable sni hostname check Disable strict check between TLS servername and HTTP Host name. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| enable_chunk_merge | Enable chunk merge Enable chunk body merge for chunked transfer encoding response. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| enable_fire_and_forget | Enable fire and forget Enable support for fire and forget feature. If enabled, request from client is forwarded to server even if client prematurely closes the connection. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| enable_request_body_buffering | Enable request body buffering Enable request body buffering for POST requests. If enabled, max buffer size is set to lower of 32M or the value (non-zero) configured in client_max_body_size. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| enable_request_body_metrics | Enable request body metrics Enable HTTP request body metrics. If enabled, requests from clients are parsed and relevant statistics about them are gathered. Currently, it processes HTTP POST requests with Content-Type application/x-www-form-urlencoded or multipart/form-data, and adds the number of detected parameters to the l7_client.http_params_count. This is an experimental feature and it may have performance impact. Use it when detailed information about the number of HTTP POST parameters is needed, e.g. for WAF sizing. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| fwd_close_hdr_for_bound_connections | Fwd close hdr for bound connections Forward the Connection Close header coming from backend server to the client if connection-switching is enabled, i.e. front-end and backend connections are bound together. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| hsts_enabled | Hsts enabled Inserts HTTP Strict-Transport-Security header in the HTTPS response. HSTS can help mitigate man-in-the-middle attacks by telling browsers that support HSTS that they should only access this site via HTTPS. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| hsts_max_age | Hsts max age Number of days for which the client should regard this virtual service as a known HSTS host. Allowed values are 0-10000. Allowed in Basic(Allowed values- 365) edition, Essentials(Allowed values- 365) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 365. |
integer | Minimum: 0 Maximum: 10000 Default: "365" |
| hsts_subdomains_enabled | Hsts subdomains enabled Insert the 'includeSubdomains' directive in the HTTP Strict-Transport-Security header. Adding the includeSubdomains directive signals the User-Agent that the HSTS Policy applies to this HSTS Host as well as any subdomains of the host's domain name. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Special default for Basic edition is false, Essentials edition is false, Enterprise is True. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| http2_profile | Http2 profile Specifies the HTTP/2 specific application profile parameters. Allowed in Essentials edition, Enterprise edition. |
ALBHTTP2ApplicationProfile | |
| http_to_https | Http to https Client requests received via HTTP will be redirected to HTTPS. Allowed in Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| http_upstream_buffer_size | Http upstream buffer size Size of HTTP buffer in kB. Allowed values are 1-256. Special values are 0- 'Auto compute the size of buffer'. Unit is KB. Allowed in Basic(Allowed values- 0) edition, Essentials(Allowed values- 0) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Minimum: 0 Maximum: 256 Default: "0" |
| httponly_enabled | Httponly enabled Mark HTTP cookies as HTTPonly. This helps mitigate cross site scripting attacks as browsers will not allow these cookies to be read by third parties, such as javascript. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| keepalive_header | Keepalive header Send HTTP 'Keep-Alive' header to the client. By default, the timeout specified in the 'Keep-Alive Timeout' field will be used unless the 'Use App Keepalive Timeout' flag is set, in which case the timeout sent by the application will be honored. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| keepalive_timeout | Keepalive timeout The max idle time allowed between HTTP requests over a Keep-alive connection. Allowed values are 10-100000000. Unit is MILLISECONDS. Allowed in Essentials(Allowed values- 30000) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 30000. |
integer | Minimum: 10 Maximum: 100000000 Default: "30000" |
| max_bad_rps_cip | Max bad rps cip Maximum bad requests per second per client IP. Allowed values are 10-1000. Special values are 0- 'unlimited'. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Minimum: 0 Maximum: 1000 Default: "0" |
| max_bad_rps_cip_uri | Max bad rps cip uri Maximum bad requests per second per client IP and URI. Allowed values are 10-1000. Special values are 0- 'unlimited'. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Minimum: 0 Maximum: 1000 Default: "0" |
| max_bad_rps_uri | Max bad rps uri Maximum bad requests per second per URI. Allowed values are 10-1000. Special values are 0- 'unlimited'. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Minimum: 0 Maximum: 1000 Default: "0" |
| max_keepalive_requests | Max keepalive requests The max number of HTTP requests that can be sent over a Keep-Alive connection. '0' means unlimited. Allowed values are 0-1000000. Special values are 0- 'Unlimited requests on a connection'. Allowed in Basic(Allowed values- 100) edition, Essentials(Allowed values- 100) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 100. |
integer | Minimum: 0 Maximum: 1000000 Default: "100" |
| max_response_headers_size | Max response headers size Maximum size in Kbytes of all the HTTP response headers. Allowed values are 1-256. Unit is KB. Allowed in Basic(Allowed values- 48) edition, Essentials(Allowed values- 48) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 48. |
integer | Minimum: 1 Maximum: 256 Default: "48" |
| max_rps_cip | Max rps cip Maximum requests per second per client IP. Allowed values are 10-1000. Special values are 0- 'unlimited'. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Minimum: 0 Maximum: 1000 Default: "0" |
| max_rps_cip_uri | Max rps cip uri Maximum requests per second per client IP and URI. Allowed values are 10-1000. Special values are 0- 'unlimited'. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Minimum: 0 Maximum: 1000 Default: "0" |
| max_rps_unknown_cip | Max rps unknown cip Maximum unknown client IPs per second. Allowed values are 10-1000. Special values are 0- 'unlimited'. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Minimum: 0 Maximum: 1000 Default: "0" |
| max_rps_unknown_uri | Max rps unknown uri Maximum unknown URIs per second. Allowed values are 10-1000. Special values are 0- 'unlimited'. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Minimum: 0 Maximum: 1000 Default: "0" |
| max_rps_uri | Max rps uri Maximum requests per second per URI. Allowed values are 10-1000. Special values are 0- 'unlimited'. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Minimum: 0 Maximum: 1000 Default: "0" |
| pki_profile_path | Pki profile path Select the PKI profile to be associated with the Virtual Service. This profile defines the Certificate Authority and Revocation List. It is a reference to an object of type PKIProfile. |
string | |
| post_accept_timeout | Post accept timeout The max allowed length of time between a client establishing a TCP connection and Avi receives the first byte of the client's HTTP request. Allowed values are 10-100000000. Unit is MILLISECONDS. Allowed in Basic(Allowed values- 30000) edition, Essentials(Allowed values- 30000) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 30000. |
integer | Minimum: 10 Maximum: 100000000 Default: "30000" |
| reset_conn_http_on_ssl_port | Reset conn http on ssl port If enabled, an HTTP request on an SSL port will result in connection close instead of a 400 response. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| respond_with_100_continue | Respond with 100 continue Avi will respond with 100-Continue response if Expect 100-Continue header received from client. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| secure_cookie_enabled | Secure cookie enabled Mark server cookies with the 'Secure' attribute. Client browsers will not send a cookie marked as secure over an unencrypted connection. If Avi is terminating SSL from clients and passing it as HTTP to the server, the server may return cookies without the secure flag set. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| server_side_redirect_to_https | Server side redirect to https When terminating client SSL sessions at Avi, servers may incorrectly send redirect to clients as HTTP. This option will rewrite the server's redirect responses for this virtual service from HTTP to HTTPS. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| ssl_client_certificate_action | Ssl client certificate action Set of match/action rules that govern what happens when the client certificate request is enabled. |
ALBSSLClientCertificateAction | |
| ssl_client_certificate_mode | Ssl client certificate mode Specifies whether the client side verification is set to none, request or require. Enum options - SSL_CLIENT_CERTIFICATE_NONE, SSL_CLIENT_CERTIFICATE_REQUEST, SSL_CLIENT_CERTIFICATE_REQUIRE. Allowed in Basic(Allowed values- SSL_CLIENT_CERTIFICATE_NONE,SSL_CLIENT_CERTIFICATE_REQUIRE) edition, Essentials(Allowed values- SSL_CLIENT_CERTIFICATE_NONE,SSL_CLIENT_CERTIFICATE_REQUIRE) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as SSL_CLIENT_CERTIFICATE_NONE. |
ALBSSLClientCertificateMode | Default: "SSL_CLIENT_CERTIFICATE_NONE" |
| use_app_keepalive_timeout | Use app keepalive timeout Use 'Keep-Alive' header timeout sent by application instead of sending the HTTP Keep-Alive Timeout. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| websockets_enabled | Websockets enabled Enable Websockets proxy for traffic from clients to the virtual service. Connections to this VS start in HTTP mode. If the client requests an Upgrade to Websockets, and the server responds back with success, then the connection is upgraded to WebSockets mode. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| x_forwarded_proto_enabled | X forwarded proto enabled Insert an X-Forwarded-Proto header in the request sent to the server. When the client connects via SSL, Avi terminates the SSL, and then forwards the requests to the servers via HTTP, so the servers can determine the original protocol via this header. In this example, the value will be 'https'. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| xff_alternate_name | Xff alternate name Provide a custom name for the X-Forwarded-For header sent to the servers. Default value when not specified in API or module is interpreted by ALB Controller as X-Forwarded-For. |
string | Default: "X-Forwarded-For" |
| xff_enabled | Xff enabled The client's original IP address is inserted into an HTTP request header sent to the server. Servers may use this address for logging or other purposes, rather than Avi's source NAT address used in the Avi to server IP connection. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
ALBHTTPClientAuthenticationParams (schema)
HTTPClientAuthenticationParams
Advanced load balancer HTTPClientAuthenticationParams object
| Name | Description | Type | Notes |
|---|---|---|---|
| auth_profile_path | Auth profile path Auth Profile to use for validating users. It is a reference to an object of type AuthProfile. |
string | |
| realm | Realm Basic authentication realm to present to a user along with the prompt for credentials. |
string | |
| request_uri_path | Request uri path Rrequest URI path when the authentication applies. |
ALBStringMatch | |
| type | Type type of client authentication. Enum options - HTTP_BASIC_AUTH. |
ALBHTTPClientAuthenticationType |
ALBHTTPClientAuthenticationType (schema)
HTTPClientAuthenticationType type
Valid ENUM values for ALBHTTPClientAuthenticationType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBHTTPClientAuthenticationType | HTTPClientAuthenticationType type Valid ENUM values for ALBHTTPClientAuthenticationType |
string | Enum: HTTP_BASIC_AUTH |
ALBHTTPCookieData (schema)
HTTPCookieData
Advanced load balancer HTTPCookieData object
| Name | Description | Type | Notes |
|---|---|---|---|
| name | Name Cookie name. |
string | |
| value | Value Cookie value. |
string |
ALBHTTPHdrAction (schema)
HTTPHdrAction
Advanced load balancer HTTPHdrAction object
| Name | Description | Type | Notes |
|---|---|---|---|
| action | Action ADD A new header with the new value is added irrespective of the existence of an HTTP header of the given name. REPLACE A new header with the new value is added if no header of the given name exists, else existing headers with the given name are removed and a new header with the new value is added. REMOVE All the headers of the given name are removed. Enum options - HTTP_ADD_HDR, HTTP_REMOVE_HDR, HTTP_REPLACE_HDR. Allowed in Basic(Allowed values- HTTP_REMOVE_HDR,HTTP_REPLACE_HDR) edition, Essentials(Allowed values- HTTP_REMOVE_HDR,HTTP_REPLACE_HDR) edition, Enterprise edition. |
ALBHTTPHdrActionType | Required |
| cookie | Cookie Cookie information. |
ALBHTTPCookieData | |
| hdr | Hdr HTTP header information. |
ALBHTTPHdrData |
ALBHTTPHdrActionType (schema)
HTTPHdrActionType type
Valid ENUM values for ALBHTTPHdrActionType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBHTTPHdrActionType | HTTPHdrActionType type Valid ENUM values for ALBHTTPHdrActionType |
string | Enum: HTTP_ADD_HDR, HTTP_REMOVE_HDR, HTTP_REPLACE_HDR |
ALBHTTPHdrData (schema)
HTTPHdrData
Advanced load balancer HTTPHdrData object
| Name | Description | Type | Notes |
|---|---|---|---|
| name | Name HTTP header name. |
string | |
| value | Value HTTP header value. |
ALBHTTPHdrValue |
ALBHTTPHdrValue (schema)
HTTPHdrValue
Advanced load balancer HTTPHdrValue object
| Name | Description | Type | Notes |
|---|---|---|---|
| val | Val HTTP header value or variable representing an HTTP header. |
string | |
| var | Var Variable. Enum options - HTTP_POLICY_VAR_CLIENT_IP, HTTP_POLICY_VAR_VS_PORT, HTTP_POLICY_VAR_VS_IP, HTTP_POLICY_VAR_HTTP_HDR, HTTP_POLICY_VAR_SSL_CLIENT_FINGERPRINT, HTTP_POLICY_VAR_SSL_CLIENT_SERIAL, HTTP_POLICY_VAR_SSL_CLIENT_ISSUER, HTTP_POLICY_VAR_SSL_CLIENT_SUBJECT, HTTP_POLICY_VAR_SSL_CLIENT_RAW, HTTP_POLICY_VAR_SSL_PROTOCOL, HTTP_POLICY_VAR_SSL_SERVER_NAME, HTTP_POLICY_VAR_USER_NAME, HTTP_POLICY_VAR_SSL_CIPHER, HTTP_POLICY_VAR_REQUEST_ID, HTTP_POLICY_VAR_SSL_CLIENT_VERSION, HTTP_POLICY_VAR_SSL_CLIENT_SIGALG, HTTP_POLICY_VAR_SSL_CLIENT_NOTVALIDBEFORE, HTTP_POLICY_VAR_SSL_CLIENT_NOTVALIDAFTER. |
ALBHTTPPolicyVar |
ALBHTTPLocalFile (schema)
HTTPLocalFile
Advanced load balancer HTTPLocalFile object
| Name | Description | Type | Notes |
|---|---|---|---|
| content_type | Content type Mime-type of the content in the file. |
string | Required |
| file_content | File content File content to used in the local HTTP response body. |
string | Required |
ALBHTTPLocalResponseStatusCode (schema)
HTTPLocalResponseStatusCode type
Valid ENUM values for ALBHTTPLocalResponseStatusCode
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBHTTPLocalResponseStatusCode | HTTPLocalResponseStatusCode type Valid ENUM values for ALBHTTPLocalResponseStatusCode |
string | Enum: HTTP_LOCAL_RESPONSE_STATUS_CODE_200, HTTP_LOCAL_RESPONSE_STATUS_CODE_204, HTTP_LOCAL_RESPONSE_STATUS_CODE_403, HTTP_LOCAL_RESPONSE_STATUS_CODE_404, HTTP_LOCAL_RESPONSE_STATUS_CODE_429, HTTP_LOCAL_RESPONSE_STATUS_CODE_501 |
ALBHTTPMethod (schema)
HTTPMethod type
Valid ENUM values for ALBHTTPMethod
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBHTTPMethod | HTTPMethod type Valid ENUM values for ALBHTTPMethod |
string | Enum: HTTP_METHOD_GET, HTTP_METHOD_HEAD, HTTP_METHOD_PUT, HTTP_METHOD_DELETE, HTTP_METHOD_POST, HTTP_METHOD_OPTIONS, HTTP_METHOD_TRACE, HTTP_METHOD_CONNECT, HTTP_METHOD_PATCH, HTTP_METHOD_PROPFIND, HTTP_METHOD_PROPPATCH, HTTP_METHOD_MKCOL, HTTP_METHOD_COPY, HTTP_METHOD_MOVE, HTTP_METHOD_LOCK, HTTP_METHOD_UNLOCK |
ALBHTTPPolicies (schema)
HTTPPolicies
Advanced load balancer HTTPPolicies object
| Name | Description | Type | Notes |
|---|---|---|---|
| http_policy_set_path | Http policy set path path of the virtual service HTTP policy collection. It is a reference to an object of type HTTPPolicySet. |
string | Required |
| index | Index Index of the virtual service HTTP policy collection. |
integer | Required |
ALBHTTPPolicySet (schema)
HTTPPolicySet
Advanced load balancer HTTPPolicySet object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| cloud_config_cksum | Cloud config cksum Checksum of cloud configuration for Pool. Internally set by cloud connector. |
string | |
| created_by | Created by Creator name. |
string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| http_request_policy | Http request policy HTTP request policy for the virtual service. |
ALBHTTPRequestPolicy | |
| http_response_policy | Http response policy HTTP response policy for the virtual service. |
ALBHTTPResponsePolicy | |
| http_security_policy | Http security policy HTTP security policy for the virtual service. |
ALBHTTPSecurityPolicy | |
| id | Unique identifier of this resource | string | Sortable |
| is_internal_policy | Is internal policy Placeholder for description of property is_internal_policy of obj type HTTPPolicySet field type str type boolean. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBHTTPPolicySet | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ALBHTTPPolicySetApiResponse (schema)
HTTPPolicySetApiResponse
HTTPPolicySetApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of HTTPPolicySet Array of HTTPPolicySet |
array of ALBHTTPPolicySet | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALBHTTPPolicyVar (schema)
HTTPPolicyVar type
Valid ENUM values for ALBHTTPPolicyVar
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBHTTPPolicyVar | HTTPPolicyVar type Valid ENUM values for ALBHTTPPolicyVar |
string | Enum: HTTP_POLICY_VAR_CLIENT_IP, HTTP_POLICY_VAR_VS_PORT, HTTP_POLICY_VAR_VS_IP, HTTP_POLICY_VAR_HTTP_HDR, HTTP_POLICY_VAR_SSL_CLIENT_FINGERPRINT, HTTP_POLICY_VAR_SSL_CLIENT_SERIAL, HTTP_POLICY_VAR_SSL_CLIENT_ISSUER, HTTP_POLICY_VAR_SSL_CLIENT_SUBJECT, HTTP_POLICY_VAR_SSL_CLIENT_RAW, HTTP_POLICY_VAR_SSL_PROTOCOL, HTTP_POLICY_VAR_SSL_SERVER_NAME, HTTP_POLICY_VAR_USER_NAME, HTTP_POLICY_VAR_SSL_CIPHER, HTTP_POLICY_VAR_REQUEST_ID, HTTP_POLICY_VAR_SSL_CLIENT_VERSION, HTTP_POLICY_VAR_SSL_CLIENT_SIGALG, HTTP_POLICY_VAR_SSL_CLIENT_NOTVALIDBEFORE, HTTP_POLICY_VAR_SSL_CLIENT_NOTVALIDAFTER |
ALBHTTPProtocol (schema)
HTTPProtocol type
Valid ENUM values for ALBHTTPProtocol
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBHTTPProtocol | HTTPProtocol type Valid ENUM values for ALBHTTPProtocol |
string | Enum: HTTP, HTTPS |
ALBHTTPRedirectAction (schema)
HTTPRedirectAction
Advanced load balancer HTTPRedirectAction object
| Name | Description | Type | Notes |
|---|---|---|---|
| host | Host Host config. |
ALBURIParam | |
| keep_query | Keep query Keep or drop the query of the incoming request URI in the redirected URI. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| path | Path Path config. |
ALBURIParam | |
| port | Port Port to which redirect the request. Allowed values are 1-65535. |
integer | Minimum: 1 Maximum: 65535 |
| protocol | Protocol Protocol type. Enum options - HTTP, HTTPS. |
ALBHTTPProtocol | Required |
| status_code | Status code HTTP redirect status code. Enum options - HTTP_REDIRECT_STATUS_CODE_301, HTTP_REDIRECT_STATUS_CODE_302, HTTP_REDIRECT_STATUS_CODE_307. Default value when not specified in API or module is interpreted by ALB Controller as HTTP_REDIRECT_STATUS_CODE_302. |
ALBHTTPRedirectStatusCode | Default: "HTTP_REDIRECT_STATUS_CODE_302" |
ALBHTTPRedirectStatusCode (schema)
HTTPRedirectStatusCode type
Valid ENUM values for ALBHTTPRedirectStatusCode
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBHTTPRedirectStatusCode | HTTPRedirectStatusCode type Valid ENUM values for ALBHTTPRedirectStatusCode |
string | Enum: HTTP_REDIRECT_STATUS_CODE_301, HTTP_REDIRECT_STATUS_CODE_302, HTTP_REDIRECT_STATUS_CODE_307 |
ALBHTTPRequestPolicy (schema)
HTTPRequestPolicy
Advanced load balancer HTTPRequestPolicy object
| Name | Description | Type | Notes |
|---|---|---|---|
| rules | Rules Add rules to the HTTP request policy. |
array of ALBHTTPRequestRule |
ALBHTTPRequestRule (schema)
HTTPRequestRule
Advanced load balancer HTTPRequestRule object
| Name | Description | Type | Notes |
|---|---|---|---|
| all_headers | All headers Log all HTTP headers upon rule match. |
boolean | |
| enable | Enable Enable or disable the rule. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Required Default: "True" |
| hdr_action | Hdr action HTTP header rewrite action. |
array of ALBHTTPHdrAction | |
| index | Index Index of the rule. |
integer | Required |
| log | Log Log HTTP request upon rule match. |
boolean | |
| match | Match Add match criteria to the rule. |
ALBMatchTarget | |
| name | Name Name of the rule. |
string | Required |
| redirect_action | Redirect action HTTP redirect action. |
ALBHTTPRedirectAction | |
| rewrite_url_action | Rewrite url action HTTP request URL rewrite action. |
ALBHTTPRewriteURLAction | |
| switching_action | Switching action Content switching action. |
ALBHTTPSwitchingAction |
ALBHTTPReselectRespCode (schema)
HTTPReselectRespCode
Advanced load balancer HTTPReselectRespCode object
| Name | Description | Type | Notes |
|---|---|---|---|
| codes | Codes HTTP response code to be matched. Allowed values are 400-599. |
array of integer | |
| ranges | Ranges HTTP response code ranges to match. |
array of ALBHTTPStatusRange | |
| resp_code_block | Resp code block Block of HTTP response codes to match for server reselect. Enum options - HTTP_RSP_4XX, HTTP_RSP_5XX. |
array of ALBHttpReselectRespCodeBlock |
ALBHTTPResponseCodes (schema)
HTTPResponseCodes type
Valid ENUM values for ALBHTTPResponseCodes
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBHTTPResponseCodes | HTTPResponseCodes type Valid ENUM values for ALBHTTPResponseCodes |
string | Enum: HTTP_RESPONSE_CODE_0, HTTP_RESPONSE_CODE_100, HTTP_RESPONSE_CODE_101, HTTP_RESPONSE_CODE_200, HTTP_RESPONSE_CODE_201, HTTP_RESPONSE_CODE_202, HTTP_RESPONSE_CODE_203, HTTP_RESPONSE_CODE_204, HTTP_RESPONSE_CODE_205, HTTP_RESPONSE_CODE_206, HTTP_RESPONSE_CODE_300, HTTP_RESPONSE_CODE_301, HTTP_RESPONSE_CODE_302, HTTP_RESPONSE_CODE_303, HTTP_RESPONSE_CODE_304, HTTP_RESPONSE_CODE_305, HTTP_RESPONSE_CODE_307, HTTP_RESPONSE_CODE_400, HTTP_RESPONSE_CODE_401, HTTP_RESPONSE_CODE_402, HTTP_RESPONSE_CODE_403, HTTP_RESPONSE_CODE_404, HTTP_RESPONSE_CODE_405, HTTP_RESPONSE_CODE_406, HTTP_RESPONSE_CODE_407, HTTP_RESPONSE_CODE_408, HTTP_RESPONSE_CODE_409, HTTP_RESPONSE_CODE_410, HTTP_RESPONSE_CODE_411, HTTP_RESPONSE_CODE_412, HTTP_RESPONSE_CODE_413, HTTP_RESPONSE_CODE_414, HTTP_RESPONSE_CODE_415, HTTP_RESPONSE_CODE_416, HTTP_RESPONSE_CODE_417, HTTP_RESPONSE_CODE_426, HTTP_RESPONSE_CODE_470, HTTP_RESPONSE_CODE_475, HTTP_RESPONSE_CODE_500, HTTP_RESPONSE_CODE_501, HTTP_RESPONSE_CODE_502, HTTP_RESPONSE_CODE_503, HTTP_RESPONSE_CODE_504, HTTP_RESPONSE_CODE_505 |
ALBHTTPResponsePolicy (schema)
HTTPResponsePolicy
Advanced load balancer HTTPResponsePolicy object
| Name | Description | Type | Notes |
|---|---|---|---|
| rules | Rules Add rules to the HTTP response policy. |
array of ALBHTTPResponseRule |
ALBHTTPResponseRule (schema)
HTTPResponseRule
Advanced load balancer HTTPResponseRule object
| Name | Description | Type | Notes |
|---|---|---|---|
| all_headers | All headers Log all HTTP headers upon rule match. |
boolean | |
| enable | Enable Enable or disable the rule. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Required Default: "True" |
| hdr_action | Hdr action HTTP header rewrite action. |
array of ALBHTTPHdrAction | |
| index | Index Index of the rule. |
integer | Required |
| loc_hdr_action | Loc hdr action Location header rewrite action. |
ALBHTTPRewriteLocHdrAction | |
| log | Log Log HTTP request upon rule match. |
boolean | |
| match | Match Add match criteria to the rule. |
ALBResponseMatchTarget | |
| name | Name Name of the rule. |
string | Required |
ALBHTTPRewriteLocHdrAction (schema)
HTTPRewriteLocHdrAction
Advanced load balancer HTTPRewriteLocHdrAction object
| Name | Description | Type | Notes |
|---|---|---|---|
| host | Host Host config. |
ALBURIParam | |
| keep_query | Keep query Keep or drop the query from the server side redirect URI. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| path | Path Path config. |
ALBURIParam | |
| port | Port Port to use in the redirected URI. Allowed values are 1-65535. |
integer | Minimum: 1 Maximum: 65535 |
| protocol | Protocol HTTP protocol type. Enum options - HTTP, HTTPS. |
ALBHTTPProtocol | Required |
ALBHTTPRewriteURLAction (schema)
HTTPRewriteURLAction
Advanced load balancer HTTPRewriteURLAction object
| Name | Description | Type | Notes |
|---|---|---|---|
| host_hdr | Host hdr Host config. |
ALBURIParam | |
| path | Path Path config. |
ALBURIParam | |
| query | Query Query config. |
ALBURIParamQuery |
ALBHTTPSecurityAction (schema)
HTTPSecurityAction
Advanced load balancer HTTPSecurityAction object
| Name | Description | Type | Notes |
|---|---|---|---|
| action | Action Type of the security action to perform. Enum options - HTTP_SECURITY_ACTION_CLOSE_CONN, HTTP_SECURITY_ACTION_SEND_RESPONSE, HTTP_SECURITY_ACTION_ALLOW, HTTP_SECURITY_ACTION_REDIRECT_TO_HTTPS, HTTP_SECURITY_ACTION_RATE_LIMIT, HTTP_SECURITY_ACTION_REQUEST_CHECK_ICAP. Allowed in Basic(Allowed values- HTTP_SECURITY_ACTION_CLOSE_CONN,HTTP_SECURITY_ACTION_SEND_RESPONSE,HTTP_SECURITY_ACTION_REDIRECT_TO_HTTPS) edition, Essentials(Allowed values- HTTP_SECURITY_ACTION_CLOSE_CONN,HTTP_SECURITY_ACTION_SEND_RESPONSE,HTTP_SECURITY_ACTION_REDIRECT_TO_HTTPS) edition, Enterprise edition. |
ALBHTTPSecurityActionType | Required |
| file | File File to be used for generating HTTP local response. |
ALBHTTPLocalFile | |
| https_port | Https port Secure SSL/TLS port to redirect the HTTP request to. Allowed values are 1-65535. |
integer | Minimum: 1 Maximum: 65535 |
| rate_profile | Rate profile Rate limiting configuration for this action. Allowed in Basic edition, Essentials edition, Enterprise edition. |
ALBHTTPSecurityActionRateProfile | |
| status_code | Status code HTTP status code to use for local response. Enum options - HTTP_LOCAL_RESPONSE_STATUS_CODE_200, HTTP_LOCAL_RESPONSE_STATUS_CODE_204, HTTP_LOCAL_RESPONSE_STATUS_CODE_403, HTTP_LOCAL_RESPONSE_STATUS_CODE_404, HTTP_LOCAL_RESPONSE_STATUS_CODE_429, HTTP_LOCAL_RESPONSE_STATUS_CODE_501. |
ALBHTTPLocalResponseStatusCode |
ALBHTTPSecurityActionRateProfile (schema)
HTTPSecurityActionRateProfile
Advanced load balancer HTTPSecurityActionRateProfile object
| Name | Description | Type | Notes |
|---|---|---|---|
| action | Action The action to take when the rate limit has been reached. |
ALBRateLimiterAction | Required |
| per_client_ip | Per client ip Rate limiting should be done on a per client ip basis. |
boolean | |
| per_uri_path | Per uri path Rate limiting should be done on a per request uri path basis. |
boolean | |
| rate_limiter | Rate limiter The rate limiter used when this action is triggered. |
ALBRateLimiter | Required |
ALBHTTPSecurityActionType (schema)
HTTPSecurityActionType type
Valid ENUM values for ALBHTTPSecurityActionType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBHTTPSecurityActionType | HTTPSecurityActionType type Valid ENUM values for ALBHTTPSecurityActionType |
string | Enum: HTTP_SECURITY_ACTION_CLOSE_CONN, HTTP_SECURITY_ACTION_SEND_RESPONSE, HTTP_SECURITY_ACTION_ALLOW, HTTP_SECURITY_ACTION_REDIRECT_TO_HTTPS, HTTP_SECURITY_ACTION_RATE_LIMIT, HTTP_SECURITY_ACTION_REQUEST_CHECK_ICAP |
ALBHTTPSecurityPolicy (schema)
HTTPSecurityPolicy
Advanced load balancer HTTPSecurityPolicy object
| Name | Description | Type | Notes |
|---|---|---|---|
| rules | Rules Add rules to the HTTP security policy. |
array of ALBHTTPSecurityRule |
ALBHTTPSecurityRule (schema)
HTTPSecurityRule
Advanced load balancer HTTPSecurityRule object
| Name | Description | Type | Notes |
|---|---|---|---|
| action | Action Action to be performed upon successful matching. |
ALBHTTPSecurityAction | |
| enable | Enable Enable or disable the rule. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Required Default: "True" |
| index | Index Index of the rule. |
integer | Required |
| log | Log Log HTTP request upon rule match. |
boolean | |
| match | Match Add match criteria to the rule. |
ALBMatchTarget | |
| name | Name Name of the rule. |
string | Required |
ALBHTTPServerReselect (schema)
HTTPServerReselect
Advanced load balancer HTTPServerReselect object
| Name | Description | Type | Notes |
|---|---|---|---|
| enabled | Enabled Enable HTTP request reselect when server responds with specific response codes. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Required Default: "False" |
| num_retries | Num retries Number of times to retry an HTTP request when server responds with configured status codes. Default value when not specified in API or module is interpreted by ALB Controller as 4. |
integer | Minimum: 0 Default: "4" |
| retry_nonidempotent | Retry nonidempotent Allow retry of non-idempotent HTTP requests. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| retry_timeout | Retry timeout Timeout per retry attempt, for a given request. Value of 0 indicates default timeout. Allowed values are 0-3600000. Unit is MILLISECONDS. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Minimum: 0 Maximum: 3600000 Default: "0" |
| svr_resp_code | Svr resp code Server response codes which will trigger an HTTP request retry. |
ALBHTTPReselectRespCode |
ALBHTTPStatusMatch (schema)
HTTPStatusMatch
Advanced load balancer HTTPStatusMatch object
| Name | Description | Type | Notes |
|---|---|---|---|
| match_criteria | Match criteria Criterion to use for matching the HTTP response status code(s). Enum options - IS_IN, IS_NOT_IN. |
ALBMatchOperation | Required |
| ranges | Ranges HTTP response status code range(s). |
array of ALBHTTPStatusRange | |
| status_codes | Status codes HTTP response status code(s). |
array of integer |
ALBHTTPStatusRange (schema)
HTTPStatusRange
Advanced load balancer HTTPStatusRange object
| Name | Description | Type | Notes |
|---|---|---|---|
| begin | Begin Starting HTTP response status code. |
integer | Required |
| end | End Ending HTTP response status code. |
integer | Required |
ALBHTTPSwitchingAction (schema)
HTTPSwitchingAction
Advanced load balancer HTTPSwitchingAction object
| Name | Description | Type | Notes |
|---|---|---|---|
| action | Action Content switching action type. Enum options - HTTP_SWITCHING_SELECT_POOL, HTTP_SWITCHING_SELECT_LOCAL, HTTP_SWITCHING_SELECT_POOLGROUP. Allowed in Essentials(Allowed values- HTTP_SWITCHING_SELECT_POOL,HTTP_SWITCHING_SELECT_LOCAL) edition, Enterprise edition. |
ALBHTTPSwitchingActionType | Required |
| file | File File from which to serve local response to the request. |
ALBHTTPLocalFile | |
| pool_group_path | Pool group path path of the pool group to serve the request. It is a reference to an object of type PoolGroup. |
string | |
| pool_path | Pool path path of the pool of servers to serve the request. It is a reference to an object of type Pool. |
string | |
| server | Server Specific pool server to select. |
ALBPoolServer | |
| status_code | Status code HTTP status code to use when serving local response. Enum options - HTTP_LOCAL_RESPONSE_STATUS_CODE_200, HTTP_LOCAL_RESPONSE_STATUS_CODE_204, HTTP_LOCAL_RESPONSE_STATUS_CODE_403, HTTP_LOCAL_RESPONSE_STATUS_CODE_404, HTTP_LOCAL_RESPONSE_STATUS_CODE_429, HTTP_LOCAL_RESPONSE_STATUS_CODE_501. |
ALBHTTPLocalResponseStatusCode |
ALBHTTPSwitchingActionType (schema)
HTTPSwitchingActionType type
Valid ENUM values for ALBHTTPSwitchingActionType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBHTTPSwitchingActionType | HTTPSwitchingActionType type Valid ENUM values for ALBHTTPSwitchingActionType |
string | Enum: HTTP_SWITCHING_SELECT_POOL, HTTP_SWITCHING_SELECT_LOCAL, HTTP_SWITCHING_SELECT_POOLGROUP |
ALBHTTPVersion (schema)
HTTPVersion type
Valid ENUM values for ALBHTTPVersion
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBHTTPVersion | HTTPVersion type Valid ENUM values for ALBHTTPVersion |
string | Enum: ZERO_NINE, ONE_ZERO, ONE_ONE, TWO_ZERO |
ALBHTTPVersionMatch (schema)
HTTPVersionMatch
Advanced load balancer HTTPVersionMatch object
| Name | Description | Type | Notes |
|---|---|---|---|
| match_criteria | Match criteria Criterion to use for HTTP version matching the version used in the HTTP request. Enum options - IS_IN, IS_NOT_IN. |
ALBMatchOperation | Required |
| versions | Versions HTTP protocol version. Enum options - ZERO_NINE, ONE_ZERO, ONE_ONE, TWO_ZERO. Minimum of 1 items required. Maximum of 8 items allowed. Allowed in Basic(Allowed values- ONE_ZERO,ONE_ONE) edition, Essentials(Allowed values- ONE_ZERO,ONE_ONE) edition, Enterprise edition. |
array of ALBHTTPVersion | Required |
ALBHardwareSecurityModule (schema)
HardwareSecurityModule
Advanced load balancer HardwareSecurityModule object
| Name | Description | Type | Notes |
|---|---|---|---|
| cloudhsm | Cloudhsm AWS CloudHSM specific configuration. |
ALBHSMAwsCloudHsm | |
| nethsm | Nethsm Thales netHSM specific configuration. |
array of ALBHSMThalesNetHsm | |
| rfs | Rfs Thales Remote File Server (RFS), used for the netHSMs, configuration. |
ALBHSMThalesRFS | |
| sluna | Sluna Safenet/Gemalto Luna/Gem specific configuration. |
ALBHSMSafenetLuna | |
| type | Type HSM type to use. Enum options - HSM_TYPE_THALES_NETHSM, HSM_TYPE_SAFENET_LUNA, HSM_TYPE_AWS_CLOUDHSM. |
ALBHSMType | Required |
ALBHardwareSecurityModuleGroup (schema)
HardwareSecurityModuleGroup
Advanced load balancer HardwareSecurityModuleGroup object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| hsm | Hsm Hardware Security Module configuration. |
ALBHardwareSecurityModule | Required |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBHardwareSecurityModuleGroup | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ALBHardwareSecurityModuleGroupApiResponse (schema)
HardwareSecurityModuleGroupApiResponse
HardwareSecurityModuleGroupApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of HardwareSecurityModuleGroup Array of HardwareSecurityModuleGroup |
array of ALBHardwareSecurityModuleGroup | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALBHdrMatch (schema)
HdrMatch
Advanced load balancer HdrMatch object
| Name | Description | Type | Notes |
|---|---|---|---|
| hdr | Hdr Name of the HTTP header whose value is to be matched. |
string | Required |
| match_case | Match case Case sensitivity to use for the match. Enum options - SENSITIVE, INSENSITIVE. Default value when not specified in API or module is interpreted by ALB Controller as INSENSITIVE. |
ALBMatchCase | Default: "INSENSITIVE" |
| match_criteria | Match criteria Criterion to use for matching headers in the HTTP request. Enum options - HDR_EXISTS, HDR_DOES_NOT_EXIST, HDR_BEGINS_WITH, HDR_DOES_NOT_BEGIN_WITH, HDR_CONTAINS, HDR_DOES_NOT_CONTAIN, HDR_ENDS_WITH, HDR_DOES_NOT_END_WITH, HDR_EQUALS, HDR_DOES_NOT_EQUAL. |
ALBHdrMatchOperation | Required |
| value | Value String values to match in the HTTP header. |
array of string |
ALBHdrMatchOperation (schema)
HdrMatchOperation type
Valid ENUM values for ALBHdrMatchOperation
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBHdrMatchOperation | HdrMatchOperation type Valid ENUM values for ALBHdrMatchOperation |
string | Enum: HDR_EXISTS, HDR_DOES_NOT_EXIST, HDR_BEGINS_WITH, HDR_DOES_NOT_BEGIN_WITH, HDR_CONTAINS, HDR_DOES_NOT_CONTAIN, HDR_ENDS_WITH, HDR_DOES_NOT_END_WITH, HDR_EQUALS, HDR_DOES_NOT_EQUAL |
ALBHdrPersistenceProfile (schema)
HdrPersistenceProfile
Advanced load balancer HdrPersistenceProfile object
| Name | Description | Type | Notes |
|---|---|---|---|
| prst_hdr_name | Prst hdr name Header name for custom header persistence. |
string |
ALBHealthMonitor (schema)
HealthMonitor
Advanced load balancer HealthMonitor object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| allow_duplicate_monitors | Allow duplicate monitors By default, multiple instances of the same healthmonitor to the same server are suppressed intelligently. In rare cases, the monitor may have specific constructs that go beyond the server keys (ip, port, etc.) during which such suppression is not desired. Use this knob to allow duplicates. Allowed in Basic(Allowed values- true) edition, Essentials(Allowed values- true) edition, Enterprise edition. |
boolean | |
| authentication | Authentication Authentication information for username/password. Allowed in Basic edition, Essentials edition, Enterprise edition. |
ALBHealthMonitorAuthInfo | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| disable_quickstart | Disable quickstart During addition of a server or healthmonitors or during bootup, Avi performs sequential health checks rather than waiting for send-interval to kick in, to mark the server up as soon as possible. This knob may be used to turn this feature off. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. |
boolean | |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| dns_monitor | Dns monitor Placeholder for description of property dns_monitor of obj type HealthMonitor field type str type ref. |
ALBHealthMonitorDNS | |
| external_monitor | External monitor Placeholder for description of property external_monitor of obj type HealthMonitor field type str type ref. |
ALBHealthMonitorExternal | |
| failed_checks | Failed checks Number of continuous failed health checks before the server is marked down. Allowed values are 1-50. Default value when not specified in API or module is interpreted by ALB Controller as 2. |
integer | Minimum: 1 Maximum: 50 Default: "2" |
| http_monitor | Http monitor Placeholder for description of property http_monitor of obj type HealthMonitor field type str type ref. |
ALBHealthMonitorHttp | |
| https_monitor | Https monitor Placeholder for description of property https_monitor of obj type HealthMonitor field type str type ref. |
ALBHealthMonitorHttp | |
| id | Unique identifier of this resource | string | Sortable |
| imap_monitor | Imap monitor Health monitor for IMAP. |
ALBHealthMonitorImap | |
| imaps_monitor | Imaps monitor Health monitor for IMAPS. |
ALBHealthMonitorImap | |
| is_federated | Is federated This field describes the object's replication scope. If the field is set to false, then the object is visible within the controller-cluster and its associated service-engines. If the field is set to true, then the object is replicated across the federation. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| monitor_port | Monitor port Use this port instead of the port defined for the server in the Pool. If the monitor succeeds to this port, the load balanced traffic will still be sent to the port of the server defined within the Pool. Allowed values are 1-65535. Special values are 0 - 'Use server port'. |
integer | Minimum: 0 Maximum: 65535 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| pop3_monitor | Pop3 monitor Health monitor for POP3. |
ALBHealthMonitorPop3 | |
| pop3s_monitor | Pop3s monitor Health monitor for POP3S. |
ALBHealthMonitorPop3 | |
| radius_monitor | Radius monitor Health monitor for Radius. Allowed in Basic edition, Essentials edition, Enterprise edition. |
ALBHealthMonitorRadius | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| receive_timeout | Receive timeout A valid response from the server is expected within the receive timeout window. This timeout must be less than the send interval. If server status is regularly flapping up and down, consider increasing this value. Allowed values are 1-2400. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 4. |
integer | Minimum: 1 Maximum: 2400 Default: "4" |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBHealthMonitor | string | |
| send_interval | Send interval Frequency, in seconds, that monitors are sent to a server. Allowed values are 1-3600. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 10. |
integer | Minimum: 1 Maximum: 3600 Default: "10" |
| sip_monitor | Sip monitor Health monitor for SIP. Allowed in Basic edition, Essentials edition, Enterprise edition. |
ALBHealthMonitorSIP | |
| smtp_monitor | Smtp monitor Health monitor for SMTP. |
ALBHealthMonitorSmtp | |
| smtps_monitor | Smtps monitor Health monitor for SMTPS. |
ALBHealthMonitorSmtp | |
| successful_checks | Successful checks Number of continuous successful health checks before server is marked up. Allowed values are 1-50. Default value when not specified in API or module is interpreted by ALB Controller as 2. |
integer | Minimum: 1 Maximum: 50 Default: "2" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_monitor | Tcp monitor Placeholder for description of property tcp_monitor of obj type HealthMonitor field type str type ref. |
ALBHealthMonitorTcp | |
| type | Type Type of the health monitor. Enum options - HEALTH_MONITOR_PING, HEALTH_MONITOR_TCP, HEALTH_MONITOR_HTTP, HEALTH_MONITOR_HTTPS, HEALTH_MONITOR_EXTERNAL, HEALTH_MONITOR_UDP, HEALTH_MONITOR_DNS, HEALTH_MONITOR_GSLB, HEALTH_MONITOR_SIP, HEALTH_MONITOR_RADIUS, HEALTH_MONITOR_SMTP, HEALTH_MONITOR_SMTPS, HEALTH_MONITOR_POP3, HEALTH_MONITOR_POP3S, HEALTH_MONITOR_IMAP, HEALTH_MONITOR_IMAPS. Allowed in Basic(Allowed values- HEALTH_MONITOR_PING,HEALTH_MONITOR_TCP,HEALTH_MONITOR_UDP,HEALTH_MONITOR_HTTP,HEALTH_MONITOR_HTTPS) edition, Essentials(Allowed values- HEALTH_MONITOR_PING,HEALTH_MONITOR_TCP,HEALTH_MONITOR_UDP) edition, Enterprise edition. |
ALBHealthMonitorType | Required |
| udp_monitor | Udp monitor Placeholder for description of property udp_monitor of obj type HealthMonitor field type str type ref. |
ALBHealthMonitorUdp | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ALBHealthMonitorApiResponse (schema)
HealthMonitorApiResponse
HealthMonitorApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of HealthMonitor Array of HealthMonitor |
array of ALBHealthMonitor | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALBHealthMonitorAuthInfo (schema)
HealthMonitorAuthInfo
Advanced load balancer HealthMonitorAuthInfo object
| Name | Description | Type | Notes |
|---|---|---|---|
| password | Password Password for server authentication. |
secure_string | Required |
| username | Username Username for server authentication. |
secure_string | Required |
ALBHealthMonitorAuthType (schema)
HealthMonitorAuthType type
Valid ENUM values for ALBHealthMonitorAuthType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBHealthMonitorAuthType | HealthMonitorAuthType type Valid ENUM values for ALBHealthMonitorAuthType |
string | Enum: AUTH_BASIC, AUTH_NTLM |
ALBHealthMonitorDNS (schema)
HealthMonitorDNS
Advanced load balancer HealthMonitorDNS object
| Name | Description | Type | Notes |
|---|---|---|---|
| qtype | Qtype Query_Type Response has atleast one answer of which the resource record type matches the query type Any_Type Response should contain atleast one answer AnyThing An empty answer is enough. Enum options - DNS_QUERY_TYPE, DNS_ANY_TYPE, DNS_ANY_THING. Default value when not specified in API or module is interpreted by ALB Controller as DNS_QUERY_TYPE. |
ALBHealthMonitorDNSQueryType | Default: "DNS_QUERY_TYPE" |
| query_name | Query name The DNS monitor will query the DNS server for the fully qualified name in this field. |
string | Required |
| rcode | Rcode When No Error is selected, a DNS query will be marked failed is any error code is returned by the server. With Any selected, the monitor ignores error code in the responses. Enum options - RCODE_NO_ERROR, RCODE_ANYTHING. Default value when not specified in API or module is interpreted by ALB Controller as RCODE_NO_ERROR. |
ALBHealthMonitorDNSRcode | Default: "RCODE_NO_ERROR" |
| record_type | Record type Resource record type used in the healthmonitor DNS query, only A or AAAA type supported. Enum options - DNS_RECORD_OTHER, DNS_RECORD_A, DNS_RECORD_NS, DNS_RECORD_CNAME, DNS_RECORD_SOA, DNS_RECORD_PTR, DNS_RECORD_HINFO, DNS_RECORD_MX, DNS_RECORD_TXT, DNS_RECORD_RP, DNS_RECORD_DNSKEY, DNS_RECORD_AAAA, DNS_RECORD_SRV, DNS_RECORD_OPT, DNS_RECORD_RRSIG, DNS_RECORD_AXFR, DNS_RECORD_ANY. Default value when not specified in API or module is interpreted by ALB Controller as DNS_RECORD_A. |
ALBDnsRecordType | Default: "DNS_RECORD_A" |
| response_string | Response string The resource record of the queried DNS server's response for the Request Name must include the IP address defined in this field. |
string |
ALBHealthMonitorDNSQueryType (schema)
HealthMonitorDNSQueryType type
Valid ENUM values for ALBHealthMonitorDNSQueryType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBHealthMonitorDNSQueryType | HealthMonitorDNSQueryType type Valid ENUM values for ALBHealthMonitorDNSQueryType |
string | Enum: DNS_QUERY_TYPE, DNS_ANY_TYPE, DNS_ANY_THING |
ALBHealthMonitorDNSRcode (schema)
HealthMonitorDNSRcode type
Valid ENUM values for ALBHealthMonitorDNSRcode
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBHealthMonitorDNSRcode | HealthMonitorDNSRcode type Valid ENUM values for ALBHealthMonitorDNSRcode |
string | Enum: RCODE_NO_ERROR, RCODE_ANYTHING |
ALBHealthMonitorExternal (schema)
HealthMonitorExternal
Advanced load balancer HealthMonitorExternal object
| Name | Description | Type | Notes |
|---|---|---|---|
| command_code | Command code Command script provided inline. |
string | Required |
| command_parameters | Command parameters Optional arguments to feed into the script. |
string | |
| command_path | Command path Path of external health monitor script. |
string | |
| command_variables | Command variables Environment variables to be fed into the script. |
string |
ALBHealthMonitorHttp (schema)
HealthMonitorHttp
Advanced load balancer HealthMonitorHttp object
| Name | Description | Type | Notes |
|---|---|---|---|
| auth_type | Auth type Type of the authentication method. Enum options - AUTH_BASIC, AUTH_NTLM. Allowed in Basic edition, Essentials edition, Enterprise edition. |
ALBHealthMonitorAuthType | |
| exact_http_request | Exact http request Use the exact http_request string as specified by user, without any automatic insert of headers like Host header. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| http_request | Http request Send an HTTP request to the server. The default GET / HTTP/1.0 may be extended with additional headers or information. For instance, GET /index.htm HTTP/1.1 Host www.site.com Connection Close. Default value when not specified in API or module is interpreted by ALB Controller as GET / HTTP/1.0. |
string | Default: "GET / HTTP/1.0" |
| http_request_body | Http request body HTTP request body. |
string | |
| http_response | Http response Match for a keyword in the first 2Kb of the server header and body response. |
string | |
| http_response_code | Http response code List of HTTP response codes to match as successful. Default is 2xx. Enum options - HTTP_ANY, HTTP_1XX, HTTP_2XX, HTTP_3XX, HTTP_4XX, HTTP_5XX. Minimum of 1 items required. |
array of ALBHttpResponseCode | Required |
| maintenance_code | Maintenance code Match or look for this HTTP response code indicating server maintenance. A successful match results in the server being marked down. Allowed values are 101-599. Maximum of 4 items allowed. |
array of integer | |
| maintenance_response | Maintenance response Match or look for this keyword in the first 2KB of server header and body response indicating server maintenance. A successful match results in the server being marked down. |
string | |
| response_size | Response size Expected http/https response page size. Allowed values are 2048-16384. |
integer | Minimum: 2048 Maximum: 16384 |
| ssl_attributes | Ssl attributes SSL attributes for HTTPS health monitor. |
ALBHealthMonitorSSLAttributes |
ALBHealthMonitorImap (schema)
HealthMonitorImap
Advanced load balancer HealthMonitorImap object
| Name | Description | Type | Notes |
|---|---|---|---|
| folder | Folder Folder to access. |
string | |
| ssl_attributes | Ssl attributes SSL attributes for IMAPS monitor. |
ALBHealthMonitorSSLAttributes |
ALBHealthMonitorPop3 (schema)
HealthMonitorPop3
Advanced load balancer HealthMonitorPop3 object
| Name | Description | Type | Notes |
|---|---|---|---|
| ssl_attributes | Ssl attributes SSL attributes for POP3S monitor. |
ALBHealthMonitorSSLAttributes |
ALBHealthMonitorRadius (schema)
HealthMonitorRadius
Advanced load balancer HealthMonitorRadius object
| Name | Description | Type | Notes |
|---|---|---|---|
| password | Password Radius monitor will query Radius server with this password. |
secure_string | Required |
| shared_secret | Shared secret Radius monitor will query Radius server with this shared secret. |
secure_string | Required |
| username | Username Radius monitor will query Radius server with this username. |
string | Required |
ALBHealthMonitorSIP (schema)
HealthMonitorSIP
Advanced load balancer HealthMonitorSIP object
| Name | Description | Type | Notes |
|---|---|---|---|
| sip_monitor_transport | Sip monitor transport Specify the transport protocol TCP or UDP, to be used for SIP health monitor. The default transport is UDP. Enum options - SIP_UDP_PROTO, SIP_TCP_PROTO. Default value when not specified in API or module is interpreted by ALB Controller as SIP_UDP_PROTO. |
ALBSipMonTransport | Default: "SIP_UDP_PROTO" |
| sip_request_code | Sip request code Specify the SIP request to be sent to the server. By default, SIP OPTIONS request will be sent. Enum options - SIP_OPTIONS. Default value when not specified in API or module is interpreted by ALB Controller as SIP_OPTIONS. |
ALBSipRequestCode | Default: "SIP_OPTIONS" |
| sip_response | Sip response Match for a keyword in the first 2KB of the server header and body response. By default, it matches for SIP/2.0. Default value when not specified in API or module is interpreted by ALB Controller as SIP/2.0. |
string | Default: "SIP/2.0" |
ALBHealthMonitorSSLAttributes (schema)
HealthMonitorSSLAttributes
Advanced load balancer HealthMonitorSSLAttributes object
| Name | Description | Type | Notes |
|---|---|---|---|
| pki_profile_path | Pki profile path PKI profile used to validate the SSL certificate presented by a server. It is a reference to an object of type PKIProfile. |
string | |
| server_name | Server name Fully qualified DNS hostname which will be used in the TLS SNI extension in server connections indicating SNI is enabled. |
string | |
| ssl_key_and_certificate_path | Ssl key and certificate path Service engines will present this SSL certificate to the server. It is a reference to an object of type SSLKeyAndCertificate. |
string | |
| ssl_profile_path | Ssl profile path SSL profile defines ciphers and SSL versions to be used for healthmonitor traffic to the back-end servers. It is a reference to an object of type SSLProfile. |
string | Required |
ALBHealthMonitorSmtp (schema)
HealthMonitorSmtp
Advanced load balancer HealthMonitorSmtp object
| Name | Description | Type | Notes |
|---|---|---|---|
| domainname | Domainname Sender domain name. |
string | |
| mail_data | Mail data Mail data. |
string | |
| recipients_ids | Recipients ids Mail recipients. |
array of string | |
| sender_id | Sender id Mail sender. |
string | |
| ssl_attributes | Ssl attributes SSL attributes for SMTPS monitor. |
ALBHealthMonitorSSLAttributes |
ALBHealthMonitorTcp (schema)
HealthMonitorTcp
Advanced load balancer HealthMonitorTcp object
| Name | Description | Type | Notes |
|---|---|---|---|
| maintenance_response | Maintenance response Match or look for this keyword in the first 2KB of server's response indicating server maintenance. A successful match results in the server being marked down. |
string | |
| tcp_half_open | Tcp half open Configure TCP health monitor to use half-open TCP connections to monitor the health of backend servers thereby avoiding consumption of a full fledged server side connection and the overhead and logs associated with it. This method is light-weight as it makes use of listener in server's kernel layer to measure the health and a child socket or user thread is not created on the server side. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| tcp_request | Tcp request Request data to send after completing the TCP handshake. |
string | |
| tcp_response | Tcp response Match for the desired keyword in the first 2Kb of the server's TCP response. If this field is left blank, no server response is required. |
string |
ALBHealthMonitorType (schema)
HealthMonitorType type
Valid ENUM values for ALBHealthMonitorType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBHealthMonitorType | HealthMonitorType type Valid ENUM values for ALBHealthMonitorType |
string | Enum: HEALTH_MONITOR_PING, HEALTH_MONITOR_TCP, HEALTH_MONITOR_HTTP, HEALTH_MONITOR_HTTPS, HEALTH_MONITOR_EXTERNAL, HEALTH_MONITOR_UDP, HEALTH_MONITOR_DNS, HEALTH_MONITOR_GSLB, HEALTH_MONITOR_SIP, HEALTH_MONITOR_RADIUS, HEALTH_MONITOR_SMTP, HEALTH_MONITOR_SMTPS, HEALTH_MONITOR_POP3, HEALTH_MONITOR_POP3S, HEALTH_MONITOR_IMAP, HEALTH_MONITOR_IMAPS |
ALBHealthMonitorUdp (schema)
HealthMonitorUdp
Advanced load balancer HealthMonitorUdp object
| Name | Description | Type | Notes |
|---|---|---|---|
| maintenance_response | Maintenance response Match or look for this keyword in the first 2KB of server's response indicating server maintenance. A successful match results in the server being marked down. |
string | |
| udp_request | Udp request Send UDP request. |
string | |
| udp_response | Udp response Match for keyword in the UDP response. |
string |
ALBHostHdrMatch (schema)
HostHdrMatch
Advanced load balancer HostHdrMatch object
| Name | Description | Type | Notes |
|---|---|---|---|
| match_case | Match case Case sensitivity to use for the match. Enum options - SENSITIVE, INSENSITIVE. Default value when not specified in API or module is interpreted by ALB Controller as INSENSITIVE. |
ALBMatchCase | Default: "INSENSITIVE" |
| match_criteria | Match criteria Criterion to use for the host header value match. Enum options - HDR_EXISTS, HDR_DOES_NOT_EXIST, HDR_BEGINS_WITH, HDR_DOES_NOT_BEGIN_WITH, HDR_CONTAINS, HDR_DOES_NOT_CONTAIN, HDR_ENDS_WITH, HDR_DOES_NOT_END_WITH, HDR_EQUALS, HDR_DOES_NOT_EQUAL. |
ALBHdrMatchOperation | Required |
| value | Value String value(s) in the host header. |
array of string |
ALBHttpCacheConfig (schema)
HttpCacheConfig
Advanced load balancer HttpCacheConfig object
| Name | Description | Type | Notes |
|---|---|---|---|
| age_header | Age header Add an Age header to content served from cache, which indicates to the client the number of seconds the object has been in the cache. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| aggressive | Aggressive Enable/disable caching objects without Cache-Control headers. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| date_header | Date header If a Date header was not added by the server, add a Date header to the object served from cache. This indicates to the client when the object was originally sent by the server to the cache. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| default_expire | Default expire Default expiration time of cache objects received from the server without a Cache-Control expiration header. This value may be overwritten by the Heuristic Expire setting. Default value when not specified in API or module is interpreted by ALB Controller as 600. |
integer | Default: "600" |
| enabled | Enabled Enable/disable HTTP object caching.When enabling caching for the first time, SE Group app_cache_percent must be set to allocate shared memory required for caching (A service engine restart is needed after setting/resetting the SE group value). Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| heuristic_expire | Heuristic expire If a response object from the server does not include the Cache-Control header, but does include a Last-Modified header, the system will use this time to calculate the Cache-Control expiration. If unable to solicit an Last-Modified header, then the system will fall back to the Cache Expire Time value. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| ignore_request_cache_control | Ignore request cache control Ignore client's cache control headers when fetching or storing from and to the cache. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| max_cache_size | Max cache size Max size, in bytes, of the cache. The default, zero, indicates auto configuration. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Default: "0" |
| max_object_size | Max object size Maximum size of an object to store in the cache. Default value when not specified in API or module is interpreted by ALB Controller as 4194304. |
integer | Default: "4194304" |
| mime_types_block_group_paths | Mime types block group paths Blocklist string group of non-cacheable mime types. It is a reference to an object of type StringGroup. |
array of string | |
| mime_types_block_lists | Mime types block lists Blocklist of non-cacheable mime types. |
array of string | |
| mime_types_group_paths | Mime types group paths Allowlist string group of cacheable mime types. If both Cacheable Mime Types string list and string group are empty, this defaults to (STAR)/(STAR). It is a reference to an object of type StringGroup. |
array of string | |
| mime_types_list | Mime types list Allowlist of cacheable mime types. If both Cacheable Mime Types string list and string group are empty, this defaults to (STAR)/(STAR). |
array of string | |
| min_object_size | Min object size Minimum size of an object to store in the cache. Default value when not specified in API or module is interpreted by ALB Controller as 100. |
integer | Default: "100" |
| query_cacheable | Query cacheable Allow caching of objects whose URI included a query argument. When disabled, these objects are not cached. When enabled, the request must match the URI query to be considered a hit. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| uri_non_cacheable | Uri non cacheable Non-cacheable URI configuration with match criteria. |
ALBPathMatch | |
| xcache_header | Xcache header Add an X-Cache header to content served from cache, which indicates to the client that the object was served from an intermediate cache. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
ALBHttpCookiePersistenceKey (schema)
HttpCookiePersistenceKey
Advanced load balancer HttpCookiePersistenceKey object
| Name | Description | Type | Notes |
|---|---|---|---|
| aes_key | Aes key aes_key of HttpCookiePersistenceKey. |
string | |
| hmac_key | Hmac key hmac_key of HttpCookiePersistenceKey. |
string | |
| name | Name name to use for cookie encryption. |
string |
ALBHttpCookiePersistenceProfile (schema)
HttpCookiePersistenceProfile
Advanced load balancer HttpCookiePersistenceProfile object
| Name | Description | Type | Notes |
|---|---|---|---|
| always_send_cookie | Always send cookie If no persistence cookie was received from the client, always send it. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| cookie_name | Cookie name HTTP cookie name for cookie persistence. |
string | |
| encryption_key | Encryption key Key name to use for cookie encryption. |
string | |
| key | Key Placeholder for description of property key of obj type HttpCookiePersistenceProfile field type str type array. |
array of ALBHttpCookiePersistenceKey | |
| timeout | Timeout The maximum lifetime of any session cookie. No value or 'zero' indicates no timeout. Allowed values are 1-14400. Special values are 0- 'No Timeout'. Unit is MIN. |
integer | Minimum: 0 Maximum: 14400 |
ALBHttpReselectRespCodeBlock (schema)
HttpReselectRespCodeBlock type
Valid ENUM values for ALBHttpReselectRespCodeBlock
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBHttpReselectRespCodeBlock | HttpReselectRespCodeBlock type Valid ENUM values for ALBHttpReselectRespCodeBlock |
string | Enum: HTTP_RSP_4XX, HTTP_RSP_5XX |
ALBHttpResponseCode (schema)
HttpResponseCode type
Valid ENUM values for ALBHttpResponseCode
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBHttpResponseCode | HttpResponseCode type Valid ENUM values for ALBHttpResponseCode |
string | Enum: HTTP_ANY, HTTP_1XX, HTTP_2XX, HTTP_3XX, HTTP_4XX, HTTP_5XX |
ALBIPNetworkSubnet (schema)
IPNetworkSubnet
Advanced load balancer IPNetworkSubnet object
| Name | Description | Type | Notes |
|---|---|---|---|
| network_name | Network name Network for VirtualService IP allocation with Vantage as the IPAM provider. Network should be created before this is configured. It is a reference to an object of type Network. |
string | |
| subnet | Subnet Subnet for VirtualService IP allocation with Vantage or Infoblox as the IPAM provider. Only one of subnet or subnet_uuid configuration is allowed. |
ALBIpAddrPrefix | |
| subnet6 | Subnet6 Subnet for VirtualService IPv6 allocation with Vantage or Infoblox as the IPAM provider. Only one of subnet or subnet_uuid configuration is allowed. Allowed in Basic edition, Essentials edition, Enterprise edition. |
ALBIpAddrPrefix | |
| subnet6_uuid | Subnet6 uuid Subnet UUID or Name or Prefix for VirtualService IPv6 allocation with AWS or OpenStack as the IPAM provider. Only one of subnet or subnet_uuid configuration is allowed. Allowed in Basic edition, Essentials edition, Enterprise edition. |
string | |
| subnet_uuid | Subnet uuid Subnet UUID or Name or Prefix for VirtualService IP allocation with AWS or OpenStack as the IPAM provider. Only one of subnet or subnet_uuid configuration is allowed. |
string |
ALBIPPersistenceProfile (schema)
IPPersistenceProfile
Advanced load balancer IPPersistenceProfile object
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_mask | Ip mask Mask to be applied on client IP. This may be used to persist clients from a subnet to the same server. When set to 0, all requests are sent to the same server. Allowed values are 0-128. Allowed in Basic edition, Essentials edition, Enterprise edition. |
integer | Minimum: 0 Maximum: 128 |
| ip_persistent_timeout | Ip persistent timeout The length of time after a client's connections have closed before expiring the client's persistence to a server. Allowed values are 1-720. Unit is MIN. Default value when not specified in API or module is interpreted by ALB Controller as 5. |
integer | Minimum: 1 Maximum: 720 Default: "5" |
ALBIdleConnectionType (schema)
IdleConnectionType type
Valid ENUM values for ALBIdleConnectionType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBIdleConnectionType | IdleConnectionType type Valid ENUM values for ALBIdleConnectionType |
string | Enum: KEEP_ALIVE, CLOSE_IDLE |
ALBIpAddr (schema)
IpAddr
Advanced load balancer IpAddr object
| Name | Description | Type | Notes |
|---|---|---|---|
| addr | Addr IP address. |
string | Required |
| type | Type Enum options - V4, DNS, V6. |
ALBIpAddrType | Required |
ALBIpAddrGroup (schema)
IpAddrGroup
Advanced load balancer IpAddrGroup object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| addrs | Addrs Configure IP address(es). |
array of ALBIpAddr | |
| apic_epg_name | Apic epg name Populate IP addresses from members of this Cisco APIC EPG. |
string | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| country_codes | Country codes Populate the IP address ranges from the geo database for this country. |
array of string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ip_ports | Ip ports Configure (IP address, port) tuple(s). |
array of ALBIpAddrPort | |
| marathon_app_name | Marathon app name Populate IP addresses from tasks of this Marathon app. |
string | |
| marathon_service_port | Marathon service port Task port associated with marathon service port. If Marathon app has multiple service ports, this is required. Else, the first task port is used. |
integer | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| prefixes | Prefixes Configure IP address prefix(es). |
array of ALBIpAddrPrefix | |
| ranges | Ranges Configure IP address range(s). |
array of ALBIpAddrRange | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBIpAddrGroup | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ALBIpAddrGroupApiResponse (schema)
IpAddrGroupApiResponse
IpAddrGroupApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of IpAddrGroup Array of IpAddrGroup |
array of ALBIpAddrGroup | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALBIpAddrMatch (schema)
IpAddrMatch
Advanced load balancer IpAddrMatch object
| Name | Description | Type | Notes |
|---|---|---|---|
| addrs | Addrs IP address(es). |
array of ALBIpAddr | |
| group_paths | Group paths path of IP address group(s). It is a reference to an object of type IpAddrGroup. |
array of string | |
| match_criteria | Match criteria Criterion to use for IP address matching the HTTP request. Enum options - IS_IN, IS_NOT_IN. |
ALBMatchOperation | Required |
| prefixes | Prefixes IP address prefix(es). |
array of ALBIpAddrPrefix | |
| ranges | Ranges IP address range(s). |
array of ALBIpAddrRange |
ALBIpAddrPort (schema)
IpAddrPort
Advanced load balancer IpAddrPort object
| Name | Description | Type | Notes |
|---|---|---|---|
| hostname | Hostname Hostname of server. One of IP address or hostname should be set. |
string | |
| ip | Ip IP Address of host. One of IP address or hostname should be set. |
ALBIpAddr | |
| name | Name Name of the object. |
string | |
| port | Port Port number of server. Allowed values are 1-65535. |
integer | Required Minimum: 1 Maximum: 65535 |
ALBIpAddrPrefix (schema)
IpAddrPrefix
Advanced load balancer IpAddrPrefix object
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_addr | Ip addr Placeholder for description of property ip_addr of obj type IpAddrPrefix field type str type ref. |
ALBIpAddr | Required |
| mask | Mask Number of mask. |
integer | Required |
ALBIpAddrRange (schema)
IpAddrRange
Advanced load balancer IpAddrRange object
| Name | Description | Type | Notes |
|---|---|---|---|
| begin | Begin Starting IP address of the range. |
ALBIpAddr | Required |
| end | End Ending IP address of the range. |
ALBIpAddr | Required |
ALBIpAddrType (schema)
IpAddrType type
Valid ENUM values for ALBIpAddrType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBIpAddrType | IpAddrType type Valid ENUM values for ALBIpAddrType |
string | Enum: V4, DNS, V6 |
ALBIpAddressVersions (schema)
IpAddressVersions type
Valid ENUM values for ALBIpAddressVersions
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBIpAddressVersions | IpAddressVersions type Valid ENUM values for ALBIpAddressVersions |
string | Enum: V4_ONLY, V6_ONLY, V4_V6 |
ALBKeyValue (schema)
KeyValue
Advanced load balancer KeyValue object
| Name | Description | Type | Notes |
|---|---|---|---|
| key | Key Key. |
string | Required |
| value | Value Value. |
string |
ALBL4ConnectionPolicy (schema)
L4ConnectionPolicy
Advanced load balancer L4ConnectionPolicy object
| Name | Description | Type | Notes |
|---|---|---|---|
| rules | Rules Rules to apply when a new transport connection is setup. |
array of ALBL4Rule |
ALBL4Policies (schema)
L4Policies
Advanced load balancer L4Policies object
| Name | Description | Type | Notes |
|---|---|---|---|
| index | Index Index of the virtual service L4 policy set. |
integer | Required |
| l4_policy_set_path | L4 policy set path ID of the virtual service L4 policy set. It is a reference to an object of type L4PolicySet. |
string | Required |
ALBL4PolicySet (schema)
L4PolicySet
Advanced load balancer L4PolicySet object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| created_by | Created by Creator name. |
string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| is_internal_policy | Is internal policy Placeholder for description of property is_internal_policy of obj type L4PolicySet field type str type boolean. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| l4_connection_policy | L4 connection policy Policy to apply when a new transport connection is setup. |
ALBL4ConnectionPolicy | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBL4PolicySet | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ALBL4PolicySetApiResponse (schema)
L4PolicySetApiResponse
L4PolicySetApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of L4PolicySet Array of L4PolicySet |
array of ALBL4PolicySet | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALBL4Rule (schema)
L4Rule
Advanced load balancer L4Rule object
| Name | Description | Type | Notes |
|---|---|---|---|
| action | Action Action to be performed upon successful rule match. |
ALBL4RuleAction | |
| enable | Enable Enable or disable the rule. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| index | Index Index of the rule. |
integer | Required |
| match | Match Match criteria of the rule. |
ALBL4RuleMatchTarget | |
| name | Name Name of the rule. |
string | Required |
ALBL4RuleAction (schema)
L4RuleAction
Advanced load balancer L4RuleAction object
| Name | Description | Type | Notes |
|---|---|---|---|
| select_pool | Select pool Indicates pool or pool-group selection on rule match. |
ALBL4RuleActionSelectPool |
ALBL4RuleActionSelectPool (schema)
L4RuleActionSelectPool
Advanced load balancer L4RuleActionSelectPool object
| Name | Description | Type | Notes |
|---|---|---|---|
| action_type | Action type Indicates action to take on rule match. Enum options - L4_RULE_ACTION_SELECT_POOL, L4_RULE_ACTION_SELECT_POOLGROUP. Allowed in Basic(Allowed values- L4_RULE_ACTION_SELECT_POOL) edition, Essentials(Allowed values- L4_RULE_ACTION_SELECT_POOL) edition, Enterprise edition. |
ALBL4RuleActionSelectPoolType | Required |
| pool_group_path | Pool group path ID of the pool group to serve the request. It is a reference to an object of type PoolGroup. Allowed in Basic edition, Essentials edition, Enterprise edition. |
string | |
| pool_path | Pool path ID of the pool of servers to serve the request. It is a reference to an object of type Pool. |
string |
ALBL4RuleActionSelectPoolType (schema)
L4RuleActionSelectPoolType type
Valid ENUM values for ALBL4RuleActionSelectPoolType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBL4RuleActionSelectPoolType | L4RuleActionSelectPoolType type Valid ENUM values for ALBL4RuleActionSelectPoolType |
string | Enum: L4_RULE_ACTION_SELECT_POOL, L4_RULE_ACTION_SELECT_POOLGROUP |
ALBL4RuleMatchTarget (schema)
L4RuleMatchTarget
Advanced load balancer L4RuleMatchTarget object
| Name | Description | Type | Notes |
|---|---|---|---|
| client_ip | Client ip IP addresses to match against client IP. Allowed in Basic edition, Essentials edition, Enterprise edition. |
ALBIpAddrMatch | |
| port | Port Port number to match against Virtual Service listner port. |
ALBL4RulePortMatch | |
| protocol | Protocol TCP/UDP/ICMP protocol to match against transport protocol. Allowed in Basic edition, Essentials edition, Enterprise edition. |
ALBL4RuleProtocolMatch |
ALBL4RulePortMatch (schema)
L4RulePortMatch
Advanced load balancer L4RulePortMatch object
| Name | Description | Type | Notes |
|---|---|---|---|
| match_criteria | Match criteria Criterion to use for Virtual Service port matching. Enum options - IS_IN, IS_NOT_IN. |
ALBMatchOperation | Required |
| port_ranges | Port ranges Range of TCP/UDP port numbers of the Virtual Service. |
array of ALBPortRange | |
| ports | Ports Virtual Service's listening port(s). Allowed values are 1-65535. |
array of integer |
ALBL4RuleProtocolMatch (schema)
L4RuleProtocolMatch
Advanced load balancer L4RuleProtocolMatch object
| Name | Description | Type | Notes |
|---|---|---|---|
| match_criteria | Match criteria Criterion to use for transport protocol matching. Enum options - IS_IN, IS_NOT_IN. |
ALBMatchOperation | Required |
| protocol | Protocol Transport protocol to match. Enum options - PROTOCOL_ICMP, PROTOCOL_TCP, PROTOCOL_UDP. |
ALBProtocol | Required |
ALBLbAlgorithm (schema)
LbAlgorithm type
Valid ENUM values for ALBLbAlgorithm
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBLbAlgorithm | LbAlgorithm type Valid ENUM values for ALBLbAlgorithm |
string | Enum: LB_ALGORITHM_LEAST_CONNECTIONS, LB_ALGORITHM_ROUND_ROBIN, LB_ALGORITHM_FASTEST_RESPONSE, LB_ALGORITHM_CONSISTENT_HASH, LB_ALGORITHM_LEAST_LOAD, LB_ALGORITHM_FEWEST_SERVERS, LB_ALGORITHM_RANDOM, LB_ALGORITHM_FEWEST_TASKS, LB_ALGORITHM_NEAREST_SERVER, LB_ALGORITHM_CORE_AFFINITY, LB_ALGORITHM_TOPOLOGY |
ALBLbAlgorithmConsistentHash (schema)
LbAlgorithmConsistentHash type
Valid ENUM values for ALBLbAlgorithmConsistentHash
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBLbAlgorithmConsistentHash | LbAlgorithmConsistentHash type Valid ENUM values for ALBLbAlgorithmConsistentHash |
string | Enum: LB_ALGORITHM_CONSISTENT_HASH_SOURCE_IP_ADDRESS, LB_ALGORITHM_CONSISTENT_HASH_SOURCE_IP_ADDRESS_AND_PORT, LB_ALGORITHM_CONSISTENT_HASH_URI, LB_ALGORITHM_CONSISTENT_HASH_CUSTOM_HEADER, LB_ALGORITHM_CONSISTENT_HASH_CUSTOM_STRING, LB_ALGORITHM_CONSISTENT_HASH_CALLID |
ALBLdapAuthSettings (schema)
LdapAuthSettings
Advanced load balancer LdapAuthSettings object
| Name | Description | Type | Notes |
|---|---|---|---|
| base_dn | Base dn The LDAP base DN. For example, avinetworks.com would be DC=avinetworks,DC=com. |
string | |
| bind_as_administrator | Bind as administrator LDAP administrator credentials are used to search for users and group memberships. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| email_attribute | Email attribute LDAP attribute that refers to user email. Default value when not specified in API or module is interpreted by ALB Controller as email. |
string | Default: "email" |
| full_name_attribute | Full name attribute LDAP attribute that refers to user's full name. Default value when not specified in API or module is interpreted by ALB Controller as name. |
string | Default: "name" |
| port | Port Query the LDAP servers on this port. Default value when not specified in API or module is interpreted by ALB Controller as 389. |
integer | Default: "389" |
| security_mode | Security mode LDAP connection security mode. Enum options - AUTH_LDAP_SECURE_NONE, AUTH_LDAP_SECURE_USE_LDAPS. |
ALBAuthLdapSecurityMode | |
| server | Server LDAP server IP address or Hostname. Use IP address if an auth profile is used to configure Virtual Service. Minimum of 1 items required. |
array of string | Required |
| settings | Settings LDAP full directory configuration with administrator credentials. |
ALBLdapDirectorySettings | |
| user_bind | User bind LDAP anonymous bind configuration. |
ALBLdapUserBindSettings |
ALBLdapDirectorySettings (schema)
LdapDirectorySettings
Advanced load balancer LdapDirectorySettings object
| Name | Description | Type | Notes |
|---|---|---|---|
| admin_bind_dn | Admin bind dn LDAP Admin User DN. Administrator credentials are required to search for users under user search DN or groups under group search DN. |
string | |
| group_filter | Group filter Group filter is used to identify groups during search. Default value when not specified in API or module is interpreted by ALB Controller as (objectClass=(STAR)). |
string | Default: "(objectClass=*)" |
| group_member_attribute | Group member attribute LDAP group attribute that identifies each of the group members. Default value when not specified in API or module is interpreted by ALB Controller as member. |
string | Default: "member" |
| group_member_is_full_dn | Group member is full dn Group member entries contain full DNs instead of just user id attribute values. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| group_search_dn | Group search dn LDAP group search DN is the root of search for a given group in the LDAP directory. Only matching groups present in this LDAP directory sub-tree will be checked for user membership. |
string | |
| group_search_scope | Group search scope LDAP group search scope defines how deep to search for the group starting from the group search DN. Enum options - AUTH_LDAP_SCOPE_BASE, AUTH_LDAP_SCOPE_ONE, AUTH_LDAP_SCOPE_SUBTREE. Default value when not specified in API or module is interpreted by ALB Controller as AUTH_LDAP_SCOPE_SUBTREE. |
ALBAuthLdapSearchScope | Default: "AUTH_LDAP_SCOPE_SUBTREE" |
| ignore_referrals | Ignore referrals During user or group search, ignore searching referrals. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| password | Password LDAP Admin User Password. |
secure_string | |
| user_attributes | User attributes LDAP user attributes to fetch on a successful user bind. |
array of string | |
| user_id_attribute | User id attribute LDAP user id attribute is the login attribute that uniquely identifies a single user record. |
string | |
| user_search_dn | User search dn LDAP user search DN is the root of search for a given user in the LDAP directory. Only user records present in this LDAP directory sub-tree will be validated. |
string | |
| user_search_scope | User search scope LDAP user search scope defines how deep to search for the user starting from user search DN. Enum options - AUTH_LDAP_SCOPE_BASE, AUTH_LDAP_SCOPE_ONE, AUTH_LDAP_SCOPE_SUBTREE. Default value when not specified in API or module is interpreted by ALB Controller as AUTH_LDAP_SCOPE_ONE. |
ALBAuthLdapSearchScope | Default: "AUTH_LDAP_SCOPE_ONE" |
ALBLdapUserBindSettings (schema)
LdapUserBindSettings
Advanced load balancer LdapUserBindSettings object
| Name | Description | Type | Notes |
|---|---|---|---|
| dn_template | Dn template LDAP user DN pattern is used to bind LDAP user after replacing the user token with real username. |
string | |
| token | Token LDAP token is replaced with real user name in the user DN pattern. Default value when not specified in API or module is interpreted by ALB Controller as |
string | Default: " |
| user_attributes | User attributes LDAP user attributes to fetch on a successful user bind. |
array of string | |
| user_id_attribute | User id attribute LDAP user id attribute is the login attribute that uniquely identifies a single user record. |
string |
ALBLocationHdrMatch (schema)
LocationHdrMatch
Advanced load balancer LocationHdrMatch object
| Name | Description | Type | Notes |
|---|---|---|---|
| match_case | Match case Case sensitivity to use for the match. Enum options - SENSITIVE, INSENSITIVE. Default value when not specified in API or module is interpreted by ALB Controller as INSENSITIVE. |
ALBMatchCase | Default: "INSENSITIVE" |
| match_criteria | Match criteria Criterion to use for matching location header value in the HTTP response. Enum options - HDR_EXISTS, HDR_DOES_NOT_EXIST, HDR_BEGINS_WITH, HDR_DOES_NOT_BEGIN_WITH, HDR_CONTAINS, HDR_DOES_NOT_CONTAIN, HDR_ENDS_WITH, HDR_DOES_NOT_END_WITH, HDR_EQUALS, HDR_DOES_NOT_EQUAL. |
ALBHdrMatchOperation | Required |
| value | Value String value(s) in the location header. |
array of string |
ALBLogAction (schema)
LogAction type
Valid ENUM values for ALBLogAction
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBLogAction | LogAction type Valid ENUM values for ALBLogAction |
string | Enum: LOG_FIELD_REMOVE, LOG_FIELD_MASKOFF |
ALBLogStreamingFormatType (schema)
LogStreamingFormatType type
Valid ENUM values for ALBLogStreamingFormatType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBLogStreamingFormatType | LogStreamingFormatType type Valid ENUM values for ALBLogStreamingFormatType |
string | Enum: LOG_STREAMING_FORMAT_JSON_FULL, LOG_STREAMING_FORMAT_JSON_SELECTED |
ALBLogsProcessingType (schema)
LogsProcessingType type
Valid ENUM values for ALBLogsProcessingType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBLogsProcessingType | LogsProcessingType type Valid ENUM values for ALBLogsProcessingType |
string | Enum: LOGS_PROCESSING_NONE, LOGS_PROCESSING_SYNC_AND_INDEX_ON_DEMAND, LOGS_PROCESSING_AUTO_SYNC_AND_INDEX, LOGS_PROCESSING_AUTO_SYNC_BUT_INDEX_ON_DEMAND |
ALBLogsType (schema)
LogsType type
Valid ENUM values for ALBLogsType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBLogsType | LogsType type Valid ENUM values for ALBLogsType |
string | Enum: LOGS_SIGNIFICANT_ONLY, LOGS_UDF_ONLY, LOGS_UDF_SIGNIFICANT, LOGS_ALL |
ALBMatchCase (schema)
MatchCase type
Valid ENUM values for ALBMatchCase
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBMatchCase | MatchCase type Valid ENUM values for ALBMatchCase |
string | Enum: SENSITIVE, INSENSITIVE |
ALBMatchOperation (schema)
MatchOperation type
Valid ENUM values for ALBMatchOperation
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBMatchOperation | MatchOperation type Valid ENUM values for ALBMatchOperation |
string | Enum: IS_IN, IS_NOT_IN |
ALBMatchReplacePair (schema)
MatchReplacePair
Advanced load balancer MatchReplacePair object
| Name | Description | Type | Notes |
|---|---|---|---|
| match_string | Match string String to be matched. |
string | Required |
| replacement_string | Replacement string Replacement string. |
ALBReplaceStringVar |
ALBMatchTarget (schema)
MatchTarget
Advanced load balancer MatchTarget object
| Name | Description | Type | Notes |
|---|---|---|---|
| client_ip | Client ip Configure client ip addresses. |
ALBIpAddrMatch | |
| cookie | Cookie Configure HTTP cookie(s). |
ALBCookieMatch | |
| hdrs | Hdrs Configure HTTP header(s). |
array of ALBHdrMatch | |
| host_hdr | Host hdr Configure the host header. |
ALBHostHdrMatch | |
| method | Method Configure HTTP methods. |
ALBMethodMatch | |
| path | Path Configure request paths. |
ALBPathMatch | |
| protocol | Protocol Configure the type of HTTP protocol. |
ALBProtocolMatch | |
| query | Query Configure request query. |
ALBQueryMatch | |
| version | Version Configure versions of the HTTP protocol. |
ALBHTTPVersionMatch | |
| vs_port | Vs port Configure virtual service ports. |
ALBPortMatch |
ALBMethodMatch (schema)
MethodMatch
Advanced load balancer MethodMatch object
| Name | Description | Type | Notes |
|---|---|---|---|
| match_criteria | Match criteria Criterion to use for HTTP method matching the method in the HTTP request. Enum options - IS_IN, IS_NOT_IN. |
ALBMatchOperation | Required |
| methods | Methods Configure HTTP method(s). Enum options - HTTP_METHOD_GET, HTTP_METHOD_HEAD, HTTP_METHOD_PUT, HTTP_METHOD_DELETE, HTTP_METHOD_POST, HTTP_METHOD_OPTIONS, HTTP_METHOD_TRACE, HTTP_METHOD_CONNECT, HTTP_METHOD_PATCH, HTTP_METHOD_PROPFIND, HTTP_METHOD_PROPPATCH, HTTP_METHOD_MKCOL, HTTP_METHOD_COPY, HTTP_METHOD_MOVE, HTTP_METHOD_LOCK, HTTP_METHOD_UNLOCK. Minimum of 1 items required. Maximum of 16 items allowed. Allowed in Basic(Allowed values- HTTP_METHOD_GET,HTTP_METHOD_PUT,HTTP_METHOD_POST,HTTP_METHOD_HEAD,HTTP_METHOD_OPTIONS) edition, Essentials(Allowed values- HTTP_METHOD_GET,HTTP_METHOD_PUT,HTTP_METHOD_POST,HTTP_METHOD_HEAD,HTTP_METHOD_OPTIONS) edition, Enterprise edition. |
array of ALBHTTPMethod | Required |
ALBMetricsRealTimeUpdate (schema)
MetricsRealTimeUpdate
Advanced load balancer MetricsRealTimeUpdate object
| Name | Description | Type | Notes |
|---|---|---|---|
| duration | Duration Real time metrics collection duration in minutes. 0 for infinite. Special values are 0 - 'infinite'. Unit is MIN. Default value when not specified in API or module is interpreted by ALB Controller as 30. |
integer | Default: "30" |
| enabled | Enabled Enables real time metrics collection. When deactivated, 6 hour view is the most granular the system will track. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Required Default: "False" |
ALBMicroServiceMatch (schema)
MicroServiceMatch
Advanced load balancer MicroServiceMatch object
| Name | Description | Type | Notes |
|---|---|---|---|
| match_criteria | Match criteria Criterion to use for Micro Service matching the HTTP request. Enum options - IS_IN, IS_NOT_IN. |
ALBMatchOperation | Required |
ALBNetworkFilter (schema)
NetworkFilter
Advanced load balancer NetworkFilter object
| Name | Description | Type | Notes |
|---|---|---|---|
| server_filter | Server filter server_filter of NetworkFilter. |
string |
ALBNetworkProfile (schema)
NetworkProfile
Advanced load balancer NetworkProfile object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| connection_mirror | Connection mirror When enabled, Avi mirrors all TCP fastpath connections to standby. Applicable only in Legacy HA Mode. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| profile | Profile Placeholder for description of property profile of obj type NetworkProfile field type str type ref. |
ALBNetworkProfileUnion | Required |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBNetworkProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ALBNetworkProfileApiResponse (schema)
NetworkProfileApiResponse
NetworkProfileApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of NetworkProfile Array of NetworkProfile |
array of ALBNetworkProfile | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALBNetworkProfileUnion (schema)
NetworkProfileUnion
Advanced load balancer NetworkProfileUnion object
| Name | Description | Type | Notes |
|---|---|---|---|
| tcp_fast_path_profile | Tcp fast path profile Placeholder for description of property tcp_fast_path_profile of obj type NetworkProfileUnion field type str type ref. |
ALBTCPFastPathProfile | |
| tcp_proxy_profile | Tcp proxy profile Placeholder for description of property tcp_proxy_profile of obj type NetworkProfileUnion field type str type ref. |
ALBTCPProxyProfile | |
| type | Type Configure one of either proxy or fast path profiles. Enum options - PROTOCOL_TYPE_TCP_PROXY, PROTOCOL_TYPE_TCP_FAST_PATH, PROTOCOL_TYPE_UDP_FAST_PATH, PROTOCOL_TYPE_UDP_PROXY. Allowed in Basic(Allowed values- PROTOCOL_TYPE_TCP_PROXY,PROTOCOL_TYPE_TCP_FAST_PATH,PROTOCOL_TYPE_UDP_FAST_PATH) edition, Essentials(Allowed values- PROTOCOL_TYPE_TCP_FAST_PATH,PROTOCOL_TYPE_UDP_FAST_PATH) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as PROTOCOL_TYPE_TCP_PROXY. |
ALBProtocolType | Required Default: "PROTOCOL_TYPE_TCP_PROXY" |
| udp_fast_path_profile | Udp fast path profile Placeholder for description of property udp_fast_path_profile of obj type NetworkProfileUnion field type str type ref. |
ALBUDPFastPathProfile | |
| udp_proxy_profile | Udp proxy profile Configure UDP Proxy network profile. Allowed in Basic edition, Essentials edition, Enterprise edition. |
ALBUDPProxyProfile |
ALBNetworkSecurityMatchTarget (schema)
NetworkSecurityMatchTarget
Advanced load balancer NetworkSecurityMatchTarget object
| Name | Description | Type | Notes |
|---|---|---|---|
| client_ip | Client ip Placeholder for description of property client_ip of obj type NetworkSecurityMatchTarget field type str type ref. |
ALBIpAddrMatch | |
| microservice | Microservice Placeholder for description of property microservice of obj type NetworkSecurityMatchTarget field type str type ref. |
ALBMicroServiceMatch | |
| vs_port | Vs port Placeholder for description of property vs_port of obj type NetworkSecurityMatchTarget field type str type ref. |
ALBPortMatch |
ALBNetworkSecurityPolicy (schema)
NetworkSecurityPolicy
Advanced load balancer NetworkSecurityPolicy object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| cloud_config_cksum | Cloud config cksum Checksum of cloud configuration for Network Sec Policy. Internally set by cloud connector. |
string | |
| created_by | Created by Creator name. |
string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBNetworkSecurityPolicy | string | |
| rules | Rules Placeholder for description of property rules of obj type NetworkSecurityPolicy field type str type array. |
array of ALBNetworkSecurityRule | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ALBNetworkSecurityPolicyActionRLParam (schema)
NetworkSecurityPolicyActionRLParam
Advanced load balancer NetworkSecurityPolicyActionRLParam object
| Name | Description | Type | Notes |
|---|---|---|---|
| burst_size | Burst size Maximum number of connections or requests or packets to be rate limited instantaneously. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Required Default: "0" |
| max_rate | Max rate Maximum number of connections or requests or packets per second. Allowed values are 1-4294967295. |
integer | Required Minimum: 1 Maximum: 4294967295 |
ALBNetworkSecurityPolicyActionType (schema)
NetworkSecurityPolicyActionType type
Valid ENUM values for ALBNetworkSecurityPolicyActionType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBNetworkSecurityPolicyActionType | NetworkSecurityPolicyActionType type Valid ENUM values for ALBNetworkSecurityPolicyActionType |
string | Enum: NETWORK_SECURITY_POLICY_ACTION_TYPE_ALLOW, NETWORK_SECURITY_POLICY_ACTION_TYPE_DENY, NETWORK_SECURITY_POLICY_ACTION_TYPE_RATE_LIMIT |
ALBNetworkSecurityPolicyApiResponse (schema)
NetworkSecurityPolicyApiResponse
NetworkSecurityPolicyApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of NetworkSecurityPolicy Array of NetworkSecurityPolicy |
array of ALBNetworkSecurityPolicy | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALBNetworkSecurityRule (schema)
NetworkSecurityRule
Advanced load balancer NetworkSecurityRule object
| Name | Description | Type | Notes |
|---|---|---|---|
| action | Action Enum options - NETWORK_SECURITY_POLICY_ACTION_TYPE_ALLOW, NETWORK_SECURITY_POLICY_ACTION_TYPE_DENY, NETWORK_SECURITY_POLICY_ACTION_TYPE_RATE_LIMIT. Allowed in Basic(Allowed values- NETWORK_SECURITY_POLICY_ACTION_TYPE_DENY) edition, Essentials(Allowed values- NETWORK_SECURITY_POLICY_ACTION_TYPE_DENY) edition, Enterprise edition. |
ALBNetworkSecurityPolicyActionType | Required |
| age | Age Time in minutes after which rule will be deleted. Allowed values are 1-4294967295. Special values are 0- 'blocked for ever'. Unit is MIN. Allowed in Basic(Allowed values- 0) edition, Essentials(Allowed values- 0) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Minimum: 0 Maximum: 4294967295 Default: "0" |
| created_by | Created by Creator name. |
string | |
| enable | Enable Placeholder for description of property enable of obj type NetworkSecurityRule field type str type boolean. |
boolean | Required |
| index | Index Number of index. |
integer | Required |
| log | Log Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| match | Match Placeholder for description of property match of obj type NetworkSecurityRule field type str type ref. |
ALBNetworkSecurityMatchTarget | Required |
| name | Name Name of the object. |
string | Required |
| rl_param | Rl param Placeholder for description of property rl_param of obj type NetworkSecurityRule field type str type ref. |
ALBNetworkSecurityPolicyActionRLParam |
ALBOCSPConfig (schema)
OCSPConfig
Advanced load balancer OCSPConfig object
| Name | Description | Type | Notes |
|---|---|---|---|
| failed_ocsp_jobs_retry_interval | Failed ocsp jobs retry interval Describes the Time Interval after which the next OCSP job needs to be scheduled in case of the OCSP job failures. Allowed values are 60-86400. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 3600. |
integer | Minimum: 60 Maximum: 86400 Default: "3600" |
| max_tries | Max tries Maximum number of times the failed OCSP jobs can be scheduled. Default value when not specified in API or module is interpreted by ALB Controller as 10. |
integer | Default: "10" |
| ocsp_req_interval | Ocsp req interval Interval between the OCSP queries. Allowed values are 60-31536000. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 86400. |
integer | Minimum: 60 Maximum: 31536000 Default: "86400" |
| ocsp_resp_timeout | Ocsp resp timeout Time in seconds that the system waits for a reply from the OCSP responder before dropping the connection. Unit is SEC. |
integer | |
| responder_url_lists | Responder url lists List of Responder URLs configured by user to do failover/override the AIA extension contained in the OCSP responder's SSL/TLS certificate. |
array of string | |
| url_action | Url action Describes the type of action to take with the Responder URLs. Enum options - OCSP_RESPONDER_URL_FAILOVER, OCSP_RESPONDER_URL_OVERRIDE. Default value when not specified in API or module is interpreted by ALB Controller as OCSP_RESPONDER_URL_FAILOVER. |
ALBOCSPResponderUrlAction | Default: "OCSP_RESPONDER_URL_FAILOVER" |
ALBOCSPResponderUrlAction (schema)
OCSPResponderUrlAction type
Valid ENUM values for ALBOCSPResponderUrlAction
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBOCSPResponderUrlAction | OCSPResponderUrlAction type Valid ENUM values for ALBOCSPResponderUrlAction |
string | Enum: OCSP_RESPONDER_URL_FAILOVER, OCSP_RESPONDER_URL_OVERRIDE |
ALBOperationMode (schema)
OperationMode type
Valid ENUM values for ALBOperationMode
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBOperationMode | OperationMode type Valid ENUM values for ALBOperationMode |
string | Enum: DETECTION, MITIGATION |
ALBPGDeploymentRule (schema)
PGDeploymentRule
Advanced load balancer PGDeploymentRule object
| Name | Description | Type | Notes |
|---|---|---|---|
| metric_id | Metric id metric_id of PGDeploymentRule. Default value when not specified in API or module is interpreted by ALB Controller as health.health_score_value. |
string | Default: "health.health_score_value" |
| operator | Operator Enum options - CO_EQ, CO_GT, CO_GE, CO_LT, CO_LE, CO_NE. Default value when not specified in API or module is interpreted by ALB Controller as CO_GE. |
ALBComparisonOperator | Default: "CO_GE" |
| threshold | Threshold metric threshold that is used as the pass fail. If it is not provided then it will simply compare it with current pool vs new pool. |
number |
ALBPKIProfile (schema)
PKIProfile
Advanced load balancer PKIProfile object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| ca_certs | Ca certs List of Certificate Authorities (Root and Intermediate) trusted that is used for certificate validation. |
array of ALBSSLCertificate | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| created_by | Created by Creator name. |
string | |
| crl_check | Crl check When enabled, Avi will verify via CRL checks that certificates in the trust chain have not been revoked. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| crls | Crls Certificate Revocation Lists. |
array of ALBCRL | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ignore_peer_chain | Ignore peer chain When enabled, Avi will not trust Intermediate and Root certs presented by a client. Instead, only the chain certs configured in the Certificate Authority section will be used to verify trust of the client's cert. Allowed in Basic(Allowed values- true) edition, Essentials(Allowed values- true) edition, Enterprise edition. Special default for Basic edition is true, Essentials edition is true, Enterprise is False. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| is_federated | Is federated This field describes the object's replication scope. If the field is set to false, then the object is visible within the controller-cluster and its associated service-engines. If the field is set to true, then the object is replicated across the federation. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBPKIProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| validate_only_leaf_crl | Validate only leaf crl When enabled, Avi will only validate the revocation status of the leaf certificate using CRL. To enable validation for the entire chain, disable this option and provide all the relevant CRLs. Allowed in Basic(Allowed values- true) edition, Essentials(Allowed values- true) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
ALBPKIProfileApiResponse (schema)
PKIProfileApiResponse
PKIProfileApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of PKIProfile Array of PKIProfile |
array of ALBPKIProfile | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALBPathMatch (schema)
PathMatch
Advanced load balancer PathMatch object
| Name | Description | Type | Notes |
|---|---|---|---|
| match_case | Match case Case sensitivity to use for the matching. Enum options - SENSITIVE, INSENSITIVE. Default value when not specified in API or module is interpreted by ALB Controller as INSENSITIVE. |
ALBMatchCase | Default: "INSENSITIVE" |
| match_criteria | Match criteria Criterion to use for matching the path in the HTTP request URI. Enum options - BEGINS_WITH, DOES_NOT_BEGIN_WITH, CONTAINS, DOES_NOT_CONTAIN, ENDS_WITH, DOES_NOT_END_WITH, EQUALS, DOES_NOT_EQUAL, REGEX_MATCH, REGEX_DOES_NOT_MATCH. Allowed in Basic(Allowed values- BEGINS_WITH,DOES_NOT_BEGIN_WITH,CONTAINS,DOES_NOT_CONTAIN,ENDS_WITH,DOES_NOT_END_WITH,EQUALS,DOES_NOT_EQUAL) edition, Essentials(Allowed values- BEGINS_WITH,DOES_NOT_BEGIN_WITH,CONTAINS,DOES_NOT_CONTAIN,ENDS_WITH,DOES_NOT_END_WITH,EQUALS,DOES_NOT_EQUAL) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as CONTAINS. |
ALBStringOperation | Required Default: "CONTAINS" |
| match_str | Match str String values. |
array of string | |
| string_group_paths | String group paths path of the string group(s). It is a reference to an object of type StringGroup. |
array of string |
ALBPerformanceLimits (schema)
PerformanceLimits
Advanced load balancer PerformanceLimits object
| Name | Description | Type | Notes |
|---|---|---|---|
| max_concurrent_connections | Max concurrent connections The maximum number of concurrent client conections allowed to the Virtual Service. |
integer | |
| max_throughput | Max throughput The maximum throughput per second for all clients allowed through the client side of the Virtual Service. |
integer |
ALBPersistenceProfileType (schema)
PersistenceProfileType type
Valid ENUM values for ALBPersistenceProfileType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBPersistenceProfileType | PersistenceProfileType type Valid ENUM values for ALBPersistenceProfileType |
string | Enum: PERSISTENCE_TYPE_CLIENT_IP_ADDRESS, PERSISTENCE_TYPE_HTTP_COOKIE, PERSISTENCE_TYPE_TLS, PERSISTENCE_TYPE_CLIENT_IPV6_ADDRESS, PERSISTENCE_TYPE_CUSTOM_HTTP_HEADER, PERSISTENCE_TYPE_APP_COOKIE, PERSISTENCE_TYPE_GSLB_SITE |
ALBPersistentServerHMDownRecovery (schema)
PersistentServerHMDownRecovery type
Valid ENUM values for ALBPersistentServerHMDownRecovery
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBPersistentServerHMDownRecovery | PersistentServerHMDownRecovery type Valid ENUM values for ALBPersistentServerHMDownRecovery |
string | Enum: HM_DOWN_PICK_NEW_SERVER, HM_DOWN_ABORT_CONNECTION, HM_DOWN_CONTINUE_PERSISTENT_SERVER |
ALBPlacementNetwork (schema)
PlacementNetwork
Advanced load balancer PlacementNetwork object
| Name | Description | Type | Notes |
|---|---|---|---|
| network_name | Network name It is a reference to an object of type Network. |
string | Required |
| subnet | Subnet Placeholder for description of property subnet of obj type PlacementNetwork field type str type ref. |
ALBIpAddrPrefix | Required |
ALBPool (schema)
Pool
Advanced load balancer Pool object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| analytics_policy | Analytics policy Determines analytics settings for the pool. |
ALBPoolAnalyticsPolicy | |
| analytics_profile_path | Analytics profile path Specifies settings related to analytics. It is a reference to an object of type AnalyticsProfile. |
string | |
| apic_epg_name | Apic epg name Synchronize Cisco APIC EPG members with pool servers. |
string | |
| application_persistence_profile_path | Application persistence profile path Persistence will ensure the same user sticks to the same server for a desired duration of time. It is a reference to an object of type ApplicationPersistenceProfile. |
string | |
| autoscale_launch_config_path | Autoscale launch config path If configured then Avi will trigger orchestration of pool server creation and deletion. It is a reference to an object of type AutoScaleLaunchConfig. |
string | |
| autoscale_networks | Autoscale networks Network Ids for the launch configuration. |
array of string | |
| autoscale_policy_path | Autoscale policy path Reference to Server Autoscale Policy. It is a reference to an object of type ServerAutoScalePolicy. |
string | |
| capacity_estimation | Capacity estimation Inline estimation of capacity of servers. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| capacity_estimation_ttfb_thresh | Capacity estimation ttfb thresh The maximum time-to-first-byte of a server. Allowed values are 1-5000. Special values are 0 - 'Automatic'. Unit is MILLISECONDS. Allowed in Basic(Allowed values- 0) edition, Essentials(Allowed values- 0) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Minimum: 0 Maximum: 5000 Default: "0" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| cloud_config_cksum | Cloud config cksum Checksum of cloud configuration for Pool. Internally set by cloud connector. |
string | |
| cloud_name | Cloud name It is a reference to an object of type Cloud. |
string | |
| conn_pool_properties | Conn pool properties Connnection pool properties. |
ALBConnPoolProperties | |
| connection_ramp_duration | Connection ramp duration Duration for which new connections will be gradually ramped up to a server recently brought online. Useful for LB algorithms that are least connection based. Allowed values are 1-300. Special values are 0 - 'Immediate'. Unit is MIN. Allowed in Basic(Allowed values- 0) edition, Essentials(Allowed values- 0) edition, Enterprise edition. Special default for Basic edition is 0, Essentials edition is 0, Enterprise is 10. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Minimum: 0 Maximum: 300 Default: "0" |
| created_by | Created by Creator name. |
string | |
| default_server_port | Default server port Traffic sent to servers will use this destination server port unless overridden by the server's specific port attribute. The SSL checkbox enables Avi to server encryption. Allowed values are 1-65535. Default value when not specified in API or module is interpreted by ALB Controller as 80. |
integer | Minimum: 1 Maximum: 65535 Default: "80" |
| delete_server_on_dns_refresh | Delete server on dns refresh Indicates whether existing IPs are disabled(false) or deleted(true) on dns hostname refreshDetail -- On a dns refresh, some IPs set on pool may no longer be returned by the resolver. These IPs are deleted from the pool when this knob is set to true. They are disabled, if the knob is set to false. Allowed in Basic(Allowed values- true) edition, Essentials(Allowed values- true) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| domain_name | Domain name Comma separated list of domain names which will be used to verify the common names or subject alternative names presented by server certificates. It is performed only when common name check host_check_enabled is enabled. |
array of string | |
| east_west | East west Inherited config from VirtualService. |
boolean | |
| enable_http2 | Enable http2 Enable HTTP/2 for traffic from VirtualService to all backend servers in this pool. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| enabled | Enabled Enable or disable the pool. Disabling will terminate all open connections and pause health monitors. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| external_autoscale_groups | External autoscale groups Names of external auto-scale groups for pool servers. Currently available only for AWS and Azure. |
array of string | |
| fail_action | Fail action Enable an action - Close Connection, HTTP Redirect or Local HTTP Response - when a pool failure happens. By default, a connection will be closed, in case the pool experiences a failure. |
ALBFailAction | |
| fewest_tasks_feedback_delay | Fewest tasks feedback delay Periodicity of feedback for fewest tasks server selection algorithm. Allowed values are 1-300. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 10. |
integer | Minimum: 1 Maximum: 300 Default: "10" |
| graceful_disable_timeout | Graceful disable timeout Used to gracefully disable a server. Virtual service waits for the specified time before terminating the existing connections to the servers that are disabled. Allowed values are 1-7200. Special values are 0 - 'Immediate', -1 - 'Infinite'. Unit is MIN. Default value when not specified in API or module is interpreted by ALB Controller as 1. |
integer | Minimum: -1 Maximum: 7200 Default: "1" |
| group_paths | Group paths A list of NSX Groups where the Servers for the Pool are created . |
array of string | |
| gslb_sp_enabled | Gslb sp enabled Indicates if the pool is a site-persistence pool. Allowed in Basic edition, Essentials edition, Enterprise edition. |
boolean | |
| health_monitor_paths | Health monitor paths Verify server health by applying one or more health monitors. Active monitors generate synthetic traffic from each Service Engine and mark a server up or down based on the response. The Passive monitor listens only to client to server communication. It raises or lowers the ratio of traffic destined to a server based on successful responses. It is a reference to an object of type HealthMonitor. Maximum of 50 items allowed. |
array of string | |
| host_check_enabled | Host check enabled Enable common name check for server certificate. If enabled and no explicit domain name is specified, Avi will use the incoming host header to do the match. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| ignore_server_port | Ignore server port Ignore the server port in building the load balancing state.Applicable only for consistent hash load balancing algorithm or Disable Port translation (use_service_port) use cases. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| inline_health_monitor | Inline health monitor The Passive monitor will monitor client to server connections and requests and adjust traffic load to servers based on successful responses. This may alter the expected behavior of the LB method, such as Round Robin. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| ipaddrgroup_path | Ipaddrgroup path Use list of servers from Ip Address Group. It is a reference to an object of type IpAddrGroup. |
string | |
| lb_algorithm | Lb algorithm The load balancing algorithm will pick a server within the pool's list of available servers. Values LB_ALGORITHM_NEAREST_SERVER and LB_ALGORITHM_TOPOLOGY are only allowed for GSLB pool. Enum options - LB_ALGORITHM_LEAST_CONNECTIONS, LB_ALGORITHM_ROUND_ROBIN, LB_ALGORITHM_FASTEST_RESPONSE, LB_ALGORITHM_CONSISTENT_HASH, LB_ALGORITHM_LEAST_LOAD, LB_ALGORITHM_FEWEST_SERVERS, LB_ALGORITHM_RANDOM, LB_ALGORITHM_FEWEST_TASKS, LB_ALGORITHM_NEAREST_SERVER, LB_ALGORITHM_CORE_AFFINITY, LB_ALGORITHM_TOPOLOGY. Allowed in Basic(Allowed values- LB_ALGORITHM_LEAST_CONNECTIONS,LB_ALGORITHM_ROUND_ROBIN,LB_ALGORITHM_CONSISTENT_HASH) edition, Essentials(Allowed values- LB_ALGORITHM_LEAST_CONNECTIONS,LB_ALGORITHM_ROUND_ROBIN,LB_ALGORITHM_CONSISTENT_HASH) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as LB_ALGORITHM_LEAST_CONNECTIONS. |
ALBLbAlgorithm | Default: "LB_ALGORITHM_LEAST_CONNECTIONS" |
| lb_algorithm_consistent_hash_hdr | Lb algorithm consistent hash hdr HTTP header name to be used for the hash key. |
string | |
| lb_algorithm_core_nonaffinity | Lb algorithm core nonaffinity Degree of non-affinity for core affinity based server selection. Allowed values are 1-65535. Allowed in Basic(Allowed values- 2) edition, Essentials(Allowed values- 2) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 2. |
integer | Minimum: 1 Maximum: 65535 Default: "2" |
| lb_algorithm_hash | Lb algorithm hash Criteria used as a key for determining the hash between the client and server. Enum options - LB_ALGORITHM_CONSISTENT_HASH_SOURCE_IP_ADDRESS, LB_ALGORITHM_CONSISTENT_HASH_SOURCE_IP_ADDRESS_AND_PORT, LB_ALGORITHM_CONSISTENT_HASH_URI, LB_ALGORITHM_CONSISTENT_HASH_CUSTOM_HEADER, LB_ALGORITHM_CONSISTENT_HASH_CUSTOM_STRING, LB_ALGORITHM_CONSISTENT_HASH_CALLID. Allowed in Basic(Allowed values- LB_ALGORITHM_CONSISTENT_HASH_SOURCE_IP_ADDRESS) edition, Essentials(Allowed values- LB_ALGORITHM_CONSISTENT_HASH_SOURCE_IP_ADDRESS) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as LB_ALGORITHM_CONSISTENT_HASH_SOURCE_IP_ADDRESS. |
ALBLbAlgorithmConsistentHash | Default: "LB_ALGORITHM_CONSISTENT_HASH_SOURCE_IP_ADDRESS" |
| lookup_server_by_name | Lookup server by name Allow server lookup by name. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| max_concurrent_connections_per_server | Max concurrent connections per server The maximum number of concurrent connections allowed to each server within the pool. NOTE applied value will be no less than the number of service engines that the pool is placed on. If set to 0, no limit is applied. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Default: "0" |
| max_conn_rate_per_server | Max conn rate per server Rate Limit connections to each server. |
ALBRateProfile | |
| min_health_monitors_up | Min health monitors up Minimum number of health monitors in UP state to mark server UP. Allowed in Basic edition, Essentials edition, Enterprise edition. |
integer | |
| min_servers_up | Min servers up Minimum number of servers in UP state for marking the pool UP. |
integer | |
| networks | Networks (internal-use) Networks designated as containing servers for this pool. The servers may be further narrowed down by a filter. This field is used internally by Avi, not editable by the user. |
array of ALBNetworkFilter | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| pki_profile_path | Pki profile path Avi will validate the SSL certificate present by a server against the selected PKI Profile. It is a reference to an object of type PKIProfile. |
string | |
| placement_networks | Placement networks Manually select the networks and subnets used to provide reachability to the pool's servers. Specify the Subnet using the following syntax 10-1-1-0/24. Use static routes in VRF configuration when pool servers are not directly connected but routable from the service engine. |
array of ALBPlacementNetwork | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| request_queue_depth | Request queue depth Minimum number of requests to be queued when pool is full. Allowed in Basic(Allowed values- 128) edition, Essentials(Allowed values- 128) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 128. |
integer | Default: "128" |
| request_queue_enabled | Request queue enabled Enable request queue when pool is full. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| resource_type | Must be set to the value ALBPool | string | |
| rewrite_host_header_to_server_name | Rewrite host header to server name Rewrite incoming Host Header to server name of the server to which the request is proxied. Enabling this feature rewrites Host Header for requests to all servers in the pool. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| rewrite_host_header_to_sni | Rewrite host header to sni If SNI server name is specified, rewrite incoming host header to the SNI server name. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| routing_pool | Routing pool Enable to do routing when this pool is selected to send traffic. No servers present in routing pool. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| server_name | Server name Fully qualified DNS hostname which will be used in the TLS SNI extension in server connections if SNI is enabled. If no value is specified, Avi will use the incoming host header instead. |
string | |
| server_reselect | Server reselect Server reselect configuration for HTTP requests. |
ALBHTTPServerReselect | |
| server_timeout | Server timeout Server timeout value specifies the time within which a server connection needs to be established and a request-response exchange completes between AVI and the server. Value of 0 results in using default timeout of 60 minutes. Allowed values are 0-21600000. Unit is MILLISECONDS. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Minimum: 0 Maximum: 21600000 Default: "0" |
| servers | Servers The pool directs load balanced traffic to this list of destination servers. The servers can be configured by IP address, name, network or via IP Address Group. Maximum of 5000 items allowed. |
array of ALBServer | |
| service_metadata | Service metadata Metadata pertaining to the service provided by this Pool. In Openshift/Kubernetes environments, app metadata info is stored. Any user input to this field will be overwritten by Avi Vantage. |
string | |
| sni_enabled | Sni enabled Enable TLS SNI for server connections. If disabled, Avi will not send the SNI extension as part of the handshake. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| ssl_key_and_certificate_path | Ssl key and certificate path Service Engines will present a client SSL certificate to the server. It is a reference to an object of type SSLKeyAndCertificate. |
string | |
| ssl_profile_path | Ssl profile path When enabled, Avi re-encrypts traffic to the backend servers. The specific SSL profile defines which ciphers and SSL versions will be supported. It is a reference to an object of type SSLProfile. |
string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tier1_path | Tier1 path This tier1_lr field should be set same as VirtualService associated for NSX-T. |
string | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| use_service_port | Use service port Do not translate the client's destination port when sending the connection to the server. The pool or servers specified service port will still be used for health monitoring. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| vrf_name | Vrf name Virtual Routing Context that the pool is bound to. This is used to provide the isolation of the set of networks the pool is attached to. The pool inherits the Virtual Routing Conext of the Virtual Service, and this field is used only internally, and is set by pb-transform. It is a reference to an object of type VrfContext. |
string |
ALBPoolAnalyticsPolicy (schema)
PoolAnalyticsPolicy
Advanced load balancer PoolAnalyticsPolicy object
| Name | Description | Type | Notes |
|---|---|---|---|
| enable_realtime_metrics | Enable realtime metrics Enable real time metrics for server and pool metrics eg. l4_server.xxx, l7_server.xxx. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
ALBPoolApiResponse (schema)
PoolApiResponse
PoolApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of Pool Array of Pool |
array of ALBPool | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALBPoolDeploymentState (schema)
PoolDeploymentState type
Valid ENUM values for ALBPoolDeploymentState
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBPoolDeploymentState | PoolDeploymentState type Valid ENUM values for ALBPoolDeploymentState |
string | Enum: EVALUATION_IN_PROGRESS, IN_SERVICE, OUT_OF_SERVICE, EVALUATION_FAILED |
ALBPoolGroup (schema)
PoolGroup
Advanced load balancer PoolGroup object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| cloud_config_cksum | Cloud config cksum Checksum of cloud configuration for PoolGroup. Internally set by cloud connector. |
string | |
| cloud_name | Cloud name It is a reference to an object of type Cloud. |
string | |
| created_by | Created by Name of the user who created the object. |
string | |
| deactivate_primary_pool_on_down | Deactivate primary pool on down Deactivate primary pool for selection when down until it is activated by user via clear poolgroup command. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| deployment_policy_path | Deployment policy path When setup autoscale manager will automatically promote new pools into production when deployment goals are met. It is a reference to an object of type PoolGroupDeploymentPolicy. |
string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enable_http2 | Enable http2 Enable HTTP/2 for traffic from VirtualService to all the backend servers in all the pools configured under this PoolGroup. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| fail_action | Fail action Enable an action - Close Connection, HTTP Redirect, or Local HTTP Response - when a pool group failure happens. By default, a connection will be closed, in case the pool group experiences a failure. |
ALBFailAction | |
| id | Unique identifier of this resource | string | Sortable |
| implicit_priority_labels | Implicit priority labels Whether an implicit set of priority labels is generated. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| members | Members List of pool group members object of type PoolGroupMember. |
array of ALBPoolGroupMember | |
| min_servers | Min servers The minimum number of servers to distribute traffic to. Allowed values are 1-65535. Special values are 0 - 'Disable'. Allowed in Basic(Allowed values- 0) edition, Essentials(Allowed values- 0) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Minimum: 0 Maximum: 65535 Default: "0" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| priority_labels_path | Priority labels path path of the priority labels. If not provided, pool group member priority label will be interpreted as a number with a larger number considered higher priority. It is a reference to an object of type PriorityLabels. |
string | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBPoolGroup | string | |
| service_metadata | Service metadata Metadata pertaining to the service provided by this PoolGroup. In Openshift/Kubernetes environments, app metadata info is stored. Any user input to this field will be overwritten by Avi Vantage. |
string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ALBPoolGroupApiResponse (schema)
PoolGroupApiResponse
PoolGroupApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of PoolGroup Array of PoolGroup |
array of ALBPoolGroup | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALBPoolGroupDeploymentPolicy (schema)
PoolGroupDeploymentPolicy
Advanced load balancer PoolGroupDeploymentPolicy object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| auto_disable_old_prod_pools | Auto disable old prod pools It will automatically disable old production pools once there is a new production candidate. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| evaluation_duration | Evaluation duration Duration of evaluation period for automatic deployment. Allowed values are 60-86400. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 300. |
integer | Minimum: 60 Maximum: 86400 Default: "300" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBPoolGroupDeploymentPolicy | string | |
| rules | Rules Placeholder for description of property rules of obj type PoolGroupDeploymentPolicy field type str type array. |
array of ALBPGDeploymentRule | |
| scheme | Scheme deployment scheme. Enum options - BLUE_GREEN, CANARY. Default value when not specified in API or module is interpreted by ALB Controller as BLUE_GREEN. |
ALBPoolGroupDeploymentScheme | Default: "BLUE_GREEN" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| target_test_traffic_ratio | Target test traffic ratio Target traffic ratio before pool is made production. Allowed values are 1-100. Unit is RATIO. Default value when not specified in API or module is interpreted by ALB Controller as 100. |
integer | Minimum: 1 Maximum: 100 Default: "100" |
| test_traffic_ratio_rampup | Test traffic ratio rampup Ratio of the traffic that is sent to the pool under test. test ratio of 100 means blue green. Allowed values are 1-100. Default value when not specified in API or module is interpreted by ALB Controller as 100. |
integer | Minimum: 1 Maximum: 100 Default: "100" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| webhook_path | Webhook path Webhook configured with URL that Avi controller will pass back information about pool group, old and new pool information and current deployment rule results. It is a reference to an object of type Webhook. |
string |
ALBPoolGroupDeploymentPolicyApiResponse (schema)
PoolGroupDeploymentPolicyApiResponse
PoolGroupDeploymentPolicyApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of PoolGroupDeploymentPolicy Array of PoolGroupDeploymentPolicy |
array of ALBPoolGroupDeploymentPolicy | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALBPoolGroupDeploymentScheme (schema)
PoolGroupDeploymentScheme type
Valid ENUM values for ALBPoolGroupDeploymentScheme
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBPoolGroupDeploymentScheme | PoolGroupDeploymentScheme type Valid ENUM values for ALBPoolGroupDeploymentScheme |
string | Enum: BLUE_GREEN, CANARY |
ALBPoolGroupMember (schema)
PoolGroupMember
Advanced load balancer PoolGroupMember object
| Name | Description | Type | Notes |
|---|---|---|---|
| deployment_state | Deployment state Pool deployment state used with the PG deployment policy. Enum options - EVALUATION_IN_PROGRESS, IN_SERVICE, OUT_OF_SERVICE, EVALUATION_FAILED. |
ALBPoolDeploymentState | |
| pool_path | Pool path path of the pool. It is a reference to an object of type Pool. |
string | Required |
| priority_label | Priority label All pools with same label are treated similarly in a pool group. A pool with a higher priority is selected, as long as the pool is eligible or an explicit policy chooses a different pool. |
string | |
| ratio | Ratio Ratio of selecting eligible pools in the pool group. Allowed values are 1-1000. Special values are 0 - 'Do not select this pool for new connections'. Allowed in Basic(Allowed values- 1) edition, Essentials(Allowed values- 1) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 1. |
integer | Minimum: 0 Maximum: 1000 Default: "1" |
ALBPoolServer (schema)
PoolServer
Advanced load balancer PoolServer object
| Name | Description | Type | Notes |
|---|---|---|---|
| hostname | Hostname DNS resolvable name of the server. May be used in place of the IP address. |
string | |
| ip | Ip IP address of the server in the poool. |
ALBIpAddr | Required |
| port | Port Port of the pool server listening for HTTP/HTTPS. Default value is the default port in the pool. Allowed values are 1-65535. |
integer | Minimum: 1 Maximum: 65535 |
ALBPortMatch (schema)
PortMatch
Advanced load balancer PortMatch object
| Name | Description | Type | Notes |
|---|---|---|---|
| match_criteria | Match criteria Criterion to use for port matching the HTTP request. Enum options - IS_IN, IS_NOT_IN. |
ALBMatchOperation | Required |
| ports | Ports Listening TCP port(s). Allowed values are 1-65535. Minimum of 1 items required. |
array of integer | Required |
ALBPortRange (schema)
PortRange
Advanced load balancer PortRange object
| Name | Description | Type | Notes |
|---|---|---|---|
| end | End TCP/UDP port range end (inclusive). Allowed values are 1-65535. |
integer | Required Minimum: 1 Maximum: 65535 |
| start | Start TCP/UDP port range start (inclusive). Allowed values are 1-65535. |
integer | Required Minimum: 1 Maximum: 65535 |
ALBPriorityLabels (schema)
PriorityLabels
Advanced load balancer PriorityLabels object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| cloud_name | Cloud name It is a reference to an object of type Cloud. |
string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| equivalent_labels | Equivalent labels Equivalent priority labels in descending order. |
array of ALBEquivalentLabels | |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBPriorityLabels | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ALBPriorityLabelsApiResponse (schema)
PriorityLabelsApiResponse
PriorityLabelsApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of PriorityLabels Array of PriorityLabels |
array of ALBPriorityLabels | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALBProtocol (schema)
Protocol type
Valid ENUM values for ALBProtocol
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBProtocol | Protocol type Valid ENUM values for ALBProtocol |
string | Enum: PROTOCOL_ICMP, PROTOCOL_TCP, PROTOCOL_UDP |
ALBProtocolMatch (schema)
ProtocolMatch
Advanced load balancer ProtocolMatch object
| Name | Description | Type | Notes |
|---|---|---|---|
| match_criteria | Match criteria Criterion to use for protocol matching the HTTP request. Enum options - IS_IN, IS_NOT_IN. |
ALBMatchOperation | Required |
| protocols | Protocols HTTP or HTTPS protocol. Enum options - HTTP, HTTPS. |
ALBHTTPProtocol | Required |
ALBProtocolParser (schema)
ProtocolParser
Advanced load balancer ProtocolParser object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| parser_code | Parser code Command script provided inline. |
string | Required |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBProtocolParser | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ALBProtocolParserApiResponse (schema)
ProtocolParserApiResponse
ProtocolParserApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of ProtocolParser Array of ProtocolParser |
array of ALBProtocolParser | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALBProtocolType (schema)
ProtocolType type
Valid ENUM values for ALBProtocolType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBProtocolType | ProtocolType type Valid ENUM values for ALBProtocolType |
string | Enum: PROTOCOL_TYPE_TCP_PROXY, PROTOCOL_TYPE_TCP_FAST_PATH, PROTOCOL_TYPE_UDP_FAST_PATH, PROTOCOL_TYPE_UDP_PROXY |
ALBProxyProtocolVersion (schema)
ProxyProtocolVersion type
Valid ENUM values for ALBProxyProtocolVersion
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBProxyProtocolVersion | ProxyProtocolVersion type Valid ENUM values for ALBProxyProtocolVersion |
string | Enum: PROXY_PROTOCOL_VERSION_1, PROXY_PROTOCOL_VERSION_2 |
ALBQueryMatch (schema)
QueryMatch
Advanced load balancer QueryMatch object
| Name | Description | Type | Notes |
|---|---|---|---|
| match_case | Match case Case sensitivity to use for the match. Enum options - SENSITIVE, INSENSITIVE. Default value when not specified in API or module is interpreted by ALB Controller as INSENSITIVE. |
ALBMatchCase | Default: "INSENSITIVE" |
| match_criteria | Match criteria Criterion to use for matching the query in HTTP request URI. Enum options - QUERY_MATCH_CONTAINS. |
ALBQueryMatchOperation | Required |
| match_str | Match str String value(s). |
array of string | |
| string_group_paths | String group paths path of the string group(s). It is a reference to an object of type StringGroup. |
array of string |
ALBQueryMatchOperation (schema)
QueryMatchOperation type
Valid ENUM values for ALBQueryMatchOperation
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBQueryMatchOperation | QueryMatchOperation type Valid ENUM values for ALBQueryMatchOperation |
string | Enum: QUERY_MATCH_CONTAINS |
ALBRateLimiter (schema)
RateLimiter
Advanced load balancer RateLimiter object
| Name | Description | Type | Notes |
|---|---|---|---|
| burst_sz | Burst sz Maximum number of connections, requests or packets to be let through instantaneously. If this is less than count, it will have no effect. Allowed values are 0-1000000000. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Minimum: 0 Maximum: 1000000000 Default: "0" |
| count | Count Maximum number of connections, requests or packets permitted each period. Allowed values are 1-1000000000. Default value when not specified in API or module is interpreted by ALB Controller as 1000000000. |
integer | Minimum: 1 Maximum: 1000000000 Default: "1000000000" |
| name | Name Identifier for Rate Limit. Constructed according to context. |
string | |
| period | Period Time value in seconds to enforce rate count. Allowed values are 1-1000000000. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 1. |
integer | Minimum: 1 Maximum: 1000000000 Default: "1" |
ALBRateLimiterAction (schema)
RateLimiterAction
Advanced load balancer RateLimiterAction object
| Name | Description | Type | Notes |
|---|---|---|---|
| file | File File to be used for HTTP Local response rate limit action. |
ALBHTTPLocalFile | |
| redirect | Redirect Parameters for HTTP Redirect rate limit action. |
ALBHTTPRedirectAction | |
| status_code | Status code HTTP status code for Local Response rate limit action. Enum options - HTTP_LOCAL_RESPONSE_STATUS_CODE_200, HTTP_LOCAL_RESPONSE_STATUS_CODE_204, HTTP_LOCAL_RESPONSE_STATUS_CODE_403, HTTP_LOCAL_RESPONSE_STATUS_CODE_404, HTTP_LOCAL_RESPONSE_STATUS_CODE_429, HTTP_LOCAL_RESPONSE_STATUS_CODE_501. Default value when not specified in API or module is interpreted by ALB Controller as HTTP_LOCAL_RESPONSE_STATUS_CODE_429. |
ALBHTTPLocalResponseStatusCode | Default: "HTTP_LOCAL_RESPONSE_STATUS_CODE_429" |
| type | Type Type of action to be enforced upon hitting the rate limit. Enum options - RL_ACTION_NONE, RL_ACTION_DROP_CONN, RL_ACTION_RESET_CONN, RL_ACTION_CLOSE_CONN, RL_ACTION_LOCAL_RSP, RL_ACTION_REDIRECT. Default value when not specified in API or module is interpreted by ALB Controller as RL_ACTION_NONE. |
ALBRateLimiterActionType | Default: "RL_ACTION_NONE" |
ALBRateLimiterActionType (schema)
RateLimiterActionType type
Valid ENUM values for ALBRateLimiterActionType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBRateLimiterActionType | RateLimiterActionType type Valid ENUM values for ALBRateLimiterActionType |
string | Enum: RL_ACTION_NONE, RL_ACTION_DROP_CONN, RL_ACTION_RESET_CONN, RL_ACTION_CLOSE_CONN, RL_ACTION_LOCAL_RSP, RL_ACTION_REDIRECT |
ALBRateLimiterProfile (schema)
RateLimiterProfile
Advanced load balancer RateLimiterProfile object
| Name | Description | Type | Notes |
|---|---|---|---|
| client_ip_connections_rate_limit | Client ip connections rate limit Rate Limit all connections made from any single client IP address to the Virtual Service. |
ALBRateProfile | |
| client_ip_failed_requests_rate_limit | Client ip failed requests rate limit Rate Limit all requests from a client for a specified period of time once the count of failed requests from that client crosses a threshold for that period. Clients are tracked based on their IP address. Count and time period are specified through the RateProfile. Requests are deemed failed based on client or server side error status codes, consistent with how Avi Logs and Metrics subsystems mark failed requests. |
ALBRateProfile | |
| client_ip_requests_rate_limit | Client ip requests rate limit Rate Limit all HTTP requests from any single client IP address to all URLs of the Virtual Service. |
ALBRateProfile | |
| client_ip_scanners_requests_rate_limit | Client ip scanners requests rate limit Automatically track clients and classify them into 3 groups - Good, Bad, Unknown. Clients are tracked based on their IP Address. Clients are added to the Good group when the Avi Scan Detection system builds history of requests from them that complete successfully. Clients are added to Unknown group when there is insufficient history about them. Requests from such clients are rate limited to the rate specified in the RateProfile. Finally, Clients with history of failed requests are added to Bad group and their requests are rate limited with stricter thresholds than the Unknown Clients group. The Avi Scan Detection system automatically tunes itself so that the Good, Bad, and Unknown client IPs group membership changes dynamically with the changes in traffic patterns through the ADC. |
ALBRateProfile | |
| client_ip_to_uri_failed_requests_rate_limit | Client ip to uri failed requests rate limit Rate Limit all requests from a client to a URI for a specified period of time once the count of failed requests from that client to the URI crosses a threshold for that period. Clients are tracked based on their IP address. Count and time period are specified through the RateProfile. Requests are deemed failed based on client or server side error status codes, consistent with how Avi Logs and Metrics subsystems mark failed requests. |
ALBRateProfile | |
| client_ip_to_uri_requests_rate_limit | Client ip to uri requests rate limit Rate Limit all HTTP requests from any single client IP address to any single URL. |
ALBRateProfile | |
| custom_requests_rate_limit | Custom requests rate limit Rate Limit all HTTP requests that map to any custom string. |
ALBRateProfile | |
| http_header_rate_limits | Http header rate limits Rate Limit all HTTP requests from all client IP addresses that contain any single HTTP header value. |
array of ALBRateProfile | |
| uri_failed_requests_rate_limit | Uri failed requests rate limit Rate Limit all requests to a URI for a specified period of time once the count of failed requests to that URI crosses a threshold for that period. Count and time period are specified through the RateProfile. Requests are deemed failed based on client or server side error status codes, consistent with how Avi Logs and Metrics subsystems mark failed requests. |
ALBRateProfile | |
| uri_requests_rate_limit | Uri requests rate limit Rate Limit all HTTP requests from all client IP addresses to any single URL. |
ALBRateProfile | |
| uri_scanners_requests_rate_limit | Uri scanners requests rate limit Automatically track URIs and classify them into 3 groups - Good, Bad, Unknown. URIs are added to the Good group when the Avi Scan Detection system builds history of requests to URIs that complete successfully. URIs are added to Unknown group when there is insufficient history about them. Requests for such URIs are rate limited to the rate specified in the RateProfile. Finally, URIs with history of failed requests are added to Bad group and requests to them are rate limited with stricter thresholds than the Unknown URIs group. The Avi Scan Detection system automatically tunes itself so that the Good, Bad, and Unknown URIs group membership changes dynamically with the changes in traffic patterns through the ADC. |
ALBRateProfile |
ALBRateProfile (schema)
RateProfile
Advanced load balancer RateProfile object
| Name | Description | Type | Notes |
|---|---|---|---|
| action | Action Action to perform upon rate limiting. |
ALBRateLimiterAction | Required |
| explicit_tracking | Explicit tracking Explicitly tracks an attacker across rate periods. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| fine_grain | Fine grain Enable fine granularity. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| http_cookie | Http cookie HTTP cookie name. |
string | |
| http_header | Http header HTTP header name. |
string | |
| rate_limiter | Rate limiter The rate limiter configuration for this rate profile. |
ALBRateLimiter |
ALBReplaceStringType (schema)
ReplaceStringType type
Valid ENUM values for ALBReplaceStringType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBReplaceStringType | ReplaceStringType type Valid ENUM values for ALBReplaceStringType |
string | Enum: DATASCRIPT_VAR, HTTP_HEADER_VAR, LITERAL_STRING |
ALBReplaceStringVar (schema)
ReplaceStringVar
Advanced load balancer ReplaceStringVar object
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Type Type of replacement string - can be a variable exposed from datascript, value of an HTTP header or a custom user-input literal string. Enum options - DATASCRIPT_VAR, HTTP_HEADER_VAR, LITERAL_STRING. |
ALBReplaceStringType | |
| val | Val Value of the replacement string - name of variable exposed from datascript, name of the HTTP header or a custom user-input literal string. |
string |
ALBResponseMatchTarget (schema)
ResponseMatchTarget
Advanced load balancer ResponseMatchTarget object
| Name | Description | Type | Notes |
|---|---|---|---|
| client_ip | Client ip Configure client ip addresses. |
ALBIpAddrMatch | |
| cookie | Cookie Configure HTTP cookie(s). |
ALBCookieMatch | |
| hdrs | Hdrs Configure HTTP headers. |
array of ALBHdrMatch | |
| host_hdr | Host hdr Configure the host header. |
ALBHostHdrMatch | |
| loc_hdr | Loc hdr Configure the location header. |
ALBLocationHdrMatch | |
| method | Method Configure HTTP methods. |
ALBMethodMatch | |
| path | Path Configure request paths. |
ALBPathMatch | |
| protocol | Protocol Configure the type of HTTP protocol. |
ALBProtocolMatch | |
| query | Query Configure request query. |
ALBQueryMatch | |
| rsp_hdrs | Rsp hdrs Configure the HTTP headers in response. |
array of ALBHdrMatch | |
| status | Status Configure the HTTP status code(s). |
ALBHTTPStatusMatch | |
| version | Version Configure versions of the HTTP protocol. |
ALBHTTPVersionMatch | |
| vs_port | Vs port Configure virtual service ports. |
ALBPortMatch |
ALBRoleFilterMatchLabel (schema)
RoleFilterMatchLabel
Advanced load balancer RoleFilterMatchLabel object
| Name | Description | Type | Notes |
|---|---|---|---|
| key | Key Key for filter match. |
string | Required |
| values | Values Values for filter match. Multiple values will be evaluated as OR. Example key = value1 OR key = value2. Behavior for match is key = (STAR) if this field is empty. |
array of string |
ALBSAMLSPConfig (schema)
SAMLSPConfig
Advanced load balancer SAMLSPConfig object
| Name | Description | Type | Notes |
|---|---|---|---|
| cookie_name | Cookie name HTTP cookie name for authenticated session. |
string | |
| cookie_timeout | Cookie timeout Cookie timeout in minutes. Allowed values are 1-1440. Unit is MIN. Default value when not specified in API or module is interpreted by ALB Controller as 60. |
integer | Minimum: 1 Maximum: 1440 Default: "60" |
| entity_id | Entity id Globally unique SAML entityID for this node. The SAML application entity ID on the IDP should match this. |
string | Required |
| key | Key Key to generate the cookie. |
array of ALBHttpCookiePersistenceKey | |
| signing_ssl_key_and_certificate_path | Signing ssl key and certificate path SP will use this SSL certificate to sign requests going to the IdP and decrypt the assertions coming from IdP. It is a reference to an object of type SSLKeyAndCertificate. |
string | |
| single_signon_url | Single signon url SAML Single Signon URL to be programmed on the IDP. |
string | Required |
| sp_metadata | Sp metadata SAML SP metadata for this application. |
string | |
| use_idp_session_timeout | Use idp session timeout By enabling this field IdP can control how long the SP session can exist through the SessionNotOnOrAfter field in the AuthNStatement of SAML Response. |
boolean |
ALBSSLCertificate (schema)
SSLCertificate
Advanced load balancer SSLCertificate object
| Name | Description | Type | Notes |
|---|---|---|---|
| certificate | Certificate certificate of SSLCertificate. |
string | |
| certificate_signing_request | Certificate signing request certificate_signing_request of SSLCertificate. |
string | |
| chain_verified | Chain verified Placeholder for description of property chain_verified of obj type SSLCertificate field type str type boolean. |
boolean | |
| days_until_expire | Days until expire Number of days_until_expire. Default value when not specified in API or module is interpreted by ALB Controller as 365. |
integer | Minimum: 1 Default: "365" |
| expiry_status | Expiry status Enum options - SSL_CERTIFICATE_GOOD, SSL_CERTIFICATE_EXPIRY_WARNING, SSL_CERTIFICATE_EXPIRED. Default value when not specified in API or module is interpreted by ALB Controller as SSL_CERTIFICATE_GOOD. |
ALBSSLCertificateExpiryStatus | Default: "SSL_CERTIFICATE_GOOD" |
| fingerprint | Fingerprint fingerprint of SSLCertificate. |
string | |
| issuer | Issuer Placeholder for description of property issuer of obj type SSLCertificate field type str type ref. |
ALBSSLCertificateDescription | |
| key_params | Key params Placeholder for description of property key_params of obj type SSLCertificate field type str type ref. |
ALBSSLKeyParams | |
| not_after | Not after not_after of SSLCertificate. |
string | |
| not_before | Not before not_before of SSLCertificate. |
string | |
| public_key | Public key public_key of SSLCertificate. |
string | |
| self_signed | Self signed Placeholder for description of property self_signed of obj type SSLCertificate field type str type boolean. |
boolean | |
| serial_number | Serial number serial_number of SSLCertificate. |
string | |
| signature | Signature signature of SSLCertificate. |
string | |
| signature_algorithm | Signature algorithm signature_algorithm of SSLCertificate. |
string | |
| subject | Subject Placeholder for description of property subject of obj type SSLCertificate field type str type ref. |
ALBSSLCertificateDescription | |
| subject_alt_names | Subject alt names subjectAltName that provides additional subject identities. |
array of string | |
| text | Text text of SSLCertificate. |
string | |
| version | Version version of SSLCertificate. |
string |
ALBSSLCertificateDescription (schema)
SSLCertificateDescription
Advanced load balancer SSLCertificateDescription object
| Name | Description | Type | Notes |
|---|---|---|---|
| common_name | Common name common_name of SSLCertificateDescription. |
string | |
| country | Country country of SSLCertificateDescription. |
string | |
| distinguished_name | Distinguished name distinguished_name of SSLCertificateDescription. |
string | |
| email_address | Email address email_address of SSLCertificateDescription. |
string | |
| locality | Locality locality of SSLCertificateDescription. |
string | |
| organization | Organization organization of SSLCertificateDescription. |
string | |
| organization_unit | Organization unit organization_unit of SSLCertificateDescription. |
string | |
| state | State state of SSLCertificateDescription. |
string |
ALBSSLCertificateExpiryStatus (schema)
SSLCertificateExpiryStatus type
Valid ENUM values for ALBSSLCertificateExpiryStatus
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBSSLCertificateExpiryStatus | SSLCertificateExpiryStatus type Valid ENUM values for ALBSSLCertificateExpiryStatus |
string | Enum: SSL_CERTIFICATE_GOOD, SSL_CERTIFICATE_EXPIRY_WARNING, SSL_CERTIFICATE_EXPIRED |
ALBSSLCertificateStatus (schema)
SSLCertificateStatus type
Valid ENUM values for ALBSSLCertificateStatus
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBSSLCertificateStatus | SSLCertificateStatus type Valid ENUM values for ALBSSLCertificateStatus |
string | Enum: SSL_CERTIFICATE_FINISHED, SSL_CERTIFICATE_PENDING |
ALBSSLCertificateType (schema)
SSLCertificateType type
Valid ENUM values for ALBSSLCertificateType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBSSLCertificateType | SSLCertificateType type Valid ENUM values for ALBSSLCertificateType |
string | Enum: SSL_CERTIFICATE_TYPE_VIRTUALSERVICE, SSL_CERTIFICATE_TYPE_SYSTEM, SSL_CERTIFICATE_TYPE_CA |
ALBSSLClientCertificateAction (schema)
SSLClientCertificateAction
Advanced load balancer SSLClientCertificateAction object
| Name | Description | Type | Notes |
|---|---|---|---|
| close_connection | Close connection Placeholder for description of property close_connection of obj type SSLClientCertificateAction field type str type boolean. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| headers | Headers Placeholder for description of property headers of obj type SSLClientCertificateAction field type str type array. |
array of ALBSSLClientRequestHeader |
ALBSSLClientCertificateMode (schema)
SSLClientCertificateMode type
Valid ENUM values for ALBSSLClientCertificateMode
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBSSLClientCertificateMode | SSLClientCertificateMode type Valid ENUM values for ALBSSLClientCertificateMode |
string | Enum: SSL_CLIENT_CERTIFICATE_NONE, SSL_CLIENT_CERTIFICATE_REQUEST, SSL_CLIENT_CERTIFICATE_REQUIRE |
ALBSSLClientRequestHeader (schema)
SSLClientRequestHeader
Advanced load balancer SSLClientRequestHeader object
| Name | Description | Type | Notes |
|---|---|---|---|
| request_header | Request header If this header exists, reset the connection. If the ssl variable is specified, add a header with this value. |
string | |
| request_header_value | Request header value Set the request header with the value as indicated by this SSL variable. Eg. send the whole certificate in PEM format. Enum options - HTTP_POLICY_VAR_CLIENT_IP, HTTP_POLICY_VAR_VS_PORT, HTTP_POLICY_VAR_VS_IP, HTTP_POLICY_VAR_HTTP_HDR, HTTP_POLICY_VAR_SSL_CLIENT_FINGERPRINT, HTTP_POLICY_VAR_SSL_CLIENT_SERIAL, HTTP_POLICY_VAR_SSL_CLIENT_ISSUER, HTTP_POLICY_VAR_SSL_CLIENT_SUBJECT, HTTP_POLICY_VAR_SSL_CLIENT_RAW, HTTP_POLICY_VAR_SSL_PROTOCOL, HTTP_POLICY_VAR_SSL_SERVER_NAME, HTTP_POLICY_VAR_USER_NAME, HTTP_POLICY_VAR_SSL_CIPHER, HTTP_POLICY_VAR_REQUEST_ID, HTTP_POLICY_VAR_SSL_CLIENT_VERSION, HTTP_POLICY_VAR_SSL_CLIENT_SIGALG, HTTP_POLICY_VAR_SSL_CLIENT_NOTVALIDBEFORE, HTTP_POLICY_VAR_SSL_CLIENT_NOTVALIDAFTER. |
ALBHTTPPolicyVar |
ALBSSLFormat (schema)
SSLFormat type
Valid ENUM values for ALBSSLFormat
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBSSLFormat | SSLFormat type Valid ENUM values for ALBSSLFormat |
string | Enum: SSL_PEM, SSL_PKCS12 |
ALBSSLKeyAlgorithm (schema)
SSLKeyAlgorithm type
Valid ENUM values for ALBSSLKeyAlgorithm
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBSSLKeyAlgorithm | SSLKeyAlgorithm type Valid ENUM values for ALBSSLKeyAlgorithm |
string | Enum: SSL_KEY_ALGORITHM_RSA, SSL_KEY_ALGORITHM_EC |
ALBSSLKeyAndCertificate (schema)
SSLKeyAndCertificate
Advanced load balancer SSLKeyAndCertificate object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| ca_certs | Ca certs CA certificates in certificate chain. |
array of ALBCertificateAuthority | |
| certificate | Certificate Placeholder for description of property certificate of obj type SSLKeyAndCertificate field type str type ref. |
ALBSSLCertificate | Required |
| certificate_base64 | Certificate base64 States if the certificate is base64 encoded. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| created_by | Created by Creator name. |
string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| dynamic_params | Dynamic params Dynamic parameters needed for certificate management profile. |
array of ALBCustomParams | |
| enable_ocsp_stapling | Enable ocsp stapling Enables OCSP Stapling. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| enckey_base64 | Enckey base64 Encrypted private key corresponding to the private key (e.g. those generated by an HSM such as Thales nShield). |
string | |
| enckey_name | Enckey name Name of the encrypted private key (e.g. those generated by an HSM such as Thales nShield). |
string | |
| format | Format Format of the Key/Certificate file. Enum options - SSL_PEM, SSL_PKCS12. Default value when not specified in API or module is interpreted by ALB Controller as SSL_PEM. |
ALBSSLFormat | Default: "SSL_PEM" |
| hardwaresecuritymodulegroup_path | Hardwaresecuritymodulegroup path It is a reference to an object of type HardwareSecurityModuleGroup. |
string | |
| id | Unique identifier of this resource | string | Sortable |
| key | Key Private key. |
secure_string | |
| key_base64 | Key base64 States if the private key is base64 encoded. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| key_params | Key params Placeholder for description of property key_params of obj type SSLKeyAndCertificate field type str type ref. |
ALBSSLKeyParams | |
| key_passphrase | Key passphrase Passphrase used to encrypt the private key. |
secure_string | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| ocsp_config | Ocsp config Configuration related to OCSP. Allowed in Basic edition, Essentials edition, Enterprise edition. |
ALBOCSPConfig | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBSSLKeyAndCertificate | string | |
| status | Status Enum options - SSL_CERTIFICATE_FINISHED, SSL_CERTIFICATE_PENDING. Default value when not specified in API or module is interpreted by ALB Controller as SSL_CERTIFICATE_FINISHED. |
ALBSSLCertificateStatus | Default: "SSL_CERTIFICATE_FINISHED" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| type | Type Enum options - SSL_CERTIFICATE_TYPE_VIRTUALSERVICE, SSL_CERTIFICATE_TYPE_SYSTEM, SSL_CERTIFICATE_TYPE_CA. |
ALBSSLCertificateType | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ALBSSLKeyAndCertificateApiResponse (schema)
SSLKeyAndCertificateApiResponse
SSLKeyAndCertificateApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of SSLKeyAndCertificate Array of SSLKeyAndCertificate |
array of ALBSSLKeyAndCertificate | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALBSSLKeyECCurve (schema)
SSLKeyECCurve type
Valid ENUM values for ALBSSLKeyECCurve
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBSSLKeyECCurve | SSLKeyECCurve type Valid ENUM values for ALBSSLKeyECCurve |
string | Enum: SSL_KEY_EC_CURVE_SECP256R1, SSL_KEY_EC_CURVE_SECP384R1, SSL_KEY_EC_CURVE_SECP521R1 |
ALBSSLKeyECParams (schema)
SSLKeyECParams
Advanced load balancer SSLKeyECParams object
| Name | Description | Type | Notes |
|---|---|---|---|
| curve | Curve Enum options - SSL_KEY_EC_CURVE_SECP256R1, SSL_KEY_EC_CURVE_SECP384R1, SSL_KEY_EC_CURVE_SECP521R1. Default value when not specified in API or module is interpreted by ALB Controller as SSL_KEY_EC_CURVE_SECP256R1. |
ALBSSLKeyECCurve | Default: "SSL_KEY_EC_CURVE_SECP256R1" |
ALBSSLKeyParams (schema)
SSLKeyParams
Advanced load balancer SSLKeyParams object
| Name | Description | Type | Notes |
|---|---|---|---|
| algorithm | Algorithm Enum options - SSL_KEY_ALGORITHM_RSA, SSL_KEY_ALGORITHM_EC. Default value when not specified in API or module is interpreted by ALB Controller as SSL_KEY_ALGORITHM_RSA. |
ALBSSLKeyAlgorithm | Required Default: "SSL_KEY_ALGORITHM_RSA" |
| ec_params | Ec params Placeholder for description of property ec_params of obj type SSLKeyParams field type str type ref. |
ALBSSLKeyECParams | |
| rsa_params | Rsa params Placeholder for description of property rsa_params of obj type SSLKeyParams field type str type ref. |
ALBSSLKeyRSAParams |
ALBSSLKeyRSAParams (schema)
SSLKeyRSAParams
Advanced load balancer SSLKeyRSAParams object
| Name | Description | Type | Notes |
|---|---|---|---|
| exponent | Exponent Number of exponent. Default value when not specified in API or module is interpreted by ALB Controller as 65537. |
integer | Default: "65537" |
| key_size | Key size Enum options - SSL_KEY_1024_BITS, SSL_KEY_2048_BITS, SSL_KEY_3072_BITS, SSL_KEY_4096_BITS. Default value when not specified in API or module is interpreted by ALB Controller as SSL_KEY_2048_BITS. |
ALBSSLRSAKeySize | Default: "SSL_KEY_2048_BITS" |
ALBSSLProfile (schema)
SSLProfile
Advanced load balancer SSLProfile object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| accepted_ciphers | Accepted ciphers Ciphers suites represented as defined by https //www.openssl.org/docs/apps/ciphers.html. Default value when not specified in API or module is interpreted by ALB Controller as AES:3DES:RC4. |
string | Default: "AES:3DES:RC4" |
| accepted_versions | Accepted versions Set of versions accepted by the server. Minimum of 1 items required. |
array of ALBSSLVersion | Required |
| avi_tags | Avi tags Placeholder for description of property tags of obj type SSLProfile field type str type array. |
array of ALBTag | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| cipher_enums | Cipher enums Enum options - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_AES_256_GCM_SHA384... Allowed in Basic(Allowed values- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA) edition, Essentials(Allowed values- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_256_GCM_SHA384,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA) edition, Enterprise edition. |
array of ALBAcceptedCipherEnums | |
| ciphersuites | Ciphersuites TLS 1.3 Ciphers suites represented as defined by U(https //www.openssl.org/docs/manmaster/man1/ciphers.html). Allowed in Basic edition, Essentials edition, Enterprise edition. Special default for Basic edition is TLS_AES_256_GCM_SHA384-TLS_AES_128_GCM_SHA256, Essentials edition is TLS_AES_256_GCM_SHA384-TLS_AES_128_GCM_SHA256, Enterprise is TLS_AES_256_GCM_SHA384-TLS_CHACHA20_POLY1305_SHA256-TLS_AES_128_GCM_SHA256. Default value when not specified in API or module is interpreted by ALB Controller as TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256. |
string | Default: "TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enable_early_data | Enable early data Enable early data processing for TLS1.3 connections. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| enable_ssl_session_reuse | Enable ssl session reuse Enable SSL session re-use. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| prefer_client_cipher_ordering | Prefer client cipher ordering Prefer the SSL cipher ordering presented by the client during the SSL handshake over the one specified in the SSL Profile. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBSSLProfile | string | |
| send_close_notify | Send close notify Send 'close notify' alert message for a clean shutdown of the SSL connection. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| ssl_rating | Ssl rating Placeholder for description of property ssl_rating of obj type SSLProfile field type str type ref. |
ALBSSLRating | Readonly |
| ssl_session_timeout | Ssl session timeout The amount of time in seconds before an SSL session expires. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 86400. |
integer | Default: "86400" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| type | Type SSL Profile Type. Enum options - SSL_PROFILE_TYPE_APPLICATION, SSL_PROFILE_TYPE_SYSTEM. Default value when not specified in API or module is interpreted by ALB Controller as SSL_PROFILE_TYPE_APPLICATION. |
ALBSSLProfileType | Default: "SSL_PROFILE_TYPE_APPLICATION" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ALBSSLProfileApiResponse (schema)
SSLProfileApiResponse
SSLProfileApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of SSLProfile Array of SSLProfile |
array of ALBSSLProfile | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALBSSLProfileSelector (schema)
SSLProfileSelector
Advanced load balancer SSLProfileSelector object
| Name | Description | Type | Notes |
|---|---|---|---|
| client_ip_list | Client ip list Configure client IP address groups. |
ALBIpAddrMatch | Required |
| ssl_profile_path | Ssl profile path SSL profile for the client IP addresses listed. It is a reference to an object of type SSLProfile. |
string | Required |
ALBSSLProfileType (schema)
SSLProfileType type
Valid ENUM values for ALBSSLProfileType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBSSLProfileType | SSLProfileType type Valid ENUM values for ALBSSLProfileType |
string | Enum: SSL_PROFILE_TYPE_APPLICATION, SSL_PROFILE_TYPE_SYSTEM |
ALBSSLRSAKeySize (schema)
SSLRSAKeySize type
Valid ENUM values for ALBSSLRSAKeySize
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBSSLRSAKeySize | SSLRSAKeySize type Valid ENUM values for ALBSSLRSAKeySize |
string | Enum: SSL_KEY_1024_BITS, SSL_KEY_2048_BITS, SSL_KEY_3072_BITS, SSL_KEY_4096_BITS |
ALBSSLRating (schema)
SSLRating
Advanced load balancer SSLRating object
| Name | Description | Type | Notes |
|---|---|---|---|
| compatibility_rating | Compatibility rating Enum options - SSL_SCORE_NOT_SECURE, SSL_SCORE_VERY_BAD, SSL_SCORE_BAD, SSL_SCORE_AVERAGE, SSL_SCORE_GOOD, SSL_SCORE_EXCELLENT. |
ALBSSLScore | |
| performance_rating | Performance rating Enum options - SSL_SCORE_NOT_SECURE, SSL_SCORE_VERY_BAD, SSL_SCORE_BAD, SSL_SCORE_AVERAGE, SSL_SCORE_GOOD, SSL_SCORE_EXCELLENT. |
ALBSSLScore | |
| security_score | Security score security_score of SSLRating. |
string |
ALBSSLScore (schema)
SSLScore type
Valid ENUM values for ALBSSLScore
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBSSLScore | SSLScore type Valid ENUM values for ALBSSLScore |
string | Enum: SSL_SCORE_NOT_SECURE, SSL_SCORE_VERY_BAD, SSL_SCORE_BAD, SSL_SCORE_AVERAGE, SSL_SCORE_GOOD, SSL_SCORE_EXCELLENT |
ALBSSLVersion (schema)
SSLVersion
Advanced load balancer SSLVersion object
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Type Enum options - SSL_VERSION_SSLV3, SSL_VERSION_TLS1, SSL_VERSION_TLS1_1, SSL_VERSION_TLS1_2, SSL_VERSION_TLS1_3. Allowed in Basic(Allowed values- SSL_VERSION_SSLV3,SSL_VERSION_TLS1,SSL_VERSION_TLS1_1,SSL_VERSION_TLS1_2) edition, Essentials(Allowed values- SSL_VERSION_SSLV3,SSL_VERSION_TLS1,SSL_VERSION_TLS1_1,SSL_VERSION_TLS1_2) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as SSL_VERSION_TLS1_1. |
ALBSSLVersionType | Required Default: "SSL_VERSION_TLS1_1" |
ALBSSLVersionType (schema)
SSLVersionType type
Valid ENUM values for ALBSSLVersionType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBSSLVersionType | SSLVersionType type Valid ENUM values for ALBSSLVersionType |
string | Enum: SSL_VERSION_SSLV3, SSL_VERSION_TLS1, SSL_VERSION_TLS1_1, SSL_VERSION_TLS1_2, SSL_VERSION_TLS1_3 |
ALBSSOPolicy (schema)
SSOPolicy
Advanced load balancer SSOPolicy object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| authentication_policy | Authentication policy Authentication Policy Settings. |
ALBAuthenticationPolicy | Required |
| authorization_policy | Authorization policy Authorization Policy Settings. |
ALBAuthorizationPolicy | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBSSOPolicy | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| type | Type SSO Policy Type. Enum options - SSO_TYPE_SAML, SSO_TYPE_PINGACCESS, SSO_TYPE_JWT. Default value when not specified in API or module is interpreted by ALB Controller as SSO_TYPE_SAML. |
ALBSSOPolicyType | Default: "SSO_TYPE_SAML" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ALBSSOPolicyApiResponse (schema)
SSOPolicyApiResponse
SSOPolicyApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of SSOPolicy Array of SSOPolicy |
array of ALBSSOPolicy | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALBSSOPolicyType (schema)
SSOPolicyType type
Valid ENUM values for ALBSSOPolicyType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBSSOPolicyType | SSOPolicyType type Valid ENUM values for ALBSSOPolicyType |
string | Enum: SSO_TYPE_SAML, SSO_TYPE_PINGACCESS, SSO_TYPE_JWT |
ALBSamlIdentityProviderSettings (schema)
SamlIdentityProviderSettings
Advanced load balancer SamlIdentityProviderSettings object
| Name | Description | Type | Notes |
|---|---|---|---|
| metadata | Metadata SAML IDP metadata. |
string |
ALBSamlServiceProviderNode (schema)
SamlServiceProviderNode
Advanced load balancer SamlServiceProviderNode object
| Name | Description | Type | Notes |
|---|---|---|---|
| entity_id | Entity id Globally unique entityID for this node. Entity ID on the IDP should match this. |
string | |
| name | Name Refers to the Cluster name identifier (Virtual IP or FQDN). |
string | Required |
| signing_ssl_key_and_certificate_path | Signing ssl key and certificate path Service Engines will use this SSL certificate to sign assertions going to the IdP. It is a reference to an object of type SSLKeyAndCertificate. |
string | |
| single_signon_url | Single signon url Single Signon URL to be programmed on the IDP. |
string |
ALBSamlServiceProviderSettings (schema)
SamlServiceProviderSettings
Advanced load balancer SamlServiceProviderSettings object
| Name | Description | Type | Notes |
|---|---|---|---|
| fqdn | Fqdn FQDN if entity type is DNS_FQDN . |
string | |
| org_display_name | Org display name Service Provider Organization Display Name. |
string | |
| org_name | Org name Service Provider Organization Name. |
string | |
| org_url | Org url Service Provider Organization URL. |
string | |
| saml_entity_type | Saml entity type Type of SAML endpoint. Enum options - AUTH_SAML_CLUSTER_VIP, AUTH_SAML_DNS_FQDN, AUTH_SAML_APP_VS. |
ALBAuthSamlEntityType | |
| sp_nodes | Sp nodes Service Provider node information. |
array of ALBSamlServiceProviderNode | |
| tech_contact_email | Tech contact email Service Provider technical contact email. |
string | |
| tech_contact_name | Tech contact name Service Provider technical contact name. |
string |
ALBSamlSettings (schema)
SamlSettings
Advanced load balancer SamlSettings object
| Name | Description | Type | Notes |
|---|---|---|---|
| idp | Idp Configure remote Identity provider settings. |
ALBSamlIdentityProviderSettings | |
| sp | Sp Configure service provider settings for the Controller. |
ALBSamlServiceProviderSettings | Required |
ALBSeFlowDist (schema)
SeFlowDist type
Valid ENUM values for ALBSeFlowDist
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBSeFlowDist | SeFlowDist type Valid ENUM values for ALBSeFlowDist |
string | Enum: LOAD_AWARE, CONSISTENT_HASH_SOURCE_IP_ADDRESS, CONSISTENT_HASH_SOURCE_IP_ADDRESS_AND_PORT |
ALBSecurityPolicy (schema)
SecurityPolicy
Advanced load balancer SecurityPolicy object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| dns_attacks | Dns attacks Attacks utilizing the DNS protocol operations. |
ALBDnsAttacks | |
| dns_policy_index | Dns policy index Index of the dns policy to use for the mitigation rules applied to the dns attacks. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Default: "0" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| network_security_policy_index | Network security policy index Index of the network security policy to use for the mitigation rules applied to the attacks. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Default: "0" |
| oper_mode | Oper mode Mode of dealing with the attacks - perform detection only, or detect and mitigate the attacks. Enum options - DETECTION, MITIGATION. Default value when not specified in API or module is interpreted by ALB Controller as DETECTION. |
ALBOperationMode | Default: "DETECTION" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBSecurityPolicy | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ALBSecurityPolicyApiResponse (schema)
SecurityPolicyApiResponse
SecurityPolicyApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of SecurityPolicy Array of SecurityPolicy |
array of ALBSecurityPolicy | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALBSensitiveFieldRule (schema)
SensitiveFieldRule
Advanced load balancer SensitiveFieldRule object
| Name | Description | Type | Notes |
|---|---|---|---|
| action | Action Action for the matched log field, for instance the matched field can be removed or masked off. Enum options - LOG_FIELD_REMOVE, LOG_FIELD_MASKOFF. Default value when not specified in API or module is interpreted by ALB Controller as LOG_FIELD_REMOVE. |
ALBLogAction | Default: "LOG_FIELD_REMOVE" |
| enabled | Enabled Enable rule to match the sensitive fields. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| index | Index Index of the rule. |
integer | |
| match | Match Criterion to use for matching in the Log. Allowed in Basic edition, Essentials edition, Enterprise edition. |
ALBStringMatch | |
| name | Name Name of the rule. |
string |
ALBSensitiveLogProfile (schema)
SensitiveLogProfile
Advanced load balancer SensitiveLogProfile object
| Name | Description | Type | Notes |
|---|---|---|---|
| header_field_rules | Header field rules Match sensitive header fields in HTTP application log. |
array of ALBSensitiveFieldRule | |
| uri_query_field_rules | Uri query field rules Match sensitive URI query params in HTTP application log. Query params from the URI are extracted and checked for matching sensitive parameter names. A successful match will mask the parameter values in accordance with this rule action. |
array of ALBSensitiveFieldRule | |
| waf_field_rules | Waf field rules Match sensitive WAF log fields in HTTP application log. |
array of ALBSensitiveFieldRule |
ALBServer (schema)
Server
Advanced load balancer Server object
| Name | Description | Type | Notes |
|---|---|---|---|
| autoscaling_group_name | Autoscaling group name Name of autoscaling group this server belongs to. Allowed in Essentials edition, Enterprise edition. |
string | |
| availability_zone | Availability zone Availability-zone of the server VM. |
string | |
| description | Description A description of the Server. |
string | |
| discovered_networks | Discovered networks (internal-use) Discovered networks providing reachability for server IP. This field is used internally by Avi, not editable by the user. |
array of ALBDiscoveredNetwork | |
| enabled | Enabled Enable, Disable or Graceful Disable determine if new or existing connections to the server are allowed. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| external_orchestration_id | External orchestration id UID of server in external orchestration systems. |
string | |
| external_uuid | External uuid UUID identifying VM in OpenStack and other external compute. |
string | |
| hostname | Hostname DNS resolvable name of the server. May be used in place of the IP address. |
string | |
| ip | Ip IP Address of the server. Required if there is no resolvable host name. |
ALBIpAddr | Required |
| is_static | Is static If statically learned. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| location | Location (internal-use) Geographic location of the server.Currently only for internal usage. Allowed in Basic edition, Essentials edition, Enterprise edition. |
ALBGeoLocation | |
| mac_address | Mac address MAC address of server. |
string | |
| port | Port Optionally specify the servers port number. This will override the pool's default server port attribute. Allowed values are 1-65535. Special values are 0- 'use backend port in pool'. |
integer | Minimum: 0 Maximum: 65535 |
| prst_hdr_val | Prst hdr val Header value for custom header persistence. |
string | |
| ratio | Ratio Ratio of selecting eligible servers in the pool. Allowed values are 1-20. Default value when not specified in API or module is interpreted by ALB Controller as 1. |
integer | Minimum: 1 Maximum: 20 Default: "1" |
| resolve_server_by_dns | Resolve server by dns Auto resolve server's IP using DNS name. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| rewrite_host_header | Rewrite host header Rewrite incoming Host Header to server name. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| server_node | Server node Hostname of the node where the server VM or container resides. |
string | |
| verify_network | Verify network Verify server belongs to a discovered network or reachable via a discovered network. Verify reachable network isn't the OpenStack management network. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
ALBServerAutoScalePolicy (schema)
ServerAutoScalePolicy
Advanced load balancer ServerAutoScalePolicy object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| delay_for_server_garbage_collection | Delay for server garbage collection Delay in minutes after which a down server will be removed from Pool. Value 0 disables this functionality. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Default: "0" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| intelligent_autoscale | Intelligent autoscale Use Avi intelligent autoscale algorithm where autoscale is performed by comparing load on the pool against estimated capacity of all the servers. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| intelligent_scalein_margin | Intelligent scalein margin Maximum extra capacity as percentage of load used by the intelligent scheme. Scalein is triggered when available capacity is more than this margin. Allowed values are 1-99. Default value when not specified in API or module is interpreted by ALB Controller as 40. |
integer | Minimum: 1 Maximum: 99 Default: "40" |
| intelligent_scaleout_margin | Intelligent scaleout margin Minimum extra capacity as percentage of load used by the intelligent scheme. Scaleout is triggered when available capacity is less than this margin. Allowed values are 1-99. Default value when not specified in API or module is interpreted by ALB Controller as 20. |
integer | Minimum: 1 Maximum: 99 Default: "20" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| max_scalein_adjustment_step | Max scalein adjustment step Maximum number of servers to scalein simultaneously. The actual number of servers to scalein is chosen such that target number of servers is always more than or equal to the min_size. Default value when not specified in API or module is interpreted by ALB Controller as 1. |
integer | Default: "1" |
| max_scaleout_adjustment_step | Max scaleout adjustment step Maximum number of servers to scaleout simultaneously. The actual number of servers to scaleout is chosen such that target number of servers is always less than or equal to the max_size. Default value when not specified in API or module is interpreted by ALB Controller as 1. |
integer | Default: "1" |
| max_size | Max size Maximum number of servers after scaleout. Allowed values are 0-400. |
integer | Minimum: 0 Maximum: 400 |
| min_size | Min size No scale-in happens once number of operationally up servers reach min_servers. Allowed values are 0-400. |
integer | Minimum: 0 Maximum: 400 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBServerAutoScalePolicy | string | |
| scalein_cooldown | Scalein cooldown Cooldown period during which no new scalein is triggered to allow previous scalein to successfully complete. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 300. |
integer | Default: "300" |
| scaleout_cooldown | Scaleout cooldown Cooldown period during which no new scaleout is triggered to allow previous scaleout to successfully complete. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 300. |
integer | Default: "300" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| use_predicted_load | Use predicted load Use predicted load rather than current load. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
ALBServerAutoScalePolicyApiResponse (schema)
ServerAutoScalePolicyApiResponse
ServerAutoScalePolicyApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of ServerAutoScalePolicy Array of ServerAutoScalePolicy |
array of ALBServerAutoScalePolicy | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALBService (schema)
Service
Advanced load balancer Service object
| Name | Description | Type | Notes |
|---|---|---|---|
| enable_http2 | Enable http2 Enable HTTP2 on this port. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| enable_ssl | Enable ssl Enable SSL termination and offload for traffic from clients. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| override_application_profile_path | Override application profile path Enable application layer specific features for the this specific service. It is a reference to an object of type ApplicationProfile. Allowed in Basic edition, Essentials edition, Enterprise edition. |
string | |
| override_network_profile_path | Override network profile path Override the network profile for this specific service port. It is a reference to an object of type NetworkProfile. |
string | |
| port | Port The Virtual Service's port number. Allowed values are 0-65535. |
integer | Required Minimum: 0 Maximum: 65535 |
| port_range_end | Port range end The end of the Virtual Service's port number range. Allowed values are 1-65535. Special values are 0- 'single port'. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Minimum: 0 Maximum: 65535 Default: "0" |
ALBServicePoolSelector (schema)
ServicePoolSelector
Advanced load balancer ServicePoolSelector object
| Name | Description | Type | Notes |
|---|---|---|---|
| service_pool_group_path | Service pool group path It is a reference to an object of type PoolGroup. |
string | |
| service_pool_path | Service pool path It is a reference to an object of type Pool. |
string | |
| service_port | Service port Pool based destination port. Allowed values are 1-65535. |
integer | Required Minimum: 1 Maximum: 65535 |
| service_port_range_end | Service port range end The end of the Service port number range. Allowed values are 1-65535. Special values are 0- 'single port'. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Minimum: 0 Maximum: 65535 Default: "0" |
| service_protocol | Service protocol Destination protocol to match for the pool selection. If not specified, it will match any protocol. Enum options - PROTOCOL_TYPE_TCP_PROXY, PROTOCOL_TYPE_TCP_FAST_PATH, PROTOCOL_TYPE_UDP_FAST_PATH, PROTOCOL_TYPE_UDP_PROXY. |
ALBProtocolType |
ALBSidebandProfile (schema)
SidebandProfile
Advanced load balancer SidebandProfile object
| Name | Description | Type | Notes |
|---|---|---|---|
| ip | Ip IP Address of the sideband server. |
array of ALBIpAddr | |
| sideband_max_request_body_size | Sideband max request body size Maximum size of the request body that will be sent on the sideband. Allowed values are 0-16384. Unit is BYTES. Default value when not specified in API or module is interpreted by ALB Controller as 1024. |
integer | Minimum: 0 Maximum: 16384 Default: "1024" |
ALBSipMonTransport (schema)
SipMonTransport type
Valid ENUM values for ALBSipMonTransport
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBSipMonTransport | SipMonTransport type Valid ENUM values for ALBSipMonTransport |
string | Enum: SIP_UDP_PROTO, SIP_TCP_PROTO |
ALBSipRequestCode (schema)
SipRequestCode type
Valid ENUM values for ALBSipRequestCode
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBSipRequestCode | SipRequestCode type Valid ENUM values for ALBSipRequestCode |
string | Enum: SIP_OPTIONS |
ALBSipServiceApplicationProfile (schema)
SipServiceApplicationProfile
Advanced load balancer SipServiceApplicationProfile object
| Name | Description | Type | Notes |
|---|---|---|---|
| transaction_timeout | Transaction timeout SIP transaction timeout in seconds. Allowed values are 2-512. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 32. |
integer | Minimum: 2 Maximum: 512 Default: "32" |
ALBStreamingSyslogConfig (schema)
StreamingSyslogConfig
Advanced load balancer StreamingSyslogConfig object
| Name | Description | Type | Notes |
|---|---|---|---|
| facility | Facility Facility value, as defined in RFC5424, must be between 0 and 23 inclusive. Allowed values are 0-23. Default value when not specified in API or module is interpreted by ALB Controller as 16. |
integer | Minimum: 0 Maximum: 23 Default: "16" |
| filtered_log_severity | Filtered log severity Severity code, as defined in RFC5424, for filtered logs. This must be between 0 and 7 inclusive. Allowed values are 0-7. Default value when not specified in API or module is interpreted by ALB Controller as 5. |
integer | Minimum: 0 Maximum: 7 Default: "5" |
| hostname | Hostname String to use as the hostname in the syslog messages. This string can contain only printable ASCII characters (hex 21 to hex 7E; no space allowed). Default value when not specified in API or module is interpreted by ALB Controller as AviVantage. |
string | Default: "AviVantage" |
| non_significant_log_severity | Non significant log severity Severity code, as defined in RFC5424, for non-significant logs. This must be between 0 and 7 inclusive. Allowed values are 0-7. Default value when not specified in API or module is interpreted by ALB Controller as 6. |
integer | Minimum: 0 Maximum: 7 Default: "6" |
| significant_log_severity | Significant log severity Severity code, as defined in RFC5424, for significant logs. This must be between 0 and 7 inclusive. Allowed values are 0-7. Default value when not specified in API or module is interpreted by ALB Controller as 4. |
integer | Minimum: 0 Maximum: 7 Default: "4" |
ALBStringGroup (schema)
StringGroup
Advanced load balancer StringGroup object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| kv | Kv Configure Key Value in the string group. |
array of ALBKeyValue | |
| longest_match | Longest match Enable the longest match, default is the shortest match. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBStringGroup | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| type | Type Type of StringGroup. Enum options - SG_TYPE_STRING, SG_TYPE_KEYVAL. Default value when not specified in API or module is interpreted by ALB Controller as SG_TYPE_STRING. |
ALBStringGroupType | Required Default: "SG_TYPE_STRING" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ALBStringGroupApiResponse (schema)
StringGroupApiResponse
StringGroupApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of StringGroup Array of StringGroup |
array of ALBStringGroup | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALBStringGroupType (schema)
StringGroupType type
Valid ENUM values for ALBStringGroupType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBStringGroupType | StringGroupType type Valid ENUM values for ALBStringGroupType |
string | Enum: SG_TYPE_STRING, SG_TYPE_KEYVAL |
ALBStringMatch (schema)
StringMatch
Advanced load balancer StringMatch object
| Name | Description | Type | Notes |
|---|---|---|---|
| match_criteria | Match criteria Criterion to use for string matching the HTTP request. Enum options - BEGINS_WITH, DOES_NOT_BEGIN_WITH, CONTAINS, DOES_NOT_CONTAIN, ENDS_WITH, DOES_NOT_END_WITH, EQUALS, DOES_NOT_EQUAL, REGEX_MATCH, REGEX_DOES_NOT_MATCH. Allowed in Basic(Allowed values- BEGINS_WITH,DOES_NOT_BEGIN_WITH,CONTAINS,DOES_NOT_CONTAIN,ENDS_WITH,DOES_NOT_END_WITH,EQUALS,DOES_NOT_EQUAL) edition, Essentials(Allowed values- BEGINS_WITH,DOES_NOT_BEGIN_WITH,CONTAINS,DOES_NOT_CONTAIN,ENDS_WITH,DOES_NOT_END_WITH,EQUALS,DOES_NOT_EQUAL) edition, Enterprise edition. |
ALBStringOperation | Required |
| match_str | Match str String value(s). |
array of string | |
| string_group_paths | String group paths path of the string group(s). It is a reference to an object of type StringGroup. |
array of string |
ALBStringOperation (schema)
StringOperation type
Valid ENUM values for ALBStringOperation
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBStringOperation | StringOperation type Valid ENUM values for ALBStringOperation |
string | Enum: BEGINS_WITH, DOES_NOT_BEGIN_WITH, CONTAINS, DOES_NOT_CONTAIN, ENDS_WITH, DOES_NOT_END_WITH, EQUALS, DOES_NOT_EQUAL, REGEX_MATCH, REGEX_DOES_NOT_MATCH |
ALBTCPApplicationProfile (schema)
TCPApplicationProfile
Advanced load balancer TCPApplicationProfile object
| Name | Description | Type | Notes |
|---|---|---|---|
| pki_profile_path | Pki profile path Select the PKI profile to be associated with the Virtual Service. This profile defines the Certificate Authority and Revocation List. It is a reference to an object of type PKIProfile. Allowed in Basic edition, Essentials edition, Enterprise edition. |
string | |
| proxy_protocol_enabled | Proxy protocol enabled Enable/Disable the usage of proxy protocol to convey client connection information to the back-end servers. Valid only for L4 application profiles and TCP proxy. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| proxy_protocol_version | Proxy protocol version Version of proxy protocol to be used to convey client connection information to the back-end servers. Enum options - PROXY_PROTOCOL_VERSION_1, PROXY_PROTOCOL_VERSION_2. Allowed in Basic(Allowed values- PROXY_PROTOCOL_VERSION_1) edition, Essentials(Allowed values- PROXY_PROTOCOL_VERSION_1) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as PROXY_PROTOCOL_VERSION_1. |
ALBProxyProtocolVersion | Default: "PROXY_PROTOCOL_VERSION_1" |
| ssl_client_certificate_mode | Ssl client certificate mode Specifies whether the client side verification is set to none, request or require. Enum options - SSL_CLIENT_CERTIFICATE_NONE, SSL_CLIENT_CERTIFICATE_REQUEST, SSL_CLIENT_CERTIFICATE_REQUIRE. Allowed in Basic(Allowed values- SSL_CLIENT_CERTIFICATE_NONE) edition, Essentials(Allowed values- SSL_CLIENT_CERTIFICATE_NONE) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as SSL_CLIENT_CERTIFICATE_NONE. |
ALBSSLClientCertificateMode | Default: "SSL_CLIENT_CERTIFICATE_NONE" |
ALBTCPFastPathProfile (schema)
TCPFastPathProfile
Advanced load balancer TCPFastPathProfile object
| Name | Description | Type | Notes |
|---|---|---|---|
| dsr_profile | Dsr profile DSR profile information. Allowed in Basic edition, Essentials edition, Enterprise edition. |
ALBDsrProfile | |
| enable_syn_protection | Enable syn protection When enabled, Avi will complete the 3-way handshake with the client before forwarding any packets to the server. This will protect the server from SYN flood and half open SYN connections. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| session_idle_timeout | Session idle timeout The amount of time (in sec) for which a connection needs to be idle before it is eligible to be deleted. Allowed values are 5-14400. Special values are 0 - 'infinite'. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 300. |
integer | Minimum: 0 Maximum: 14400 Default: "300" |
ALBTCPProxyProfile (schema)
TCPProxyProfile
Advanced load balancer TCPProxyProfile object
| Name | Description | Type | Notes |
|---|---|---|---|
| aggressive_congestion_avoidance | Aggressive congestion avoidance Controls the our congestion window to send, normally it's 1 mss, If this option is turned on, we use 10 msses. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| auto_window_growth | Auto window growth Controls whether the windows are static or supports autogrowth. Maximum that it can grow to is limited to 4MB. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| automatic | Automatic Dynamically pick the relevant parameters for connections. Allowed in Basic(Allowed values- true) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| cc_algo | Cc algo Controls the congestion control algorithm we use. Enum options - CC_ALGO_NEW_RENO, CC_ALGO_CUBIC, CC_ALGO_HTCP. Default value when not specified in API or module is interpreted by ALB Controller as CC_ALGO_NEW_RENO. |
ALBCongestionAlgo | Default: "CC_ALGO_NEW_RENO" |
| congestion_recovery_scaling_factor | Congestion recovery scaling factor Congestion window scaling factor after recovery. Allowed values are 0-8. Default value when not specified in API or module is interpreted by ALB Controller as 2. |
integer | Minimum: 0 Maximum: 8 Default: "2" |
| idle_connection_timeout | Idle connection timeout The duration for keepalive probes or session idle timeout. Max value is 3600 seconds, min is 5. Set to 0 to allow infinite idle time. Allowed values are 5-14400. Special values are 0 - 'infinite'. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 600. |
integer | Minimum: 0 Maximum: 14400 Default: "600" |
| idle_connection_type | Idle connection type Controls the behavior of idle connections. Enum options - KEEP_ALIVE, CLOSE_IDLE. Default value when not specified in API or module is interpreted by ALB Controller as KEEP_ALIVE. |
ALBIdleConnectionType | Default: "KEEP_ALIVE" |
| ignore_time_wait | Ignore time wait A new SYN is accepted from the same 4-tuple even if there is already a connection in TIME_WAIT state. This is equivalent of setting Time Wait Delay to 0. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| ip_dscp | Ip dscp Controls the value of the Differentiated Services Code Point field inserted in the IP header. This has two options Set to a specific value, or Pass Through, which uses the incoming DSCP value. Allowed values are 0-63. Special values are MAX - 'Passthrough'. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Minimum: 0 Maximum: 63 Default: "0" |
| keepalive_in_halfclose_state | Keepalive in halfclose state Controls whether to keep the connection alive with keepalive messages in the TCP half close state. The interval for sending keepalive messages is 30s. If a timeout is already configured in the network profile, this will not override it. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| max_retransmissions | Max retransmissions The number of attempts at retransmit before closing the connection. Allowed values are 3-8. Default value when not specified in API or module is interpreted by ALB Controller as 8. |
integer | Minimum: 3 Maximum: 8 Default: "8" |
| max_segment_size | Max segment size Maximum TCP segment size. Allowed values are 512-9000. Special values are 0 - 'Use Interface MTU'. Unit is BYTES. |
integer | Minimum: 0 Maximum: 9000 |
| max_syn_retransmissions | Max syn retransmissions The maximum number of attempts at retransmitting a SYN packet before giving up. Allowed values are 3-8. Default value when not specified in API or module is interpreted by ALB Controller as 8. |
integer | Minimum: 3 Maximum: 8 Default: "8" |
| min_rexmt_timeout | Min rexmt timeout The minimum wait time (in millisec) to retransmit packet. Allowed values are 50-5000. Unit is MILLISECONDS. |
integer | Minimum: 50 Maximum: 5000 |
| nagles_algorithm | Nagles algorithm Consolidates small data packets to send clients fewer but larger packets. Adversely affects real time protocols such as telnet or SSH. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| reassembly_queue_size | Reassembly queue size Maximum number of TCP segments that can be queued for reassembly. Configuring this to 0 disables the feature and provides unlimited queuing. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Default: "0" |
| receive_window | Receive window Size of the receive window. Allowed values are 2-65536. Unit is KB. Default value when not specified in API or module is interpreted by ALB Controller as 64. |
integer | Minimum: 2 Maximum: 65536 Default: "64" |
| reorder_threshold | Reorder threshold Controls the number of duplicate acks required to trigger retransmission. Setting a higher value reduces retransmission caused by packet reordering. A larger value is recommended in public cloud environments where packet reordering is quite common. The default value is 8 in public cloud platforms (AWS, Azure, GCP), and 3 in other environments. Allowed values are 1-100. |
integer | Minimum: 1 Maximum: 100 |
| slow_start_scaling_factor | Slow start scaling factor Congestion window scaling factor during slow start. Allowed values are 0-8. Default value when not specified in API or module is interpreted by ALB Controller as 1. |
integer | Minimum: 0 Maximum: 8 Default: "1" |
| time_wait_delay | Time wait delay The time (in millisec) to wait before closing a connection in the TIME_WAIT state. Allowed values are 500-2000. Special values are 0 - 'immediate'. Unit is MILLISECONDS. Default value when not specified in API or module is interpreted by ALB Controller as 2000. |
integer | Minimum: 0 Maximum: 2000 Default: "2000" |
| use_interface_mtu | Use interface mtu Use the interface MTU to calculate the TCP max segment size. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
ALBTacacsPlusAuthSettings (schema)
TacacsPlusAuthSettings
Advanced load balancer TacacsPlusAuthSettings object
| Name | Description | Type | Notes |
|---|---|---|---|
| authorization_attrs | Authorization attrs TACACS+ authorization attribute value pairs. |
array of ALBAuthTacacsPlusAttributeValuePair | |
| password | Password TACACS+ server shared secret. |
secure_string | |
| port | Port TACACS+ server listening port. Default value when not specified in API or module is interpreted by ALB Controller as 49. |
integer | Default: "49" |
| server | Server TACACS+ server IP address or FQDN. Minimum of 1 items required. |
array of string | Required |
| service | Service TACACS+ service. Enum options - AUTH_TACACS_PLUS_SERVICE_NONE, AUTH_TACACS_PLUS_SERVICE_LOGIN, AUTH_TACACS_PLUS_SERVICE_ENABLE, AUTH_TACACS_PLUS_SERVICE_PPP, AUTH_TACACS_PLUS_SERVICE_ARAP, AUTH_TACACS_PLUS_SERVICE_PT, AUTH_TACACS_PLUS_SERVICE_RCMD, AUTH_TACACS_PLUS_SERVICE_X25, AUTH_TACACS_PLUS_SERVICE_NASI, AUTH_TACACS_PLUS_SERVICE_FWPROXY. Default value when not specified in API or module is interpreted by ALB Controller as AUTH_TACACS_PLUS_SERVICE_LOGIN. |
ALBAuthTacacsPlusService | Default: "AUTH_TACACS_PLUS_SERVICE_LOGIN" |
ALBTag (schema)
Tag
Advanced load balancer Tag object
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Type Enum options - AVI_DEFINED, USER_DEFINED, VCENTER_DEFINED. Default value when not specified in API or module is interpreted by ALB Controller as USER_DEFINED. |
ALBTagType | Default: "USER_DEFINED" |
| value | Value value of Tag. |
string | Required |
ALBTagType (schema)
TagType type
Valid ENUM values for ALBTagType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBTagType | TagType type Valid ENUM values for ALBTagType |
string | Enum: AVI_DEFINED, USER_DEFINED, VCENTER_DEFINED |
ALBTrafficCloneProfile (schema)
TrafficCloneProfile
Advanced load balancer TrafficCloneProfile object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| clone_servers | Clone servers Maximum of 10 items allowed. |
array of ALBCloneServer | |
| cloud_name | Cloud name It is a reference to an object of type Cloud. |
string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| preserve_client_ip | Preserve client ip Specifies if client IP needs to be preserved to clone destination. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBTrafficCloneProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ALBTrafficCloneProfileApiResponse (schema)
TrafficCloneProfileApiResponse
TrafficCloneProfileApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of TrafficCloneProfile Array of TrafficCloneProfile |
array of ALBTrafficCloneProfile | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALBUDPFastPathProfile (schema)
UDPFastPathProfile
Advanced load balancer UDPFastPathProfile object
| Name | Description | Type | Notes |
|---|---|---|---|
| dsr_profile | Dsr profile DSR profile information. Allowed in Basic edition, Essentials edition, Enterprise edition. |
ALBDsrProfile | |
| per_pkt_loadbalance | Per pkt loadbalance When enabled, every UDP packet is considered a new transaction and may be load balanced to a different server. When disabled, packets from the same client source IP and port are sent to the same server. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| session_idle_timeout | Session idle timeout The amount of time (in sec) for which a flow needs to be idle before it is deleted. Allowed values are 2-3600. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 10. |
integer | Minimum: 2 Maximum: 3600 Default: "10" |
| snat | Snat When disabled, Source NAT will not be performed for all client UDP packets. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
ALBUDPProxyProfile (schema)
UDPProxyProfile
Advanced load balancer UDPProxyProfile object
| Name | Description | Type | Notes |
|---|---|---|---|
| session_idle_timeout | Session idle timeout The amount of time (in sec) for which a flow needs to be idle before it is deleted. Allowed values are 2-3600. Unit is SEC. Default value when not specified in API or module is interpreted by ALB Controller as 10. |
integer | Minimum: 2 Maximum: 3600 Default: "10" |
ALBURIParam (schema)
URIParam
Advanced load balancer URIParam object
| Name | Description | Type | Notes |
|---|---|---|---|
| tokens | Tokens Token config either for the URI components or a constant string. Minimum of 1 items required. |
array of ALBURIParamToken | Required |
| type | Type URI param type. Enum options - URI_PARAM_TYPE_TOKENIZED. |
ALBURIParamType | Required |
ALBURIParamQuery (schema)
URIParamQuery
Advanced load balancer URIParamQuery object
| Name | Description | Type | Notes |
|---|---|---|---|
| add_string | Add string Concatenate a string to the query of the incoming request URI and then use it in the request URI going to the backend server. |
string | |
| keep_query | Keep query Use or drop the query of the incoming request URI in the request URI to the backend server. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
ALBURIParamToken (schema)
URIParamToken
Advanced load balancer URIParamToken object
| Name | Description | Type | Notes |
|---|---|---|---|
| end_index | End index Index of the ending token in the incoming URI. Allowed values are 0-65534. Special values are 65535 - 'end of string'. |
integer | Minimum: 0 Maximum: 65535 |
| start_index | Start index Index of the starting token in the incoming URI. |
integer | |
| str_value | Str value Constant string to use as a token. |
string | |
| type | Type Token type for constructing the URI. Enum options - URI_TOKEN_TYPE_HOST, URI_TOKEN_TYPE_PATH, URI_TOKEN_TYPE_STRING, URI_TOKEN_TYPE_STRING_GROUP, URI_TOKEN_TYPE_REGEX. |
ALBURITokenType | Required |
ALBURIParamType (schema)
URIParamType type
Valid ENUM values for ALBURIParamType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBURIParamType | URIParamType type Valid ENUM values for ALBURIParamType |
string | Enum: URI_PARAM_TYPE_TOKENIZED |
ALBURITokenType (schema)
URITokenType type
Valid ENUM values for ALBURITokenType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBURITokenType | URITokenType type Valid ENUM values for ALBURITokenType |
string | Enum: URI_TOKEN_TYPE_HOST, URI_TOKEN_TYPE_PATH, URI_TOKEN_TYPE_STRING, URI_TOKEN_TYPE_STRING_GROUP, URI_TOKEN_TYPE_REGEX |
ALBVSDataScript (schema)
VSDataScript
Advanced load balancer VSDataScript object
| Name | Description | Type | Notes |
|---|---|---|---|
| evt | Evt Event triggering execution of datascript. Enum options - VS_DATASCRIPT_EVT_HTTP_REQ, VS_DATASCRIPT_EVT_HTTP_RESP, VS_DATASCRIPT_EVT_HTTP_RESP_DATA, VS_DATASCRIPT_EVT_HTTP_LB_FAILED, VS_DATASCRIPT_EVT_HTTP_REQ_DATA, VS_DATASCRIPT_EVT_HTTP_RESP_FAILED, VS_DATASCRIPT_EVT_HTTP_LB_DONE, VS_DATASCRIPT_EVT_HTTP_AUTH, VS_DATASCRIPT_EVT_HTTP_POST_AUTH, VS_DATASCRIPT_EVT_TCP_CLIENT_ACCEPT, VS_DATASCRIPT_EVT_SSL_HANDSHAKE_DONE, VS_DATASCRIPT_EVT_DNS_REQ, VS_DATASCRIPT_EVT_DNS_RESP, VS_DATASCRIPT_EVT_L4_REQUEST, VS_DATASCRIPT_EVT_L4_RESPONSE, VS_DATASCRIPT_EVT_MAX. Allowed in Basic(Allowed values- VS_DATASCRIPT_EVT_HTTP_REQ) edition, Enterprise edition. |
ALBVSDataScriptEvent | Required |
| script | Script Datascript to execute when the event triggers. |
string | Required |
ALBVSDataScriptEvent (schema)
VSDataScriptEvent type
Valid ENUM values for ALBVSDataScriptEvent
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBVSDataScriptEvent | VSDataScriptEvent type Valid ENUM values for ALBVSDataScriptEvent |
string | Enum: VS_DATASCRIPT_EVT_HTTP_REQ, VS_DATASCRIPT_EVT_HTTP_RESP, VS_DATASCRIPT_EVT_HTTP_RESP_DATA, VS_DATASCRIPT_EVT_HTTP_LB_FAILED, VS_DATASCRIPT_EVT_HTTP_REQ_DATA, VS_DATASCRIPT_EVT_HTTP_RESP_FAILED, VS_DATASCRIPT_EVT_HTTP_LB_DONE, VS_DATASCRIPT_EVT_HTTP_AUTH, VS_DATASCRIPT_EVT_HTTP_POST_AUTH, VS_DATASCRIPT_EVT_TCP_CLIENT_ACCEPT, VS_DATASCRIPT_EVT_SSL_HANDSHAKE_DONE, VS_DATASCRIPT_EVT_DNS_REQ, VS_DATASCRIPT_EVT_DNS_RESP, VS_DATASCRIPT_EVT_L4_REQUEST, VS_DATASCRIPT_EVT_L4_RESPONSE, VS_DATASCRIPT_EVT_MAX |
ALBVSDataScriptSet (schema)
VSDataScriptSet
Advanced load balancer VSDataScriptSet object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| created_by | Created by Creator name. |
string | |
| datascript | Datascript DataScripts to execute. |
array of ALBVSDataScript | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ipgroup_paths | Ipgroup paths path of IP Groups that could be referred by VSDataScriptSet objects. It is a reference to an object of type IpAddrGroup. |
array of string | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| pool_group_paths | Pool group paths path of pool groups that could be referred by VSDataScriptSet objects. It is a reference to an object of type PoolGroup. |
array of string | |
| pool_paths | Pool paths path of pools that could be referred by VSDataScriptSet objects. It is a reference to an object of type Pool. |
array of string | |
| protocol_parser_paths | Protocol parser paths List of protocol parsers that could be referred by VSDataScriptSet objects. It is a reference to an object of type ProtocolParser. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of string | |
| rate_limiters | Rate limiters The Rate Limit definitions needed for this DataScript. The name is composed of the Virtual Service name and the DataScript name. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRateLimiter | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBVSDataScriptSet | string | |
| string_group_paths | String group paths path of String Groups that could be referred by VSDataScriptSet objects. It is a reference to an object of type StringGroup. |
array of string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ALBVSDataScriptSetApiResponse (schema)
VSDataScriptSetApiResponse
VSDataScriptSetApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of VSDataScriptSet Array of VSDataScriptSet |
array of ALBVSDataScriptSet | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALBVSDataScripts (schema)
VSDataScripts
Advanced load balancer VSDataScripts object
| Name | Description | Type | Notes |
|---|---|---|---|
| index | Index Index of the virtual service datascript collection. |
integer | Required |
| vs_datascript_set_path | Vs datascript set path path of the virtual service datascript collection. It is a reference to an object of type VSDataScriptSet. |
string | Required |
ALBVip (schema)
Vip
Advanced load balancer Vip object
| Name | Description | Type | Notes |
|---|---|---|---|
| auto_allocate_floating_ip | Auto allocate floating ip Auto-allocate floating/elastic IP from the Cloud infrastructure. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| auto_allocate_ip | Auto allocate ip Auto-allocate VIP from the provided subnet. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| auto_allocate_ip_type | Auto allocate ip type Specifies whether to auto-allocate only a V4 address, only a V6 address, or one of each type. Enum options - V4_ONLY, V6_ONLY, V4_V6. Allowed in Basic(Allowed values- V4_ONLY) edition, Essentials(Allowed values- V4_ONLY) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as V4_ONLY. |
ALBIpAddressVersions | Default: "V4_ONLY" |
| availability_zone | Availability zone Availability-zone to place the Virtual Service. Allowed in Basic edition, Essentials edition, Enterprise edition. |
string | |
| avi_allocated_fip | Avi allocated fip (internal-use) FIP allocated by Avi in the Cloud infrastructure. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| avi_allocated_vip | Avi allocated vip (internal-use) VIP allocated by Avi in the Cloud infrastructure. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| discovered_networks | Discovered networks Discovered networks providing reachability for client facing Vip IP. |
array of ALBDiscoveredNetwork | |
| enabled | Enabled Enable or disable the Vip. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| floating_ip | Floating ip Floating IPv4 to associate with this Vip. Allowed in Basic edition, Essentials edition, Enterprise edition. |
ALBIpAddr | |
| floating_ip6 | Floating ip6 Floating IPv6 address to associate with this Vip. Allowed in Basic edition, Essentials edition, Enterprise edition. |
ALBIpAddr | |
| floating_subnet6_uuid | Floating subnet6 uuid If auto_allocate_floating_ip is True and more than one floating-ip subnets exist, then the subnet for the floating IPv6 address allocation. Allowed in Basic edition, Essentials edition, Enterprise edition. |
string | |
| floating_subnet_uuid | Floating subnet uuid If auto_allocate_floating_ip is True and more than one floating-ip subnets exist, then the subnet for the floating IP address allocation. Allowed in Basic edition, Essentials edition, Enterprise edition. |
string | |
| ip6_address | Ip6 address IPv6 Address of the Vip. |
ALBIpAddr | |
| ip_address | Ip address IPv4 Address of the VIP. |
ALBIpAddr | |
| ipam_network_subnet | Ipam network subnet Subnet and/or Network for allocating VirtualService IP by IPAM Provider module. |
ALBIPNetworkSubnet | |
| network_name | Network name Manually override the network on which the Vip is placed. It is a reference to an object of type Network. |
string | |
| placement_networks | Placement networks Placement networks/subnets to use for vip placement. Maximum of 10 items allowed. |
array of ALBVipPlacementNetwork | |
| port_uuid | Port uuid (internal-use) Network port assigned to the Vip IP address. |
string | |
| prefix_length | Prefix length Mask applied for the Vip, non-default mask supported only for wildcard Vip. Allowed values are 0-32. Allowed in Basic(Allowed values- 32) edition, Essentials(Allowed values- 32) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 32. |
integer | Minimum: 0 Maximum: 32 Default: "32" |
| subnet | Subnet Subnet providing reachability for client facing Vip IP. |
ALBIpAddrPrefix | |
| subnet6 | Subnet6 Subnet providing reachability for client facing Vip IPv6. Allowed in Essentials edition, Enterprise edition. |
ALBIpAddrPrefix | |
| subnet6_uuid | Subnet6 uuid If auto_allocate_ip is True, then the subnet for the Vip IPv6 address allocation. This field is applicable only if the VirtualService belongs to an Openstack or AWS cloud, in which case it is mandatory, if auto_allocate is selected. Allowed in Essentials edition, Enterprise edition. |
string | |
| subnet_uuid | Subnet uuid If auto_allocate_ip is True, then the subnet for the Vip IP address allocation. This field is applicable only if the VirtualService belongs to an Openstack or AWS cloud, in which case it is mandatory, if auto_allocate is selected. |
string | |
| vip_id | Vip id Unique ID associated with the vip. |
string | Required |
ALBVipPlacementNetwork (schema)
VipPlacementNetwork
Advanced load balancer VipPlacementNetwork object
| Name | Description | Type | Notes |
|---|---|---|---|
| network_name | Network name Network to use for vip placement. It is a reference to an object of type Network. |
string | |
| subnet | Subnet IPv4 Subnet to use for vip placement. |
ALBIpAddrPrefix | |
| subnet6 | Subnet6 IPv6 subnet to use for vip placement. |
ALBIpAddrPrefix |
ALBVirtualService (schema)
VirtualService
Advanced load balancer VirtualService object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| active_standby_se_tag | Active standby se tag This configuration only applies if the VirtualService is in Legacy Active Standby HA mode and Load Distribution among Active Standby is enabled. This field is used to tag the VirtualService so that VirtualServices with the same tag will share the same Active ServiceEngine. VirtualServices with different tags will have different Active ServiceEngines. If one of the ServiceEngine's in the ServiceEngineGroup fails, all VirtualServices will end up using the same Active ServiceEngine. Redistribution of the VirtualServices can be either manual or automated when the failed ServiceEngine recovers. Redistribution is based on the auto redistribute property of the ServiceEngineGroup. Enum options - ACTIVE_STANDBY_SE_1, ACTIVE_STANDBY_SE_2. Default value when not specified in API or module is interpreted by ALB Controller as ACTIVE_STANDBY_SE_1. |
ALBActiveStandbySeTag | Default: "ACTIVE_STANDBY_SE_1" |
| advertise_down_vs | Advertise down vs Keep advertising Virtual Service via BGP even if it is marked down by health monitor. This setting takes effect for future Virtual Service flaps. To advertise current VSes that are down, please disable and re-enable the Virtual Service. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| allow_invalid_client_cert | Allow invalid client cert Process request even if invalid client certificate is presented. Datascript APIs need to be used for processing of such requests. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| analytics_policy | Analytics policy Determines analytics settings for the application. |
ALBAnalyticsPolicy | |
| analytics_profile_path | Analytics profile path Specifies settings related to analytics. It is a reference to an object of type AnalyticsProfile. |
string | |
| apic_contract_graph | Apic contract graph The name of the Contract/Graph associated with the Virtual Service. Should be in the This is applicable only for Service Integration mode with Cisco APIC Controller. Allowed in Basic edition, Essentials edition, Enterprise edition. |
string | |
| application_profile_path | Application profile path Enable application layer specific features for the Virtual Service. It is a reference to an object of type ApplicationProfile. Special default for Essentials edition is System-L4-Application. |
string | |
| azure_availability_set | Azure availability set (internal-use)Applicable for Azure only. Azure Availability set to which this VS is associated. Internally set by the cloud connector. |
string | |
| bgp_peer_labels | Bgp peer labels Select BGP peers, using peer label, for VsVip advertisement. Maximum of 128 items allowed. |
array of string | |
| bulk_sync_kvcache | Bulk sync kvcache (This is a beta feature). Sync Key-Value cache to the new SEs when VS is scaled out. For ex SSL sessions are stored using VS's Key-Value cache. When the VS is scaled out, the SSL session information is synced to the new SE, allowing existing SSL sessions to be reused on the new SE. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| client_auth | Client auth HTTP authentication configuration for protected resources. |
ALBHTTPClientAuthenticationParams | |
| close_client_conn_on_config_update | Close client conn on config update close client connection on vs config update. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| cloud_config_cksum | Cloud config cksum Checksum of cloud configuration for VS. Internally set by cloud connector. |
string | |
| cloud_name | Cloud name It is a reference to an object of type Cloud. |
string | |
| cloud_type | Cloud type Enum options - CLOUD_NONE, CLOUD_VCENTER, CLOUD_OPENSTACK, CLOUD_AWS, CLOUD_VCA, CLOUD_APIC, CLOUD_MESOS, CLOUD_LINUXSERVER, CLOUD_DOCKER_UCP, CLOUD_RANCHER, CLOUD_OSHIFT_K8S, CLOUD_AZURE, CLOUD_GCP, CLOUD_NSXT. Allowed in Basic(Allowed values- CLOUD_NONE,CLOUD_NSXT) edition, Essentials(Allowed values- CLOUD_NONE,CLOUD_VCENTER) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as CLOUD_NONE. |
ALBCloudType | Default: "CLOUD_NONE" |
| connections_rate_limit | Connections rate limit Rate limit the incoming connections to this virtual service. |
ALBRateProfile | |
| content_rewrite | Content rewrite Profile used to match and rewrite strings in request and/or response body. |
ALBContentRewriteProfile | |
| created_by | Created by Creator name. |
string | |
| delay_fairness | Delay fairness Select the algorithm for QoS fairness. This determines how multiple Virtual Services sharing the same Service Engines will prioritize traffic over a congested network. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| dns_info | Dns info Service discovery specific data including fully qualified domain name, type and Time-To-Live of the DNS record. Note that only one of fqdn and dns_info setting is allowed. Maximum of 1000 items allowed. |
array of ALBDnsInfo | |
| dns_policies | Dns policies DNS Policies applied on the dns traffic of the Virtual Service. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBDnsPolicies | |
| east_west_placement | East west placement Force placement on all SE's in service group (Mesos mode only). Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| enable_autogw | Enable autogw Response traffic to clients will be sent back to the source MAC address of the connection, rather than statically sent to a default gateway. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Special default for Basic edition is false, Essentials edition is false, Enterprise is True. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| enable_rhi | Enable rhi Enable Route Health Injection using the BGP Config in the vrf context. |
boolean | |
| enable_rhi_snat | Enable rhi snat Enable Route Health Injection for Source NAT'ted floating IP Address using the BGP Config in the vrf context. |
boolean | |
| enabled | Enabled Enable or disable the Virtual Service. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| error_page_profile_path | Error page profile path Error Page Profile to be used for this virtualservice.This profile is used to send the custom error page to the client generated by the proxy. It is a reference to an object of type ErrorPageProfile. Allowed in Basic edition, Essentials edition, Enterprise edition. |
string | |
| flow_dist | Flow dist Criteria for flow distribution among SEs. Enum options - LOAD_AWARE, CONSISTENT_HASH_SOURCE_IP_ADDRESS, CONSISTENT_HASH_SOURCE_IP_ADDRESS_AND_PORT. Allowed in Basic(Allowed values- LOAD_AWARE) edition, Essentials(Allowed values- LOAD_AWARE) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as LOAD_AWARE. |
ALBSeFlowDist | Default: "LOAD_AWARE" |
| flow_label_type | Flow label type Criteria for flow labelling. Enum options - NO_LABEL, APPLICATION_LABEL, SERVICE_LABEL. Default value when not specified in API or module is interpreted by ALB Controller as NO_LABEL. |
ALBFlowLabelType | Default: "NO_LABEL" |
| fqdn | Fqdn DNS resolvable, fully qualified domain name of the virtualservice. Only one of 'fqdn' and 'dns_info' configuration is allowed. |
string | |
| group_paths | Group paths A list of NSX Groups representing the Clients which can access the Virtual IP of the Virtual Service. |
array of string | |
| host_name_xlate | Host name xlate Translate the host name sent to the servers to this value. Translate the host name sent from servers back to the value used by the client. |
string | |
| http_policies | Http policies HTTP Policies applied on the data traffic of the Virtual Service. |
array of ALBHTTPPolicies | |
| id | Unique identifier of this resource | string | Sortable |
| ign_pool_net_reach | Ign pool net reach Ignore Pool servers network reachability constraints for Virtual Service placement. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| l4_policies | L4 policies L4 Policies applied to the data traffic of the Virtual Service. |
array of ALBL4Policies | |
| limit_doser | Limit doser Limit potential DoS attackers who exceed max_cps_per_client significantly to a fraction of max_cps_per_client for a while. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| max_cps_per_client | Max cps per client Maximum connections per second per client IP. Allowed values are 10-1000. Special values are 0- 'unlimited'. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Minimum: 0 Maximum: 1000 Default: "0" |
| min_pools_up | Min pools up Minimum number of UP pools to mark VS up. |
integer | |
| network_profile_path | Network profile path Determines network settings such as protocol, TCP or UDP, and related options for the protocol. It is a reference to an object of type NetworkProfile. Special default for Essentials edition is System-TCP-Fast-Path. |
string | |
| network_security_policy_path | Network security policy path Network security policies for the Virtual Service. It is a reference to an object of type NetworkSecurityPolicy. |
string | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| performance_limits | Performance limits Optional settings that determine performance limits like max connections or bandwdith etc. |
ALBPerformanceLimits | |
| pool_group_path | Pool group path The pool group is an object that contains pools. It is a reference to an object of type PoolGroup. |
string | |
| pool_path | Pool path The pool is an object that contains destination servers and related attributes such as load-balancing and persistence. It is a reference to an object of type Pool. |
string | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| remove_listening_port_on_vs_down | Remove listening port on vs down Remove listening port if VirtualService is down. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| requests_rate_limit | Requests rate limit Rate limit the incoming requests to this virtual service. |
ALBRateProfile | |
| resource_type | Must be set to the value ALBVirtualService | string | |
| saml_sp_config | Saml sp config Application-specific SAML config. Allowed in Basic edition, Essentials edition, Enterprise edition. |
ALBSAMLSPConfig | |
| se_group_name | Se group name The Service Engine Group to use for this Virtual Service. Moving to a new SE Group is disruptive to existing connections for this VS. It is a reference to an object of type ServiceEngineGroup. |
string | |
| security_policy_path | Security policy path Security policy applied on the traffic of the Virtual Service. This policy is used to perform security actions such as Distributed Denial of Service (DDoS) attack mitigation, etc. It is a reference to an object of type SecurityPolicy. Allowed in Basic edition, Essentials edition, Enterprise edition. |
string | |
| server_network_profile_path | Server network profile path Determines the network settings profile for the server side of TCP proxied connections. Leave blank to use the same settings as the client to VS side of the connection. It is a reference to an object of type NetworkProfile. |
string | |
| service_metadata | Service metadata Metadata pertaining to the Service provided by this virtual service. In Openshift/Kubernetes environments, egress pod info is stored. Any user input to this field will be overwritten by Avi Vantage. |
string | |
| service_pool_select | Service pool select Select pool based on destination port. |
array of ALBServicePoolSelector | |
| services | Services List of Services defined for this Virtual Service. Maximum of 2048 items allowed. |
array of ALBService | |
| sideband_profile | Sideband profile Sideband configuration to be used for this virtualservice.It can be used for sending traffic to sideband VIPs for external inspection etc. |
ALBSidebandProfile | |
| snat_ip | Snat ip NAT'ted floating source IP Address(es) for upstream connection to servers. Maximum of 32 items allowed. |
array of ALBIpAddr | |
| sp_pool_paths | Sp pool paths GSLB pools used to manage site-persistence functionality. Each site-persistence pool contains the virtualservices in all the other sites, that is auto-generated by the GSLB manager. This is a read-only field for the user. It is a reference to an object of type Pool. |
array of string | |
| ssl_key_and_certificate_paths | Ssl key and certificate paths Select or create one or two certificates, EC and/or RSA, that will be presented to SSL/TLS terminated connections. It is a reference to an object of type SSLKeyAndCertificate. |
array of string | |
| ssl_profile_path | Ssl profile path Determines the set of SSL versions and ciphers to accept for SSL/TLS terminated connections. It is a reference to an object of type SSLProfile. |
string | |
| ssl_profile_selectors | Ssl profile selectors Select SSL Profile based on client IP address match. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBSSLProfileSelector | |
| ssl_sess_cache_avg_size | Ssl sess cache avg size Expected number of SSL session cache entries (may be exceeded). Allowed values are 1024-16383. Default value when not specified in API or module is interpreted by ALB Controller as 1024. |
integer | Minimum: 1024 Maximum: 16383 Default: "1024" |
| sso_policy_path | Sso policy path The SSO Policy attached to the virtualservice. It is a reference to an object of type SSOPolicy. Allowed in Basic edition, Essentials edition, Enterprise edition. |
string | |
| static_dns_records | Static dns records List of static DNS records applied to this Virtual Service. These are static entries and no health monitoring is performed against the IP addresses. Maximum of 1000 items allowed. |
array of ALBDnsRecord | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| topology_policies | Topology policies Topology Policies applied on the dns traffic of the Virtual Service based onGSLB Topology algorithm. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBDnsPolicies | |
| traffic_clone_profile_path | Traffic clone profile path Server network or list of servers for cloning traffic. It is a reference to an object of type TrafficCloneProfile. Allowed in Basic edition, Essentials edition, Enterprise edition. |
string | |
| traffic_enabled | Traffic enabled Knob to enable the Virtual Service traffic on its assigned service engines. This setting is effective only when the enabled flag is set to True. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| type | Type Specify if this is a normal Virtual Service, or if it is the parent or child of an SNI-enabled virtual hosted Virtual Service. Enum options - VS_TYPE_NORMAL, VS_TYPE_VH_PARENT, VS_TYPE_VH_CHILD. Allowed in Basic(Allowed values- VS_TYPE_NORMAL,VS_TYPE_VH_PARENT) edition, Essentials(Allowed values- VS_TYPE_NORMAL) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as VS_TYPE_NORMAL. |
ALBVirtualServiceType | Default: "VS_TYPE_NORMAL" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| use_bridge_ip_as_vip | Use bridge ip as vip Use Bridge IP as VIP on each Host in Mesos deployments. Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| use_vip_as_snat | Use vip as snat Use the Virtual IP as the SNAT IP for health monitoring and sending traffic to the backend servers instead of the Service Engine interface IP. The caveat of enabling this option is that the VirtualService cannot be configured in an Active-Active HA mode. DNS based Multi VIP solution has to be used for HA & Non-disruptive Upgrade purposes. Allowed in Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| vh_domain_name | Vh domain name The exact name requested from the client's SNI-enabled TLS hello domain name field. If this is a match, the parent VS will forward the connection to this child VS. |
array of string | |
| vh_parent_vs_uuid | Vh parent vs uuid Specifies the Virtual Service acting as Virtual Hosting (SNI) parent. |
string | |
| vip | Vip List of Virtual Service IPs. While creating a 'Shared VS',please use vsvip_ref to point to the shared entities. |
array of ALBVip | |
| vrf_context_name | Vrf context name Virtual Routing Context that the Virtual Service is bound to. This is used to provide the isolation of the set of networks the application is attached to. It is a reference to an object of type VrfContext. |
string | |
| vs_datascripts | Vs datascripts Datascripts applied on the data traffic of the Virtual Service. |
array of ALBVSDataScripts | |
| vsvip_path | Vsvip path Mostly used during the creation of Shared VS, this field refers to entities that can be shared across Virtual Services. It is a reference to an object of type VsVip. |
string | |
| waf_policy_path | Waf policy path WAF policy for the Virtual Service. It is a reference to an object of type WafPolicy. Allowed in Basic edition, Essentials edition, Enterprise edition. |
string | |
| weight | Weight The Quality of Service weight to assign to traffic transmitted from this Virtual Service. A higher weight will prioritize traffic versus other Virtual Services sharing the same Service Engines. Allowed values are 1-128. Allowed in Basic(Allowed values- 1) edition, Essentials(Allowed values- 1) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as 1. |
integer | Minimum: 1 Maximum: 128 Default: "1" |
ALBVirtualServiceApiResponse (schema)
VirtualServiceApiResponse
VirtualServiceApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of VirtualService Array of VirtualService |
array of ALBVirtualService | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALBVirtualServiceType (schema)
VirtualServiceType type
Valid ENUM values for ALBVirtualServiceType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBVirtualServiceType | VirtualServiceType type Valid ENUM values for ALBVirtualServiceType |
string | Enum: VS_TYPE_NORMAL, VS_TYPE_VH_PARENT, VS_TYPE_VH_CHILD |
ALBVsVip (schema)
VsVip
Advanced load balancer VsVip object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| bgp_peer_labels | Bgp peer labels Select BGP peers, using peer label, for VsVip advertisement. Maximum of 128 items allowed. |
array of string | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| cloud_name | Cloud name It is a reference to an object of type Cloud. |
string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| dns_info | Dns info Service discovery specific data including fully qualified domain name, type and Time-To-Live of the DNS record. Maximum of 1000 items allowed. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBDnsInfo | |
| east_west_placement | East west placement Force placement on all Service Engines in the Service Engine Group (Container clouds only). Allowed in Basic(Allowed values- false) edition, Essentials(Allowed values- false) edition, Enterprise edition. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBVsVip | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tier1_path | Tier1 path This sets the placement scope of virtualservice to given tier1 logical router in Nsx-t. |
string | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| use_standard_alb | Use standard alb This overrides the cloud level default and needs to match the SE Group value in which it will be used if the SE Group use_standard_alb value is set. This is only used when FIP is used for VS on Azure Cloud. Allowed in Basic edition, Essentials edition, Enterprise edition. |
boolean | |
| vip | Vip List of Virtual Service IPs and other shareable entities. |
array of ALBVip | |
| vrf_context_name | Vrf context name Virtual Routing Context that the Virtual Service is bound to. This is used to provide the isolation of the set of networks the application is attached to. It is a reference to an object of type VrfContext. |
string | |
| vsvip_cloud_config_cksum | Vsvip cloud config cksum Checksum of cloud configuration for VsVip. Internally set by cloud connector. |
string |
ALBVsVipApiResponse (schema)
VsVipApiResponse
VsVipApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of VsVip Array of VsVip |
array of ALBVsVip | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALBWafAction (schema)
WafAction type
Valid ENUM values for ALBWafAction
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBWafAction | WafAction type Valid ENUM values for ALBWafAction |
string | Enum: WAF_ACTION_NO_OP, WAF_ACTION_BLOCK, WAF_ACTION_ALLOW_PARAMETER |
ALBWafApplicationSignatures (schema)
WafApplicationSignatures
Advanced load balancer WafApplicationSignatures object
| Name | Description | Type | Notes |
|---|---|---|---|
| rule_overrides | Rule overrides Override attributes of application signature rules. |
array of ALBWafRuleOverrides | |
| ruleset_version | Ruleset version The version in use of the provided ruleset. |
string | |
| selected_applications | Selected applications List of applications for which we use the rules from the WafApplicationSignatureProvider. Maximum of 8 items allowed. |
array of string |
ALBWafCRS (schema)
WafCRS
Advanced load balancer WafCRS object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| groups | Groups WAF Rules are sorted in groups based on their characterization. Maximum of 64 items allowed. |
array of ALBWafRuleGroup | |
| id | Unique identifier of this resource | string | Sortable |
| integrity | Integrity Integrity protection value. |
string | Required |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| release_date | Release date The release date of this version in RFC 3339 / ISO 8601 format. |
string | Required |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBWafCRS | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| version | Version The version of this ruleset object. |
string | Required |
ALBWafCRSApiResponse (schema)
WafCRSApiResponse
WafCRSApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of WafCRS Array of WafCRS |
array of ALBWafCRS | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALBWafConfig (schema)
WafConfig
Advanced load balancer WafConfig object
| Name | Description | Type | Notes |
|---|---|---|---|
| allowed_http_versions | Allowed http versions WAF allowed HTTP Versions. Enum options - ZERO_NINE, ONE_ZERO, ONE_ONE, TWO_ZERO. Maximum of 8 items allowed. |
array of ALBHTTPVersion | |
| allowed_methods | Allowed methods WAF allowed HTTP methods. Enum options - HTTP_METHOD_GET, HTTP_METHOD_HEAD, HTTP_METHOD_PUT, HTTP_METHOD_DELETE, HTTP_METHOD_POST, HTTP_METHOD_OPTIONS, HTTP_METHOD_TRACE, HTTP_METHOD_CONNECT, HTTP_METHOD_PATCH, HTTP_METHOD_PROPFIND, HTTP_METHOD_PROPPATCH, HTTP_METHOD_MKCOL, HTTP_METHOD_COPY, HTTP_METHOD_MOVE, HTTP_METHOD_LOCK, HTTP_METHOD_UNLOCK. |
array of ALBHTTPMethod | |
| allowed_request_content_types | Allowed request content types WAF allowed Content Types. Maximum of 64 items allowed. |
array of string | |
| argument_separator | Argument separator Argument seperator. Default value when not specified in API or module is interpreted by ALB Controller as &. |
string | Default: "&" |
| client_request_max_body_size | Client request max body size Maximum size for the client request body scanned by WAF. Allowed values are 1-32768. Unit is KB. Default value when not specified in API or module is interpreted by ALB Controller as 32. |
integer | Minimum: 1 Maximum: 32768 Default: "32" |
| cookie_format_version | Cookie format version 0 For Netscape Cookies. 1 For version 1 cookies. Allowed values are 0-1. Default value when not specified in API or module is interpreted by ALB Controller as 0. |
integer | Minimum: 0 Maximum: 1 Default: "0" |
| ignore_incomplete_request_body_error | Ignore incomplete request body error Ignore request body parsing errors due to partial scanning. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| max_execution_time | Max execution time The maximum period of time WAF processing is allowed to take for a single request. A value of 0 (zero) means no limit and should not be chosen in production deployments. It is only used for exceptional situations where crashes of se_dp processes are acceptable. The behavior of the system if this time is exceeded depends on two other configuration settings, the WAF policy mode and the WAF failure mode. In WAF policy mode 'Detection', the request is allowed and flagged for both failure mode 'Closed' and 'Open'. In enforcement node, 'Closed' means the request is rejected, 'Open' means the request is allowed and flagged. Irrespective of these settings, no subsequent WAF rules of this or other phases will be executed once the maximum execution time has been exceeded. Allowed values are 0-5000. Unit is MILLISECONDS. Default value when not specified in API or module is interpreted by ALB Controller as 50. |
integer | Minimum: 0 Maximum: 5000 Default: "50" |
| regex_match_limit | Regex match limit Limit CPU utilization for each regular expression match when processing rules. Default value when not specified in API or module is interpreted by ALB Controller as 30000. |
integer | Default: "30000" |
| regex_recursion_limit | Regex recursion limit Limit depth of recursion for each regular expression match when processing rules. Default value when not specified in API or module is interpreted by ALB Controller as 10000. |
integer | Default: "10000" |
| request_body_default_action | Request body default action WAF default action for Request Body Phase. Default value when not specified in API or module is interpreted by ALB Controller as phase:2,deny,status:403,log,auditlog. |
string | Default: "phase:2,deny,status:403,log,auditlog" |
| request_hdr_default_action | Request hdr default action WAF default action for Request Header Phase. Default value when not specified in API or module is interpreted by ALB Controller as phase:1,deny,status:403,log,auditlog. |
string | Default: "phase:1,deny,status:403,log,auditlog" |
| response_body_default_action | Response body default action WAF default action for Response Body Phase. Default value when not specified in API or module is interpreted by ALB Controller as phase:4,deny,status:403,log,auditlog. |
string | Default: "phase:4,deny,status:403,log,auditlog" |
| response_hdr_default_action | Response hdr default action WAF default action for Response Header Phase. Default value when not specified in API or module is interpreted by ALB Controller as phase:3,deny,status:403,log,auditlog. |
string | Default: "phase:3,deny,status:403,log,auditlog" |
| restricted_extensions | Restricted extensions WAF Restricted File Extensions. Maximum of 256 items allowed. |
array of string | |
| restricted_headers | Restricted headers WAF Restricted HTTP Headers. Maximum of 64 items allowed. |
array of string | |
| server_response_max_body_size | Server response max body size Maximum size for response body scanned by WAF. Allowed values are 1-32768. Unit is KB. Default value when not specified in API or module is interpreted by ALB Controller as 128. |
integer | Minimum: 1 Maximum: 32768 Default: "128" |
| static_extensions | Static extensions WAF Static File Extensions. GET and HEAD requests with no query args and one of these extensions are allowed and not checked by the ruleset. Maximum of 64 items allowed. |
array of string | |
| status_code_for_rejected_requests | Status code for rejected requests HTTP status code used by WAF Positive Security Model when rejecting a request. Enum options - HTTP_RESPONSE_CODE_0, HTTP_RESPONSE_CODE_100, HTTP_RESPONSE_CODE_101, HTTP_RESPONSE_CODE_200, HTTP_RESPONSE_CODE_201, HTTP_RESPONSE_CODE_202, HTTP_RESPONSE_CODE_203, HTTP_RESPONSE_CODE_204, HTTP_RESPONSE_CODE_205, HTTP_RESPONSE_CODE_206, HTTP_RESPONSE_CODE_300, HTTP_RESPONSE_CODE_301, HTTP_RESPONSE_CODE_302, HTTP_RESPONSE_CODE_303, HTTP_RESPONSE_CODE_304, HTTP_RESPONSE_CODE_305, HTTP_RESPONSE_CODE_307, HTTP_RESPONSE_CODE_400, HTTP_RESPONSE_CODE_401, HTTP_RESPONSE_CODE_402... Default value when not specified in API or module is interpreted by ALB Controller as HTTP_RESPONSE_CODE_403. |
ALBHTTPResponseCodes | Default: "HTTP_RESPONSE_CODE_403" |
| xml_xxe_protection | Xml xxe protection Block or flag XML requests referring to External Entities. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
ALBWafDataFile (schema)
WafDataFile
Advanced load balancer WafDataFile object
| Name | Description | Type | Notes |
|---|---|---|---|
| data | Data Stringified WAF File Data. |
string | Required |
| name | Name WAF Data File Name. |
string | Required |
| type | Type WAF data file type. Enum options - WAF_DATAFILE_PM_FROM_FILE, WAF_DATAFILE_DTD, WAF_DATAFILE_XSD. Default value when not specified in API or module is interpreted by ALB Controller as WAF_DATAFILE_PM_FROM_FILE. |
ALBWafDataFileType | Default: "WAF_DATAFILE_PM_FROM_FILE" |
ALBWafDataFileType (schema)
WafDataFileType type
Valid ENUM values for ALBWafDataFileType
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBWafDataFileType | WafDataFileType type Valid ENUM values for ALBWafDataFileType |
string | Enum: WAF_DATAFILE_PM_FROM_FILE, WAF_DATAFILE_DTD, WAF_DATAFILE_XSD |
ALBWafExcludeListEntry (schema)
WafExcludeListEntry
Advanced load balancer WafExcludeListEntry object
| Name | Description | Type | Notes |
|---|---|---|---|
| client_subnet | Client subnet Client IP Subnet to exclude for WAF rules. |
ALBIpAddrPrefix | |
| description | Description Free-text comment about this exclusion. |
string | |
| match_element | Match element The match_element can be 'ARGS xxx', 'ARGS_GET xxx', 'ARGS_POST xxx', 'ARGS_NAMES xxx', 'FILES xxx', 'QUERY_STRING', 'REQUEST_BASENAME', 'REQUEST_BODY', 'REQUEST_URI', 'REQUEST_URI_RAW', 'REQUEST_COOKIES xxx', 'REQUEST_HEADERS xxx' or 'RESPONSE_HEADERS xxx'. These match_elements in the HTTP Transaction (if present) will be excluded when executing WAF Rules. |
string | |
| match_element_criteria | Match element criteria Criteria for match_element matching. |
ALBWafExclusionType | |
| uri_match_criteria | Uri match criteria Criteria for URI matching. |
ALBWafExclusionType | |
| uri_path | Uri path URI Path to exclude for WAF rules. |
string |
ALBWafExclusionType (schema)
WafExclusionType
Advanced load balancer WafExclusionType object
| Name | Description | Type | Notes |
|---|---|---|---|
| match_case | Match case Case sensitivity to use for the matching. Enum options - SENSITIVE, INSENSITIVE. Default value when not specified in API or module is interpreted by ALB Controller as SENSITIVE. |
ALBMatchCase | Default: "SENSITIVE" |
| match_op | Match op String Operation to use for matching the Exclusion. Enum options - BEGINS_WITH, DOES_NOT_BEGIN_WITH, CONTAINS, DOES_NOT_CONTAIN, ENDS_WITH, DOES_NOT_END_WITH, EQUALS, DOES_NOT_EQUAL, REGEX_MATCH, REGEX_DOES_NOT_MATCH. Default value when not specified in API or module is interpreted by ALB Controller as EQUALS. |
ALBStringOperation | Default: "EQUALS" |
ALBWafFailureMode (schema)
WafFailureMode type
Valid ENUM values for ALBWafFailureMode
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBWafFailureMode | WafFailureMode type Valid ENUM values for ALBWafFailureMode |
string | Enum: WAF_FAILURE_MODE_OPEN, WAF_FAILURE_MODE_CLOSED |
ALBWafMode (schema)
WafMode type
Valid ENUM values for ALBWafMode
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBWafMode | WafMode type Valid ENUM values for ALBWafMode |
string | Enum: WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT |
ALBWafPSMLocation (schema)
WafPSMLocation
Advanced load balancer WafPSMLocation object
| Name | Description | Type | Notes |
|---|---|---|---|
| description | Description Free-text comment about this location. |
string | |
| index | Index Location index, this is used to determine the order of the locations. |
integer | Required |
| match | Match Apply these rules only if the request is matching this description. |
ALBWafPSMLocationMatch | |
| name | Name User defined name for this location, it must be unique in the group. |
string | Required |
| rules | Rules A list of rules which should be applied on this location. Maximum of 1024 items allowed. |
array of ALBWafPSMRule |
ALBWafPSMLocationMatch (schema)
WafPSMLocationMatch
Advanced load balancer WafPSMLocationMatch object
| Name | Description | Type | Notes |
|---|---|---|---|
| host | Host Apply the rules only to requests that match the specified Host header. If this is not set, the host header will not be checked. |
ALBHostHdrMatch | |
| methods | Methods Apply the rules only to requests that have the specified methods. If this is not set, the method will not be checked. |
ALBMethodMatch | |
| path | Path Apply the rules only to requests that match the specified URI. If this is not set, the path will not be checked. |
ALBPathMatch |
ALBWafPSMMatchElement (schema)
WafPSMMatchElement
Advanced load balancer WafPSMMatchElement object
| Name | Description | Type | Notes |
|---|---|---|---|
| excluded | Excluded Mark this element excluded, like in '!ARGS password'. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| index | Index Match_element index. |
integer | Required |
| name | Name The variable specification. For example ARGS or REQUEST_COOKIES. This can be a scalar like PATH_INFO. Enum options - WAF_VARIABLE_ARGS, WAF_VARIABLE_ARGS_GET, WAF_VARIABLE_ARGS_POST, WAF_VARIABLE_ARGS_NAMES, WAF_VARIABLE_REQUEST_COOKIES, WAF_VARIABLE_QUERY_STRING, WAF_VARIABLE_REQUEST_BASENAME, WAF_VARIABLE_REQUEST_URI, WAF_VARIABLE_PATH_INFO. |
ALBWafVariable | Required |
| sub_element | Sub element The name of the request collection element. This can be empty, if we address the whole collection or a scalar element. |
string |
ALBWafPSMRule (schema)
WafPSMRule
Advanced load balancer WafPSMRule object
| Name | Description | Type | Notes |
|---|---|---|---|
| description | Description Free-text comment about this rule. |
string | |
| enable | Enable Enable or disable this rule. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| index | Index Rule index, this is used to determine the order of the rules. |
integer | Required |
| match_case | Match case The field match_value_pattern regular expression is case sensitive. Enum options - SENSITIVE, INSENSITIVE. Default value when not specified in API or module is interpreted by ALB Controller as INSENSITIVE. |
ALBMatchCase | Default: "INSENSITIVE" |
| match_elements | Match elements The match elements, for example ARGS id or ARGS|!ARGS password. Maximum of 64 items allowed. |
array of ALBWafPSMMatchElement | |
| match_value_max_length | Match value max length The maximum allowed length of the match_value. If this is not set, the length will not be checked. |
integer | |
| match_value_pattern | Match value pattern A regular expression which describes the expected value. |
string | |
| mode | Mode WAF Rule mode. This can be detection or enforcement. If this is not set, the Policy mode is used. This only takes effect if the policy allows delegation. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. |
ALBWafMode | |
| name | Name Name of the rule. |
string | Required |
| paranoia_level | Paranoia level WAF Ruleset paranoia mode. This is used to select Rules based on the paranoia-level. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Default value when not specified in API or module is interpreted by ALB Controller as WAF_PARANOIA_LEVEL_LOW. |
ALBWafParanoiaLevel | Default: "WAF_PARANOIA_LEVEL_LOW" |
| rule_id | Rule id Id field which is used for log and metric generation. This id must be unique for all rules in this group. |
string | Required |
ALBWafParanoiaLevel (schema)
WafParanoiaLevel type
Valid ENUM values for ALBWafParanoiaLevel
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBWafParanoiaLevel | WafParanoiaLevel type Valid ENUM values for ALBWafParanoiaLevel |
string | Enum: WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME |
ALBWafPhase (schema)
WafPhase type
Valid ENUM values for ALBWafPhase
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBWafPhase | WafPhase type Valid ENUM values for ALBWafPhase |
string | Enum: WAF_PHASE_CONNECTION, WAF_PHASE_REQUEST_HEADER, WAF_PHASE_REQUEST_BODY, WAF_PHASE_RESPONSE_HEADER, WAF_PHASE_RESPONSE_BODY, WAF_PHASE_LOGGING |
ALBWafPolicy (schema)
WafPolicy
Advanced load balancer WafPolicy object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| allow_mode_delegation | Allow mode delegation Allow Rules to overwrite the policy mode. This must be set if the policy mode is set to enforcement. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| application_signatures | Application signatures Application Specific Signatures. |
ALBWafApplicationSignatures | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| confidence_override | Confidence override Configure thresholds for confidence labels. |
ALBAppLearningConfidenceOverride | |
| created_by | Created by Creator name. |
string | |
| crs_overrides | Crs overrides Override attributes for CRS rules. |
array of ALBWafRuleGroupOverrides | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enable_app_learning | Enable app learning Enable Application Learning for this WAF policy. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| enable_auto_rule_updates | Enable auto rule updates Enable Application Learning based rule updates on the WAF Profile. Rules will be programmed in dedicated WAF learning group. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| failure_mode | Failure mode WAF Policy failure mode. This can be 'Open' or 'Closed'. Enum options - WAF_FAILURE_MODE_OPEN, WAF_FAILURE_MODE_CLOSED. Default value when not specified in API or module is interpreted by ALB Controller as WAF_FAILURE_MODE_OPEN. |
ALBWafFailureMode | Default: "WAF_FAILURE_MODE_OPEN" |
| id | Unique identifier of this resource | string | Sortable |
| learning_params | Learning params Parameters for tuning Application learning. |
ALBAppLearningParams | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| min_confidence | Min confidence Minimum confidence label required for auto rule updates. Enum options - CONFIDENCE_VERY_HIGH, CONFIDENCE_HIGH, CONFIDENCE_PROBABLE, CONFIDENCE_LOW, CONFIDENCE_NONE. Default value when not specified in API or module is interpreted by ALB Controller as CONFIDENCE_VERY_HIGH. |
ALBAppLearningConfidenceLabel | Default: "CONFIDENCE_VERY_HIGH" |
| mode | Mode WAF Policy mode. This can be detection or enforcement. It can be overwritten by rules if allow_mode_delegation is set. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. Default value when not specified in API or module is interpreted by ALB Controller as WAF_MODE_DETECTION_ONLY. |
ALBWafMode | Default: "WAF_MODE_DETECTION_ONLY" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| paranoia_level | Paranoia level WAF Ruleset paranoia mode. This is used to select Rules based on the paranoia-level tag. Enum options - WAF_PARANOIA_LEVEL_LOW, WAF_PARANOIA_LEVEL_MEDIUM, WAF_PARANOIA_LEVEL_HIGH, WAF_PARANOIA_LEVEL_EXTREME. Default value when not specified in API or module is interpreted by ALB Controller as WAF_PARANOIA_LEVEL_LOW. |
ALBWafParanoiaLevel | Default: "WAF_PARANOIA_LEVEL_LOW" |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| positive_security_model | Positive security model The Positive Security Model. This is used to describe how the request or parts of the request should look like. It is executed in the Request Body Phase of Avi WAF. |
ALBWafPositiveSecurityModel | |
| post_crs_groups | Post crs groups WAF Rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced after the CRS groups. |
array of ALBWafRuleGroup | |
| pre_crs_groups | Pre crs groups WAF Rules are categorized in to groups based on their characterization. These groups are created by the user and will be enforced before the CRS groups. |
array of ALBWafRuleGroup | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBWafPolicy | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| waf_crs_path | Waf crs path WAF core ruleset used for the CRS part of this Policy. It is a reference to an object of type WafCRS. |
string | |
| waf_profile_path | Waf profile path WAF Profile for WAF policy. It is a reference to an object of type WafProfile. |
string | Required |
ALBWafPolicyApiResponse (schema)
WafPolicyApiResponse
WafPolicyApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of WafPolicy Array of WafPolicy |
array of ALBWafPolicy | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALBWafPolicyPSMGroup (schema)
WafPolicyPSMGroup
Advanced load balancer WafPolicyPSMGroup object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enable | Enable Enable or disable this WAF rule group. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| hit_action | Hit action If a rule in this group matches the match_value pattern, this action will be executed. Allowed actions are WAF_ACTION_NO_OP and WAF_ACTION_ALLOW_PARAMETER. Default value when not specified in API or module is interpreted by ALB Controller as WAF_ACTION_ALLOW_PARAMETER. |
ALBWafAction | Default: "WAF_ACTION_ALLOW_PARAMETER" |
| id | Unique identifier of this resource | string | Sortable |
| is_learning_group | Is learning group This field indicates that this group is used for learning. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| locations | Locations Positive Security Model locations. These are used to partition the application name space. Maximum of 16384 items allowed. |
array of ALBWafPSMLocation | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| miss_action | Miss action If a rule in this group does not match the match_value pattern, this action will be executed. Allowed actions are WAF_ACTION_NO_OP and WAF_ACTION_BLOCK. Default value when not specified in API or module is interpreted by ALB Controller as WAF_ACTION_NO_OP. |
ALBWafAction | Default: "WAF_ACTION_NO_OP" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBWafPolicyPSMGroup | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ALBWafPolicyPSMGroupApiResponse (schema)
WafPolicyPSMGroupApiResponse
WafPolicyPSMGroupApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of WafPolicyPSMGroup Array of WafPolicyPSMGroup |
array of ALBWafPolicyPSMGroup | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALBWafPositiveSecurityModel (schema)
WafPositiveSecurityModel
Advanced load balancer WafPositiveSecurityModel object
| Name | Description | Type | Notes |
|---|---|---|---|
| group_paths | Group paths These groups should be used to separate different levels of concern. The order of the groups matters, one group may mark parts of the request as valid, so that subsequent groups will not check these parts. It is a reference to an object of type WafPolicyPSMGroup. Maximum of 64 items allowed. |
array of string |
ALBWafProfile (schema)
WafProfile
Advanced load balancer WafProfile object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| config | Config Config params for WAF. |
ALBWafConfig | Required |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| files | Files List of Data Files Used for WAF Rules. Maximum of 64 items allowed. |
array of ALBWafDataFile | |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBWafProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ALBWafProfileApiResponse (schema)
WafProfileApiResponse
WafProfileApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of WafProfile Array of WafProfile |
array of ALBWafProfile | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALBWafRule (schema)
WafRule
Advanced load balancer WafRule object
| Name | Description | Type | Notes |
|---|---|---|---|
| avi_tags | Avi tags Tags for WAF rule as per Modsec language. They are extracted from the tag actions in a Modsec rule. This field is generated from the rule itself and cannot be set by the user. Maximum of 64 items allowed. |
array of string | |
| enable | Enable Enable or disable WAF Rule Group. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| exclude_list | Exclude list Exclude list for the WAF rule. The fields in the exclude list entry are logically and'ed to deduce the exclusion criteria. If there are multiple excludelist entries, it will be 'logical or' of them. Maximum of 64 items allowed. |
array of ALBWafExcludeListEntry | |
| index | Index Number of index. |
integer | Required |
| is_sensitive | Is sensitive The rule field is sensitive and will not be displayed. Default value when not specified in API or module is interpreted by ALB Controller as false. |
boolean | Default: "False" |
| mode | Mode WAF Rule mode. This can be detection or enforcement. If this is not set, the Policy mode is used. This only takes effect if the policy allows delegation. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. |
ALBWafMode | |
| name | Name User-friendly optional name for a rule. |
string | |
| phase | Phase The execution phase where this rule will be executed. Enum options - WAF_PHASE_CONNECTION, WAF_PHASE_REQUEST_HEADER, WAF_PHASE_REQUEST_BODY, WAF_PHASE_RESPONSE_HEADER, WAF_PHASE_RESPONSE_BODY, WAF_PHASE_LOGGING. |
ALBWafPhase | |
| rule | Rule Rule as per Modsec language. |
string | Required |
| rule_id | Rule id Identifier (id) for a rule per Modsec language. All SecRule and SecAction directives require an id. It is extracted from the id action in a Modsec rule. Rules within a single WAF Policy are required to have unique rule_ids. |
string |
ALBWafRuleGroup (schema)
WafRuleGroup
Advanced load balancer WafRuleGroup object
| Name | Description | Type | Notes |
|---|---|---|---|
| enable | Enable Enable or disable WAF Rule Group. Default value when not specified in API or module is interpreted by ALB Controller as true. |
boolean | Default: "True" |
| exclude_list | Exclude list Exclude list for the WAF rule group. The fields in the exclude list entry are logically and'ed to deduce the exclusion criteria. If there are multiple excludelist entries, it will be 'logical or' of them. Maximum of 64 items allowed. |
array of ALBWafExcludeListEntry | |
| index | Index Number of index. |
integer | Required |
| name | Name Name of the object. |
string | Required |
| rules | Rules Rules as per Modsec language. Maximum of 1024 items allowed. |
array of ALBWafRule |
ALBWafRuleGroupOverrides (schema)
WafRuleGroupOverrides
Advanced load balancer WafRuleGroupOverrides object
| Name | Description | Type | Notes |
|---|---|---|---|
| enable | Enable Override the enable flag for this group. |
boolean | |
| exclude_list | Exclude list Replace the exclude list for this group. Maximum of 64 items allowed. |
array of ALBWafExcludeListEntry | |
| mode | Mode Override the waf mode for this group. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. |
ALBWafMode | |
| name | Name The name of the group where attributes or rules are overridden. |
string | Required |
| rule_overrides | Rule overrides Rule specific overrides. Maximum of 1024 items allowed. |
array of ALBWafRuleOverrides |
ALBWafRuleOverrides (schema)
WafRuleOverrides
Advanced load balancer WafRuleOverrides object
| Name | Description | Type | Notes |
|---|---|---|---|
| enable | Enable Override the enable flag for this rule. |
boolean | |
| exclude_list | Exclude list Replace the exclude list for this rule. Maximum of 64 items allowed. |
array of ALBWafExcludeListEntry | |
| mode | Mode Override the waf mode for this rule. Enum options - WAF_MODE_DETECTION_ONLY, WAF_MODE_ENFORCEMENT. |
ALBWafMode | |
| rule_id | Rule id The rule_id of the rule where attributes are overridden. |
string | Required |
ALBWafVariable (schema)
WafVariable type
Valid ENUM values for ALBWafVariable
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBWafVariable | WafVariable type Valid ENUM values for ALBWafVariable |
string | Enum: WAF_VARIABLE_ARGS, WAF_VARIABLE_ARGS_GET, WAF_VARIABLE_ARGS_POST, WAF_VARIABLE_ARGS_NAMES, WAF_VARIABLE_REQUEST_COOKIES, WAF_VARIABLE_QUERY_STRING, WAF_VARIABLE_REQUEST_BASENAME, WAF_VARIABLE_REQUEST_URI, WAF_VARIABLE_PATH_INFO |
ALBWebhook (schema)
Webhook
Advanced load balancer Webhook object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| callback_url | Callback url Callback URL for the Webhook. |
string | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| markers | Markers List of labels to be used for granular RBAC. Allowed in Basic edition, Essentials edition, Enterprise edition. |
array of ALBRoleFilterMatchLabel | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALBWebhook | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| verification_token | Verification token Verification token sent back with the callback asquery parameters. |
string |
ALBWebhookApiResponse (schema)
WebhookApiResponse
WebhookApiResponse
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| count | count count |
int | Default: "None" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Array of Webhook Array of Webhook |
array of ALBWebhook | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ALGTypeServiceEntry (schema)
An ServiceEntry that represents an ALG protocol
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| alg | The Application Layer Gateway (ALG) protocol The Application Layer Gateway (ALG) protocol. Please note, protocol NBNS_BROADCAST and NBDG_BROADCAST are deprecated. Please use UDP protocol and create L4 Port Set type of service instead. |
string | Required Enum: ORACLE_TNS, FTP, SUN_RPC_TCP, SUN_RPC_UDP, MS_RPC_TCP, MS_RPC_UDP, NBNS_BROADCAST, NBDG_BROADCAST, TFTP |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| destination_ports | The destination_port cannot be empty and must be a single value. | array of PortElement | Required Minimum items: 1 Maximum items: 1 |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ALGTypeServiceEntry | string | Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry |
| source_ports | array of PortElement | Maximum items: 15 | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
AbstractSpace (schema)
The space in which policy is being defined
Represents the space in which the policy is being defined.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| connectivity_strategy | Connectivity strategy used by this tenant The connectivity strategy is deprecated. Use default layer3 rule, /infra/domains/default/security-policies/default-layer3-security-policy/rules/default-layer3-rule. This field indicates the default connectivity policy for the infra or tenant space WHITELIST - Adds a default drop rule. Administrator can then use "allow" rules (aka whitelist) to allow traffic between groups BLACKLIST - Adds a default allow rule. Admin can then use "drop" rules (aka blacklist) to block traffic between groups WHITELIST_ENABLE_LOGGING - Whitelising with logging enabled BLACKLIST_ENABLE_LOGGING - Blacklisting with logging enabled NONE - No default rules are added. |
string | Deprecated Enum: WHITELIST, BLACKLIST, WHITELIST_ENABLE_LOGGING, BLACKLIST_ENABLE_LOGGING, NONE |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value AbstractSpace | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
AcceptableComponentVersion (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| acceptable_versions | List of component versions | array of string | Required |
| component_type | Node type | string | Required Enum: HOST, EDGE, CCP, MP |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| resource_type | Must be set to the value AcceptableComponentVersion | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
AcceptableComponentVersionList (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| results | Acceptable version whitelist for different components | array of AcceptableComponentVersion | Required |
Action (schema)
Reaction Action
Reaction Action is the action to take when the stipulated criteria specified
in the event exist over the source. Some example actions include:
- Notify Admin (or VMC's SRE) via email.
- Populate a specific label with the IPSec VPN Session.
- Remove the IPSec VPN Session from a specific label.
This is an abstract type. Concrete child types:
PatchResources
SetFields
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_type | Resource Type Reaction Action resource type. |
string | Required Enum: PatchResources, SetFields |
ActionRequest (schema)
Action request object
| Name | Description | Type | Notes |
|---|---|---|---|
| action | Action to be performed Action required to be performed on intent |
string |
ActionableResource (schema)
Resources managed during restore process
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ip_address | A resource reference on which actions can be performed | string | Format: hostname-or-ip |
| ipv6_address | ipv6 address IPv6 address of the current node |
string | Format: hostname-or-ip |
| resource_type | Must be set to the value ActionableResource | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ActionableResourceListRequestParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| instruction_id | Id of the instruction set whose instructions are to be returned | string | Required |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
ActionableResourceListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | List results | array of ActionableResource | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ActiveDirectoryIdentitySource (schema)
An Active Directory identity source service
An identity source service that runs Microsoft Active Directory. The service allows selected user accounts defined in Active Directory to log into and access NSX-T.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| alternative_domain_names | Additional domains to be directed to this identity source After parsing the "user@domain", the domain portion is used to select the LDAP identity source to use. Additional domains listed here will also be directed to this LDAP identity source. In Active Directory these are sometimes referred to as Alternative UPN Suffixes. |
array of string | |
| base_dn | DN of subtree for user and group searches The subtree of the LDAP identity source to search when locating users and groups. |
string | Required |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| domain_name | Authentication domain name The name of the authentication domain. When users log into NSX using an identity of the form "user@domain", NSX uses the domain portion to determine which LDAP identity source to use. |
string | Required |
| id | Unique identifier of this resource | string | Sortable |
| ldap_servers | LDAP servers for this identity source The list of LDAP servers that provide LDAP service for this identity source. Currently, only one LDAP server is supported. |
array of IdentitySourceLdapServer | Maximum items: 3 |
| resource_type | Must be set to the value ActiveDirectoryIdentitySource | string | Required Enum: ActiveDirectoryIdentitySource, OpenLdapIdentitySource |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ActiveStandbySyncStatus (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| description | Description of the status. | string | Required |
| full_sync_status | Status of full sync. | FullSyncStatus | Required |
| is_data_consistent | Indicates whether the data is consistent. Always returned as true when queried on an active Global Manager node. | boolean | Required |
| percentage_completed | Percentage estimate of synchronization progress. Ranges from 0 to 100. This value is only returned when queried on an active Global Manager node. | integer | |
| remaining_entries_to_send | Number of entries pending synchronization. This value is only returned when queried on an active Global Manager node. | integer | |
| standby_site | Name of standby site. | string | Required |
| status | Status of synchronization between active and standby Global Manager nodes. | string | Required Enum: UNAVAILABLE, ERROR, ONGOING, NOT_STARTED |
| sync_type | Type of synchronization currently in effect between active and standby Global Manager nodes. | string | Required Enum: UNAVAILABLE, DELTA_SYNC, FULL_SYNC |
AddClusterNodeVMInfo (schema)
Info for AddClusterNodeVM
Contains a list of cluster node VM deployment requests and optionally
a clustering configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| clustering_config | Configuration for auto-clustering of VMs post-deployment This property is deprecated since ClusteringConfig is no longer needed for auto-installation and will be ignored if provided. |
ClusteringConfig | Deprecated |
| deployment_requests | List of deployment requests Cluster node VM deployment requests to be deployed by the Manager. |
array of ClusterNodeVMDeploymentRequest | Required Minimum items: 1 |
AddressBindingEntry (schema) (Deprecated)
Combination of IP-MAC-VLAN binding
An address binding entry is a combination of the IP-MAC-VLAN binding for
a logical port. The address bindings can be obtained via various methods
like ARP snooping, DHCP snooping etc. or by user configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| binding | Combination of IP-MAC-VLAN binding | PacketAddressClassifier | |
| binding_timestamp | Timestamp of binding Timestamp at which the binding was discovered via snooping or manually specified by the user |
EpochMsTimestamp | |
| source | Address binding source Source from which the address binding entry was obtained |
AddressBindingSource | Default: "UNKNOWN" |
AddressBindingSource (schema) (Deprecated)
Source from which the address binding is obtained
| Name | Description | Type | Notes |
|---|---|---|---|
| AddressBindingSource | Source from which the address binding is obtained | string | Deprecated Enum: INVALID, UNKNOWN, USER_DEFINED, ARP_SNOOPING, DHCP_SNOOPING, VM_TOOLS, ND_SNOOPING, DHCPV6_SNOOPING, VM_TOOLS_V6 |
AdvanceClusterRestoreInput (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| id | Unique id of an instruction (as returned by the GET /restore/status call) for which input is to be provided | string | Required Readonly |
| resources | List of resources for which the instruction is applicable. | array of SelectableResourceReference | Required |
AdvanceClusterRestoreRequest (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| data | List of instructions and their associated data | array of AdvanceClusterRestoreInput | Required |
AdvertisedNetworkCsvRecord (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| network | Advertised Network Advertised network address. |
string | Required Readonly |
| rule_filter_type | Advertised rule filter type Advertised rule filter type |
string | Readonly |
| status | Advertisement status of network advertisement status of network to connected gateway SUCCESS - network route successfully plumbed on target gateway DENIED_BY_TARGET_GATEWAY - network denied by target gateway because of in filter rules or missing inter vrf config |
string | Readonly |
AdvertisedNetworksListRequestParameters (schema)
Advertised networks list parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| enforcement_point_path | Enforcement point path String Path of the enforcement point. |
string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
AggregateDNSForwarderStatistics (schema)
Aggregate of DNS forwarder statistics
Aggregate of DNS forwarder statistics across enforcement points.
| Name | Description | Type | Notes |
|---|---|---|---|
| intent_path | String path of the DNS forwarder intent String path of the DNS forwarder intent. |
string | Required |
| statistics_per_enforcement_point | List of DNS forwarder statistics per enforcement point List of DNS forwarder statistics per enforcement point. |
array of DNSForwarderStatisticsPerEnforcementPoint (Abstract type: pass one of the following concrete types) NsxTDNSForwarderStatistics |
Readonly |
AggregateDNSForwarderStatus (schema)
Aggregate of DNS forwarder status
Aggregate of DNS forwarder status across enforcement points.
| Name | Description | Type | Notes |
|---|---|---|---|
| intent_path | String path of the DNS forwarder intent String path of the DNS forwarder intent. |
string | Required |
| status_per_enforcement_point | List of DNS forwarder status per enforcement point List of DNS forwarder status per enforcement point. |
array of DNSForwarderStatusPerEnforcementPoint (Abstract type: pass one of the following concrete types) NsxTDNSForwarderStatus |
Readonly |
AggregatePolicyDnsAnswer (schema)
Aggregate of DNS forwarder nslookup answer
Aggregate of DNS forwarder nslookup answer across enforcement points.
| Name | Description | Type | Notes |
|---|---|---|---|
| dns_answer_per_enforcement_point | List of DNS forwarder nslookup answer per enforcement point List of DNS forwarder nslookup answer per enforcement point. |
array of PolicyDnsAnswerPerEnforcementPoint | Readonly |
| intent_path | String path of the DNS forwarder intent String path of the DNS forwarder intent. |
string | Required |
AggregatePolicyRuntimeInfo (schema)
Aggregate of PolicyRuntimeInfoPerEP
Aggregate of PolicyRuntimeInfoPerEP across Enforcement Points.
| Name | Description | Type | Notes |
|---|---|---|---|
| intent_path | String Path of the intent object Intent path of object, forward slashes must be escaped using %2F. |
string | Required Readonly |
AggregatedDataCounter (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| rx_bytes | DataCounter | Readonly | |
| rx_packets | DataCounter | Readonly | |
| tx_bytes | DataCounter | Readonly | |
| tx_packets | DataCounter | Readonly |
AggregatedDataCounterEx (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| dropped_by_security_packets | PacketsDroppedBySecurity | Readonly | |
| mac_learning | MacLearningCounters | Readonly | |
| rx_bytes | DataCounter | Readonly | |
| rx_packets | DataCounter | Readonly | |
| tx_bytes | DataCounter | Readonly | |
| tx_packets | DataCounter | Readonly |
AggregatedLogicalRouterPortCounters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| last_update_timestamp | Timestamp when the data was last updated; unset if data source has never updated the data. | EpochMsTimestamp | Readonly |
| rx | LogicalRouterPortCounters | Readonly | |
| tx | LogicalRouterPortCounters | Readonly |
AntreaContainerClusterNode (schema)
Antrea container cluster and its nodes requiring a support bundle
| Name | Description | Type | Notes |
|---|---|---|---|
| cluster_id | The UUID of the container cluster | string | Required |
| nodes | List of at most 200 container node UUIDs requiring a support bundle | array of string | Minimum items: 1 |
AntreaSupportBundleContainerNode (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| clusters | List of AntreaContainerClusterNodes identifying container clusters and their nodes | array of AntreaContainerClusterNode | Minimum items: 1 |
| container_type | Must be set to the value AntreaSupportBundleContainerNode | string | Required Enum: ANTREA |
AntreaTraceflowConfig (schema)
Antrea traceflow configuration
The configuration for Antrea traceflow.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| container_cluster_id | Container cluster ID Container cluster ID in inventory. This property is used to identify multiple clusters under single NSX-T. |
string | Required |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| destination_external_id | Destination external id Destination external id for Antrea traceflow. Must be ContainerApplicationInstance or ContainerApplication. Ignored if destination_ip provided in packet data. |
string | |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| is_transient | Marker to indicate if intent is transient This field indicates if intent is transient and will be cleaned up by the system if set to true. |
boolean | Default: "True" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| packet | Packet configuration Configuration of packet data. |
AntreaTraceflowPacketData | |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value AntreaTraceflowConfig | string | |
| source_external_id | Source external id Source external id for Antrea traceflow. Must be ContainerApplicationInstance external_id. |
string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
AntreaTraceflowIcmpEchoRequestHeader (schema)
IcmpEchoHeader for Antrea traceflow
IcmpEchoRequest header stuffs for Antrea traceflow.
| Name | Description | Type | Notes |
|---|---|---|---|
| id | IcmpEchoRequest id Id of IcmpEchoRequest. |
integer | |
| sequence | Icmp sequence Sequence number of IcmpEchoRequest. |
integer |
AntreaTraceflowIpHeader (schema)
IpHeader for Antrea traceflow
Ip header stuffs for Antrea traceflow.
| Name | Description | Type | Notes |
|---|---|---|---|
| dstIp | Destination ip Destination ip address in IpHeader. |
string | |
| flags | Flags Protocol setting in IpHeader. |
integer | |
| protocol | Protocol Protocol setting in IpHeader. |
integer | |
| srcIp | Source ip Source ip address in IpHeader. |
string | |
| ttl | Time to live TTL value in IpHeader. Default is 64. |
integer |
AntreaTraceflowIpv6Header (schema)
Ipv6Header for Antrea traceflow
Ipv6 header stuffs for Antrea traceflow.
| Name | Description | Type | Notes |
|---|---|---|---|
| dstIp | Destination ip Destination ip address in Ipv6Header. |
string | |
| hopLimit | Hop limit Hop limit setting in Ipv6Header. |
integer | |
| nextHeader | Next header Next header setting in Ipv6Header. |
integer | |
| srcIp | Source ip Source ip address in Ipv6Header. |
string |
AntreaTraceflowPacketData (schema)
Packet data for Antrea traceflow
Packet data stuffs for Antrea traceflow.
| Name | Description | Type | Notes |
|---|---|---|---|
| frameSize | Packet frame size This property is used to set packet data size. |
integer | |
| ipHeader | Ipv4 header configuration This property is used to set ipv4 header data. |
AntreaTraceflowIpHeader | |
| ipv6Header | Ipv6 header configuration This property is used to set ipv6 header data. |
AntreaTraceflowIpv6Header | |
| payload | Packet payload This property is used to set payload data. |
string | |
| resourceType | Packet resource type This property is used to set resource type. |
string | Enum: FIELDS_PACKET_DATA, BINARY_PACKET_DATA |
| transportHeader | Transport header configuration This property is used to set transport header data. |
AntreaTraceflowTransportHeader | |
| transportType | Transport type This property is used to set transport type. |
string | Enum: UNICAST, MULTICAST, BROADCAST, UNKNOWN |
AntreaTraceflowTcpHeader (schema)
TcpHeader for Antrea traceflow
Tcp header stuffs for Antrea traceflow.
| Name | Description | Type | Notes |
|---|---|---|---|
| dstPort | Destination port Destination port number in TcpHeader. |
integer | |
| srcPort | Source port Source port number in TcpHeader. |
integer | |
| tcpFlags | Tcp flags Tcp flags in TcpHeader. SYN flag must be set for traceflow. |
integer |
AntreaTraceflowTransportHeader (schema)
TransportHeader for Antrea traceflow
Transport header stuffs for Antrea traceflow.
| Name | Description | Type | Notes |
|---|---|---|---|
| icmpEchoRequestHeader | IcmpEchoRequestHeader for Antrea traceflow IcmpEchoRequest header stuffs for Antrea traceflow. |
AntreaTraceflowIcmpEchoRequestHeader | |
| tcpHeader | TcpHeader for Antrea traceflow Tcp header stuffs for Antrea traceflow. |
AntreaTraceflowTcpHeader | |
| udpHeader | UdpHeader for Antrea traceflow Udp header stuffs for Antrea traceflow. |
AntreaTraceflowUdpHeader |
AntreaTraceflowUdpHeader (schema)
UdpHeader for Antrea traceflow
Udp header stuffs for Antrea traceflow.
| Name | Description | Type | Notes |
|---|---|---|---|
| dstPort | Destination port Destination port number in UdpHeader. |
integer | |
| srcPort | Source port Source port number in UdpHeader. |
integer |
AphInfo (schema)
Apliance proxy hub information
APH information.
| Name | Description | Type | Notes |
|---|---|---|---|
| address | IP address of APH service | string | Required |
| certificate | PEM Certificate of APH service | string | Required |
| fqdn | FQDN, only returned by GET /sites and GET /sites/self | string | |
| node_id | Node ID of the APH service | string | Required |
| port | Port of APH service | integer | Required |
| use_fqdn | whether or not fqdn flag is on | boolean | |
| uuid | ID of the APH service | string | Required |
ApiError (schema)
Detailed information about an API Error
| Name | Description | Type | Notes |
|---|---|---|---|
| details | Further details about the error | string | |
| error_code | A numeric error code | integer | |
| error_data | Additional data about the error | object | |
| error_message | A description of the error | string | |
| module_name | The module name where the error occurred | string | |
| related_errors | Other errors related to this error | array of RelatedApiError |
ApiRequestBody (schema)
API Request Body
API Request Body is an Event Source that represents an API request body that
is being reveived as part of an API. Supported Request Bodies are those received
as part of a PATCH/PUT/POST request.
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_pointer | Resource Pointer Regex path representing a regex expression on resources. This regex is used to identify the request body(ies) that is/are the source of the Event. For instance: specifying "Lb* | /infra/tier-0s/vmc/ipsec-vpn-services/default" as a source means that ANY resource starting with Lb or ANY resource with "/infra/tier-0s/vmc/ipsec-vpn-services/default" as path would be the source of the event in question. |
string | Required |
| resource_type | Must be set to the value ApiRequestBody | string | Required Enum: ResourceOperation, ApiRequestBody |
ApiServiceConfig (schema)
Configuration of the API service
Properties that affect the configuration of the NSX API service.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| basic_authentication_enabled | Enable or disable basic authentication Identifies whether basic authentication is enabled or disabled in API calls. |
boolean | Default: "True" |
| cipher_suites | Cipher suites used to secure contents of connection The TLS cipher suites that the API service will negotiate. |
array of CipherSuite | Minimum items: 1 |
| client_api_concurrency_limit | Client API rate limit in calls The maximum number of concurrent API requests that will be serviced for a given authenticated client. If the number of API requests being processed exceeds this limit, new API requests will be refused and a 503 Service Unavailable response will be returned to the client. To disable API concurrency limiting, set this value to 0. |
integer | Minimum: 0 Default: "40" |
| client_api_rate_limit | Client API rate limit in calls per second The maximum number of API requests that will be serviced per second for a given authenticated client. If more API requests are received than can be serviced, a 429 Too Many Requests HTTP response will be returned. To disable API rate limiting, set this value to 0. |
integer | Minimum: 0 Default: "100" |
| connection_timeout | NSX connection timeout NSX connection timeout, in seconds. To disable timeout, set to 0. |
integer | Minimum: 0 Maximum: 2147483647 Default: "30" |
| cookie_based_authentication_enabled | Enable or disable cookie-based authentication Identifies whether cookie-based authentication is enabled or disabled in API calls. When cookie-based authentication is disabled, new sessions cannot be created via /api/session/create. |
boolean | Default: "True" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| global_api_concurrency_limit | Global API rate limit in calls The maximum number of concurrent API requests that will be serviced. If the number of API requests being processed exceeds this limit, new API requests will be refused and a 503 Service Unavailable response will be returned to the client. To disable API concurrency limiting, set this value to 0. |
integer | Minimum: 0 Default: "199" |
| id | Unique identifier of this resource | string | Sortable |
| lockout_immune_addresses | IP addresses which are not subject to lockout on failed login attempts The list of IP addresses which are not subjected to a lockout on failed login attempts. |
array of IPAddress | |
| protocol_versions | TLS protocol versions The TLS protocol versions that the API service will negotiate. |
array of ProtocolVersion | Minimum items: 1 |
| redirect_host | Hostname/IP to use in redirect headers Host name or IP address to use for redirect location headers, or empty string to derive from current request. To disable, set redirect_host to the empty string (""). |
HostnameOrIPv4AddressOrEmptyString | Default: "" |
| resource_type | Must be set to the value ApiServiceConfig | string | |
| session_timeout | NSX session inactivity timeout | integer | Minimum: 0 Maximum: 2147483647 Default: "1800" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ApplianceManagementSuppressRedirectQueryParameter (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| suppress_redirect | Suppress redirect status if applicable Do not return a redirect HTTP status. |
boolean | Default: "False" |
ApplianceManagementTaskListResult (schema)
Appliance management task query results
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Task property results | array of ApplianceManagementTaskProperties | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ApplianceManagementTaskProperties (schema)
Appliance management task properties
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| async_response_available | True if response for asynchronous request is available | boolean | Readonly |
| cancelable | True if this task can be canceled | boolean | Readonly |
| description | Description of the task | string | Readonly |
| details | Details about the task if known | object | Readonly |
| end_time | The end time of the task in epoch milliseconds | EpochMsTimestamp | Readonly |
| id | Identifier for this task | string | Readonly Pattern: "^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}_[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$" |
| message | A message describing the disposition of the task | string | Readonly |
| progress | Task progress if known, from 0 to 100 | integer | Readonly Minimum: 0 Maximum: 100 |
| request_method | HTTP request method | string | Readonly |
| request_uri | URI of the method invocation that spawned this task | string | Readonly |
| start_time | The start time of the task in epoch milliseconds | EpochMsTimestamp | Readonly |
| status | Current status of the task | ApplianceManagementTaskStatus | Readonly |
| user | Name of the user who created this task | string | Readonly |
ApplianceManagementTaskQueryParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| fields | Fields to include in query results Comma-separated field names to include in query result |
string | |
| request_method | Request method(s) to include in query result Comma-separated request methods to include in query result |
string | Pattern: "^(=|!=|~|!~)?.+$" |
| request_path | Request URI path(s) to include in query result Comma-separated request paths to include in query result |
string | Pattern: "^(=|!=|~|!~)?.+$" |
| request_uri | Request URI(s) to include in query result Comma-separated request URIs to include in query result |
string | Pattern: "^(=|!=|~|!~)?.+$" |
| status | Status(es) to include in query result Comma-separated status values to include in query result |
string | Pattern: "^(=|!=|~|!~)?.+$" |
| user | Names of users to include in query result Comma-separated user names to include in query result |
string | Pattern: "^(=|!=|~|!~)?.+$" |
ApplianceManagementTaskStatus (schema)
Current status of the appliance management task
| Name | Description | Type | Notes |
|---|---|---|---|
| ApplianceManagementTaskStatus | Current status of the appliance management task | string | Enum: running, error, success, canceling, canceled, killed |
ApplicationConnectivityStrategy (schema)
Application specific connectivity strategy
Allows more granular policies for application workloads
| Name | Description | Type | Notes |
|---|---|---|---|
| application_connectivity_strategy | Application connectivity strategy App connectivity strategies |
string | Required Enum: ALLOW_INTRA, ALLOW_EGRESS, ALLOW_INGRESS, DROP_INGRESS, DROP_EGRESS |
| default_application_rule_id | Default rule ID associated with the application_connectivity_strategy Based on the value of the app connectivity strategy, a default rule is created for the security policy. The rule id is internally assigned by the system for this default rule. |
integer | Readonly |
| logging_enabled | Enable logging flag Flag to enable packet logging. Default is disabled. |
boolean | Default: "False" |
ApplyCertificateParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| node_id | Node Id Optional node-id to which to apply the certificate. The cluster_certificate field of the matching Certificate Profile must be false, as those get applied to all nodes. |
string | Maximum length: 255 |
| service_type | Service Type Service Type of the CertificateProfile to apply the certificate to. |
ServiceType | Required |
ArpHeader (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| dst_ip | The destination IP address | IPv4Address | Required |
| op_code | Arp message type This field specifies the nature of the Arp message being sent. |
string | Required Enum: ARP_REQUEST, ARP_REPLY Default: "ARP_REQUEST" |
| src_ip | The source IP address This field specifies the IP address of the sender. If omitted, the src_ip is set to 0.0.0.0. |
IPv4Address |
ArpSnoopingConfig (schema)
ARP Snooping Configuration
Contains ARP snooping related configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| arp_binding_limit | Maximum number of ARP bindings Number of arp snooped IP addresses Indicates the number of arp snooped IP addresses to be remembered per LogicalPort. Decreasing this value, will retain the latest bindings from the existing list of address bindings. Increasing this value will retain existing bindings and also learn any new address bindings discovered on the port until the new limit is reached. |
int | Minimum: 1 Maximum: 256 Default: "1" |
| arp_snooping_enabled | Is ARP snooping enabled or not Indicates whether ARP snooping is enabled |
boolean | Default: "True" |
ArpTableRequestParameters (schema)
Routes request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| edge_path | Policy path of edge node Policy path of edge node. Edge node must be member of enforcement point. Edge path is required when interface specified is either service or loopback interface. |
string | |
| enforcement_point_path | Enforcement point path String Path of the enforcement point. When not specified, routes from all enforcement-points are returned. This property is required for retrieving routes in CSV format. |
string | |
| host_transport_node_path | Policy path of host transport node Policy path of host transport node. In case of API used from Global Manager, use the HostTransportNode path from Local Manager. |
string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
AttachedInterfaceEntry (schema)
Attached interface information for Bare metal server
The Attached interface is only effective for the segment port on Bare metal server.
| Name | Description | Type | Notes |
|---|---|---|---|
| app_intf_name | The name of application interface | string | Required |
| default_gateway | Gateway IP | IPAddress | |
| migrate_intf | Interface name to migrate IP configuration on migrate_intf will migrate to app_intf_name. It is used for Management and Application sharing the same IP. |
string | |
| routing_table | Routing rules | array of string |
Attribute (schema)
Attributes
Attribute specific to a partner. There attributes are passed on to the partner appliance and is opaque to the NSX Manager. The Attributes used by the partner applicance.
| Name | Description | Type | Notes |
|---|---|---|---|
| attribute_type | Attributetype. Attribute Type can be of any of the allowed enum type. |
string | Enum: IP_ADDRESS, PORT, PASSWORD, STRING, LONG, BOOLEAN |
| display_name | Display name Attribute display name string value. |
string | |
| key | key Attribute key string value. |
string | Required |
| read_only | read only Read only Attribute cannot be overdidden by service instance/deployment. |
boolean | Default: "False" |
| value | value Attribute value string value. |
string |
AttributeVal (schema)
Attribute values of realized type
Contains type specific properties of generic realized entity
| Name | Description | Type | Notes |
|---|---|---|---|
| data_type | Datatype of property represented by this attribute Datatype of the property |
string | Required Readonly Enum: STRING, DATE, INTEGER, BOOLEAN |
| key | Key for the attribute value Attribute key |
string | |
| multivalue | multivalue flag If attribute has a single value or collection of values |
boolean | Readonly |
| values | List of values for the attribute List of attribute values |
array of string | Readonly |
AuthServiceProperties (schema)
Auth Service properties
| Name | Description | Type | Notes |
|---|---|---|---|
| logging_level | Service logging level | string | Enum: OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE Default: "INFO" |
AuthenticationPolicyProperties (schema)
Configuration of authentication and password policies for the NSX node
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _retry_prompt | Prompt user at most N times before returning with error. | integer | Readonly Default: "3" |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| api_failed_auth_lockout_period | Lockout period in seconds Once a lockout occurs, the account remains locked out of the API for this time period. Only applies to NSX Manager nodes. Ignored on other node types. |
integer | Minimum: 0 Default: "900" |
| api_failed_auth_reset_period | Period, in seconds, for authentication failures to trigger lockout In order to trigger an account lockout, all authentication failures must occur in this time window. If the reset period expires, the failed login count is reset to zero. Only applies to NSX Manager nodes. Ignored on other node types. |
integer | Minimum: 0 Default: "900" |
| api_max_auth_failures | Number of authentication failures that trigger API lockout Only applies to NSX Manager nodes. Ignored on other node types. |
integer | Minimum: 0 Default: "5" |
| cli_failed_auth_lockout_period | Lockout period in seconds Once a lockout occurs, the account remains locked out of the CLI for this time period. While the lockout period is in effect, additional authentication attempts restart the lockout period, even if a valid password is specified. |
integer | Minimum: 0 Default: "900" |
| cli_max_auth_failures | Number of authentication failures that trigger CLI lockout | integer | Minimum: 0 Default: "5" |
| digits | Number of digits in password Number of digits (0..9) expected in user password. N < 0, to set minimum credit for having digits in the new password, i.e.
N > 0, to set maximum credit for having digits in the new password, i.e.
N = 0, policy will be not applicable. By default minimum 1 digit is required for a new password. |
integer | Minimum: -128 Maximum: 128 Default: "-1" |
| hash_algorithm | Hash algorithm Sets hash/cryptographic algorithm type for new passwords. |
string | Enum: sha512, sha256 Default: "sha512" |
| lower_chars | Number of lower-case characters in password Number of lower case characters (a..z) expected in user password. N < 0, to set minimum credit for having lower case characters in the new password, i.e.
N > 0, to set maximum credit for having lower case characters in the new password, i.e.
N = 0, policy will be not applicable. By default minimum 1 lower case character is required for a new password. |
integer | Minimum: -128 Maximum: 128 Default: "-1" |
| max_repeats | Number of same consecutive characters Reject passwords which contain more than N same consecutive characters, like aaa or 7777. To disable the check, value should be set to 0. |
integer | Minimum: 0 Maximum: 128 Default: "0" |
| max_sequence | Length of permissible monotonic sequence in password substring Reject passwords which contain more than N monotonic character sequences. Monotonic sequences can be '12345' or 'fedcb'. To disable the check, value should be set to 0. |
integer | Minimum: 0 Maximum: 128 Default: "0" |
| maximum_password_length | Maximum password length Maximum number of characters allowed in password; user can not set their password of length greater than this parameter. By default maximum length of password is 128 characters. |
integer | Minimum: 8 Maximum: 128 Default: "128" |
| minimum_password_length | Minimum password length Minimum number of characters expected in password; user can not set their password of length less than this parameter. NOTE, for existing users upgrading to NSX-T datacenter version 4.0 or above - if existing appliance is configured with VMware recommends to set strong passwords for systems and appliances, further
If any existing user passwords are set with length of less than newly configured
If existing By default minimum length of password is 12 characters and passwords less than 8 characters are never allowed. |
integer | Minimum: 8 Maximum: 128 Default: "12" |
| minimum_unique_chars | Number of unique characters from old password Number of character changes in the new password that differentiate it from the old password. To disable the check, value should be set to 0. |
integer | Minimum: 0 Maximum: 128 Default: "0" |
| password_remembrance | Password remembrance from previous generations Limit using a password that was used in past; users can not set the same password within the N generations. To disable the check, value should be set to 0. |
integer | Minimum: 0 Default: "0" |
| special_chars | Number of special characters in password Number of special characters (!@#$&*..) expected in user password. N < 0, to set minimum credit for having special characters in the new password, i.e.
N > 0, to set maximum credit for having special characters in the new password, i.e.
N = 0, policy will be not applicable. By default minimum 1 special character is required for a new password. |
integer | Minimum: -128 Maximum: 128 Default: "-1" |
| upper_chars | Number of upper-case characters in password Number of upper case characters (A..Z) expected in user password. N < 0, to set minimum credit for having upper case characters in the new password, i.e.
N > 0, to set maximum credit for having upper case characters in the new password, i.e.
N = 0, policy will be not applicable. By default minimum 1 upper case character is required for a new password. |
integer | Minimum: -128 Maximum: 128 Default: "-1" |
AuthenticationScheme (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| scheme_name | Authentication scheme name | string | Required |
AutoRds (schema)
Auto assigned Route Distinguishers
This object holds auto assigned route distinguishers for Layer 2 and Layer 3 configurations.
| Name | Description | Type | Notes |
|---|---|---|---|
| l2_auto_rds | List of layer 2 Auto assigned Route Distinguisher | array of L2AutoRD | |
| l3_auto_rd | Layer 3 Auto assigned Route Distinguisher This field is auto assigned by the system. The auto RD seed is populated when user does not assign a route_distinguisher field in the gateway. |
string |
AviConnectionInfo (schema)
Avi Connection Info
Credential info to connect to a AVI type of enforcement point.
| Name | Description | Type | Notes |
|---|---|---|---|
| cloud | Cloud Clouds are containers for the environment that Avi Vantage is installed or operating within. During initial setup of Vantage, a default cloud, named Default-Cloud, is created. This is where the first Controller is deployed, into Default-Cloud. Additional clouds may be added, containing SEs and virtual services. This is a deprecated property. Cloud has been renamed to cloud_name and it will added from specific ALB entity. |
string | Deprecated |
| enforcement_point_address | Enforcement Point Address Value of this property could be Hostname or IP. For instance: - On an NSX-T MP running on default port, the value could be "10.192.1.1" - On an NSX-T MP running on custom port, the value could be "192.168.1.1:32789" - On an NSX-T MP in VMC deployments, the value could be "192.168.1.1:5480/nsxapi" |
string | Required |
| expires_at | Expiry time of the token Expiry time of the token will be set by LCM at the time of Enforcement Point Creation. |
string | |
| managed_by | Managed by used when on-borading workflow created by LCM/VCF. Managed by used when on-borading workflow created by LCM/VCF. |
string | |
| password | Password or Token for Avi Controller Password or Token for Avi Controller. |
secure_string | Required |
| resource_type | Must be set to the value AviConnectionInfo | string | Required Enum: NSXTConnectionInfo, NSXVConnectionInfo, CvxConnectionInfo, AviConnectionInfo |
| status | Enforcement point state for ALB This is connection property which checks whether ALB is connected to the controller. Enum options - ACTIVATE, DEACTIVATE_PROVIDER, DEACTIVATE_API. Default value is DEACTIVATE_API. |
ALBEnforcementPointState | Required Default: "DEACTIVATE_API" |
| tenant | Tenant A tenant is an isolated instance of Avi Controller. Each Avi user account is associated with one or more tenants. The tenant associated with a user account defines the resources that user can access within Avi Vantage. When a user logs in, Avi restricts their access to only those resources that are in the same tenant |
string | Required |
| thumbprint | Thumbprint of Enforcement Point Thumbprint of EnforcementPoint in the form of a SHA-256 hash represented in lower case HEX. |
string | |
| username | Username Username. |
secure_string | Required |
| version | Version Avi supports API versioning for backward compatibility with automation scripts written for an object model older than the current one. Such scripts need not be updated to keep up with object model changes This is a deprecated property. The version is now auto populated from property file and its value can be read using APIs |
string | Deprecated |
Axes (schema)
Axes of a graph
Represents X and Y axes of a graph. For a multi-graph, the same axes are shared by all the graphs.
| Name | Description | Type | Notes |
|---|---|---|---|
| x_label | Label for X axis of a graph | Label | |
| x_labels | A list of X-Axis Labels with condition support. A list of X-Axis Labels with condition support. If needed, this property can be used to provide a list of x-axis label with condition support. For a label with single condition,'x-label' property can be used. |
array of Label | Minimum items: 0 |
| y_axis_unit_labels | A list of Y-Axis unit Labels with condition support. A list of Y-Axis unit Labels with condition support. If needed, this property can be used to provide a list of y-axis unit label with condition support. This unit label can be used to display the point value along with units like percentage, milliseconds etc. |
array of Label | Minimum items: 0 |
| y_axis_units | A list of Y-Axis unit with condition support. A list of Y-Axis unit with condition support. If needed, this property can be used to provide a list of y-axis unit with condition support. This unit could be like percentage, seconds, milliseconds etc. |
array of AxisUnit | Minimum items: 0 |
| y_label | Label for Y axis of a graph | Label | |
| y_labels | A list of Y-Axis Labels with condition support. A list of Y-Axis Labels with condition support. If needed, this property can be used to provide a list of y-axis label with condition support. For a label with single condition,'y-label' property can be used. |
array of Label | Minimum items: 0 |
AxisUnit (schema)
Axis unit of a graph
Represents X and Y axis unit of a graph.
| Name | Description | Type | Notes |
|---|---|---|---|
| condition | Expression for evaluating condition If the condition is met then the above unit will be displayed. to UI. If no condition is provided, then the unit will be displayed unconditionally. |
string | Maximum length: 1024 |
| unit | An Axis unit. An Axis unit. |
string | Enum: COUNT, PERCENT, BYTES, MILLISECONDS, SECONDS, MINUTE, HOUR, DAY, KILO_BYTES, MEGA_BYTES, GIGA_BYTES |
BMSGroupAssociationRequestParams (schema)
List request parameters containing Physical server external ID and enforcement point path
List request parameters containing Physical server external ID and enforcement point path
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| enforcement_point_path | String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F. |
string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| physical_server_external_id | Physical external ID | string | Required |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
BackupConfiguration (schema)
Configuration for taking manual/automated backup
| Name | Description | Type | Notes |
|---|---|---|---|
| after_inventory_update_interval | A number of seconds after a last backup, that needs to pass, before a topology change will trigger a generation of a new cluster/node backups. If parameter is not provided, then changes in a topology will not trigger a generation of cluster/node backups. | integer | Minimum: 300 Maximum: 86400 |
| backup_enabled | true if automated backup is enabled | boolean | Default: "False" |
| backup_schedule | Set when backups should be taken - on a weekly schedule or at regular intervals. | BackupSchedule (Abstract type: pass one of the following concrete types) IntervalBackupSchedule WeeklyBackupSchedule |
|
| inventory_summary_interval | The minimum number of seconds between each upload of the inventory summary to backup server. | integer | Minimum: 30 Maximum: 3600 Default: "240" |
| passphrase | Passphrase used to encrypt backup files. Passphrase used to encrypt backup files. The passphrase specified must be at least 8 characters in length and must contain at least one lowercase, one uppercase, one numeric character and one special character (any other non-space character). |
secure_string | |
| remote_file_server | The server to which backups will be sent. | RemoteFileServer |
BackupFrameRequestParameters (schema)
Backup Frame Request Parameters
Parameters (site_id, etc), that describes a backup/restore frame
| Name | Description | Type | Notes |
|---|---|---|---|
| frame_type | Frame type This attribute is used to indicate the service on current site or other site for which backup is handled in a frame. LOCAL_LOCAL_MANAGER corresponds to local LM of the site. LOCAL_MANAGER cprresponds to LM of other site. |
string | Readonly Enum: GLOBAL_MANAGER, LOCAL_MANAGER, LOCAL_LOCAL_MANAGER, NSX_INTELLIGENCE Default: "LOCAL_LOCAL_MANAGER" |
| site_id | Site ID Site ID of LM site, which will be supported in a frame |
string | Default: "localhost" |
BackupOperationHistory (schema)
Past backup operation details
| Name | Description | Type | Notes |
|---|---|---|---|
| cluster_backup_statuses | Statuses of previous cluser backups | array of BackupOperationStatus | |
| inventory_backup_statuses | Statuses of previous inventory backups | array of BackupOperationStatus | |
| node_backup_statuses | Statuses of previous node backups | array of BackupOperationStatus |
BackupOperationStatus (schema)
Backup operation status
| Name | Description | Type | Notes |
|---|---|---|---|
| backup_id | Unique identifier of a backup | string | Required |
| end_time | Time when operation was ended | EpochMsTimestamp | |
| error_code | Error code | string | Enum: BACKUP_NOT_RUN_ON_MASTER, BACKUP_SERVER_UNREACHABLE, BACKUP_AUTHENTICATION_FAILURE, BACKUP_PERMISSION_ERROR, BACKUP_TIMEOUT, BACKUP_BAD_FINGERPRINT, BACKUP_GENERIC_ERROR, UPGRADE_IN_PROGRESS |
| error_message | Error code details | string | |
| start_time | Time when operation was started | EpochMsTimestamp | |
| success | True if backup is successfully completed, else false | boolean | Required |
BackupOverview (schema)
Backup overview
Data for a single backup/restore card
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| backup_config | Backup configuration Configuration to generate a manual/automated backup |
BackupConfiguration | Required |
| backup_operation_history | Last backup status Status of the last backup execution per component |
BackupOperationHistory | Required |
| current_backup_operation_status | Current backup status Backup status decribes type, phase, success/failure and time of a | latest backup execution |
CurrentBackupOperationStatus | Required |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| restore_status | Current restore status Status of restore process executing/executed on appliance |
ClusterRestoreStatus | Required |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | List of timestamps of backed-up cluster files | array of ClusterBackupInfo | Required Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
BackupOverviewRequestParameters (schema)
Backup overview request parameters
Parameters, that REST API client needs to provide, in order to get data for
a backup/restore card with or without a list of generated backups.
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| frame_type | Frame type This attribute is used to indicate the service on current site or other site for which backup is handled in a frame. LOCAL_LOCAL_MANAGER corresponds to local LM of the site. LOCAL_MANAGER cprresponds to LM of other site. |
string | Readonly Enum: GLOBAL_MANAGER, LOCAL_MANAGER, LOCAL_LOCAL_MANAGER, NSX_INTELLIGENCE Default: "LOCAL_LOCAL_MANAGER" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| show_backups_list | Need a list of backups True to request a list of backups |
boolean | Default: "True" |
| site_id | UUID of the site UUID of LM site, which will be supported in a frame |
string | Default: "localhost" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
BackupSchedule (schema)
Abstract base type for Weekly or Interval Backup Schedule
This is an abstract type. Concrete child types:
IntervalBackupSchedule
WeeklyBackupSchedule
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_type | Schedule type | string | Required Enum: WeeklyBackupSchedule, IntervalBackupSchedule |
BackupUiFramesInfo (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| active_gm | Does site have active GM | string | Readonly Enum: ACTIVE, STANDBY, NONE, INVALID |
| api_endpoint | prefix to be used for api call | string | Required Readonly Enum: global-manager, nsxapi, ica |
| frame_type | Type of service, for which backup is handled | string | Required Readonly Enum: GLOBAL_MANAGER, LOCAL_MANAGER, LOCAL_LOCAL_MANAGER, NSX_INTELLIGENCE |
| site_id | Id of the site | string | Required Readonly |
| site_version | Version of the site | string | Required Readonly |
BackupUiFramesInfoList (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| backup_frames_list | List of backup frames(and metadata) to be displayed in UI | array of BackupUiFramesInfo | Required Readonly |
BaseCompatibilityCheckResult (schema)
Precheck result for onboaring standby Global Manager or remote Site to
federation
description: |
Result of prechecks run for onboarding standby Global Manager or remote
site. The checks include NSX version compatibility with active Global
Manager, Round Trip Time (RTT), etc. Note that some of checks like RTT are
soft limits.
| Name | Description | Type | Notes |
|---|---|---|---|
| local_nsx_version | Local Site NSX version where active Global Mananger is running Local Site NSX version where active Global Mananger is running. |
string | Readonly |
| nsx_version | Remote Site NSX version Remote Site NSX version. |
string | Readonly |
| rtt | Round trip time to the remote Site or Global Manager from active
Global Manager
Round trip time to the remote Site or Global Manager from active Global Manager. |
integer | Readonly |
| rtt_exceeded | Flag to indicate if RTT to remote Site exceeds the recommended limit Flag to indicate if RTT to remote Site exceeds the recommended limit. |
boolean | Readonly |
| version_compatible | Flag to indicate if remote Site NSX version is compatible Flag to indicate if remote Site NSX version is compatible with active Global Manager. |
boolean | Readonly |
BaseConsolidatedStatusPerEnforcementPoint (schema)
Base class for ConsolidatedStatusPerEnforcementPoint
Consolidated Realized Status Per Enforcement Point.
This is an abstract type. Concrete child types:
ConsolidatedStatusNsxT
ConsolidatedStatusPerEnforcementPoint
| Name | Description | Type | Notes |
|---|---|---|---|
| alarm | Alarm Information Details Alarm information details. |
PolicyRuntimeAlarm | Readonly |
| consolidated_status | Consolidated Realized Status Consolidated Realized Status of an Intent object per enforcement point. |
ConsolidatedStatus | Readonly |
| enforcement_point_id | Enforcement Point Id Enforcement Point Id. |
string | Readonly |
| enforcement_point_path | Enforcement point Path Policy Path referencing the enforcement point where the info is fetched. |
string | Readonly |
| resource_type | string | Required | |
| site_path | Site Path The site where this enforcement point resides. |
string | Readonly |
BaseEdgeStatisticsRequestParameters (schema)
Routes request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| edge_path | Policy path of edge node Policy path of edge node. Edge node must be member of enforcement point. Edge path is required when interface specified is either service or loopback interface. |
string | |
| enforcement_point_path | Enforcement point path String Path of the enforcement point. When not specified, routes from all enforcement-points are returned. This property is required for retrieving routes in CSV format. |
string | |
| host_transport_node_path | Policy path of host transport node Policy path of host transport node. In case of API used from Global Manager, use the HostTransportNode path from Local Manager. |
string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
BaseEndpoint (schema)
An endpoint to be used in redirection rule
Represents an endpoint which will be used as subject in rule.
It is a polymorphic type object which can be either of the types -
1. Virtual
2. Logical
We have 2 separate objects representing these 2 types.
VirtualEndPoint for Virtual type and ServiceInstanceEndpoint
for Logical.
This is an abstract type. Concrete child types:
ServiceInstanceEndpoint
VirtualEndpoint
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value BaseEndpoint | string | Required Enum: VirtualEndpoint, ServiceInstanceEndpoint |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| target_ips | IP addresses to redirect the traffic to IPs where either inbound or outbound traffic is to be redirected. |
array of IPInfo | Required Minimum items: 1 Maximum items: 1 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
BaseInterfaceGroup (schema)
Base gateway Interface group
Tier0/Tier1 Interface group for interface grouping.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| members | Tier0/Tier1 interface memeber list List of interface reference. Interface must belong to same location. |
array of GatewayInterfaceReference | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value BaseInterfaceGroup | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
BaseListRequestParameters (schema)
Routes request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| enforcement_point_path | Enforcement point path String Path of the enforcement point. When not specified, routes from all enforcement-points are returned. This property is required for retrieving routes in CSV format. |
string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
BasePolicyServiceInstance (schema)
Represents an instance of partner Service and its configuration
Represents an instance of partner Service and its configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| deployment_mode | Deployment Mode Deployment mode specifies how the partner appliance will be deployed i.e. in HA or standalone mode. |
string | Enum: STAND_ALONE, ACTIVE_STANDBY Default: "ACTIVE_STANDBY" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| partner_service_name | Name of Partner Service Unique name of Partner Service in the Marketplace |
string | Required |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value BasePolicyServiceInstance | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| transport_type | Transport Type Transport to be used while deploying Service-VM. |
string | Enum: L2_BRIDGE, L3_ROUTED Default: "L2_BRIDGE" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
BaseRule (schema)
A rule represent base properties for ,dfw, forwarding, redirection rule
A rule indicates the action to be performed for various types of traffic flowing between workload groups.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| destination_groups | Destination group paths We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| destinations_excluded | Negation of destination groups If set to true, the rule gets applied on all the groups that are NOT part of the destination groups. If false, the rule applies to the destination groups |
boolean | Default: "False" |
| direction | Direction Define direction of traffic. |
string | Enum: IN, OUT, IN_OUT Default: "IN_OUT" |
| disabled | Flag to disable the rule Flag to disable the rule. Default is enabled. |
boolean | Default: "False" |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ip_protocol | IPv4 vs IPv6 packet type Type of IP packet that should be matched while enforcing the rule. The value is set to IPV4_IPV6 for Layer3 rule if not specified. For Layer2/Ether rule the value must be null. |
string | Enum: IPV4, IPV6, IPV4_IPV6 |
| is_default | Default rule flag A flag to indicate whether rule is a default rule. |
boolean | Readonly |
| logged | Enable logging flag Flag to enable packet logging. Default is disabled. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| notes | Text for additional notes on changes Text for additional notes on changes. |
string | Maximum length: 2048 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| profiles | Layer 7 service profiles or TLS action profile Holds the list of layer 7 service profile paths. These profiles accept attributes and sub-attributes of various network services (e.g. L4 AppId, encryption algorithm, domain name, etc) as key value pairs. Instead of Layer 7 service profiles you can use a L7 access profile. One of either Layer 7 service profiles or L7 Access Profile can be used in firewall rule. In case of L7 access profile only one is allowed. |
array of string | Maximum items: 128 |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value BaseRule | string | |
| rule_id | Unique rule ID This is a unique 4 byte positive number that is assigned by the system. This rule id is passed all the way down to the data path. The first 1GB (1000 to 2^30) will be shared by GM and LM with zebra style striped number space. For E.g 1000 to (1Million -1) by LM, (1M - 2M-1) by GM and so on. |
integer | Readonly |
| scope | The list of policy paths where the rule is applied
LR/Edge/T0/T1/LRP etc. Note that a given rule can be applied on multiple LRs/LRPs. |
array of string | Maximum items: 128 |
| sequence_number | Sequence number of the this Rule This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple rules with the same sequence number then their order is not deterministic. If a specific order of rules is desired, then one has to specify unique sequence numbers or use the POST request on the rule entity with a query parameter action=revise to let the framework assign a sequence number |
int | Minimum: 0 |
| service_entries | Raw services In order to specify raw services this can be used, along with services which contains path to services. This can be empty or null. |
array of ServiceEntry (Abstract type: pass one of the following concrete types) ALGTypeServiceEntry EtherTypeServiceEntry ICMPTypeServiceEntry IGMPTypeServiceEntry IPProtocolServiceEntry L4PortSetServiceEntry NestedServiceServiceEntry |
Maximum items: 128 |
| services | Names of services In order to specify all services, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the services array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| source_groups | Source group paths We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| sources_excluded | Negation of source groups If set to true, the rule gets applied on all the groups that are NOT part of the source groups. If false, the rule applies to the source groups |
boolean | Default: "False" |
| tag | Tag applied on the rule User level field which will be printed in CLI and packet logs. Even though there is no limitation on length of a tag, internally tag will get truncated after 32 characters. |
string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
BaseRuleListResult (schema)
Paged Collection of Rules
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
BaseTier0Interface (schema)
Tier-0 interface configuration
Tier-0 interface configuration for external connectivity.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| dhcp_relay_path | policy path of referenced dhcp-relay-config Policy path of dhcp-relay-config to be attached to this Interface. |
string | |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value BaseTier0Interface | string | |
| subnets | IP address and subnet specification for interface Specify IP address and network prefix for interface. |
array of InterfaceSubnet | Required Minimum items: 1 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
BasicAuthenticationScheme (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| password | Password to authenticate with | string | Required |
| scheme_name | Authentication scheme name | string | Required Enum: basic |
| username | User name to authenticate with | string | Required Pattern: "^.+$" |
BatchParameter (schema)
Options that affect how batch operations are processed
| Name | Description | Type | Notes |
|---|---|---|---|
| atomic | Ignored (transactional atomicity flag) This flag is ignored. Transactional atomicity is no longer supported. |
boolean | Default: "False" |
BatchRequest (schema)
A set of operations to be performed in a single batch
| Name | Description | Type | Notes |
|---|---|---|---|
| continue_on_error | Continue even if an error is encountered. | boolean | Default: "True" |
| requests | array of BatchRequestItem |
BatchRequestItem (schema)
A single request within a batch of operations
| Name | Description | Type | Notes |
|---|---|---|---|
| body | object | ||
| method | method type(POST/PUT/DELETE/UPDATE) http method type |
string | Required Enum: GET, POST, PUT, DELETE, PATCH |
| uri | Internal uri of the call relative uri (path and args), of the call including resource id (if this is a POST/DELETE), exclude hostname and port and prefix, exploded form of parameters |
string | Required |
BatchResponse (schema)
The reponse to a batch operation
| Name | Description | Type | Notes |
|---|---|---|---|
| has_errors | errors indicator Indicates if any of the APIs failed |
boolean | |
| results | Bulk list results | array of BatchResponseItem | Required |
| rolled_back | indicates if all items were rolled back. Optional flag indicating that all items were rolled back even if succeeded initially |
boolean |
BatchResponseItem (schema)
A single respose in a list of batched responses
| Name | Description | Type | Notes |
|---|---|---|---|
| body | object returned by api object returned by api |
object | |
| code | object returned by api http status code |
integer | Required |
| headers | object returned by api The headers returned by the API call |
object |
BfdHealthMonitoringConfig (schema)
Bfd Health Monitoring Options
Bfd Health Monitoring Options used specific to BFD Transport Zone profiles
| Name | Description | Type | Notes |
|---|---|---|---|
| enabled | Whether the heartbeat is enabled. A PATCH or PUT request with "enabled" false (with no probe intervals) will set or reset the probe_interval to their default value. | boolean | Required |
| latency_enabled | Whether the latency is enabled. The flag is to turn on/off latency. A PATCH or PUT request with "latency_enabled" true will enable NSX to send the networking latency data to thrid-party monitoring tools like vRNI. |
boolean | |
| probe_interval | The time interval (in millisec) between probe packets for tunnels between transport nodes. | integer | Minimum: 300 Default: "1000" |
BfdProfile (schema)
Bidirectional Forwarding Detection configuration for BGP peers
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| interval | Time interval between heartbeat packets in milliseconds Time interval between heartbeat packets in milliseconds. |
int | Minimum: 50 Maximum: 60000 Default: "500" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| multiple | Declare dead multiple Declare dead multiple. Number of times heartbeat packet is missed before BFD declares the neighbor is down. |
int | Minimum: 2 Maximum: 16 Default: "3" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value BfdProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
BfdProfileListResult (schema)
Paged Collection of BfdProfile
Paged Collection of BfdProfile.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Bfd Profile List Results Bfd Profile list results. |
array of BfdProfile | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
BgpAddressFamily (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| in_prefix_count | Count of in prefixes Count of in prefixes |
integer | Readonly |
| out_prefix_count | Count of out prefixes Count of out prefixes |
integer | Readonly |
| type | BGP address family type BGP address family type |
string | Required Readonly Enum: IPV4_UNICAST, VPNV4_UNICAST, IPV6_UNICAST, L2VPN_EVPN |
BgpBfdConfig (schema)
BFD configuration for BGP peers
| Name | Description | Type | Notes |
|---|---|---|---|
| enabled | Flag to enable BFD cofiguration Flag to enable BFD cofiguration. |
boolean | Default: "False" |
| interval | Time interval between heartbeat packets in milliseconds Time interval between heartbeat packets in milliseconds. |
int | Minimum: 50 Maximum: 60000 Default: "500" |
| multiple | Declare dead multiple Declare dead multiple. Number of times heartbeat packet is missed before BFD declares the neighbor is down. |
int | Minimum: 2 Maximum: 16 Default: "3" |
BgpGracefulRestartConfig (schema)
BGP Graceful Restart Configuration
Configuration field to hold BGP restart mode and timer.
| Name | Description | Type | Notes |
|---|---|---|---|
| mode | BGP Graceful Restart Configuration Mode If mode is DISABLE, then graceful restart and helper modes are disabled. If mode is GR_AND_HELPER, then both graceful restart and helper modes are enabled. If mode is HELPER_ONLY, then helper mode is enabled. HELPER_ONLY mode is the ability for a BGP speaker to indicate its ability to preserve forwarding state during BGP restart. GRACEFUL_RESTART mode is the ability of a BGP speaker to advertise its restart to its peers. |
string | Enum: DISABLE, GR_AND_HELPER, HELPER_ONLY Default: "HELPER_ONLY" |
| timer | BGP Graceful Restart Timer Configuration field to hold BGP restart timers. |
BgpGracefulRestartTimer |
BgpGracefulRestartTimer (schema)
BGP Graceful Restart Timers
Configuration field to hold BGP restart timers
| Name | Description | Type | Notes |
|---|---|---|---|
| restart_timer | BGP Graceful Restart Timer Maximum time taken (in seconds) for a BGP session to be established after a restart. This can be used to speed up routing convergence by its peer in case the BGP speaker does not come back up after a restart. If the session is not re-established within this timer, the receiving speaker will delete all the stale routes from that peer. |
integer | Minimum: 1 Maximum: 3600 Default: "180" |
| stale_route_timer | BGP Stale Route Timer Maximum time (in seconds) before stale routes are removed from the RIB (Routing Information Base) when BGP restarts. |
integer | Minimum: 1 Maximum: 3600 Default: "600" |
BgpNeighborConfig (schema)
BGP neighbor config
Contains information necessary to configure a BGP neighbor.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| allow_as_in | Flag to enable allowas_in option for BGP neighbor | boolean | Default: "False" |
| bfd | BFD configuration for failure detection BFD configuration for failure detection. BFD is enabled with default values when not configured. |
BgpBfdConfig | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | Flag to enable/disable BGP peering. Flag to enable/disable BGP peering. Disabling will stop the BGP peering. True - indicates enable BGP peering, False - indicates disable BGP peering. Default is True. |
boolean | Default: "True" |
| graceful_restart_mode | BGP Graceful Restart Configuration Mode If mode is DISABLE, then graceful restart and helper modes are disabled. If mode is GR_AND_HELPER, then both graceful restart and helper modes are enabled. If mode is HELPER_ONLY, then helper mode is enabled. HELPER_ONLY mode is the ability for a BGP speaker to indicate its ability to preserve forwarding state during BGP restart. GRACEFUL_RESTART mode is the ability of a BGP speaker to advertise its restart to its peers. |
string | Enum: DISABLE, GR_AND_HELPER, HELPER_ONLY |
| hold_down_time | Wait time in seconds before declaring peer dead Wait time in seconds before declaring peer dead. |
int | Minimum: 1 Maximum: 65535 Default: "180" |
| id | Unique identifier of this resource | string | Sortable |
| in_route_filters | Prefix-list or route map path for IN direction Specify path of prefix-list or route map to filter routes for IN direction. This property is deprecated, use route_filtering instead. Specifying different values for both properties will result in error. |
array of string | Deprecated Maximum items: 1 |
| keep_alive_time | Interval between keep alive messages sent to peer Interval (in seconds) between keep alive messages sent to peer. |
int | Minimum: 1 Maximum: 65535 Default: "60" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| maximum_hop_limit | Maximum number of hops allowed to reach BGP neighbor Maximum number of hops allowed to reach BGP neighbor. |
int | Minimum: 1 Maximum: 255 Default: "1" |
| neighbor_address | Neighbor IP Address | IPAddress | Required |
| neighbor_local_as_config | Local as configuration for BGP Neighbor Configuration field to hold the Local AS config for BGP Neighbor |
BgpNeighborLocalAsConfig | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| out_route_filters | Prefix-list or route map path for OUT direction Specify path of prefix-list or route map to filter routes for OUT direction. When not specified, a built-in prefix-list named 'prefixlist-out-default' is automatically applied. This property is deprecated, use route_filtering instead. Specifying different values for both properties will result in error. |
array of string | Deprecated Maximum items: 1 |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| password | Password Specify password for BGP neighbor authentication. Empty string ("") clears existing password. |
secure_string | Minimum length: 0 Maximum length: 32 |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_as_num | 4 Byte ASN of the neighbor in ASPLAIN Format | string | Required |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value BgpNeighborConfig | string | |
| route_filtering | Enable address families and route filtering in each direction Enable address families and route filtering in each direction. |
array of BgpRouteFiltering | Maximum items: 2 |
| source_addresses | Source IP Addresses for BGP peering Source addresses should belong to Tier0 external or loopback or VTI interface IP Addresses . BGP peering is formed from all these addresses. This property is mandatory when maximum_hop_limit is greater than 1. |
array of IPAddress | Maximum items: 8 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
BgpNeighborConfigListRequestParameters (schema)
Routing Config list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
BgpNeighborConfigListResult (schema)
Paged collection of BGP Neighbor Configs
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | BGP neighbor configs list results | array of BgpNeighborConfig | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
BgpNeighborLocalAsConfig (schema)
BGP neighbor local-as configuration
| Name | Description | Type | Notes |
|---|---|---|---|
| as_path_modifier_type | AS_PATH modifier type for BGP local AS Optional parameter. If this property is not set, by default BGP prepends neighbor's local_as_num value to the AS_PATH for BOTH outgoing and incoming route advertisements from the peer neighbor. By setting one of the following value, user can modify the default prepend action on the AS_PATH in both inbound and outbound direction. NO_PREPEND: If type is NO_PREPEND, then the local router will NOT prepend the incoming advertisement from that peer with neighbor's local_as_num, so the AS path advertised will now prepend only the BGP local-as of the router. NO_PREPEND_REPLACE_AS - If type is "NO_PREPEND_REPLACE_AS", then the local routes will be advertised with the neighbor's local-as instead of the BGP's local-as to peer router. |
string | Enum: NO_PREPEND, NO_PREPEND_REPLACE_AS |
| local_as_num | BGP neighbor local-as number in ASPLAIN/ASDOT Format Specify local-as number for Tier-0 to advertize to BGP peer. This overrides local_as_num configured in the BgpRoutingConfig object. AS number can be specified in ASPLAIN (e.g., "65546") or ASDOT (e.g., "1.10") format. It is supported for BgpNeighborConfig under both default tier0 and vrf tier0. When this capability is configured, it enables the BGP to prepend "local_as_num" value to the beginning of AS_PATH for BOTH outgoing and incoming route advertisements from the configured neighbor. After prepend, AS_PATH contains both "neighbor's |
string | Required |
BgpNeighborRouteDetailsCsvRecord (schema)
BGP neighbor route details
BGP neighbor learned/advertised route details.
| Name | Description | Type | Notes |
|---|---|---|---|
| as_path | AS path BGP AS path attribute. |
string | Readonly |
| local_pref | Local preference BGP Local Preference attribute. |
integer | Readonly |
| logical_router_id | Logical router id Logical router id |
string | Required Readonly |
| med | Multi Exit Discriminator BGP Multi Exit Discriminator attribute. |
integer | Readonly |
| neighbor_address | Neighbor IP address BGP neighbor peer IP address. |
IPAddress | Required Readonly |
| neighbor_id | BGP neighbor id BGP neighbor id |
string | Required Readonly |
| network | CIDR network address CIDR network address. |
IPCIDRBlock | Required Readonly |
| next_hop | Next hop IP address Next hop IP address. |
IPAddress | Readonly |
| source_address | BGP neighbor source address BGP neighbor source address. |
IPAddress | Readonly |
| transport_node_id | Transport node id Transport node id |
string | Required Readonly |
| weight | Weight BGP Weight attribute. |
integer | Readonly |
BgpNeighborRouteDetailsInCsvFormat (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| file_name | File name File name set by HTTP server if API returns CSV result as a file. |
string | |
| results | array of BgpNeighborRouteDetailsCsvRecord |
BgpNeighborRoutes (schema)
BGP neighbor route details
BGP neighbor learned/advertised route details.
| Name | Description | Type | Notes |
|---|---|---|---|
| edge_node_routes | Route details per transport node Array of BGP neighbor route details per edge node. |
array of RoutesPerTransportNode | Readonly |
| egde_node_routes | Route details per transport node Array of BGP neighbor route details per edge node. |
array of RoutesPerTransportNode | Deprecated Readonly |
| enforcement_point_path | Enforcement point policy path | string | Required Readonly |
| neighbor_path | BGP neighbor policy path | string | Required Readonly |
BgpNeighborRoutesListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paged Collection of Bgp neighbor routes Paged Collection of Bgp neighbor routes. |
array of BgpNeighborRoutes | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
BgpRouteFiltering (schema)
Enable address_families and route filtering in each direction
| Name | Description | Type | Notes |
|---|---|---|---|
| address_family | Address family type Address family type. If not configured, this property automatically derived for IPv4 & IPv6 peer configuration. |
string | Enum: IPV4, IPV6, L2VPN_EVPN |
| enabled | Enable address family Flag to enable address family. |
boolean | Default: "True" |
| in_route_filters | Prefix-list or route map path for IN direction Specify path of prefix-list or route map to filter routes for IN direction. |
array of string | Maximum items: 1 |
| maximum_routes | Maximum number of routes for the address family Maximum number of routes for the address family. |
int | Minimum: 1 Maximum: 1000000 |
| out_route_filters | Prefix-list or route map path for OUT direction Specify path of prefix-list or route map to filter routes for OUT direction. When not specified, a built-in prefix-list named 'prefixlist-out-default' is automatically applied. |
array of string | Maximum items: 1 |
BgpRouteLeaking (schema)
BGP route leaking in each direction
| Name | Description | Type | Notes |
|---|---|---|---|
| address_family | Address family type Address family type. Assumed IPv4 address family when not specified. |
string | Enum: IPV4, IPV6 |
| in_filter | route map path for IN direction Specify path of route map to filter routes for IN direction. If not specified then all exported routes from peer attachment will be imported. |
array of string | Maximum items: 1 |
| out_filter | route map path for OUT direction Specify path of route map to filter routes for OUT direction. If not specified then all redistribute routes will be exported. |
array of string | Maximum items: 1 |
BgpRoutesRequestParameters (schema)
BGP Routes request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| count | Number of routes to retrieve Number of routes to return in response. Not used when routes are requested in CSV format. |
int | Minimum: 1 Default: "1000" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| enforcement_point_path | Enforcement point path String Path of the enforcement point. When not specified, routes from all enforcement-points are returned. This property is required for retrieving routes in CSV format. |
string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
BgpRoutingConfig (schema)
BGP routing config
Contains BGP routing configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildBgpNeighborConfig |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| ebgp_admin_distance | eBGP route administrative distance Administrative distance for IPv4 and IPv6 eBGP learnt routes(inbound). User is allowed to set this value only if BGP is disabled. |
int | Minimum: 1 Maximum: 255 Default: "20" |
| ecmp | Flag to enable ECMP Flag to enable ECMP. |
boolean | |
| enabled | Flag to enable BGP configuration Flag to enable BGP configuration. Disabling will stop feature and BGP peering. |
boolean | |
| graceful_restart | Flag to enable graceful restart Flag to enable graceful restart. This field is deprecated, please use graceful_restart_config parameter for graceful restart configuration. If both parameters are set and consistent with each other (i.e. graceful_restart=false and graceful_restart_mode=HELPER_ONLY OR graceful_restart=true and graceful_restart_mode=GR_AND_HELPER) then this is allowed, but if inconsistent with each other then this is not allowed and validation error will be thrown. |
boolean | Deprecated |
| graceful_restart_config | BGP Graceful Restart Configuration Configuration field to hold BGP Restart mode and timer. |
BgpGracefulRestartConfig | |
| ibgp_admin_distance | iBGP route administrative distance Administrative distance for IPv4 and IPv6 iBGP learnt routes(inbound). User is allowed to set this value only if BGP is disabled. |
int | Minimum: 1 Maximum: 255 Default: "200" |
| id | Unique identifier of this resource | string | Sortable |
| inter_sr_ibgp | Enable inter SR IBGP configuration Flag to enable inter SR IBGP configuration. When not specified, inter SR IBGP is automatically enabled if Tier-0 is created in ACTIVE_ACTIVE ha_mode. |
boolean | |
| local_as_num | BGP AS number in ASPLAIN/ASDOT Format Specify BGP AS number for Tier-0 to advertize to BGP peers. AS number can be specified in ASPLAIN (e.g., "65546") or ASDOT (e.g., "1.10") format. Empty string disables BGP feature. It is required by normal tier0 but not required in vrf tier0. |
string | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| multipath_relax | Flag to enable BGP multipath relax option Flag to enable BGP multipath relax option. |
boolean | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value BgpRoutingConfig | string | |
| route_aggregations | List of routes to be aggregated List of routes to be aggregated. |
array of RouteAggregationEntry | Maximum items: 1000 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
BinaryPacketData (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| frame_size | Requested total size of the (logical) packet in bytes If the requested frame_size is too small (given the payload and traceflow metadata requirement of 16 bytes), the traceflow request will fail with an appropriate message. The frame will be zero padded to the requested size. |
integer | Minimum: 60 Maximum: 1000 Default: "128" |
| payload | RFC3548 compatible base64 encoded full payload Up to 1000 bytes of payload may be supplied (with a base64-encoded length of 1336 bytes.) Additional bytes of traceflow metadata will be appended to the payload. The payload must contain all headers (Ethernet, IP, etc). Note that VLAN is not supported in the logical space. Hence, payload must not contain 802.1Q headers. |
string | Maximum length: 1336 |
| resource_type | Must be set to the value BinaryPacketData | string | Required Enum: BinaryPacketData, FieldsPacketData Default: "FieldsPacketData" |
| routed | Awareness of logical routing When this flag is set, traceflow packet will have its destination overwritten as the gateway address of the logical router to which the source logical switch is connected. More specifically: - For ARP request, the target IP will be overwritten as gateway IP if the target IP is not in the same subnet of gateway. - For ARP response, the target IP and destination MAC will be overwritten as gateway IP/MAC respectively, if the target IP is not in the same subnet of gateway. - For IP packet, the destination MAC will be overwritten as gateway MAC. |
boolean | |
| transport_type | Transport type of the traceflow packet This type takes effect only for IP packet. |
string | Enum: BROADCAST, UNICAST, MULTICAST, UNKNOWN Default: "UNICAST" |
BridgeEndpointStatistics (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| endpoint_id | The id of the bridge endpoint | string | Required Readonly |
| last_update_timestamp | Timestamp when the data was last updated; unset if data source has never updated the data. | EpochMsTimestamp | Readonly |
| rx_bytes | DataCounter | Readonly | |
| rx_packets | DataCounter | Readonly | |
| tx_bytes | DataCounter | Readonly | |
| tx_packets | DataCounter | Readonly |
BridgeEndpointStatus (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| active_nodes | The Ids of the transport nodes which actively serve the endpoint. | array of string | Readonly |
| endpoint_id | The id of the bridge endpoint | string | Required Readonly |
| last_update_timestamp | Timestamp when the data was last updated; unset if data source has never updated the data. | EpochMsTimestamp | Readonly |
BridgeProfileConfig (schema)
Bridge Profile Configuration
configuration parameters for Bridge Profile
| Name | Description | Type | Notes |
|---|---|---|---|
| bridge_profile_path | Policy path to L2 Bridge profile Same bridge profile can be configured on different segments. Each bridge profile on a segment must unique. |
string | Required |
| uplink_teaming_policy_name | Uplink Teaming Policy Name The name of the switching uplink teaming policy for the bridge endpoint. This name corresponds to one fot he switching uplink teaming policy names listed in teh transport zone. When this property is not specified, the teaming policy is assigned by MP. |
string | |
| vlan_ids | VLAN IDs VLAN specification for bridge endpoint. Either VLAN ID or VLAN ranges can be specified. Not both. |
array of string | |
| vlan_transport_zone_path | Policy path to VLAN Transport Zone VLAN transport zone should belong to the enforcment-point as the transport zone specified in the segment. |
string | Required |
BridgeProfileRequestParameters (schema)
Bridge profile request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| bridge_profile_path | Bridge profile path Policy path of Bridge profile using which a bridge end point was created. |
string | Required |
| enforcement_point_path | String Path of the enforcement point Enforcement point path. |
string |
ByodPolicyServiceInstance (schema)
Represents instance of self wiring partner's service
Represents an instance of partner's service whose wiring will be done by partner itself.
As partner does all the wiring, we call it as Byod - Bring your own device.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| deployment_mode | Deployment Mode Deployment mode specifies how the partner appliance will be deployed i.e. in HA or standalone mode. |
string | Enum: STAND_ALONE, ACTIVE_STANDBY Default: "ACTIVE_STANDBY" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| partner_service_name | Name of Partner Service Unique name of Partner Service in the Marketplace |
string | Required |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ByodPolicyServiceInstance | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| transport_type | Transport Type Transport to be used while deploying Service-VM. |
string | Enum: L2_BRIDGE, L3_ROUTED Default: "L2_BRIDGE" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
CCPUpgradeStatus (schema)
Status of CCP upgrade
| Name | Description | Type | Notes |
|---|---|---|---|
| can_rollback | Can perform rollback This field indicates whether we can perform upgrade rollback. |
boolean | Readonly |
| can_skip | Can the upgrade of the remaining units in this component be skipped | boolean | Readonly |
| component_type | Component type for the upgrade status | string | Readonly |
| current_version_node_summary | Mapping of current versions of nodes and counts of nodes at the respective versions. | NodeSummaryList | Readonly |
| details | Details about the upgrade status | string | Readonly |
| node_count_at_target_version | Count of nodes at target component version Number of nodes of the type and at the component version |
int | Readonly |
| percent_complete | Indicator of upgrade progress in percentage | number | Required Readonly |
| pre_upgrade_status | Pre-upgrade status of the component-type | UpgradeChecksExecutionStatus | Readonly |
| status | Upgrade status of component | string | Required Readonly Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED |
| target_component_version | Target component version | string | Readonly |
CNSGroupAssociationRequestParams (schema)
List request parameters containing Cloud Native Service external ID and enforcement point path
List request parameters containing Cloud Native service external ID and enforcement point path
| Name | Description | Type | Notes |
|---|---|---|---|
| cns_external_id | Cloud Native Service external ID | string | Required |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| enforcement_point_path | String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F. |
string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
CaBundle (schema)
CA certificates bundle
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| certificates | X509Certificates in the bundle | array of X509Certificate | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| earliest_not_after | The earliest time in epoch milliseconds at which a certificate becomes invalid. | EpochMsTimestamp | Readonly |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| not_after_list | Times for each certificate in the bundle at which the certificate becomes invalid. | array of EpochMsTimestamp | Readonly |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| pem_encoded | PEM-encoded CA bundle certificates. | string | Required |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value CaBundle | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
CaBundleListResult (schema)
CA Bundle query result
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | CA bundles list. | array of CaBundle | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
CdpStatusType (schema)
Status types supported of the CrlDistributionPoint
| Name | Description | Type | Notes |
|---|---|---|---|
| CdpStatusType | Status types supported of the CrlDistributionPoint | string | Enum: NOT_READY, FETCHING, READY, ERROR |
CentralConfigProperties (schema)
Central Config properties
| Name | Description | Type | Notes |
|---|---|---|---|
| local_override | Override Central Config | boolean | Required |
Certificate (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| details | List of X509Certificates. | array of X509Certificate | Readonly |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| has_private_key | Whether we have the private key for this certificate. | boolean | Required Readonly Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| leaf_certificate_sha_256_thumbprint | Certificate thumbprint Unique SHA-256 thumbprint of the leaf node certificate. |
string | Readonly |
| pem_encoded | PEM encoded certificate data. | string | Required |
| purpose | Purpose of this certificate. Can be empty or set to "signing-ca". | string | Enum: signing-ca |
| resource_type | Must be set to the value Certificate | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| used_by | List of node IDs with services, that are using this certificate. | array of NodeIdServicesMap | Readonly |
CertificateCheckingStatus (schema)
Result of checking a certificate
| Name | Description | Type | Notes |
|---|---|---|---|
| error_message | Error Message Error message when checking the certificate. |
string | Readonly |
| status | Status Status of the checked certificate. |
CertificateCheckingStatusType | Required Readonly |
CertificateCheckingStatusType (schema)
Status types returned when checking a certificate
| Name | Description | Type | Notes |
|---|---|---|---|
| CertificateCheckingStatusType | Status types returned when checking a certificate | string | Enum: OK, CRL_NOT_READY, REJECTED, ERROR |
CertificateId (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| certificate_id | Certificate ID | string | Required Readonly |
CertificateList (schema)
Certificate queries result
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Certificate list. | array of Certificate | Required Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
CertificateProfile (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cluster_certificate | Cluster Certificate True if this is for a cluster certificate |
boolean | Required Readonly |
| extended_key_usage | Extended Key Usage Indicating whether this certificate is used for server-auth, client-auth or both. |
array of CertificateUsageType | Required Readonly |
| node_type | Node Type List of types of node this certificate applies to. |
array of NodeType | Required Readonly |
| profile_name | Certificate Profile Name | string | Required Readonly |
| service_type | Unique Service Type | ServiceType | Required Readonly |
| unique_use | Unique Use True if the certificate used for this service-type cannot be used anywhere else. |
boolean | Required Readonly |
CertificateProfileListResult (schema)
CertificateProfile query result
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | CertificateProfile list. | array of CertificateProfile | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
CertificateUsageType (schema)
Usage Type of the Certificate, SERVER or CLIENT. Default is SERVER
| Name | Description | Type | Notes |
|---|---|---|---|
| CertificateUsageType | Usage Type of the Certificate, SERVER or CLIENT. Default is SERVER | string | Enum: SERVER, CLIENT |
ChildALBAlertScriptConfig (schema)
Wrapper object for ChildALBAlertScriptConfig
Child wrapper for ALBAlertScriptConfig, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBAlertScriptConfig | ChildALBAlertScriptConfig Contains the actual ALBAlertScriptConfig object. |
ALBAlertScriptConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBAlertScriptConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBAnalyticsProfile (schema)
Wrapper object for ChildALBAnalyticsProfile
Child wrapper for ALBAnalyticsProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBAnalyticsProfile | ChildALBAnalyticsProfile Contains the actual ALBAnalyticsProfile object. |
ALBAnalyticsProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBAnalyticsProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBApplicationPersistenceProfile (schema)
Wrapper object for ChildALBApplicationPersistenceProfile
Child wrapper for ALBApplicationPersistenceProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBApplicationPersistenceProfile | ChildALBApplicationPersistenceProfile Contains the actual ALBApplicationPersistenceProfile object. |
ALBApplicationPersistenceProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBApplicationPersistenceProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBApplicationProfile (schema)
Wrapper object for ChildALBApplicationProfile
Child wrapper for ALBApplicationProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBApplicationProfile | ChildALBApplicationProfile Contains the actual ALBApplicationProfile object. |
ALBApplicationProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBApplicationProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBAuthProfile (schema)
Wrapper object for ChildALBAuthProfile
Child wrapper for ALBAuthProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBAuthProfile | ChildALBAuthProfile Contains the actual ALBAuthProfile object. |
ALBAuthProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBAuthProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBAutoScaleLaunchConfig (schema)
Wrapper object for ChildALBAutoScaleLaunchConfig
Child wrapper for ALBAutoScaleLaunchConfig, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBAutoScaleLaunchConfig | ChildALBAutoScaleLaunchConfig Contains the actual ALBAutoScaleLaunchConfig object. |
ALBAutoScaleLaunchConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBAutoScaleLaunchConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBCertificateManagementProfile (schema)
Wrapper object for ChildALBCertificateManagementProfile
Child wrapper for ALBCertificateManagementProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBCertificateManagementProfile | ChildALBCertificateManagementProfile Contains the actual ALBCertificateManagementProfile object. |
ALBCertificateManagementProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBCertificateManagementProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBDnsPolicy (schema)
Wrapper object for ChildALBDnsPolicy
Child wrapper for ALBDnsPolicy, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBDnsPolicy | ChildALBDnsPolicy Contains the actual ALBDnsPolicy object. |
ALBDnsPolicy | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBDnsPolicy | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBErrorPageBody (schema)
Wrapper object for ChildALBErrorPageBody
Child wrapper for ALBErrorPageBody, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBErrorPageBody | ChildALBErrorPageBody Contains the actual ALBErrorPageBody object. |
ALBErrorPageBody | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBErrorPageBody | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBErrorPageProfile (schema)
Wrapper object for ChildALBErrorPageProfile
Child wrapper for ALBErrorPageProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBErrorPageProfile | ChildALBErrorPageProfile Contains the actual ALBErrorPageProfile object. |
ALBErrorPageProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBErrorPageProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBHTTPPolicySet (schema)
Wrapper object for ChildALBHTTPPolicySet
Child wrapper for ALBHTTPPolicySet, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBHTTPPolicySet | ChildALBHTTPPolicySet Contains the actual ALBHTTPPolicySet object. |
ALBHTTPPolicySet | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBHTTPPolicySet | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBHardwareSecurityModuleGroup (schema)
Wrapper object for ChildALBHardwareSecurityModuleGroup
Child wrapper for ALBHardwareSecurityModuleGroup, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBHardwareSecurityModuleGroup | ChildALBHardwareSecurityModuleGroup Contains the actual ALBHardwareSecurityModuleGroup object. |
ALBHardwareSecurityModuleGroup | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBHardwareSecurityModuleGroup | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBHealthMonitor (schema)
Wrapper object for ChildALBHealthMonitor
Child wrapper for ALBHealthMonitor, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBHealthMonitor | ChildALBHealthMonitor Contains the actual ALBHealthMonitor object. |
ALBHealthMonitor | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBHealthMonitor | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBIpAddrGroup (schema)
Wrapper object for ChildALBIpAddrGroup
Child wrapper for ALBIpAddrGroup, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBIpAddrGroup | ChildALBIpAddrGroup Contains the actual ALBIpAddrGroup object. |
ALBIpAddrGroup | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBIpAddrGroup | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBL4PolicySet (schema)
Wrapper object for ChildALBL4PolicySet
Child wrapper for ALBL4PolicySet, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBL4PolicySet | ChildALBL4PolicySet Contains the actual ALBL4PolicySet object. |
ALBL4PolicySet | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBL4PolicySet | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBNetworkProfile (schema)
Wrapper object for ChildALBNetworkProfile
Child wrapper for ALBNetworkProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBNetworkProfile | ChildALBNetworkProfile Contains the actual ALBNetworkProfile object. |
ALBNetworkProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBNetworkProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBNetworkSecurityPolicy (schema)
Wrapper object for ChildALBNetworkSecurityPolicy
Child wrapper for ALBNetworkSecurityPolicy, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBNetworkSecurityPolicy | ChildALBNetworkSecurityPolicy Contains the actual ALBNetworkSecurityPolicy object. |
ALBNetworkSecurityPolicy | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBNetworkSecurityPolicy | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBPKIProfile (schema)
Wrapper object for ChildALBPKIProfile
Child wrapper for ALBPKIProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBPKIProfile | ChildALBPKIProfile Contains the actual ALBPKIProfile object. |
ALBPKIProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBPKIProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBPool (schema)
Wrapper object for ChildALBPool
Child wrapper for ALBPool, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBPool | ChildALBPool Contains the actual ALBPool object. |
ALBPool | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBPool | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBPoolGroup (schema)
Wrapper object for ChildALBPoolGroup
Child wrapper for ALBPoolGroup, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBPoolGroup | ChildALBPoolGroup Contains the actual ALBPoolGroup object. |
ALBPoolGroup | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBPoolGroup | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBPoolGroupDeploymentPolicy (schema)
Wrapper object for ChildALBPoolGroupDeploymentPolicy
Child wrapper for ALBPoolGroupDeploymentPolicy, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBPoolGroupDeploymentPolicy | ChildALBPoolGroupDeploymentPolicy Contains the actual ALBPoolGroupDeploymentPolicy object. |
ALBPoolGroupDeploymentPolicy | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBPoolGroupDeploymentPolicy | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBPriorityLabels (schema)
Wrapper object for ChildALBPriorityLabels
Child wrapper for ALBPriorityLabels, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBPriorityLabels | ChildALBPriorityLabels Contains the actual ALBPriorityLabels object. |
ALBPriorityLabels | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBPriorityLabels | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBProtocolParser (schema)
Wrapper object for ChildALBProtocolParser
Child wrapper for ALBProtocolParser, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBProtocolParser | ChildALBProtocolParser Contains the actual ALBProtocolParser object. |
ALBProtocolParser | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBProtocolParser | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBSSLKeyAndCertificate (schema)
Wrapper object for ChildALBSSLKeyAndCertificate
Child wrapper for ALBSSLKeyAndCertificate, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBSSLKeyAndCertificate | ChildALBSSLKeyAndCertificate Contains the actual ALBSSLKeyAndCertificate object. |
ALBSSLKeyAndCertificate | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBSSLKeyAndCertificate | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBSSLProfile (schema)
Wrapper object for ChildALBSSLProfile
Child wrapper for ALBSSLProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBSSLProfile | ChildALBSSLProfile Contains the actual ALBSSLProfile object. |
ALBSSLProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBSSLProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBSSOPolicy (schema)
Wrapper object for ChildALBSSOPolicy
Child wrapper for ALBSSOPolicy, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBSSOPolicy | ChildALBSSOPolicy Contains the actual ALBSSOPolicy object. |
ALBSSOPolicy | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBSSOPolicy | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBSecurityPolicy (schema)
Wrapper object for ChildALBSecurityPolicy
Child wrapper for ALBSecurityPolicy, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBSecurityPolicy | ChildALBSecurityPolicy Contains the actual ALBSecurityPolicy object. |
ALBSecurityPolicy | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBSecurityPolicy | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBServerAutoScalePolicy (schema)
Wrapper object for ChildALBServerAutoScalePolicy
Child wrapper for ALBServerAutoScalePolicy, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBServerAutoScalePolicy | ChildALBServerAutoScalePolicy Contains the actual ALBServerAutoScalePolicy object. |
ALBServerAutoScalePolicy | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBServerAutoScalePolicy | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBStringGroup (schema)
Wrapper object for ChildALBStringGroup
Child wrapper for ALBStringGroup, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBStringGroup | ChildALBStringGroup Contains the actual ALBStringGroup object. |
ALBStringGroup | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBStringGroup | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBTrafficCloneProfile (schema)
Wrapper object for ChildALBTrafficCloneProfile
Child wrapper for ALBTrafficCloneProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBTrafficCloneProfile | ChildALBTrafficCloneProfile Contains the actual ALBTrafficCloneProfile object. |
ALBTrafficCloneProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBTrafficCloneProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBVSDataScriptSet (schema)
Wrapper object for ChildALBVSDataScriptSet
Child wrapper for ALBVSDataScriptSet, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBVSDataScriptSet | ChildALBVSDataScriptSet Contains the actual ALBVSDataScriptSet object. |
ALBVSDataScriptSet | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBVSDataScriptSet | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBVirtualService (schema)
Wrapper object for ChildALBVirtualService
Child wrapper for ALBVirtualService, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBVirtualService | ChildALBVirtualService Contains the actual ALBVirtualService object. |
ALBVirtualService | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBVirtualService | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBVsVip (schema)
Wrapper object for ChildALBVsVip
Child wrapper for ALBVsVip, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBVsVip | ChildALBVsVip Contains the actual ALBVsVip object. |
ALBVsVip | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBVsVip | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBWafCRS (schema)
Wrapper object for ChildALBWafCRS
Child wrapper for ALBWafCRS, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBWafCRS | ChildALBWafCRS Contains the actual ALBWafCRS object. |
ALBWafCRS | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBWafCRS | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBWafPolicy (schema)
Wrapper object for ChildALBWafPolicy
Child wrapper for ALBWafPolicy, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBWafPolicy | ChildALBWafPolicy Contains the actual ALBWafPolicy object. |
ALBWafPolicy | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBWafPolicy | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBWafPolicyPSMGroup (schema)
Wrapper object for ChildALBWafPolicyPSMGroup
Child wrapper for ALBWafPolicyPSMGroup, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBWafPolicyPSMGroup | ChildALBWafPolicyPSMGroup Contains the actual ALBWafPolicyPSMGroup object. |
ALBWafPolicyPSMGroup | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBWafPolicyPSMGroup | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBWafProfile (schema)
Wrapper object for ChildALBWafProfile
Child wrapper for ALBWafProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBWafProfile | ChildALBWafProfile Contains the actual ALBWafProfile object. |
ALBWafProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBWafProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildALBWebhook (schema)
Wrapper object for ChildALBWebhook
Child wrapper for ALBWebhook, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ALBWebhook | ChildALBWebhook Contains the actual ALBWebhook object. |
ALBWebhook | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildALBWebhook | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildAntreaTraceflowConfig (schema)
Wrapper object for AnteaTraceflowConfig
Child wrapper for AntreaTraceflowConfig, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| TraceflowConfig | AntreaTraceflowConfig Contains the actual AntreaTraceflowConfig object. |
AntreaTraceflowConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildAntreaTraceflowConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildBfdProfile (schema)
Wrapper object for BfdProfile
Child wrapper for BfdProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| BfdProfile | Bfd Profile Contains the actual BfdProfile object. |
BfdProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildBfdProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildBgpNeighborConfig (schema)
Wrapper object for BgpNeighborConfig
Child wrapper object for BgpNeighborConfig, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| BgpNeighborConfig | BgpNeighborConfig Contains the actual BgpNeighborConfig object. |
BgpNeighborConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildBgpNeighborConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildBgpRoutingConfig (schema)
Wrapper object for BgpRoutingConfig
Child wrapper object for BgpRoutingConfig, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| BgpRoutingConfig | BgpRoutingConfig Contains the actual BgpRoutingConfig object. |
BgpRoutingConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildBgpRoutingConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildByodPolicyServiceInstance (schema)
Wrapper object for ByodPolicyServiceInstance
Child wrapper object for ByodPolicyServiceInstance used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ByodPolicyServiceInstance | ByodPolicyServiceInstance Contains actual ByodPolicyServiceInstance. |
ByodPolicyServiceInstance | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildByodPolicyServiceInstance | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildCaBundle (schema)
Child wrapper for CA certificates bundle, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| CaBundle | CaBundle Contains the actual CaBundle object. |
CaBundle | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildCaBundle | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildCommunicationEntry (schema) (Deprecated)
Wrapper object for CommunicationEntry
Child wrapper object for CommunicationEntry, used in hierarchical API This type is deprecated. Use the type ChildRule instead.
| Name | Description | Type | Notes |
|---|---|---|---|
| CommunicationEntry | CommunicationEntry Contains the actual CommunicationEntry object. |
CommunicationEntry | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildCommunicationEntry | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildCommunicationMap (schema) (Deprecated)
Wrapper object for CommunicationMap
Child wrapper object for CommunicationMap, used in hierarchical API This type is deprecated. Use the type ChildSecurityPolicy instead.
| Name | Description | Type | Notes |
|---|---|---|---|
| CommunicationMap | CommunicationMap Contains the actual CommunicationMap object. |
CommunicationMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildCommunicationMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildCommunityList (schema)
Wrapper object for CommunityList
Child wrapper object for CommunityList, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| CommunityList | CommunityList Contains the actual CommunityList object |
CommunityList | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildCommunityList | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildComputeClusterIdfwConfiguration (schema)
Wrapper object for ComputeClusterIdfwConfiguration
| Name | Description | Type | Notes |
|---|---|---|---|
| ComputeClusterIdfwConfiguration | ComputeClusterIdfwConfiguration Contains the actual compute cluster idfw configuration object. |
ComputeClusterIdfwConfiguration | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildComputeClusterIdfwConfiguration | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildConstraint (schema)
Wrapper object for Constraint
Child wrapper object for Constraint, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| Constraint | Constraint Contains the actual Constraint object |
Constraint | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildConstraint | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildDeploymentZone (schema) (Deprecated)
Wrapper object for DeploymentZone
Child wrapper object for DeploymentZone, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| DeploymentZone | DeploymentZone Contains the actual DeploymentZone object |
DeploymentZone | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildDeploymentZone | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildDfwFirewallConfiguration (schema) (Experimental)
Wrapper object for FirewallConfiguration
| Name | Description | Type | Notes |
|---|---|---|---|
| DfwFirewallConfiguration | Dfw Firewall Configuration Contains the actual dfw firewall configuration list object. |
DfwFirewallConfiguration | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildDfwFirewallConfiguration | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildDhcpRelayConfig (schema)
Wrapper object for DhcpRelayConfig
Child wrapper object for DhcpRelayConfig, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| DhcpRelayConfig | DhcpRelayConfig Contains the actual DhcpRelayConfig object |
DhcpRelayConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildDhcpRelayConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildDhcpServerConfig (schema)
Wrapper object for DhcpServerConfig
Child wrapper object for DhcpServerConfig, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| DhcpServerConfig | DhcpServerConfig Contains the actual DhcpServerConfig object |
DhcpServerConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildDhcpServerConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildDhcpStaticBindingConfig (schema)
Wrapper object for DhcpStaticBindingConfig
Child wrapper for DhcpStaticBindingConfig, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| DhcpStaticBindingConfig | DhcpStaticBindingConfig Contains the actual DhcpStaticBindingConfig object. |
DhcpStaticBindingConfig (Abstract type: pass one of the following concrete types) DhcpV4StaticBindingConfig DhcpV6StaticBindingConfig |
Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildDhcpStaticBindingConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildDnsSecurityProfile (schema)
Wrapper object for DnsSecurityProfile
Child wrapper object for DnsSecurityProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| DnsSecurityProfile | DnsSecurityProfile Contains the actual DnsSecurityProfile object |
DnsSecurityProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildDnsSecurityProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildDnsSecurityProfileBindingMap (schema)
Wrapper object for DnsSecurityProfileBindingMap
Child wrapper obejct for DnsSecurityProfileBindingMap used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| DnsSecurityProfileBindingMap | DnsSecurityProfileBindingMap Contains the actual DnsSecurityProfileBindingMap object |
DnsSecurityProfileBindingMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildDnsSecurityProfileBindingMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildDomain (schema)
Wrapper object for Domain
Child wrapper object for domain, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| Domain | Domain Contains the actual domain object. |
Domain | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildDomain | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildDomainDeploymentMap (schema)
Wrapper object for DomainDeploymentMap
Child wrapper object for DomainDeploymentMap, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| DomainDeploymentMap | DomainDeploymentMap Contains the actual DomainDeploymentMap object. |
DomainDeploymentMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildDomainDeploymentMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildEndpointPolicy (schema)
Wrapper object for Endpoint Policy
Child wrapper object for EndpointPolicy used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| EndpointPolicy | EndpointPolicy Contains actual EndpointPolicy. |
EndpointPolicy | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildEndpointPolicy | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildEndpointRule (schema)
Wrapper object for Endpoint Rule
Child wrapper object for EndpointRule used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| EndpointRule | EndpointRule Contains actual EndpointRule. |
EndpointRule | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildEndpointRule | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildEnforcementPoint (schema)
Wrapper object for EnforcementPoint
Child wrapper object for EnforcementPoint, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| EnforcementPoint | EnforcementPoint Contains the actual Enforcement point object. |
EnforcementPoint | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildEnforcementPoint | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildEvpnConfig (schema)
Wrapper object for EvpnConfig
Child wrapper object for EvpnConfig, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| EvpnConfig | EvpnConfig Contains the actual EvpnConfig object. |
EvpnConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildEvpnConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildEvpnTunnelEndpointConfig (schema)
Wrapper object for EvpnTunnelEndpointConfig
Child wrapper object for EvpnTunnelEndpointConfig, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| EvpnTunnelEndpointConfig | EvpnTunnelEndpointConfig Contains the actual EvpnTunnelEndpointConfig object. |
EvpnTunnelEndpointConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildEvpnTunnelEndpointConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildFloodProtectionProfile (schema)
Wrapper object for FloodProtectionProfile
Child wrapper object for FloodProtectionProfile,
used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| FloodProtectionProfile | FloodProtectionProfile Contains the actual FloodProtectionProfile object |
FloodProtectionProfile (Abstract type: pass one of the following concrete types) DistributedFloodProtectionProfile GatewayFloodProtectionProfile |
Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildFloodProtectionProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildFloodProtectionProfileBindingMap (schema)
Wrapper object for FloodProtectionProfileBindingMap
Child wrapper object for FloodProtectionProfileBindingMap,
used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| FloodProtectionProfileBindingMap | FloodProtectionProfileBindingMap Contains the actual FloodProtectionProfileBindingMap object |
FloodProtectionProfileBindingMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildFloodProtectionProfileBindingMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildForwardingPolicy (schema)
Wrapper object for children of type ForwardingPolicy
Child wrapper object for ForwardingPolicy used in Hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ForwardingPolicy | ForwardingPolicy Contains actual ForwardingPolicy. |
ForwardingPolicy | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildForwardingPolicy | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildForwardingRule (schema)
Wrapper object for ForwardingRule
Child wrapper object for ForwardingRule used in Hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ForwardingRule | ForwardingRule Contains actual ForwardingRule. |
ForwardingRule | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildForwardingRule | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildFqdnAnalysisConfig (schema)
Wrapper object for FqdnAnalysisConfig
Child wrapper object for FqdnAnalysisConfig, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| FqdnAnalysisConfig | FQDN Analysis Config Contains the actual FqdnAnalysisConfig object |
FqdnAnalysisConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildFqdnAnalysisConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildGatewayPolicy (schema)
Wrapper object for GatewayPolicy
Child wrapper object for GatewayPolicy, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| GatewayPolicy | GatewayPolicy Contains the actual GatewayPolicy object |
GatewayPolicy | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildGatewayPolicy | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildGatewayQosProfile (schema)
Wrapper object for GatewayQosProfile
Child wrapper for GatewayQosProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| QosProfile | GatewayQosProfile Contains the actual GatewayQosProfile object. |
GatewayQosProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildGatewayQosProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildGeneralSecurityProfile (schema)
Wrapper object for GeneralSecurityProfile
Child wrapper object for GeneralSecurityProfile,
used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| GeneralSecurityProfile | GeneralSecurityProfile Contains the actual GeneralSecurityProfile object |
GeneralSecurityProfile (Abstract type: pass one of the following concrete types) GatewayGeneralSecurityProfile |
Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildGeneralSecurityProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildGeneralSecurityProfileBindingMap (schema)
Wrapper object for GeneralSecurityProfileBindingMap
Child wrapper object for GeneralSecurityProfileBindingMap,
used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| GeneralSecurityProfileBindingMap | GeneralSecurityProfileBindingMap Contains the actual GeneralSecurityProfileBindingMap object |
GeneralSecurityProfileBindingMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildGeneralSecurityProfileBindingMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildGlobalConfig (schema)
Wrapper object for GlobalConfig
Child wrapper object for GlobalConfig, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| GlobalConfig | GlobalConfig Contains the actual GlobalConfig object. |
GlobalConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildGlobalConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildGlobalDfwConfiguration (schema) (Experimental)
Wrapper object for GlobalDfwConfiguration
| Name | Description | Type | Notes |
|---|---|---|---|
| GlobalDfwConfiguration | Global distributed firewall configuration Contains the actual global distributed firewall configuration object. |
GlobalDfwConfiguration | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildGlobalDfwConfiguration | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildGlobalIdsSettings (schema)
Wrapper object for GlobalIdsSettings
Child wrapper object for GlobalIdsSettings, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| GlobalIdsSettings | GlobalIdsSettings Contains the GlobalIdsSettings object |
GlobalIdsSettings | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildGlobalIdsSettings | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildGlobalIdsSignature (schema)
Wrapper object for GlobalIdsSignature
Child wrapper object for GlobalIdsSignature, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| GlobalIdsSignature | GlobalIdsSignature Contains the GlobalIdsSignature object |
GlobalIdsSignature | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildGlobalIdsSignature | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildGlobalManager (schema)
Wrapper object for Global Manager
Child wrapper object for Global Manager, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| GlobalManager | GlobalManager Contains the actual Global Manager object. |
GlobalManager | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildGlobalManager | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildGroup (schema)
Wrapper object for Group
Child wrapper object for group, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| Group | Group Contains the actual group objects. |
Group | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildGroup | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildGroupDiscoveryProfileBindingMap (schema)
Wrapper object for GroupDiscoveryProfileBindingMap
Child wrapper obejct for GroupDiscoveryProfileBindingMap used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| GroupDiscoveryProfileBindingMap | GroupDiscoveryProfileBindingMap Contains the actual GroupDiscoveryProfileBindingMap object |
GroupDiscoveryProfileBindingMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildGroupDiscoveryProfileBindingMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildGroupMonitoringProfileBindingMap (schema)
Wrapper object for GroupMonitoringProfileBindingMap
Child wrapper object for GroupMonitoringProfileBindingMap, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| GroupMonitoringProfileBindingMap | GroupMonitoringProfileBindingMap Contains the actual GroupMonitoringProfileBindingMap object |
GroupMonitoringProfileBindingMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildGroupMonitoringProfileBindingMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIPDiscoveryProfile (schema)
Wrapper object for IPDiscoveryProfile
Child wrapper object for IPDiscoveryProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IPDiscoveryProfile | IPDiscoveryProfile Contains the actual IPDiscoveryProfile object |
IPDiscoveryProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIPDiscoveryProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIPFIXDFWCollectorProfile (schema)
Wrapper object for IPFIXDFWCollectorProfile
Child wrapper object for IPFIXDFWCollectorProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IPFIXDFWCollectorProfile | IPFIXDFWCollectorProfile Contains the actual IPFIXDFWCollectorProfile object |
IPFIXDFWCollectorProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIPFIXDFWCollectorProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIPFIXDFWProfile (schema)
Wrapper object for IPFIXDFWProfile
Child wrapper object for IPFIXDFWProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IPFIXDFWProfile | IPFIXDFWProfile Contains the actual IPFIXDFWProfile object |
IPFIXDFWProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIPFIXDFWProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIPFIXL2CollectorProfile (schema)
Wrapper object for IPFIXL2CollectorProfile
Child wrapper object for IPFIXL2CollectorProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IPFIXL2CollectorProfile | IPFIXL2CollectorProfile Contains the actual IPFIXL2CollectorProfile object |
IPFIXL2CollectorProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIPFIXL2CollectorProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIPFIXL2Profile (schema)
Wrapper object for IPFIXL2Profile
Child wrapper object for IPFIXL2Profile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IPFIXL2Profile | IPFIXL2Profile Contains the actual IPFIXL2Profile object |
IPFIXL2Profile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIPFIXL2Profile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIPSecVpnDpdProfile (schema)
Wrapper object for IPSecVpnDpdProfile
Child wrapper object for IPSecVpnDpdProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| IPSecVpnDpdProfile | IPSecVpnDpdProfile Contains the actual IPSecVpnDpdProfile object. |
IPSecVpnDpdProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIPSecVpnDpdProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIPSecVpnIkeProfile (schema)
Wrapper object for IPSecVpnIkeProfile
Child wrapper object for IPSecVpnIkeProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| IPSecVpnIkeProfile | IPSecVpnIkeProfile Contains the actual IPSecVpnIkeProfile object. |
IPSecVpnIkeProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIPSecVpnIkeProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIPSecVpnLocalEndpoint (schema)
Wrapper object for IPSecVpnLocalEndpoint
Child wrapper object for IPSecVpnLocalEndpoint, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| IPSecVpnLocalEndpoint | IPSecVpnLocalEndpoint Contains the actual IPSecVpnLocalEndpoint object. |
IPSecVpnLocalEndpoint | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIPSecVpnLocalEndpoint | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIPSecVpnService (schema)
Wrapper object for IPSecVpnService
Child wrapper object for IPSecVpnService, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| IPSecVpnService | IPSecVpnService Contains the actual IPSecVpnService object. |
IPSecVpnService | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIPSecVpnService | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIPSecVpnSession (schema)
Wrapper object for IPSecVpnSession
Child wrapper object for IPSecVpnSession, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| IPSecVpnSession | IPSecVpnSession Contains the actual IPSecVpnSession object. |
IPSecVpnSession (Abstract type: pass one of the following concrete types) PolicyBasedIPSecVpnSession RouteBasedIPSecVpnSession |
Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIPSecVpnSession | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIPSecVpnTunnelProfile (schema)
Wrapper object for IPSecVpnTunnelProfile
Child wrapper object for IPSecVpnTunnelProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| IPSecVpnTunnelProfile | IPSecVpnTunnelProfile Contains the actual IPSecVpnTunnelProfile object |
IPSecVpnTunnelProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIPSecVpnTunnelProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIdentityFirewallStore (schema)
Wrapper object for IdentityFirewallStore
Child wrapper for IdentityFirewallStore, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| IdentityFirewallStore | IdentityFirewallStore Contains the actual IdentityFirewallStore object. |
IdentityFirewallStore (Abstract type: pass one of the following concrete types) IdentityFirewallAdStore |
Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIdentityFirewallStore | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIdsClusterConfig (schema)
Wrapper object for IdsClusterConfig
Child wrapper object for IdsClusterConfig, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IdsClusterConfig | IdsClusterConfig Contains the IdsClusterConfig object |
IdsClusterConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIdsClusterConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIdsGatewayPolicy (schema)
Wrapper object for IdsGatewayPolicy
Child wrapper object for IdsGatewayPolicy, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IdsGatewayPolicy | IdsGatewayPolicy Contains the IdsGatewayPolicy object |
IdsGatewayPolicy | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIdsGatewayPolicy | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIdsGlobalEventConfig (schema)
Wrapper object for IdsGlobalEventConfig
Child wrapper object for IdsGlobalEventConfig, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IdsGlobalEventConfig | IdsGlobalEventConfig Contains the IdsGlobalEventConfig object |
IdsGlobalEventConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIdsGlobalEventConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIdsProfile (schema)
Wrapper object for IdsProfile
Child wrapper object for IdsProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IdsProfile | IdsProfile Contains the IdsProfile object |
IdsProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIdsProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIdsRule (schema)
Wrapper object for IdsRule
Child wrapper object for IdsRule, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IdsRule | IdsRule Contains the IdsRule object |
IdsRule | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIdsRule | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIdsSecurityPolicy (schema)
Wrapper object for IdsSecurityPolicy
Child wrapper object for IdsSecurityPolicy, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IdsSecurityPolicy | IdsSecurityPolicy Contains the IdsSecurityPolicy object |
IdsSecurityPolicy | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIdsSecurityPolicy | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIdsSettings (schema)
Wrapper object for IdsSettings
Child wrapper object for IdsSettings, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IdsSettings | IdsSettings Contains the IdsSettings object |
IdsSettings | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIdsSettings | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIdsSignature (schema)
Wrapper object for IdsSignature
Child wrapper object for IdsSignature, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IdsSignature | IdsSignature Contains the IdsSignature object |
IdsSignature | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIdsSignature | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIdsSignatureStatus (schema)
Wrapper object for IdsSignatureStatus
Child wrapper object for IdsSignatureStatus, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IdsSignatureStatus | IdsSignatureStatus Contains the IdsSignatureStatus object |
IdsSignatureStatus | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIdsSignatureStatus | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIdsSignatureVersion (schema)
Wrapper object for IdsSignatureVersion
Child wrapper object for IdsSignatureVersion, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IdsSignatureVersion | IdsSignatureVersion Contains the IdsSignatureVersion object |
IdsSignatureVersion | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIdsSignatureVersion | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIdsStandaloneHostConfig (schema)
Wrapper object for IdsStandaloneHostConfig
Child wrapper object for IdsStandaloneHostConfig, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IdsStandaloneHostConfig | IdsStandaloneHostConfig Contains the IdsStandaloneHostConfig object |
IdsStandaloneHostConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIdsStandaloneHostConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildInfra (schema)
Wrapper object for Infra
Child wrapper object for Infra, used in multi-tenancy hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| Infra | Infra Contains the actual Infra object |
Infra | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildInfra | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIpAddressAllocation (schema)
Wrapper object for IpAddressAllocation
Child wrapper object for IpAddressAllocation, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IpAddressAllocation | IpAddressAllocation Contains the actual IpAddressAllocation object |
IpAddressAllocation | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIpAddressAllocation | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIpAddressBlock (schema)
Wrapper object for IpAddressBlock
Child wrapper object for IpAddressBlock, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IpAddressBlock | IpAddressBlock Contains the actual IpAddressBlock object |
IpAddressBlock | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIpAddressBlock | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIpAddressPool (schema)
Wrapper object for IpAddressPool
Child wrapper object for IpAddressPool, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IpAddressPool | IpAddressPool Contains the actual IpAddressPool object |
IpAddressPool | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIpAddressPool | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIpAddressPoolSubnet (schema)
Wrapper object for IpAddressPoolSubnet
Child wrapper object for IpAddressPoolSubnet, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| IpAddressPoolSubnet | IpAddressPoolSubnet Contains the actual IpAddressPoolSubnet object |
IpAddressPoolSubnet (Abstract type: pass one of the following concrete types) IpAddressPoolBlockSubnet IpAddressPoolStaticSubnet |
Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIpAddressPoolSubnet | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIpv6DadProfile (schema)
Wrapper object for Ipv6DadProfile
Child wrapper object for Ipv6DadProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| Ipv6DadProfile | Ipv6DadProfile Contains the actual Ipv6DadProfile objects |
Ipv6DadProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIpv6DadProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildIpv6NdraProfile (schema)
Wrapper object for Ipv6NdraProfile
Child wrapper object for Ipv6NdraProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| Ipv6NdraProfile | Ipv6NdraProfile Contains the actual Ipv6NdraProfile objects |
Ipv6NdraProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildIpv6NdraProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildL2BridgeEndpointProfile (schema)
Wrapper object for L2BridgeEndpointProfile
Child wrapper object for L2BridgeEndpointProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| L2BridgeEndpointProfile | L2BridgeEndpointProfile Contains the actual L2BridgeEndpointProfile object |
L2BridgeEndpointProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildL2BridgeEndpointProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildL2VPNService (schema)
Wrapper object for L2VPNService
Child wrapper object for L2VPNService, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| L2VPNService | L2VPNService Contains the actual L2VPNService object. |
L2VPNService | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildL2VPNService | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildL2VPNSession (schema)
Wrapper object for L2VPNSession
Child wrapper object for L2VPNSession, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| L2VPNSession | L2VPNSession Contains the actual L2VPNSession object. |
L2VPNSession | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildL2VPNSession | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildL2Vpn (schema) (Deprecated)
Wrapper object for L2Vpn
Child wrapper object for L2Vpn, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| L2Vpn | L2Vpn Contains the actual L2Vpn object. |
L2Vpn | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildL2Vpn | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildL2VpnContext (schema) (Deprecated)
Wrapper object for L2VpnContext
Child wrapper object for L2VpnContext, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| L2VpnContext | L2VpnContext Contains the actual L2VpnContext object. |
L2VpnContext | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildL2VpnContext | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildL3Vpn (schema) (Deprecated)
Wrapper object for L3Vpn
Child wrapper object for L3Vpn, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| L3Vpn | L3Vpn Contains the actual L3Vpn object. |
L3Vpn | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildL3Vpn | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildL3VpnContext (schema) (Deprecated)
Wrapper object for L3VpnContext
Child wrapper object for L3VpnContext, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| L3VpnContext | L3VpnContext Contains the actual L3VpnContext object. |
L3VpnContext | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildL3VpnContext | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildL7AccessEntry (schema)
Wrapper object for L7 Access Entry
Child wrapper object for L7 Access Entry, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| L7AccessEntry | L7 Access Entry Contains the actual L7 access entry object |
L7AccessEntry | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildL7AccessEntry | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildL7AccessProfile (schema)
Wrapper object for L7 Access Profile
Child wrapper object for L7 Access Profile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| L7AccessProfile | L7 access profile Contains the actual L7 access profile object |
L7AccessProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildL7AccessProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildLBAppProfile (schema)
Wrapper object for LBAppProfile
Child wrapper for LBAppProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBAppProfile | LBAppProfile Contains the actual LBAppProfile object. |
LBAppProfile (Abstract type: pass one of the following concrete types) LBFastTcpProfile LBFastUdpProfile LBHttpProfile |
Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildLBAppProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildLBClientSslProfile (schema) (Deprecated)
Wrapper object for LBClientSslProfile
Child wrapper for LBClientSslProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBClientSslProfile | LBClientSslProfile Contains the actual LBClientSslProfile object. |
LBClientSslProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildLBClientSslProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildLBMonitorProfile (schema) (Deprecated)
Wrapper object for LBMonitorProfile
Child wrapper for LBMonitorProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBMonitorProfile | LBMonitorProfile Contains the actual LBMonitorProfile object. |
LBMonitorProfile (Abstract type: pass one of the following concrete types) LBActiveMonitor LBHttpMonitorProfile LBHttpsMonitorProfile LBIcmpMonitorProfile LBPassiveMonitorProfile LBTcpMonitorProfile LBUdpMonitorProfile |
Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildLBMonitorProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildLBPersistenceProfile (schema)
Wrapper object for LBPersistenceProfile
Child wrapper for LBPersistenceProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBPersistenceProfile | LBPersistenceProfile Contains the actual LBPersistenceProfile object. |
LBPersistenceProfile (Abstract type: pass one of the following concrete types) LBCookiePersistenceProfile LBGenericPersistenceProfile LBSourceIpPersistenceProfile |
Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildLBPersistenceProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildLBPool (schema)
Wrapper object for LBPool
Child wrapper for LBPool, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBPool | LBPool Contains the actual LBPool object. |
LBPool | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildLBPool | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildLBServerSslProfile (schema) (Deprecated)
Wrapper object for LBServerSslProfile
Child wrapper for LBServerSslProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBServerSslProfile | LBServerSslProfile Contains the actual LBServerSslProfile object. |
LBServerSslProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildLBServerSslProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildLBService (schema)
Wrapper object for LBService
Child wrapper for LBService, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBService | LBService Contains the actual LBService object. |
LBService | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildLBService | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildLBVirtualServer (schema)
Wrapper object for LBVirtualServer
Child wrapper for LBVirtualServer, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBVirtualServer | LBVirtualServer Contains the actual LBVirtualServer object. |
LBVirtualServer | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildLBVirtualServer | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildLiveTraceConfig (schema)
Wrapper object for LiveTraceConfig
Child wrapper for LiveTraceConfig for Hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| LiveTraceConfig | LiveTraceConfig The actual LiveTraceConfig object. |
LiveTraceConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildLiveTraceConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildLocaleServices (schema)
Wrapper object for LocaleServices
Child wrapper object for LocaleServices, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| LocaleServices | LocaleServices Contains the actual LocaleServices object |
LocaleServices | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildLocaleServices | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildMacDiscoveryProfile (schema)
Wrapper object for MacDiscoveryProfile
Child wrapper object for MacDiscoveryProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| MacDiscoveryProfile | MacDiscoveryProfile Contains the actual MacDiscoveryProfile object |
MacDiscoveryProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildMacDiscoveryProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildMalwarePreventionProfile (schema)
Wrapper object for MalwarePreventionProfile
Child wrapper object for MalwarePreventionProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| MalwarePreventionProfile | MalwarePreventionProfile Contains the MalwarePreventionProfile object |
MalwarePreventionProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildMalwarePreventionProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildMalwarePreventionSignature (schema)
Wrapper object for MalwarePreventionSignature
Child wrapper object for MalwarePreventionSignature, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| MalwarePreventionSignature | MalwarePreventionSignature Contains the MalwarePreventionSignature object |
MalwarePreventionSignature | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildMalwarePreventionSignature | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildMetadataProxyConfig (schema)
Wrapper object for MetadataProxyConfig
| Name | Description | Type | Notes |
|---|---|---|---|
| MetadataProxyConfig | MetadataProxyConfig Contains the actual MetadataProxyConfig object. |
MetadataProxyConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildMetadataProxyConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildOdsRunbookInvocation (schema)
Wrapper object for OdsRunbookInvocation
Child wrapper for OdsRunbookInvocation for Hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| OdsRunbookInvocation | OdsRunbookInvocation The actual OdsRunbookInvocation object. |
OdsRunbookInvocation | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildOdsRunbookInvocation | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildOdsRunbookInvocationArtifactBatchRequest (schema)
Wrapper object for OdsRunbookInvocationArtifactBatchRequest
Child wrapper for OdsRunbookInvocationArtifactBatchRequest for Hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| OdsRunbookInvocation | OdsRunbookInvocationArtifactBatchRequest The actual OdsRunbookInvocationArtifactBatchRequest object. |
OdsRunbookInvocationArtifactBatchRequest | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildOdsRunbookInvocationArtifactBatchRequest | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildOpsGlobalConfig (schema)
Wrapper object for OpsGlobalConfig
Child wrapper object for OpsGlobalConfig, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| GlobalConfig | OpsGlobalConfig Contains the actual OpsGlobalConfig object. |
OpsGlobalConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildOpsGlobalConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildOrg (schema)
Wrapper object for Org
Child wrapper object for Org, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| Org | Org Contains the actual Org object |
Org | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildOrg | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildOrgRoot (schema)
Wrapper object for OrgRoot
Child wrapper object for OrgRoot, used in multi-tenancy hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| OrgRoot | OrgRoot Contains the actual OrgRoot object |
OrgRoot | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildOrgRoot | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildOspfAreaConfig (schema)
Wrapper object for OSPF routing config
Child wrapper object for OspfAreaConfig used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| OspfAreaConfig | OspfAreaConfig Contains actual OspfAreaConfig. |
OspfAreaConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildOspfAreaConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildOspfRoutingConfig (schema)
Wrapper object for OSPF routing config
Child wrapper object for OspfRoutingConfig used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| OspfRoutingConfig | OspfRoutingConfig Contains actual OspfRoutingConfig. |
OspfRoutingConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildOspfRoutingConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyConfigResource (schema)
Represents the desired state object as child resource
Represents an object on the desired state
This is an abstract type. Concrete child types:
ChildALBAlertScriptConfig
ChildALBAnalyticsProfile
ChildALBApplicationPersistenceProfile
ChildALBApplicationProfile
ChildALBAuthProfile
ChildALBAutoScaleLaunchConfig
ChildALBCertificateManagementProfile
ChildALBDnsPolicy
ChildALBErrorPageBody
ChildALBErrorPageProfile
ChildALBHTTPPolicySet
ChildALBHardwareSecurityModuleGroup
ChildALBHealthMonitor
ChildALBIpAddrGroup
ChildALBL4PolicySet
ChildALBNetworkProfile
ChildALBNetworkSecurityPolicy
ChildALBPKIProfile
ChildALBPool
ChildALBPoolGroup
ChildALBPoolGroupDeploymentPolicy
ChildALBPriorityLabels
ChildALBProtocolParser
ChildALBSSLKeyAndCertificate
ChildALBSSLProfile
ChildALBSSOPolicy
ChildALBSecurityPolicy
ChildALBServerAutoScalePolicy
ChildALBStringGroup
ChildALBTrafficCloneProfile
ChildALBVSDataScriptSet
ChildALBVirtualService
ChildALBVsVip
ChildALBWafCRS
ChildALBWafPolicy
ChildALBWafPolicyPSMGroup
ChildALBWafProfile
ChildALBWebhook
ChildAntreaTraceflowConfig
ChildBfdProfile
ChildBgpNeighborConfig
ChildBgpRoutingConfig
ChildByodPolicyServiceInstance
ChildCaBundle
ChildCommunicationEntry
ChildCommunicationMap
ChildCommunityList
ChildComputeClusterIdfwConfiguration
ChildConstraint
ChildDeploymentZone
ChildDfwFirewallConfiguration
ChildDhcpRelayConfig
ChildDhcpServerConfig
ChildDhcpStaticBindingConfig
ChildDomain
ChildDomainDeploymentMap
ChildEndpointPolicy
ChildEndpointRule
ChildEnforcementPoint
ChildEvpnConfig
ChildEvpnTunnelEndpointConfig
ChildFloodProtectionProfile
ChildFloodProtectionProfileBindingMap
ChildForwardingPolicy
ChildForwardingRule
ChildFqdnAnalysisConfig
ChildGatewayPolicy
ChildGatewayQosProfile
ChildGeneralSecurityProfile
ChildGeneralSecurityProfileBindingMap
ChildGlobalDfwConfiguration
ChildGlobalIdsSettings
ChildGlobalIdsSignature
ChildGlobalManager
ChildGroup
ChildGroupMonitoringProfileBindingMap
ChildIPDiscoveryProfile
ChildIPFIXDFWCollectorProfile
ChildIPFIXDFWProfile
ChildIPFIXL2CollectorProfile
ChildIPFIXL2Profile
ChildIPSecVpnDpdProfile
ChildIPSecVpnIkeProfile
ChildIPSecVpnLocalEndpoint
ChildIPSecVpnService
ChildIPSecVpnSession
ChildIPSecVpnTunnelProfile
ChildIdentityFirewallStore
ChildIdsClusterConfig
ChildIdsGatewayPolicy
ChildIdsGlobalEventConfig
ChildIdsProfile
ChildIdsRule
ChildIdsSecurityPolicy
ChildIdsSettings
ChildIdsSignature
ChildIdsSignatureStatus
ChildIdsSignatureVersion
ChildIdsStandaloneHostConfig
ChildIpAddressAllocation
ChildIpAddressBlock
ChildIpAddressPool
ChildIpAddressPoolSubnet
ChildL2VPNService
ChildL2VPNSession
ChildL2Vpn
ChildL2VpnContext
ChildL3Vpn
ChildL3VpnContext
ChildL7AccessEntry
ChildL7AccessProfile
ChildLBAppProfile
ChildLBClientSslProfile
ChildLBMonitorProfile
ChildLBPersistenceProfile
ChildLBPool
ChildLBServerSslProfile
ChildLBService
ChildLBVirtualServer
ChildLiveTraceConfig
ChildLocaleServices
ChildMacDiscoveryProfile
ChildMalwarePreventionProfile
ChildMalwarePreventionSignature
ChildMetadataProxyConfig
ChildOdsRunbookInvocation
ChildOdsRunbookInvocationArtifactBatchRequest
ChildPolicyContextProfile
ChildPolicyDnsForwarder
ChildPolicyDnsForwarderZone
ChildPolicyEdgeCluster
ChildPolicyEdgeNode
ChildPolicyExcludeList
ChildPolicyFirewallIpReputationConfig
ChildPolicyFirewallScheduler
ChildPolicyFirewallSessionTimerProfile
ChildPolicyLabel
ChildPolicyLatencyStatProfile
ChildPolicyNat
ChildPolicyNatRule
ChildPolicySIExcludeList
ChildPolicyServiceChain
ChildPolicyServiceInstance
ChildPolicyServiceProfile
ChildPolicyTlsConfigProfile
ChildPolicyTransportZone
ChildPolicyTransportZoneProfile
ChildPolicyUrlCategorizationConfig
ChildPortDiscoveryProfileBindingMap
ChildPortMirroringProfile
ChildPortMonitoringProfileBindingMap
ChildPortQoSProfileBindingMap
ChildPortSecurityProfileBindingMap
ChildPrefixList
ChildQoSProfile
ChildRedirectionPolicy
ChildRedirectionRule
ChildRule
ChildSIStatusConfiguration
ChildSecurityFeatures
ChildSecurityPolicy
ChildSegment
ChildSegmentDiscoveryProfileBindingMap
ChildSegmentMonitoringProfileBindingMap
ChildSegmentPort
ChildSegmentQoSProfileBindingMap
ChildSegmentSecurityProfile
ChildSegmentSecurityProfileBindingMap
ChildService
ChildServiceEntry
ChildServiceInstanceEndpoint
ChildServiceInterface
ChildServiceReference
ChildServiceSegment
ChildSessionTimerProfileBindingMap
ChildShaDynamicPlugin
ChildShaPluginProfile
ChildShaPredefinedPlugin
ChildSite
ChildSpoofGuardProfile
ChildStandaloneHostIdfwConfiguration
ChildStaticARPConfig
ChildStaticMimeContent
ChildStaticRouteBfdPeer
ChildStaticRoutes
ChildTagBulkOperation
ChildTier0
ChildTier0DeploymentMap
ChildTier0Interface
ChildTier0InterfaceGroup
ChildTier0RouteMap
ChildTier0SecurityFeatures
ChildTier1
ChildTier1DeploymentMap
ChildTier1Interface
ChildTier1InterfaceGroup
ChildTlsCertificate
ChildTlsConfigProfileBindingMap
ChildTlsCrl
ChildTlsPolicy
ChildTlsProfile
ChildTlsRule
ChildTlsTrustData
ChildTraceflowConfig
ChildVMTagReplicationPolicy
ChildVirtualEndpoint
ChildVniPoolConfig
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyConfigResource | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyContextProfile (schema)
Wrapper object for PolicyContextProfile
Child wrapper object for PolicyContextProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyContextProfile | PolicyContextProfile Contains the actual PolicyContextProfile objects |
PolicyContextProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyContextProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyCustomAttributes (schema)
Wrapper object for PolicyCustomAttributes
Child wrapper object for PolicyCustomAttributes, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyCustomAttributes | PolicyCustomAttributes Contains the actual PolicyCustomAttributes objects |
PolicyCustomAttributes | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyCustomAttributes | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyDnsForwarder (schema)
Wrapper object for PolicyDnsForwarder
Child wrapper object for PolicyDnsForwarder, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyDnsForwarder | PolicyDnsForwarder Contains the actual PolicyDnsForwarder object |
PolicyDnsForwarder | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyDnsForwarder | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyDnsForwarderZone (schema)
Wrapper object for PolicyDnsForwarderZone
Child wrapper object for PolicyDnsForwarderZone, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyDnsForwarderZone | PolicyDnsForwarderZone Contains the actual PolicyDnsForwarderZone object |
PolicyDnsForwarderZone | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyDnsForwarderZone | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyEdgeCluster (schema)
Wrapper object for PolicyEdgeCluster
Child wrapper object for PolicyEdgeCluster, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyEdgeCluster | PolicyEdgeCluster Contains the actual PolicyEdgeCluster object. |
PolicyEdgeCluster | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyEdgeCluster | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyEdgeNode (schema)
Wrapper object for PolicyEdgeNode
Child wrapper object for PolicyEdgeNode, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyEdgeNode | PolicyEdgeNode Contains the actual PolicyEdgeNode object. |
PolicyEdgeNode | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyEdgeNode | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyExcludeList (schema)
Wrapper object for PolicyExcludeList
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyExcludeList | PolicyExcludeList Contains the actual policy exclude list object. |
PolicyExcludeList | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyExcludeList | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyFirewallCPUMemThresholdsProfileBindingMap (schema)
Wrapper object for PolicyFirewallCPUMemThresholdsProfileBindingMap
Child wrapper object for PolicyFirewallCPUMemThresholdsProfileBindingMap,
used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyFirewallCPUMemThresholdsProfileBindingMap | PolicyFirewallCPUMemThresholdsProfileBindingMap Contains the actual PolicyFirewallCPUMemThresholdsProfileBindingMap object. |
PolicyFirewallCPUMemThresholdsProfileBindingMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyFirewallCPUMemThresholdsProfileBindingMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyFirewallCpuMemThresholdsProfile (schema)
Wrapper object for PolicyFirewallCpuMemThresholdsProfile
Child wrapper object for PolicyFirewallCpuMemThresholdsProfile, used in
hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyFirewallCpuMemThresholdsProfile | PolicyFirewallCpuMemThresholdsProfile Contains the actual PolicyFirewallCpuMemThresholdsProfile object |
PolicyFirewallCpuMemThresholdsProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyFirewallCpuMemThresholdsProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyFirewallFloodProtectionProfileBindingMap (schema)
Wrapper object for PolicyFirewallFloodProtectionProfileBindingMap
Child wrapper object for PolicyFirewallFloodProtectionProfileBindingMap,
used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyFirewallFloodProtectionProfileBindingMap | PolicyFirewallFloodProtectionProfileBindingMap Contains the actual PolicyFirewallFloodProtectionProfileBindingMap object |
PolicyFirewallFloodProtectionProfileBindingMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyFirewallFloodProtectionProfileBindingMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyFirewallIpReputationConfig (schema)
Wrapper object for PolicyFirewallIpReputationConfig
Child wrapper object for PolicyFirewallIpReputationConfig, used
in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyFirewallIpReputationConfig | IP reputation config Contains the actual PolicyFirewallIpReputationConfig object. |
PolicyFirewallIpReputationConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyFirewallIpReputationConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyFirewallScheduler (schema)
Wrapper object for PolicyFirewallScheduler
Child wrapper object for PolicyFirewallScheduler, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyFirewallScheduler | PolicyFirewallScheduler Contains the actual PolicyFirewallScheduler objects |
PolicyFirewallScheduler | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyFirewallScheduler | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyFirewallSessionTimerProfile (schema)
Wrapper object for PolicyFirewallSessionTimerProfile
Child wrapper object for PolicyFirewallSessionTimerProfile,
used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyFirewallSessionTimerProfile | PolicyFirewallSessionTimerProfile Contains the actual PolicyFirewallSessionTimerProfile object |
PolicyFirewallSessionTimerProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyFirewallSessionTimerProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyFirewallSessionTimerProfileBindingMap (schema)
Wrapper object for PolicyFirewallSessionTimerProfileBindingMap
Child wrapper object for PolicyFirewallSessionTimerProfileBindingMap,
used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyFirewallSessionTimerProfileBindingMap | PolicyFirewallSessionTimerProfileBindingMap Contains the actual PolicyFirewallSessionTimerProfileBindingMap object |
PolicyFirewallSessionTimerProfileBindingMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyFirewallSessionTimerProfileBindingMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyIgmpProfile (schema)
Wrapper object for PolicyIgmpProfile
Child wrapper object for PolicyIgmpProfile used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyIgmpProfile | PolicyIgmpProfile Contains actual PolicyIgmpProfile. |
PolicyIgmpProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyIgmpProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyInterVrfRoutingConfig (schema)
Wrapper object for inter-vrf routing config
Child wrapper object for PolicyInterVrfRoutingConfig used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyInterVrfRoutingConfig | PolicyInterVrfRoutingConfig Contains actual PolicyInterVrfRoutingConfig. |
PolicyInterVrfRoutingConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyInterVrfRoutingConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyLabel (schema)
Wrapper object for PolicyLabel
Child wrapper object for PolicyLabel, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyLabel | PolicyLabel Contains the actual PolicyLabel object |
PolicyLabel | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyLabel | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyLatencyStatProfile (schema)
Wrapper object for PolicyLatencyStatProfile
Child wrapper object for PolicyLatencyStatProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyLatencyStatProfile | PolicyLatencyStatProfile Contains the actual PolicyLatencyStatProfile object |
PolicyLatencyStatProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyLatencyStatProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyMulticastConfig (schema)
Wrapper object for PolicyMulticastConfig
Child wrapper object for PolicyMulticastConfig used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyMulticastConfig | PolicyMulticastConfig Contains actual PolicyMulticastConfig. |
PolicyMulticastConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyMulticastConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyNat (schema)
Wrapper object for PolicyNat
Child wrapper object for PolicyNat, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyNat | PolicyNat Contains the actual PolicyNAT object |
PolicyNat | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyNat | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyNatRule (schema)
Wrapper object for PolicyNatRule
Child wrapper object for PolicyNatRule, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyNatRule | PolicyNatRule Contains the actual PolicyNatRule object |
PolicyNatRule | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyNatRule | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyPimProfile (schema)
Wrapper object for PolicyPimProfile
Child wrapper object for PolicyPimProfile used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyPimProfile | PolicyPimProfile Contains actual PolicyPimProfile. |
PolicyPimProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyPimProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicySIExcludeList (schema)
Wrapper object for PolicySIExcludeList
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicySIExcludeList | PolicySIExcludeList Contains the actual policy exclude list object. |
PolicySIExcludeList | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicySIExcludeList | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyServiceChain (schema)
Wrapper object for PolicyServiceChain
Child wrapper object for PolicyServiceInstance used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyServiceChain | PolicyServiceChain Contains actual PolicyServiceChain. |
PolicyServiceChain | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyServiceChain | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyServiceInstance (schema)
Wrapper object for PolicyServiceInstance
Child wrapper object for PolicyServiceInstance used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyServiceInstance | PolicyServiceInstance Contains actual PolicyServiceInstance. |
PolicyServiceInstance | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyServiceInstance | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyServiceProfile (schema)
Wrapper object for PolicyServiceProfile
Child wrapper object for PolicyServiceProfile used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyServiceProfile | PolicyServiceProfile Contains actual PolicyServiceProfile. |
PolicyServiceProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyServiceProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyTier1MulticastConfig (schema)
Wrapper object for PolicyTier1MulticastConfig
Child wrapper object for PolicyTier1MulticastConfig used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyTier1MulticastConfig | PolicyTier1MulticastConfig Contains actual PolicyTier1MulticastConfig. |
PolicyTier1MulticastConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyTier1MulticastConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyTlsConfigProfile (schema)
Wrapper object for PolicyTlsConfigProfile
Child wrapper object for PolicyTlsConfigProfile,
used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyTlsConfigProfile | PolicyTlsConfigProfile Contains the actual PolicyTlsConfigProfile object |
PolicyTlsConfigProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyTlsConfigProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyTransportZone (schema)
Wrapper object for PolicyTransportZone
Child wrapper object for PolicyTransportZone, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyTransportZone | PolicyTransportZone Contains the actual PolicyTransportZone object. |
PolicyTransportZone | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyTransportZone | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyTransportZoneProfile (schema)
Wrapper object for PolicyTransportZoneProfile
Child wrapper object for PolicyTransportZoneProfile, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyTransportZoneProfile | PolicyTransportZoneProfile Contains the actual PolicyTransportZoneProfile object. |
PolicyTransportZoneProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyTransportZoneProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPolicyUrlCategorizationConfig (schema)
Wrapper object for PolicyUrlCategorizationConfig
Child wrapper object for PolicyUrlCategorizationConfig, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyUrlCategorizationConfig | URL Categorization Config Contains the actual PolicyUrlCategorizationConfig object |
PolicyUrlCategorizationConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPolicyUrlCategorizationConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPortDiscoveryProfileBindingMap (schema)
Wrapper object for PortDiscoveryProfileBindingMap
Child wrapper object for PortDiscoveryProfileBindingMap, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PortDiscoveryProfileBindingMap | PortDiscoveryProfileBindingMap Contains the actual PortDiscoveryProfileBindingMap object |
PortDiscoveryProfileBindingMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPortDiscoveryProfileBindingMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPortMirroringProfile (schema)
Wrapper object for PortMirroringProfile
Child wrapper object for PortMirroringProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PortMirroringProfile | PortMirroringProfile Contains the actual PortMirroringProfile object |
PortMirroringProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPortMirroringProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPortMonitoringProfileBindingMap (schema)
Wrapper object for PortMonitoringProfileBindingMap
Child wrapper object for PortMonitoringProfileBindingMap, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PortMonitoringProfileBindingMap | PortMonitoringProfileBindingMap Contains the actual PortMonitoringProfileBindingMap object |
PortMonitoringProfileBindingMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPortMonitoringProfileBindingMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPortQoSProfileBindingMap (schema)
Wrapper object for PortQoSProfileBindingMap
Child wrapper object for PortQoSProfileBindingMap, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PortQoSProfileBindingMap | PortQoSProfileBindingMap Contains the actual PortQoSProfileBindingMap object |
PortQoSProfileBindingMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPortQoSProfileBindingMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPortSecurityProfileBindingMap (schema)
Wrapper object for PortSecurityProfileBindingMap
Child wrapper object for PortSecurityProfileBindingMap, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| PortSecurityProfileBindingMap | PortSecurityProfileBindingMap Contains the actual PortSecurityProfileBindingMap object |
PortSecurityProfileBindingMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPortSecurityProfileBindingMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildPrefixList (schema)
Wrapper object for PrefixList
Child wrapper object for PrefixList, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| PrefixList | PrefixList Contains the actual PrefixList object. |
PrefixList | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildPrefixList | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildProject (schema)
Wrapper object for PROJECT
Child wrapper object for Project, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| Project | PROJECT Contains the actual Project object |
Project | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildProject | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildQoSProfile (schema)
Wrapper object for QoSProfile
Child wrapper object for QoSProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| QoSProfile | QoSProfile Contains the actual QoSProfile object |
QoSProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildQoSProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildReaction (schema)
Wrapper object for Reaction
Child wrapper object for Reaction used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| Reaction | Reaction Contains the actual Reaction object. |
Reaction | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildReaction | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildRedirectionPolicy (schema)
Wrapper object for RedirectionPolicy
Child wrapper object for RedirectionPolicy used in Hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| RedirectionPolicy | RedirectionPolicy Contains actual RedirectionPolicy. |
RedirectionPolicy | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildRedirectionPolicy | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildRedirectionRule (schema)
Wrapper object for RedirectionRule
Child wrapper object for ChildRedirectionRule used in Hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| RedirectionRule | RedirectionRule Contains actual RedirectionRule. |
RedirectionRule | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildRedirectionRule | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildResourceReference (schema)
Represents the reference to ChildPolicyConfigResource
Represents a reference to ChildPolicyConfigResource in the hierarchical API. resource_type, id and target_type are mandatory fields.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildResourceReference | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| target_type | The target type of this reference | string | Required |
ChildRule (schema)
Wrapper object for Rule
Child wrapper object for Rule, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| Rule | Rule Contains the actual Rule object |
Rule | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildRule | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildSIStatusConfiguration (schema) (Experimental)
Wrapper object for PolicySIStatusConfiguration
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicySIStatusConfiguration | Contains the actual service insertion status configuration list object.
|
PolicySIStatusConfiguration | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildSIStatusConfiguration | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildSecurityFeatures (schema)
Wrapper object for Security Feature
Child wrapper object for T1 Security Feature, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| SecurityFeatures | Security configs Contains the actual SecurityFeatures object |
SecurityFeatures | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildSecurityFeatures | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildSecurityPolicy (schema)
Wrapper object for SecurityPolicy
Child wrapper object for SecurityPolicy, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| SecurityPolicy | SecurityPolicy Contains the actual SecurityPolicy object |
SecurityPolicy | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildSecurityPolicy | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildSegment (schema)
Wrapper object for Segment
Child wrapper object for Segment, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| Segment | Segment Contains the actual Segment object. |
Segment | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildSegment | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildSegmentDiscoveryProfileBindingMap (schema)
Wrapper object for SegmentDiscoveryProfileBindingMap
Child wrapper object for SegmentDiscoveryProfileBindingMap, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| SegmentDiscoveryProfileBindingMap | SegmentDiscoveryProfileBindingMap Contains the actual SegmentDiscoveryProfileBindingMap object |
SegmentDiscoveryProfileBindingMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildSegmentDiscoveryProfileBindingMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildSegmentMonitoringProfileBindingMap (schema)
Wrapper object for SegmentMonitoringProfileBindingMap
Child wrapper object for SegmentMonitoringProfileBindingMap, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| SegmentMonitoringProfileBindingMap | SegmentMonitoringProfileBindingMap Contains the actual SegmentMonitoringProfileBindingMap object |
SegmentMonitoringProfileBindingMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildSegmentMonitoringProfileBindingMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildSegmentPort (schema)
Wrapper object for SegmentPort
Child wrapper object for SegmentPort, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| SegmentPort | SegmentPort Contains the actual SegmentPort object |
SegmentPort | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildSegmentPort | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildSegmentQoSProfileBindingMap (schema)
Wrapper object for SegmentQoSProfileBindingMap
Child wrapper object for SegmentQoSProfileBindingMap, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| SegmentQoSProfileBindingMap | SegmentQoSProfileBindingMap Contains the actual SegmentQoSProfileBindingMap object |
SegmentQoSProfileBindingMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildSegmentQoSProfileBindingMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildSegmentSecurityProfile (schema)
Wrapper object for SegmentSecurityProfile
Child wrapper object for SegmentSecurityProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| SegmentSecurityProfile | SegmentSecurityProfile Contains the actual SegmentSecurityProfile object |
SegmentSecurityProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildSegmentSecurityProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildSegmentSecurityProfileBindingMap (schema)
Wrapper object for SegmentSecurityProfileBindingMap
Child wrapper object for SegmentSecurityProfileBindingMap, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| SegmentSecurityProfileBindingMap | SegmentSecurityProfileBindingMap Contains the actual SegmentSecurityProfileBindingMap object |
SegmentSecurityProfileBindingMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildSegmentSecurityProfileBindingMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildService (schema)
Wrapper object for Service
Child wrapper object for Service, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| Service | Service Contains the actual Service object. |
Service | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildService | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildServiceEntry (schema)
Wrapper object for ServiceEntry
Child wrapper object for ServiceEntry, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| Service | ServiceEntry This is a deprecated property, Please use 'ServiceEntry' instead. |
ServiceEntry (Abstract type: pass one of the following concrete types) ALGTypeServiceEntry EtherTypeServiceEntry ICMPTypeServiceEntry IGMPTypeServiceEntry IPProtocolServiceEntry L4PortSetServiceEntry NestedServiceServiceEntry |
Deprecated |
| ServiceEntry | ServiceEntry Contains the actual ServiceEntry object. |
ServiceEntry (Abstract type: pass one of the following concrete types) ALGTypeServiceEntry EtherTypeServiceEntry ICMPTypeServiceEntry IGMPTypeServiceEntry IPProtocolServiceEntry L4PortSetServiceEntry NestedServiceServiceEntry |
Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildServiceEntry | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildServiceInstanceEndpoint (schema)
Wrapper object for ServiceInstanceEndpoint
Child wrapper object for ServiceInstanceEndpoint used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ServiceInstanceEndpoint | ServiceInstanceEndpoint Contains actual ServiceInstanceEndpoint. |
ServiceInstanceEndpoint | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildServiceInstanceEndpoint | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildServiceInterface (schema)
Wrapper object for ServiceInterface
Child wrapper object for ServiceInterface, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ServiceInterface | ServiceInterface Contains the actual ServiceInterface object. |
ServiceInterface | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildServiceInterface | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildServiceReference (schema)
Wrapper object for ServiceReference
Child wrapper object for ServiceReference used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| ServiceReference | ServiceReference Contains actual ServiceReference. |
ServiceReference | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildServiceReference | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildServiceSegment (schema)
Wrapper object for SerivceSegment
Child wrapper object for ServiceSegment, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| ServiceSegment | ServiceSegments Contains the actual ServiceSegment objects |
ServiceSegment | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildServiceSegment | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildSessionTimerProfileBindingMap (schema)
Wrapper object for SessionTimerProfileBindingMap
Child wrapper object for SessionTimerProfileBindingMap,
used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| SessionTimerProfileBindingMap | SessionTimerProfileBindingMap Contains the actual SessionTimerProfileBindingMap object |
SessionTimerProfileBindingMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildSessionTimerProfileBindingMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildShaDynamicPlugin (schema)
Wrapper object for ShaDynamicPlugin
Child wrapper object for ShaDynamicPlugin, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| ShaPluginProfile | ShaDynamicPlugin Contains the actual ShaDynamicPlugin object |
ShaDynamicPlugin | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildShaDynamicPlugin | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildShaPluginProfile (schema)
Wrapper object for ShaPluginProfile
Child wrapper object for ShaPluginProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| ShaPluginProfile | ShaPluginProfile Contains the actual ShaPluginProfile object |
ShaPluginProfile (Abstract type: pass one of the following concrete types) ShaDynamicPluginProfile ShaPredefinedPluginProfile |
Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildShaPluginProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildShaPredefinedPlugin (schema)
Wrapper object for ShaDynamicPlugin
Child wrapper object for ShaPredefinedPlugin, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| ShaPluginProfile | ShaPredefinedPlugin Contains the actual ShaPredefinedPlugin object |
ShaPredefinedPlugin | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildShaPredefinedPlugin | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildShare (schema)
Wrapper object for Share
Child wrapper object for Share, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| Share | Share Contains the actual Share object |
Share | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildShare | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildSharedResource (schema)
Wrapper object for SharedResource
Child wrapper object for SharedResource, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| SharedResource | SharedResource Contains the actual SharedResource object |
SharedResource | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildSharedResource | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildSite (schema)
Wrapper object for Site
Child wrapper object for Site, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| Site | Site Contains the actual Site object. |
Site | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildSite | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildSpoofGuardProfile (schema)
Wrapper object for SpoofGuardProfile
Child wrapper object for SpoofGuardProfile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| SpoofGuardProfile | SpoofGuardProfile Contains the actual SpoofGuardProfile object |
SpoofGuardProfile | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildSpoofGuardProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildStandaloneHostIdfwConfiguration (schema)
Wrapper object for StandaloneHostIdfwConfiguration
| Name | Description | Type | Notes |
|---|---|---|---|
| StandaloneHostIdfwConfiguration | StandaloneHostIdfwConfiguration Contains the actual standalone host idfw configuration object. |
StandaloneHostIdfwConfiguration | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildStandaloneHostIdfwConfiguration | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildStaticARPConfig (schema)
Wrapper object for StaticARPConfig
Child wrapper object for StaticARPConfig, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| StaticARPConfig | StaticARPConfig Contains the actual StaticARPConfig object. |
StaticARPConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildStaticARPConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildStaticMimeContent (schema)
Wrapper object for Child Static MIME content
Child wrapper object for Static MIME content, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| TlsProfile | Static Mime Content Contains the actual Static MIME content object. |
StaticMimeContent | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildStaticMimeContent | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildStaticRouteBfdPeer (schema)
Wrapper object for StaticRouteBfdPeer
Child wrapper for StaticRouteBfdPeer, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| BfdPeer | Static Route BFD Peer Contains the actual StaticRouteBfdPeer object. |
StaticRouteBfdPeer | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildStaticRouteBfdPeer | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildStaticRoutes (schema)
Wrapper object for StaticRoutes
Child wrapper object for StaticRoutes, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| StaticRoutes | StaticRoutes Contains the actual StaticRoutes object. |
StaticRoutes | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildStaticRoutes | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTagBulkOperation (schema)
Child wrapper object for TagBulkOperation
Child wrapper object for TagBulkOperation, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| TagBulkOperation | TagBulkOperation Contains actual TagBulkOperation object. |
TagBulkOperation | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTagBulkOperation | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTier0 (schema)
Wrapper object for Tier-0
Child wrapper object for Tier-0, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| Tier0 | Tier-0 Contains the actual Tier-0 object. |
Tier0 | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTier0 | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTier0DeploymentMap (schema)
Wrapper object for Tier0DeploymentMap
Child wrapper object for Tier0DeploymentMap, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| Tier0DeploymentMap | Tier0DeploymentMap Contains the actual Tier0DeploymentMap object. |
Tier0DeploymentMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTier0DeploymentMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTier0Interface (schema)
Wrapper object for Tier0Interface
Child wrapper object for Tier0Interface, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| Tier0Interface | Tier0Interface Contains the actual Tier0Interface object. |
Tier0Interface | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTier0Interface | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTier0InterfaceGroup (schema)
Wrapper object for Tier0InterfaceGroup
Child wrapper object for Tier0InterfaceGroup, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| Tier0InterfaceGroup | Tier0InterfaceGroup Contains the actual Tier0InterfaceGroup object. |
Tier0InterfaceGroup | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTier0InterfaceGroup | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTier0RouteMap (schema)
Wrapper object for Tier0RouteMap
Child wrapper object for Tier0RouteMap, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| Tier0RouteMap | Tier0RouteMap Contains the actual Tier0RouteMap object |
Tier0RouteMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTier0RouteMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTier0SecurityFeatures (schema)
Wrapper object for T0 Security Feature
Child wrapper object for T0 Security Feature, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| Tier0SecurityFeatures | T0 Security configs Contains the actual TO SecurityFeatures object |
Tier0SecurityFeatures | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTier0SecurityFeatures | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTier1 (schema)
Wrapper object for Tier-1
Child wrapper object for Tier-1 , used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| Tier1 | Tier-1 Contains the actual Tier-1 object. |
Tier1 | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTier1 | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTier1DeploymentMap (schema)
Wrapper object for Tier1DeploymentMap
Child wrapper object for Tier1DeploymentMap, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| Tier1DeploymentMap | Tier1DeploymentMap Contains the actual Tier1DeploymentMap object. |
Tier1DeploymentMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTier1DeploymentMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTier1Interface (schema)
Wrapper object for Tier1Interface
Child wrapper object for Tier1Interface, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| Tier1Interface | Tier1Interface Contains the actual Tier1Interface object. |
Tier1Interface | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTier1Interface | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTier1InterfaceGroup (schema)
Wrapper object for Tier1InterfaceGroup
Child wrapper object for Tier1InterfaceGroup, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| Tier1InterfaceGroup | Tier1InterfaceGroup Contains the actual Tier1InterfaceGroup object. |
Tier1InterfaceGroup | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTier1InterfaceGroup | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTlsCertificate (schema)
Wrapper object for TlsCertificate
Child wrapper for TlsCertificate, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| TlsCertificate | TlsCertificate Contains the actual TlsCertificate object. |
TlsCertificate | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTlsCertificate | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTlsConfigProfileBindingMap (schema)
Wrapper object for TlsConfigProfileBindingMap
Child wrapper object for TlsConfigProfileBindingMap,
used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| SessionTimerProfileBindingMap | TlsConfigProfileBindingMap Contains the actual TlsConfigProfileBindingMap object |
TlsConfigProfileBindingMap | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTlsConfigProfileBindingMap | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTlsCrl (schema)
Wrapper object for TlsCrl
Child wrapper for TlsCrl, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| TlsCrl | TlsCrl Contains the actual TlsCrl object. |
TlsCrl | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTlsCrl | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTlsPolicy (schema)
Wrapper object for TlsPolicy
Child wrapper object for TLSPolicy, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| TlsPolicy | TlsPolicy Contains the actual TLSPolicy object |
TlsPolicy | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTlsPolicy | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTlsProfile (schema)
Wrapper object for Child TLS Profile
Child wrapper object for TLS Profile, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| TlsProfile | TLS Profile Contains the actual TLS profile object. |
TlsProfile (Abstract type: pass one of the following concrete types) TlsInspectionExternalProfile TlsInspectionInternalProfile |
Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTlsProfile | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTlsRule (schema)
Wrapper object for Rule
Child wrapper object for Rule, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| TlsRule | TLS Rule Contains the actual TLS Rule object |
TlsRule | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTlsRule | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTlsTrustData (schema)
Wrapper object for TlsTrustData
Child wrapper for TlsTrustData, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| TlsTrustData | TlsTrustData Contains the actual TlsTrustData object. |
TlsTrustData | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTlsTrustData | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTraceflowConfig (schema)
Wrapper object for TraceflowConfig
Child wrapper for TraceflowConfig, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| TraceflowConfig | TraceflowConfig Contains the actual TraceflowConfig object. |
TraceflowConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildTraceflowConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildTypesRequestParameter (schema)
Filter to populate child types of the policyConfigResource
Specified child resource types will be populated in the response body
| Name | Description | Type | Notes |
|---|---|---|---|
| base_path | Base Path for retrieving hierarchical intent Base path of the resource for which user wants to retrieve the hierarchy. This should be the fully qualified path for the resource. - Sample examples - base_path=/infra/domains/default/groups/Group1 base_path=/infra/domains/default/security-policies/SecurityPolicy1/rules/Rule1 |
string | |
| filter | Filter string as java regex Filter string, can contain multiple or single java regular expressions separated by ';'. By default populates immediate child resources of the resource indicated by the URL. These child resources will be filtered by the type provided in the filter. It is recommended to use type_filter parameter instead of filter parameter. - Sample query string to prevent loading services and deployment zones: filter=Type-^(?!.*?(?:Service|DeploymentZone)).*$ - Sample query string to populate all the Group objects under Infra & Domain: filter=Type-Domain%7CGroup - Sample query string to load every policy object under Infra: filter=Type-.* |
string | |
| type_filter | Filter string to retrieve hierarchy. Advanced filter string in which user can directly specify the resourceTypes to be filtered. Can be used in conjunction with base_path. - Sample example of type_filter to load all groups - type_filter=Group - Sample example of multiple type_filter - type_filter=Group;SercurityPolicy;RedirectionPolicy - Sample eaxmple to load all groups in default domain using base_path in conjunction with type_filter - base_path=/infra/domains/default&type_filter=Group |
string |
ChildVMTagReplicationPolicy (schema)
Wrapper object for VMTagReplicationPolicy
Child wrapper object for VMTagReplicationPolicy, used in hierarchical API
| Name | Description | Type | Notes |
|---|---|---|---|
| VMTagReplicationPolicy | VMTagReplicationPolicy Contains the actual VMTagReplicationPolicy object |
VMTagReplicationPolicy | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildVMTagReplicationPolicy | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildVirtualEndpoint (schema)
Wrapper object for VirtualEndpoint
Child wrapper object for VirtualEndpoint used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| VirtualEndpoint | VirtualEndpoint Contains reference to actual VirtualEndpoint. |
VirtualEndpoint | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildVirtualEndpoint | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ChildVniPoolConfig (schema)
Wrapper object for VniPoolConfig
Child wrapper object for VniPoolConfig, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| VniPoolConfig | VniPoolConfig Contains the actual VniPoolConfig object. |
VniPoolConfig | Required |
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mark_for_override | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. | boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion If this field is set to true, delete operation is triggered on the intent tree. This resource along with its all children in intent tree will be deleted. This is a cascade delete and should only be used if intent object along with its all children are to be deleted. This does not support deletion of single non-leaf node within the tree and should be used carefully. |
boolean | Default: "False" |
| request_parameter | Generic type for passing the API request parameters. | PolicyRequestParameter (Abstract type: pass one of the following concrete types) PolicyRequestParameter SegmentRequestParameter TraceflowRequestParameter |
|
| resource_type | Must be set to the value ChildVniPoolConfig | string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
CidrArrayConstraintValue (schema)
Array of CIDR Values to perform operation
List of CIDR values
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_type | Must be set to the value CidrArrayConstraintValue | string | Required Enum: StringArrayConstraintValue, CidrArrayConstraintValue, IntegerArrayConstraintValue |
| values | Array of IP addresses This array can consist of a single IP address, IP address range or a subnet. Its type can be of either IPv4 or IPv6. Both IPv4 and IPv6 addresses within one expression is not allowed. Supported list of formats are, "192.168.1.1", "192.168.1.1-192.168.1.100", "192.168.0.0/24", "fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:318c/64". |
array of IPElement | Required Minimum items: 1 Maximum items: 100 |
CipherSuite (schema)
HTTP cipher suite
| Name | Description | Type | Notes |
|---|---|---|---|
| enabled | Enable status for this cipher suite | boolean | Required |
| name | Name of the TLS cipher suite | string | Required |
ClaimMap (schema)
Claim map
Information about how to map a single OIDC ID token claim to one or more NSX roles.
| Name | Description | Type | Notes |
|---|---|---|---|
| claim_name | string | ||
| value_to_role_map | array of ClaimValueToRoleMap |
ClaimValueToRoleMap (schema)
Claim value map
| Name | Description | Type | Notes |
|---|---|---|---|
| claim_value | Claim value The value of the claim to map. |
string | |
| roles | Mapped roles The NSX roles that this particular claim value should map to. |
array of string |
ClasslessStaticRoute (schema) (Deprecated)
DHCP classless static route option
DHCP classless static route option.
| Name | Description | Type | Notes |
|---|---|---|---|
| network | Destination in CIDR Destination network in CIDR format. |
IPElement | Required |
| next_hop | Router IP address of next hop of the route. |
IPAddress | Required |
ClientAuthType (schema) (Deprecated)
client authentication mode
Client authentication could be REQUIRED or IGNORE.
REQUIRED means that client is required to present its
certificate to the server for authentication. To be accepted, client
certificate must be signed by one of the trusted Certificate
Authorities (CAs), also referred to as root CAs, whose self signed
certificates are specified in the same client SSL profile binding.
IGNORE means that client certificate would be ignored.
| Name | Description | Type | Notes |
|---|---|---|---|
| ClientAuthType | client authentication mode Client authentication could be REQUIRED or IGNORE. REQUIRED means that client is required to present its certificate to the server for authentication. To be accepted, client certificate must be signed by one of the trusted Certificate Authorities (CAs), also referred to as root CAs, whose self signed certificates are specified in the same client SSL profile binding. IGNORE means that client certificate would be ignored. |
string | Deprecated Enum: REQUIRED, IGNORE |
ClusterBackupInfo (schema)
Cluster backup details
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_address | IP address or FQDN of the node from which the backup was taken | string | Required Readonly Format: hostname-or-ip |
| node_id | ID of the node from which the backup was taken | string | Required Readonly |
| restore_type | Type of restore allowed | array of string | Readonly Enum: REGULAR_RESTORE, POLICY_ONLY_RESTORE Default: "[]" |
| timestamp | timestamp of the cluster backup file | EpochMsTimestamp | Required Readonly |
ClusterBackupInfoListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | List of timestamps of backed-up cluster files | array of ClusterBackupInfo | Required Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ClusterCertificateId (schema)
Cluster Certificate ID
| Name | Description | Type | Notes |
|---|---|---|---|
| certificate_id | Certificate ID | string | Required |
ClusterConfiguration (schema)
Cluster configuration
The configuration of the NSX cluster. The cluster configuration consists of a list of cluster node attributes.
| Name | Description | Type | Notes |
|---|---|---|---|
| cluster_id | UUID of the cluster | string | Readonly |
| config_version | Cluster configuration version | integer | Readonly |
| nodes | Nodes in the cluster configuration | array of ClusterNode | Readonly |
ClusterMemberDetails (schema)
Group member details
Details of the member belonging to a Group
| Name | Description | Type | Notes |
|---|---|---|---|
| cluster_id | The Antrea cluster id of the pod | string | Required Readonly |
| cluster_name | The Antrea cluster name of the pod | string | Required Readonly |
| namespaces | array of NamespaceMemberDetails | Required |
ClusterNode (schema)
Cluster Node Properties
This type contains attributes of a cluster node that are relevant to the Cluster Boot Manager.
| Name | Description | Type | Notes |
|---|---|---|---|
| entities | Entities on the node | array of ClusterNodeEntity | Required |
| node_uuid | UUID of the node | string | Required |
| status | Current clustering status of the node | string | Enum: JOINING, JOINED, REMOVING, REMOVED Default: "REMOVED" |
ClusterNodeEntity (schema)
Cluster Node Entity Properties
NSX Cluster is made up of multiple cluster nodes. Each node can perform multiple functions, commonly referred to as roles. Cluster node entities are processes running in a cluster node that assist in the performance of a role. Cluster Boot Manager is a daemon that securely bootstraps and configures the entities. This type contains attributes of a cluster node entity that are relevant to the Cluster Boot Manager.
| Name | Description | Type | Notes |
|---|---|---|---|
| certificate | Public certificate of the entity in PEM format | string | Required |
| entity_type | Type of the entity | string | Required Enum: MANAGER, CONTROLLER, POLICY, HTTPS, CLUSTER_BOOT_MANAGER, DATASTORE, GLOBAL_MANAGER, ASYNC_REPLICATOR, MONITORING, IDPS_REPORTING, CORFU_NONCONFIG, UPGRADE_COORDINATOR, CM-INVENTORY, MESSAGING-MANAGER |
| entity_uuid | UUID of the entity | string | Required |
| fqdn | Domain name the entity binds to | string | Format: hostname |
| ip_address | IP address the entity binds to | string | |
| ipv6_address | IPv6 address the entity binds to | string | |
| ipv6_subnet_prefix_length | IPv6 subnet mask prefix length of the entity binds to | integer | Minimum: 0 Maximum: 128 |
| port | Port the entity binds to | integer | Minimum: 0 Maximum: 65535 |
| subnet_prefix_length | Subnet mask prefix length of the entity binds to | integer | Minimum: 0 Maximum: 32 |
ClusterNodeRole (schema)
Cluster node role
Enumerates the roles that can be specified in VM auto-deployment.
| Name | Description | Type | Notes |
|---|---|---|---|
| ClusterNodeRole | Cluster node role Enumerates the roles that can be specified in VM auto-deployment. |
string | Enum: CONTROLLER, MANAGER |
ClusterNodeVMDeletionParameters (schema)
Parameters for DeleteAutoDeployedClusterNodeVM
Parameters for deletion of a cluster node VM.
| Name | Description | Type | Notes |
|---|---|---|---|
| force_delete | Delete by force If true, the VM will be undeployed even if it cannot be removed from its cluster. |
boolean |
ClusterNodeVMDeploymentConfig (schema)
Configuration for deploying cluster node VM
Contains info used to configure the VM on deployment
| Name | Description | Type | Notes |
|---|---|---|---|
| placement_type | Type of deployment Specifies the config for the platform through which to deploy the VM |
string | Required Enum: VsphereClusterNodeVMDeploymentConfig |
ClusterNodeVMDeploymentRequest (schema)
Info for an auto-deployment request
Contains the deployment information for a cluster node VM soon to be
deployed or already deployed by the Manager
| Name | Description | Type | Notes |
|---|---|---|---|
| deployment_config | Deployment config for cluster node VM Info needed to configure a cluster node VM at deployment for a specific platform. May require different parameters depending on the method used to deploy the VM. |
ClusterNodeVMDeploymentConfig (Abstract type: pass one of the following concrete types) ClusterNodeVMDeploymentConfig VsphereClusterNodeVMDeploymentConfig |
Required |
| form_factor | Form factor for cluster node VMs Specifies the desired "size" of the VM |
ClusterNodeVMFormFactor | Default: "MEDIUM" |
| roles | Cluster node roles of the VM List of cluster node role (or roles) which the VM should take on. They specify what type (or types) of cluster node which the new VM should act as. Currently both CONTROLLER and MANAGER must be provided, since this permutation is the only one supported now. |
array of ClusterNodeRole | Required |
| user_settings | User settings for the VM Username and password settings for the cluster node VM. Passwords must be at least 12 characters in length and contain at least one lowercase, one uppercase, one numerical, and one special character. Note: These settings will be honored only during VM deployment. Post-deployment, CLI must be used for changing the user settings and changes to these parameters will not have any effect. |
NodeUserSettings | Required |
| vm_id | ID of VM used to recognize it ID of the VM maintained internally and used to recognize it. Note: This is automatically generated and cannot be modified. |
string | Readonly |
ClusterNodeVMDeploymentRequestList (schema)
ClusterNodeVMDeploymentRequest list
List of ClusterNodeVMDeploymentRequests
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Results Array of existing ClusterNodeVMDeploymentRequests |
array of ClusterNodeVMDeploymentRequest | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ClusterNodeVMDeploymentStatusReport (schema)
Report of a VM's deployment status
Contains up-to-date information relating to an auto-deployed VM, including
its status and (potentially) an error message.
| Name | Description | Type | Notes |
|---|---|---|---|
| deployment_progress_state | Deployment progress state of node VM Detailed progress state of node VM deployment realization |
VMDeploymentProgressState | Readonly |
| failure_code | Error code for failure In case of auto-deployment-related failure, the code for the error will be stored here. |
integer | |
| failure_message | Error message for failure In case of auto-deployment-related failure, an error message will be stored here. |
string | |
| status | Auto-deployed VM's deployment status Status of the addition or deletion of an auto-deployed cluster node VM. |
string | Required Enum: UNKNOWN_STATE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, WAITING_TO_REGISTER_VM, VM_REGISTRATION_FAILED, VM_WAITING_TO_CLUSTER, VM_WAITING_TO_COME_ONLINE, VM_ONLINE_FAILED, VM_CLUSTERING_IN_PROGRESS, VM_CLUSTERING_FAILED, VM_CLUSTERING_SUCCESSFUL, WAITING_TO_UNDEPLOY_VM, VM_DECLUSTER_IN_PROGRESS, VM_DECLUSTER_FAILED, VM_DECLUSTER_SUCCESSFUL, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL |
ClusterNodeVMFormFactor (schema)
Supported VM form factor for cluster nodes
Specifies the desired "size" of the VM. Affects number of virtual CPUs
and/or memory size given to the new cluster node VM.
| Name | Description | Type | Notes |
|---|---|---|---|
| ClusterNodeVMFormFactor | Supported VM form factor for cluster nodes Specifies the desired "size" of the VM. Affects number of virtual CPUs and/or memory size given to the new cluster node VM. |
string | Enum: SMALL, MEDIUM, LARGE |
ClusterRestoreStatus (schema)
Cluster restore status
| Name | Description | Type | Notes |
|---|---|---|---|
| backup_timestamp | Timestamp when backup was initiated in epoch millisecond | EpochMsTimestamp | Readonly |
| endpoints | The list of allowed endpoints, based on the current state of the restore process | array of ResourceLink | Required Readonly |
| id | Unique id for backup request | string | Readonly |
| instructions | Instructions for users to reconcile Restore operations | array of InstructionInfo | Readonly |
| not_allowed_actions | List of actions that are not allowed | array of string | Readonly Enum: VC_UPDATES Default: "[]" |
| restore_end_time | Timestamp when restore was completed in epoch millisecond | EpochMsTimestamp | Readonly |
| restore_start_time | Timestamp when restore was started in epoch millisecond | EpochMsTimestamp | Readonly |
| status | GlobalRestoreStatus | ||
| step | RestoreStep | ||
| total_steps | Total number of steps in the entire restore process | integer | Readonly |
ClusterRestoreStatusRequestParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| restore_component | string | Readonly Enum: LOCAL_MANAGER, GLOBAL_MANAGER Default: "LOCAL_MANAGER" |
ClusterVirtualIpProperties (schema)
Cluster virtual IP properties
| Name | Description | Type | Notes |
|---|---|---|---|
| force | On enable it ignores duplicate address detection and DNS lookup validation check | string | Enum: true, false Default: "false" |
| ip6_address | Virtual IPv6 address, :: if not configured | string | |
| ip_address | Virtual IP address, 0.0.0.0 if not configured | string |
ClusteringConfig (schema)
Configuration for VM's clustering
Configuration for automatically joining a cluster node to the
cluster after it is deployed. ClusteringConfig is required
if any of the deployment nodes has CONTROLLER role.
| Name | Description | Type | Notes |
|---|---|---|---|
| clustering_type | Type for the clustering config Specifies the type of clustering config to be used. |
string | Required Enum: ControlClusteringConfig |
ColumnItem (schema)
Grid Column
Represents a column of the Grid
| Name | Description | Type | Notes |
|---|---|---|---|
| column_identifier | Identifier for this column Identifies the column and used for fetching content upon an user click or drilldown. If column identifier is not provided, the column's data will not participate in searches and drilldowns. |
string | |
| drilldown_id | Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. |
string | Maximum length: 255 |
| field | Column Field Field from which values of the column will be derived. |
string | Required Maximum length: 1024 |
| hidden | Hide the column If set to true, hides the column |
boolean | Default: "False" |
| label | Column Label Label of the column. |
Label | Required |
| navigation | Navigation to a specified UI page Hyperlink of the specified UI page that provides details. If drilldown_id is provided, then navigation cannot be used. |
string | Maximum length: 1024 |
| render_configuration | Render Configuration Render configuration to be applied, if any. |
array of RenderConfiguration | |
| sort_ascending | Represents order of sorting the values If true, the value of the column are sorted in ascending order. Otherwise, in descending order. |
boolean | Default: "True" |
| sort_key | Key for sorting on this column Sorting on column is based on the sort_key. sort_key represents the field in the output data on which sort is requested. |
string | Maximum length: 255 |
| tooltip | Multi-line tooltip Multi-line text to be shown on tooltip while hovering over a cell in the grid. |
array of Tooltip | |
| type | Field data type Data type of the field. |
string | Required Enum: String, Number, Date Maximum length: 255 Default: "String" |
CommunicationEntry (schema) (Deprecated)
A communication entry specifies the security policy between the workload groups
A communication entry indicates the action to be performed for various types of traffic flowing between workload groups. This type is deprecated. Use the type Rule instead.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| action | Action The action to be applied to all the services. |
string | Enum: ALLOW, DROP, REJECT |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| destination_groups | Destination group paths We need paths as duplicate names may exist for groups under different domains.In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| direction | Direction Define direction of traffic. |
string | Enum: IN, OUT, IN_OUT Default: "IN_OUT" |
| disabled | Flag to disable the rule Flag to disable the rule. Default is enabled. |
boolean | Default: "False" |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| logged | Enable logging flag Flag to enable packet logging. Default is disabled. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| notes | Text for additional notes on changes Text for additional notes on changes. |
string | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value CommunicationEntry | string | |
| scope | The list of policy paths where the communication entry is applied
Edge/LR/T0/T1/LRP/CGW/MGW/etc. Note that a given rule can be applied on multiple LRs/LRPs. |
array of string | Maximum items: 128 |
| sequence_number | Sequence number of the this CommunicationEntry This field is used to resolve conflicts between multiple CommunicationEntries under CommunicationMap for a Domain If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple communication entries with the same sequence number then their order is not deterministic. If a specific order of communication entry is desired, then one has to specify unique sequence numbers or use the POST request on the communication entry entity with a query parameter action=revise to let the framework assign a sequence number |
int | |
| services | Names of services In order to specify all services, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the services array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| source_groups | Source group paths We need paths as duplicate names may exist for groups under different domains. In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| tag | Tag applied on the communication entry User level field which will be printed in CLI and packet logs. |
string | Maximum length: 32 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
CommunicationMap (schema) (Deprecated)
Contains ordered list of CommunicationEntries
Ordered list of CommunicationEntries. This object is created by default
along with the Domain.
This type is deprecated. Use the type SecurityPolicy instead.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| category | A way to classify a communication map, if needed. - Distributed Firewall - Policy framework for Distributed Firewall provides four pre-defined categories for classifying a communication map. They are "Emergency", "Infrastructure", "Environment" and "Application". Amongst the layer 3 communication maps,there is a pre-determined order in which the policy framework manages the priority of these communication maps. Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a communication map into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four layer 3 categories. |
string | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| communication_entries | CommunicationEntries that are a part of this CommunicationMap | array of CommunicationEntry | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| precedence | Precedence to resolve conflicts across Domains This field is used to resolve conflicts between communication maps across domains. In order to change the precedence of a communication map one can fire a POST request on the communication map entity with a query parameter action=revise The precedence field will reflect the value of the computed precedence upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several communication maps, the only way to set the precedence is to explicitly specify the precedence number for each communication map. If no precedence is specified in the payload, a value of 0 is assigned by default. If there are multiple communication maps with the same precedence then their order is not deterministic. If a specific order of communication map is desired, then one has to specify a unique precedence or use the POST request on the communication map entity with a query parameter action=revise to let the framework assign a precedence |
int | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value CommunicationMap | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
CommunityList (schema)
Community list for BGP routing configuration
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| communities | List of BGP community entries List of BGP community entries. Both standard and large communities are supported. Standard community format: aa:nn where aa and nn must be within the range [1 - 65536]. Large BGP Community format: aa:bb:nn where aa (Global Administrator), bb (Local Data Part 1) and nn (Local Data Part 2) must be within the range [1 - 4294967295]. In additon to numbered communites (e.g. 3356:2040), predefined communities (NO_EXPORT, NO_ADVERTISE, NO_EXPORT_SUBCONFED) are supported. |
array of string | Required Minimum items: 1 |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value CommunityList | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
CommunityListListResult (schema)
Paged collection of CommunityLists
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | CommunityList results | array of CommunityList | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
CommunityMatchCriteria (schema)
Match criteria based on a community list
| Name | Description | Type | Notes |
|---|---|---|---|
| criteria | Match criteria based on community list path or a regular expression Match criteria specified as a community list path or a regular expression. |
string | Required |
| match_operator | Match operator for community list entries Match operator for community list entries. Not valid when a regular expression is specified for criteria. |
string | Enum: MATCH_ANY, MATCH_ALL, MATCH_EXACT, MATCH_COMMUNITY_REGEX, MATCH_LARGE_COMMUNITY_REGEX |
CompatibilityCheckResult (schema)
Precheck result for onboaring standby Global Manager or remote Site to
federation
Result of prechecks run for onboarding standby Global Manager or remote
site. The checks include NSX version compatibility with active Global
Manager, Round Trip Time (RTT), etc. Note that some of checks like RTT are
soft limits.
| Name | Description | Type | Notes |
|---|---|---|---|
| local_nsx_version | Local Site NSX version where active Global Mananger is running Local Site NSX version where active Global Mananger is running. |
string | Readonly |
| nsx_version | Remote Site NSX version Remote Site NSX version. |
string | Readonly |
| rtt | Round trip time to the remote Site or Global Manager from active
Global Manager
Round trip time to the remote Site or Global Manager from active Global Manager. |
integer | Readonly |
| rtt_exceeded | Flag to indicate if RTT to remote Site exceeds the recommended limit Flag to indicate if RTT to remote Site exceeds the recommended limit. |
boolean | Readonly |
| version_compatible | Flag to indicate if remote Site NSX version is compatible Flag to indicate if remote Site NSX version is compatible with active Global Manager. |
boolean | Readonly |
CompatibilityDetail (schema)
Feature Compatibility Details
Feature compatibility status details indicating specific site configuration
incompatibility with global manager configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| attributes | Additional Attributes | array of OnboardingAttribute | Readonly Maximum items: 20 |
| status_code | Status Code Unique integer number indicating configuration incompatibility. |
integer | Required Readonly |
| status_message | Status Message A brief explaination of status code. |
string | Readonly |
ComponentTargetVersion (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| component_type | string | Required Readonly |
|
| target_version | string | Required Readonly |
ComponentTypeListRequestParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| component_type | Component type on which the action is performed or on which the results are filtered | string | |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
ComponentUpgradeChecksInfo (schema)
Meta-data of pre/post-upgrade checks for a component
Meta-data of pre/post-upgrade checks for a component
| Name | Description | Type | Notes |
|---|---|---|---|
| component_type | Component type Component type of the pre/post-upgrade checks |
string | Required |
| post_upgrade_checks_info | Collection of post-upgrade checks | array of UpgradeCheckInfo | |
| pre_upgrade_checks_info | Collection of pre-upgrade checks | array of UpgradeCheckInfo |
ComponentUpgradeChecksInfoListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Collection of info of pre/post-upgrade checks for components | array of ComponentUpgradeChecksInfo | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ComponentUpgradeStatus (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| can_rollback | Can perform rollback This field indicates whether we can perform upgrade rollback. |
boolean | Readonly |
| can_skip | Can the upgrade of the remaining units in this component be skipped | boolean | Readonly |
| component_type | Component type for the upgrade status | string | Readonly |
| current_version_node_summary | Mapping of current versions of nodes and counts of nodes at the respective versions. | NodeSummaryList | Readonly |
| details | Details about the upgrade status | string | Readonly |
| node_count_at_target_version | Count of nodes at target component version Number of nodes of the type and at the component version |
int | Readonly |
| percent_complete | Indicator of upgrade progress in percentage | number | Required Readonly |
| pre_upgrade_status | Pre-upgrade status of the component-type | UpgradeChecksExecutionStatus | Readonly |
| status | Upgrade status of component | string | Required Readonly Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED |
| target_component_version | Target component version | string | Readonly |
ComputeClusterIdfwConfiguration (schema)
Compute cluster idfw configuration
Idfw configuration for enable/disable idfw on cluster level.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| cluster_idfw_enabled | Idfw enabled flag If set to true, idfw is enabled for this cluster |
boolean | Required |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| is_stale | Cluster stale flag If set to true, this cluster has been deleted from NSX. |
boolean | Readonly |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| member | PolicyResourceReference Contains actual policy resource reference object |
PolicyResourceReference | Required |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ComputeClusterIdfwConfiguration | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
Condition (schema)
Represents the leaf level condition
Represents the leaf level condition. Evaluation of the condition expression
will be case insensitive.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| exclude | Members to be excluded from the condition List of members to be excluded from the condition. This field is applicable only for condition representing the list of malicious IPs. Only IPAddressExpression and PathExpression are supported. The PathExpression should have paths of Groups that of the group_type IPAddress. Multiple PathExpressions are not supported here. |
ExcludedMembersList | |
| id | Unique identifier of this resource | string | Sortable |
| key | Key | string | Required Enum: Tag, Name, OSName, ComputerName, NodeType, GroupType, ALL, IPAddress, PodCidr |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| member_type | Group member type For global groups (groups created from Global Manager), the supported Member Types are - VirtualMachine, Segment, SegmentPort, Group, DVPG and DVPort. For local groups (groups created on the local policy manager), the supported member types are IPSet, VirtualMachine, LogicalPort, LogicalSwitch, Segment, SegmentPort, Pod, Service, Namespace, TransportNode, Group, DVPG, DVPort, KubernetesCluster, KubernetesNamespace, AntreaEgress, AntreaIPPool, KubernetesIngress, KubernetesGateway, KubernetesService and KubernetesNode. |
string | Required Enum: IPSet, VirtualMachine, LogicalPort, LogicalSwitch, Segment, SegmentPort, Pod, Service, Namespace, TransportNode, Group, DVPG, DVPort, IPAddress, KubernetesCluster, KubernetesNamespace, AntreaEgress, AntreaIPPool, KubernetesIngress, KubernetesGateway, KubernetesService, KubernetesNode |
| operator | operator Operator is made non-mandatory to support Segment and SegmentPort tag based expression. To evaluate expression for other types, operator value should be provided. |
string | Enum: EQUALS, CONTAINS, STARTSWITH, ENDSWITH, NOTEQUALS, NOTIN, MATCHES, IN |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value Condition | string | Required Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression |
| scope_operator | operator Default operator when not specified explicitly would be considered as EQUALS. If value for Condition is empty, then condition will not be evaluated. For example, Condition with key as Tag and value as "|tag" would be evaluated for tag value not for empty scope value. |
string | Enum: EQUALS, NOTEQUALS |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| value | Value | string | Required Minimum length: 1 |
ConditionalValueConstraintExpression (schema)
Represents the leaf level conditional value constraint.
Represents the leaf level expression to restrict the target attribute value
based on the set of existing values. Generally, used in combination with
RelatedAttributeConditionalExpression to constraint the values related to
another attribute on the same resource. This object is always used in
conjunction with some exression.
Example -
{
"condition" : {
"operator":"INCLUDES",
"rhs_value": ["/infra/domains/mgw/groups/VCENTER", "/infra/domains/mgw/groups/SRM", "/infra/domains/mgw/groups/NSX"],
"value_constraint": {
"resource_type": "ValueConstraintExpression",
"operator":"EXCLUDES",
"values":["/infra/domains/mgw/groups/VCENTER", "/infra/domains/mgw/groups/SRM", "/infra/domains/mgw/groups/NSX"]
}
}
| Name | Description | Type | Notes |
|---|---|---|---|
| operator | Set operation to constraint values. INCLUDES_ANY operator supported only for StringArrayConstraintValue |
string | Required Enum: INCLUDES, INCLUDES_ANY, EXCLUDES, EQUALS |
| rhs_value | Array of values to perform operation. List of values. |
array of string | |
| rhs_value_with_type | Array of values to perform operation. List of values. |
ConstraintValue (Abstract type: pass one of the following concrete types) CidrArrayConstraintValue IntegerArrayConstraintValue StringArrayConstraintValue |
|
| value_constraint | Value Constraint Values to apply the conditional constraint on target. |
ValueConstraintExpression | Required |
ConfigOnboardingConflictRequest (schema)
Config onboarding conflict Request
Config onboarding request to verify conflicts in onboarding configuration
on global manager for a site.
| Name | Description | Type | Notes |
|---|---|---|---|
| prefix | Prefix string User provided prefix string to resolve conflicting site entities. |
string | Readonly |
| site_id | Site Id Site Id. |
string | Readonly |
| suffix | Suffix string User provided suffix string to resolve conflicting site entities. |
string |
ConfigOnboardingConflictStatus (schema)
Config onboarding conflict status
Represents config onboarding conflict status on Global Manager.
| Name | Description | Type | Notes |
|---|---|---|---|
| details | OnboardingFeatureInfo | Readonly | |
| gm_details | GmConfigOnboardingConflictEntityInfo | Readonly | |
| site_id | Site Id Site identifier of the site being onboarded. |
string | Required Readonly |
| status | OnboardingConflictStatus | Required Readonly |
ConfigOnboardingError (schema)
Config Onboarding Error
Represents error details in case of system fail to onboard site
configuration on global manager.
| Name | Description | Type | Notes |
|---|---|---|---|
| error_code | Error Code Error code for errors found during onboarding process. |
integer | Readonly |
| error_message | Error message Failure reason during onboarding process. |
string | Readonly |
ConfigOnboardingInProgressStatus (schema)
Config Onboarding in-progress status
Represents config onboarding status including processing phase compared to
of total number of phases to complete config onboarding.
| Name | Description | Type | Notes |
|---|---|---|---|
| current_step | Current Onboarding Step Represent intermidiate phase when onboarding or rollback is in-progress on global manager. |
integer | Readonly |
| feature | OnboardingFeatureInfo | Readonly | |
| stage | OnboardingStage | Readonly | |
| total_steps | Total number of Onboarding Steps Total number of phases involved in onboarding workflow. |
integer | Readonly |
ConfigOnboardingRequest (schema)
Config onboarding Request
Config onboarding request to initiate onboarding workflow on global manager
for a site.
| Name | Description | Type | Notes |
|---|---|---|---|
| prefix | Prefix string User provided prefix string to resolve conflicting site entities. |
string | Readonly |
| site_backup_reference | Site Backup Reference Site backup image details to hint user to restore site before starting onboarding process. |
string | Required Readonly |
| site_id | Site Id Site Id. |
string | Readonly |
| suffix | Suffix string User provided suffix string to resolve conflicting site entities. |
string |
ConfigOnboardingStatus (schema)
Config on-boarding status
Represents config onboarding status on Global Manager.
| Name | Description | Type | Notes |
|---|---|---|---|
| details | ConfigOnboardingStatusDetails | Readonly | |
| site_id | Site Id Site identifier of the site being onboarded. |
string | Required Readonly |
| status | OnboardingStatus | Required Readonly |
|
| supported_features | List of supported features List of supported features on global manager. |
array of OnboardingFeatureInfo | Readonly |
| timestamp | Status Timestamp Onboarding status as of current timestamp. |
EpochMsTimestamp | Required |
| unsupported_features | List of unsupported features List of unsupported features on global manager. |
array of OnboardingFeatureInfo | Readonly |
ConfigOnboardingStatusDetails (schema)
Config on-boarding status details
Represents config on-boarding progress phase details per feature
information with progress metric like completed entity count against total
number of entities.
| Name | Description | Type | Notes |
|---|---|---|---|
| error_messages | array of ConfigOnboardingError | Readonly | |
| import_progress | ConfigOnboardingInProgressStatus | Readonly | |
| revert_progress | ConfigOnboardingInProgressStatus | Readonly | |
| site_backup_reference | Site Backup Reference Site backup image details to hint user to restore site before starting onboarding process. |
string | Readonly |
ConfigState (schema)
Config State
Configuration State.
| Name | Description | Type | Notes |
|---|---|---|---|
| ConfigState | Config State Configuration State. |
string | Enum: SUCCESS, IN_PROGRESS, ERROR, UNKNOWN, UNINITIALIZED |
ConfigurationState (schema)
Describes status of configuration of an entity
| Name | Description | Type | Notes |
|---|---|---|---|
| details | Array of configuration state of various sub systems | array of ConfigurationStateElement | Readonly |
| failure_code | Error code | integer | Readonly |
| failure_message | Error message in case of failure | string | Readonly |
| state | Overall state of desired configuration Gives details of state of desired configuration. Additional enums with more details on progress/success/error states are sent for edge node. The success states are NODE_READY and TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values indicate failures. "in_sync" state indicates that the desired configuration has been received by the host to which it applies, but is not yet in effect. When the configuration is actually in effect, the state will change to "success". Please note, failed state is deprecated. |
string | Required Readonly Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown, error, in_sync, NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, EDGE_CONFIG_ERROR, VM_DEPLOYMENT_RESTARTED, REGISTRATION_FAILED, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, TRANSPORT_NODE_READY, VM_NETWORK_EDIT_PENDING, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, REGISTRATION_TIMEDOUT, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, VM_RESOURCE_RESERVATION_FAILED, DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER, DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, EDGE_NODE_SETTINGS_MISMATCH_RESOLVE, EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE, EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE, EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE, COMPUTE_MANAGER_NOT_FOUND, DELETE_IN_PROGRESS, ADVANCED_CONFIG_EDIT_FAILED, UPT_MODE_REALIZATION_POLL_TIMED_OUT, DATAPATH_CONFIGURATION_EDIT_FAILED, MAINTENANCE_MODE_ENABLED, ERROR_IN_ENABLE_MAINTENANCE_MODE, ERROR_IN_DISABLE_MAINTENANCE_MODE, CONFIGURE_UPT_ON_VM_FAILED, VM_VERSION_IS_UPT_INCOMPATIBLE, DELETE_FAILED_FOR_DIFFERENT_MOREF_ID, DELETE_FAILED_ON_VM_NOT_FOUND, DELETE_FAILED_FOR_NON_LCM_EDGE |
ConfigurationStateElement (schema)
Describes status of configuration of an entity
| Name | Description | Type | Notes |
|---|---|---|---|
| failure_code | Error code | integer | Readonly |
| failure_message | Error message in case of failure | string | Readonly |
| state | State of configuration on this sub system | string | Required Readonly Enum: in_progress, success, failed, partial_success, in_sync, VM_DEPLOYMENT_FAILED, VM_POWER_ON_FAILED, VM_POWER_OFF_FAILED, VM_UNDEPLOY_FAILED, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, EDGE_CONFIG_ERROR, REGISTRATION_FAILED, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_NETWORK_EDIT_PENDING, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, NOT_AVAILABLE, REGISTRATION_TIMEDOUT, ADVANCED_CONFIG_EDIT_FAILED, VM_RESOURCE_RESERVATION_FAILED, UPT_MODE_REALIZATION_POLL_TIMED_OUT, DATAPATH_CONFIGURATION_EDIT_FAILED, MAINTENANCE_MODE_ENABLED, ERROR_IN_ENABLE_MAINTENANCE_MODE, ERROR_IN_DISABLE_MAINTENANCE_MODE, CONFIGURE_UPT_ON_VM_FAILED, VM_VERSION_IS_UPT_INCOMPATIBLE, pending, orphaned, unknown, error |
| sub_system_address | URI of backing resource on sub system | string | Readonly |
| sub_system_id | Identifier of backing resource on sub system | string | Readonly |
| sub_system_name | Name of backing resource on sub system | string | Readonly |
| sub_system_type | Type of backing resource on sub system | string | Readonly |
ConflictingEntityListResponse (schema)
List of Features with conflict information
| Name | Description | Type | Notes |
|---|---|---|---|
| example | Conflict example Conflict example |
OnboardingFeatureInfo | Readonly |
| feature_compability_data | array of FeatureCompatibilityInfo | Readonly Maximum items: 100 |
|
| feature_descendants | array of FeatureConflictInfo | Readonly | |
| feature_summary | FeatureSummary | Readonly | |
| infra_descendants | array of FeatureConflictInfo | Readonly |
ConjunctionOperator (schema)
Represents the operators AND or OR
Represents the operators AND or OR.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| conjunction_operator | Conjunction Operator Node | string | Required Enum: OR, AND |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ConjunctionOperator | string | Required Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ConnectivityAdvancedConfig (schema)
Advanced configuration for Policy connectivity
| Name | Description | Type | Notes |
|---|---|---|---|
| connectivity | Connectivity configuration Connectivity configuration to manually connect (ON) or disconnect (OFF) Tier-0/Tier1 segment from corresponding gateway. This property does not apply to VLAN backed segments. VLAN backed segments with connectivity OFF does not affect its layer-2 connectivity. |
string | Enum: ON, OFF Default: "ON" |
ConsolidatedAPIListRequestParameters (schema)
Consolidated effective IP addresses API list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| ip_filter | An IPAddress or subnet for filtering the results. This filter can be used to verify an ip membership in the effective results |
IPElement | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| site_id | UUID of the site from which the effective IP addresses are to be fetched | string | |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
ConsolidatedEffectiveIPAddressMemberListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paged Collection of site wise consolidated effective ip addresses for the given NSGroup | array of EffectiveIPInfo | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ConsolidatedEffectiveIPListRequestParameters (schema)
Consolidated API Realization list request params
List request params for the pass through type api that get data from the
Enforcement point. Enforcement point is mandatory for this request.
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| enforcement_point_path | String Path of the enforcement point The path of the enforcement point on which the API needs to be executed. Forward slashes must be escaped using %2F. |
string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| ip_filter | An IPAddress or subnet for filtering the results. This filter can be used to verify an ip membership in the effective results |
IPElement | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| site_id | UUID of the site from which the effective IP addresses are to be fetched | string | |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
ConsolidatedRealizedStatus (schema)
Consolidated Realized Status for an Intent Object
Consolidated Realized Status of an intent object across enforcement points.
| Name | Description | Type | Notes |
|---|---|---|---|
| consolidated_status | Consolidated Realized Status Consolidated Realized Status across enforcement points. |
ConsolidatedStatus | Readonly |
| consolidated_status_per_enforcement_point | List of Consolidated Realized Status per Enforcement Point List of Consolidated Realized Status per enforcement point. |
array of ConsolidatedStatusPerEnforcementPoint | Readonly |
| intent_path | String Path of the intent object Intent path of object, forward slashes must be escaped using %2F. |
string | Required Readonly |
| intent_version | Intent version for the status Represent highest intent version across all realized objects |
string | Readonly |
| publish_status | Aggregated Realization state of this object | string | Required Enum: UNAVAILABLE, UNREALIZED, REALIZED, ERROR |
ConsolidatedStatus (schema)
Consolidated Status
Consolidated Status of an intent object. Status Consolidation of an intent happens at
multiple levels:
- Per Enforcement Point: calculation of the consolidated status is performed using all
realized entities that the intent objet maps to on a specific enforcement point.
- Across Enforcement Points: calculation of the consolidated status is performend
aggregating the consolidated status from each enforcement point.
| Name | Description | Type | Notes |
|---|---|---|---|
| consolidated_status | Consolidated Realized Status Consolidated Realized Status of an intent object. |
ConfigState | Readonly |
ConsolidatedStatusNsxT (schema)
NSX-T Consolidated Status
Detailed Realized Status of an intent object on an NSX-T type of enforcement point.
| Name | Description | Type | Notes |
|---|---|---|---|
| alarm | Alarm Information Details Alarm information details. |
PolicyRuntimeAlarm | Readonly |
| consolidated_status | Consolidated Realized Status Consolidated Realized Status of an Intent object per enforcement point. |
ConsolidatedStatus | Readonly |
| enforced_status | Enforced Realized Status Detailed Realized Status inherent to an NSX-T Enforcement Point. |
EnforcedStatusDetailsNsxT | Readonly |
| enforcement_point_id | Enforcement Point Id Enforcement Point Id. |
string | Readonly |
| enforcement_point_path | Enforcement point Path Policy Path referencing the enforcement point where the info is fetched. |
string | Readonly |
| resource_type | Must be set to the value ConsolidatedStatusNsxT | string | Required |
| site_path | Site Path The site where this enforcement point resides. |
string | Readonly |
ConsolidatedStatusPerEnforcementPoint (schema)
Consolidated Realized Status Per Enforcement Point
Consolidated Realized Status Per Enforcement Point.
| Name | Description | Type | Notes |
|---|---|---|---|
| alarm | Alarm Information Details Alarm information details. |
PolicyRuntimeAlarm | Readonly |
| consolidated_status | Consolidated Realized Status Consolidated Realized Status of an Intent object per enforcement point. |
ConsolidatedStatus | Readonly |
| enforcement_point_id | Enforcement Point Id Enforcement Point Id. |
string | Readonly |
| enforcement_point_path | Enforcement point Path Policy Path referencing the enforcement point where the info is fetched. |
string | Readonly |
| resource_type | Must be set to the value ConsolidatedStatusPerEnforcementPoint | string | Required |
| site_path | Site Path The site where this enforcement point resides. |
string | Readonly |
ConstantFieldValue (schema)
Constant Field Value
Constant Field Value.
| Name | Description | Type | Notes |
|---|---|---|---|
| constant | Constant Value Constant Value that the field must be set to. |
object | |
| resource_type | Must be set to the value ConstantFieldValue | string | Required Enum: ConstantFieldValue |
Constraint (schema)
Constraint definition.
Constraint object to constraint any attribute on a resource based on
specified expression.
Example- Restrict the allowed services in Edge Communication Entry to list of
services, if the destinationGroups contain vCenter.
{
"target":{
"target_resource_type":"CommunicationEntry",
"attribute":"services",
"path_prefix":"/infra/domains/vmc-domain/edge-communication-maps/default/communication-entries"
}
"constraint_expression":{
"related_attribute":{
"attribute":"destinationGroups"
}
"condition":{
"operator":"INCLUDES",
"rhs_value":{"vCenter"}
"value_constraint":{
"operator":"ALLOW",
"values":{"/ref/services/HTTPS", "/ref/services/HTTOP", ...}
}
}
}
}
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| constraint_expression | Expression to constrain the target attribute value. This property is deprecated. Please use the "constraint_expressions" property instead to specify one or more constraint expressions. If this property is populated, then the "constraint_expressions" value is ignored. |
ConstraintExpression (Abstract type: pass one of the following concrete types) EntityInstanceCountConstraintExpression FieldSanityConstraintExpression RelatedAttributeConditionalExpression ValueConstraintExpression |
Deprecated |
| constraint_expressions | Expressions to constrain the target attribute value. | array of ConstraintExpression (Abstract type: pass one of the following concrete types) EntityInstanceCountConstraintExpression FieldSanityConstraintExpression RelatedAttributeConditionalExpression ValueConstraintExpression |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| message | User friendly message to be shown to users upon violation. | string | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value Constraint | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| target | Target resource attribute details. This property is deprecated. Please use the "targets" property instead to specify one or more targets. If this property is populated, then the "targets" value is ignored. |
ConstraintTarget | Deprecated |
| target_owner_type | Constraint target's owner type | string | Enum: GM, LM, ALL Default: "ALL" |
| targets | Collection of target resources attribute details. | array of ConstraintTarget | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ConstraintExpression (schema)
Base class for constraint expression
All the types of the expression extend from this abstract class.
This is present for extensibility.
This is an abstract type. Concrete child types:
EntityInstanceCountConstraintExpression
FieldSanityConstraintExpression
RelatedAttributeConditionalExpression
ValueConstraintExpression
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| resource_type | Must be set to the value ConstraintExpression | string | Required Enum: ValueConstraintExpression, RelatedAttributeConditionalExpression, EntityInstanceCountConstraintExpression, FieldSanityConstraintExpression |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ConstraintListResult (schema)
Paged Collection of Constraints
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Constraint list results | array of Constraint | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ConstraintTarget (schema)
Resource attribute on which constraint should be applied.
Resource attribute on which constraint should be applied.
Example - sourceGroups attribute of Edge CommunicationEntry to be
restricted, is given as:
{
"target_resource_type":"CommunicationEntry",
"attribute":"sourceGroups",
"path_prefix":"/infra/domains/vmc-domain/edge-communication-maps/default/communication-entries"
}
| Name | Description | Type | Notes |
|---|---|---|---|
| attribute | Attribute name of the target entity. | string | |
| path_prefix | Path prefix of the entity to apply constraint. This is required to further disambiguiate if multiple policy entities share the same resource type. Example - Edge FW and DFW use the same resource type CommunicationMap, CommunicationEntry, Group, etc. | string | |
| target_resource_type | Resource type of the target entity. This is required in case the constraint expressions do not specify target resource type. | string |
ConstraintValue (schema)
Base class for each value configuration
All the types of value extend from this abstract class. This
is present for extensibility.
This is an abstract type. Concrete child types:
CidrArrayConstraintValue
IntegerArrayConstraintValue
StringArrayConstraintValue
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_type | string | Required Enum: StringArrayConstraintValue, CidrArrayConstraintValue, IntegerArrayConstraintValue |
ContainerApplicationInstanceGroupAssociationRequestParams (schema)
List request parameters containing ContainerApplicationInstance(pod) id and enforcement point path
List request parameters containing ContainerApplicationInstance(pod) id and enforcement point path
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| enforcement_point_path | String Path of the enforcement point The path of the enforcement point from which the list of groups needs to be fetched. Forward slashes must be escaped using %2F. If no enforcement point path is specified, the default enforcement point is considered |
string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| pod_id | ContainerApplicationInstance | string | Required |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
ContainerConfiguration (schema)
Container that holds widgets
Represents a container to group widgets that belong to a common category or have a common purpose.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| condition | Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally. |
string | Maximum length: 1024 |
| datasources | Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API. |
array of Datasource | Minimum items: 0 |
| default_filter_value | Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values. |
array of DefaultFilterValue | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title. |
string | Maximum length: 255 |
| drilldown_id | Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget. |
string | Maximum length: 255 |
| feature_set | Features required to view the widget Features required to view the widget. |
FeatureSet | |
| filter | Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property. |
string | Deprecated |
| filter_value_required | Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory. |
boolean | Default: "True" |
| filters | A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget. |
array of string | |
| footer | Footer | ||
| header | Header | ||
| icons | Icons Icons to be applied at dashboard for widgets and UI elements. |
array of Icon | |
| id | Unique identifier of this resource | string | Sortable |
| is_drilldown | Set as a drilldown widget Set to true if this widget should be used as a drilldown. |
boolean | Default: "False" |
| labels | Labels Labels for the container. |
array of Label | Minimum items: 0 |
| layout | Layout of widgets inside container Layout of widgets can be either vertical or horizontal. If layout is not specified a default horizontal layout is applied. This property is deprecated. Now the layout inside the container can be taken care with the help of 'rowspan' and 'colspan' property. |
Layout | Deprecated |
| legend | Legend for the widget Legend to be displayed. If legend is not needed, do not include it. |
Legend | |
| navigation | Navigation to a specified UI page Hyperlink of the specified UI page that provides details. |
string | Maximum length: 1024 |
| plot_configs | List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here. |
array of WidgetPlotConfiguration | |
| resource_type | Must be set to the value ContainerConfiguration | string | Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255 |
| rowspan | Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px. |
int | Minimum: 1 |
| shared | Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users. |
boolean | Deprecated |
| show_header | This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header. |
boolean | |
| span | Horizontal span Represents the horizontal span of the widget / container. |
int | Minimum: 1 Maximum: 12 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| weight | Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details. |
int | Deprecated |
| widgets | Widgets held by the container If not specified, creates an empty container. |
array of WidgetItem | Minimum items: 0 |
ContainerListRequestParameters (schema)
Realization list request params
List request params for the pass through type api that get data from the Antrea Cluster.
| Name | Description | Type | Notes |
|---|---|---|---|
| cluster_id | Cluster ID ID of the cluster to query |
string | |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| enforcement_point_path | String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F. |
string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
ContentFilterValue (schema)
Support bundle content filter allowed values
| Name | Description | Type | Notes |
|---|---|---|---|
| ContentFilterValue | Support bundle content filter allowed values | string | Enum: ALL, DEFAULT, REMOVE_CORE_FILES, EAL4_AUDIT |
ContextProfileAttributesMetadata (schema)
Key value structure for holding metadata of context profile attributes
| Name | Description | Type | Notes |
|---|---|---|---|
| key | Key for metadata | string | Required |
| value | Value for metadata key | string | Required |
ContinueRequestParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| component_type | Component to upgrade. Hints NSX to upgrade a specific component. |
string | |
| skip | Skip to upgrade of next component. | boolean | Default: "False" |
CookiePersistenceModeType (schema) (Deprecated)
cookie persistence mode
If the persistence cookie is found in the incoming request, value of the
cookie is used to identify the server that this request should be sent to.
If the cookie is not found, then the server selection algorithm is used to
select a new server to handle that request.
Three different modes of cookie persistence are supported: insert, prefix
and rewrite.
In cookie insert mode, a cookie is inserted by load balancer in the HTTP
response going from server to client.
In cookie prefix and rewrite modes, server controls the cookie and load
balancer only manipulates the value of the cookie. In prefix mode, server's
cookie value is prepended with the server IP and port and then sent to the
client. In rewrite mode, entire server's cookie value is replaced with the
server IP and port in the response before sending it to the client.
| Name | Description | Type | Notes |
|---|---|---|---|
| CookiePersistenceModeType | cookie persistence mode If the persistence cookie is found in the incoming request, value of the cookie is used to identify the server that this request should be sent to. If the cookie is not found, then the server selection algorithm is used to select a new server to handle that request. Three different modes of cookie persistence are supported: insert, prefix and rewrite. In cookie insert mode, a cookie is inserted by load balancer in the HTTP response going from server to client. In cookie prefix and rewrite modes, server controls the cookie and load balancer only manipulates the value of the cookie. In prefix mode, server's cookie value is prepended with the server IP and port and then sent to the client. In rewrite mode, entire server's cookie value is replaced with the server IP and port in the response before sending it to the client. |
string | Deprecated Enum: INSERT, PREFIX, REWRITE |
CopyFromRemoteFileProperties (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| port | Server port | integer | Minimum: 1 Maximum: 65535 |
| protocol | Protocol to use to copy file | Protocol (Abstract type: pass one of the following concrete types) HttpProtocol HttpsProtocol ScpProtocol SftpProtocol |
Required |
| server | Remote server hostname or IP address | string | Required Pattern: "^.+$" |
| uri | URI of file to copy | string | Required |
CopyRemoteFileProperties (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| port | Server port | integer | Minimum: 1 Maximum: 65535 |
| server | Remote server hostname or IP address | string | Required Pattern: "^.+$" |
| uri | URI of file to copy | string | Required |
CopyToRemoteFileProperties (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| port | Server port | integer | Minimum: 1 Maximum: 65535 |
| protocol | Protocol to use to copy file Only scp and sftp may be used. |
Protocol (Abstract type: pass one of the following concrete types) HttpProtocol HttpsProtocol ScpProtocol SftpProtocol |
Required |
| server | Remote server hostname or IP address | string | Required Pattern: "^.+$" |
| uri | URI of file to copy | string | Required |
CoreDumpConfig (schema)
Node core dump config
Node core dump config
| Name | Description | Type | Notes |
|---|---|---|---|
| global_file_limit | Core dump file persistence config global limit | integer | Minimum: 0 Default: "2" |
| global_frequency_threshold | Core dump files frequency threshold config in seconds, set 0 to disable | integer | Minimum: 0 Default: "600" |
| process_config | Core dump config per process limit | array of CoreDumpProcessConfig |
CoreDumpProcessConfig (schema)
Core dump process config
| Name | Description | Type | Notes |
|---|---|---|---|
| limit | Core dump process limit | integer | Required |
| process_name | Core dump process name | string | Required |
CpuUsage (schema)
CPU usage of DPDK and non-DPDK cores
| Name | Description | Type | Notes |
|---|---|---|---|
| avg_cpu_core_usage_dpdk | Average utilization of all DPDK cores Indicates the average usage of all DPDK cores in percentage. |
number | Readonly |
| avg_cpu_core_usage_non_dpdk | Average usage of all non-DPDK cores Indicates the average usage of all non-DPDK cores in percentage. |
number | Readonly |
| highest_cpu_core_usage_dpdk | Highest CPU utilization value among DPDK cores Indicates the highest CPU utilization value among DPDK cores in percentage. |
number | Readonly |
| highest_cpu_core_usage_non_dpdk | Highest CPU utilization value among non-DPDK cores Indicates the highest cpu utilization value among non_dpdk cores in percentage. |
number | Readonly |
CreateRemoteDirectoryProperties (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| port | Server port | integer | Minimum: 1 Maximum: 65535 |
| protocol | Protocol to use to copy file | SftpProtocol | Required |
| server | Remote server hostname or IP address | string | Required Pattern: "^.+$" |
| uri | URI of file to copy | string | Required |
Criterion (schema)
Event Criterion
Event Criterion is the logical evaluations by which the event may
be deemed fulfilled. All the evaluations must be met in order for
the criterion to be met (implicit AND).
| Name | Description | Type | Notes |
|---|---|---|---|
| evaluations | Criterion Evaluations Criterion Evaluations. |
array of Evaluation (Abstract type: pass one of the following concrete types) SourceFieldEvaluation |
Required Minimum items: 1 |
Crl (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| crl_type | Type of CRL The type of the CRL. It can be "OneCRL" or "X509" (default). |
string | Enum: OneCRL, X509 Default: "X509" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| details | Details of the X509Crl object. | X509Crl | Readonly |
| details_revoked_by_issuer_and_serial_number | Certificates revoked by issuer and serial number | array of IssuerSerialNumber | Readonly |
| details_revoked_by_subject_and_public_key_hash | Certificates revoked by subject and public key hash | array of SubjectPublicKeyHash | Readonly |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| one_crl | JSON-encoded OneCRL-like object | string | |
| pem_encoded | PEM encoded CRL data. | string | |
| resource_type | Must be set to the value Crl | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
CrlDistributionPoint (schema)
Reference to a CRL Distribution Point where to fetch a CRL
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| cdp_uri | CDP URI CRL Distribution Point URI where to fetch the CRL. |
string | Required Readonly Maximum length: 255 |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| issuer | Issuer Issuer of the CRL, referring to the CA. |
string | Required Readonly Maximum length: 255 |
| resource_type | Must be set to the value CrlDistributionPoint | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
CrlDistributionPointList (schema)
CrlDistributionPoint query result
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | CrlDistributionPoint list. | array of CrlDistributionPoint | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
CrlDistributionPointStatus (schema)
Reference to a CRL Distribution Point where to fetch a CRL
| Name | Description | Type | Notes |
|---|---|---|---|
| error_message | Error Message Error message when fetching the CRL failed. |
string | Readonly |
| status | Status Status of the fetched CRL for this CrlDistributionPoint |
CdpStatusType | Required Readonly |
CrlList (schema)
Crl queries result
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | CRL list. | array of Crl | Required Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
CrlObjectData (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| crl_type | Type of CRL The type of the CRL. It can be "OneCRL" or "X509" (default). |
string | Enum: OneCRL, X509 Default: "X509" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| one_crl | JSON-encoded OneCRL-like object | string | |
| pem_encoded | PEM encoded CRL data. | string | |
| resource_type | Must be set to the value CrlObjectData | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
CrlPemRequestType (schema)
Request Type to get a CRL's PEM file.
| Name | Description | Type | Notes |
|---|---|---|---|
| cdp_uri | CDP URI CRL Distribution Point URI where to fetch the CRL. |
string | Required Readonly Maximum length: 255 |
CrossSiteFlowInfo (schema)
Information about config flow in federation
Represents details of the config flow between sites.
Federation has the following flows
- Global Manager to Local Manager (GM -> LM)
- Local Manager to Glocal Manager (LM -> GM)
- Global Manager Active to Glocal Manager Standby (GM -> GM)
- Local Manager to Local Manager (LM -> LM)
| Name | Description | Type | Notes |
|---|---|---|---|
| from_site_id | Site id of the source | string | |
| from_site_path | Source site policy path | string | |
| full_sync_info | Full sync information for the flow | FullSyncInfo | |
| latency_measured_ts | Timestamp of latency measurement | integer | |
| latency_millis | Latency from source to destination site in milli seconds | integer | |
| leader_node_id | Local leader node id sharded for this remote site. | string | |
| status | Overall status of the flow | string | Enum: GOOD, DISCONNECTED, RECOVERY, ERROR, UNKNOWN, NOT_READY |
| to_site_id | Site id of the destination | string | |
| to_site_path | Destination site policy path | string |
CryptoAlgorithm (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| key_size | Supported key sizes for the algorithm. | array of KeySize | Required Readonly |
| name | Crypto algorithm name. | string | Required Readonly |
CryptoEnforcement (schema)
Action for crypto enforcement
If enforced and if TLS protocol Client/Server Hello has none of the
permitted TLS versions or ciphers then the connection is immediately terminated.
| Name | Description | Type | Notes |
|---|---|---|---|
| CryptoEnforcement | Action for crypto enforcement If enforced and if TLS protocol Client/Server Hello has none of the permitted TLS versions or ciphers then the connection is immediately terminated. |
string | Readonly Enum: ENFORCE, TRANSPARENT |
CspConfig (schema)
CSP authentication configuration
Extra OIDC configuration relevant only for CSP endpoints.
| Name | Description | Type | Notes |
|---|---|---|---|
| additional_org_ids | Additional orginzation IDs A list of organization IDs. CSP tokens must be associated with one of these organizations, or the customer_org_id, in order to be considered valid. |
array of string | |
| customer_org_id | Customer organization ID | string |
Csr (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| algorithm | Cryptographic algorithm (asymmetric) used by the public key for data encryption. | string | Enum: RSA, EC Default: "RSA" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| is_ca | Whether the CSR is for a CA certificate. | boolean | Default: "False" |
| key_size | Size measured in bits of the public key used in a cryptographic algorithm. | integer | Default: "4096" |
| pem_encoded | PEM encoded certificate data. | string | Readonly |
| resource_type | Must be set to the value Csr | string | |
| subject | The certificate owner's information. (CN, O, OU, C, ST, L) | Principal | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
CsrExt (schema)
Extended certificate signing request body
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| algorithm | Cryptographic algorithm (asymmetric) used by the public key for data encryption. | string | Enum: RSA, EC Default: "RSA" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| extensions | X509 extensions to add X509 v3 extensions to be added to a CSR. |
CsrExtensions | Readonly |
| id | Unique identifier of this resource | string | Sortable |
| is_ca | Whether the CSR is for a CA certificate. | boolean | Default: "False" |
| key_size | Size measured in bits of the public key used in a cryptographic algorithm. | integer | Default: "4096" |
| pem_encoded | PEM encoded certificate data. | string | Readonly |
| resource_type | Must be set to the value CsrExt | string | |
| subject | The certificate owner's information. (CN, O, OU, C, ST, L) | Principal | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
CsrExtensions (schema)
Collection of various x509 v3 extensions to be added to a CSR
| Name | Description | Type | Notes |
|---|---|---|---|
| subject_alt_names | Subject alternative names Subject alternative names of the CSR |
SubjectAltNames | Readonly |
CsrList (schema)
Csr queries result
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | CSR list. | array of Csr | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
CsrWithDaysValid (schema)
CSR data with days valid
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| algorithm | Cryptographic algorithm (asymmetric) used by the public key for data encryption. | string | Enum: RSA, EC Default: "RSA" |
| days_valid | Number of days the certificate will be valid, default 825 days | integer | Minimum: 1 Maximum: 10000 Default: "825" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| is_ca | Whether the CSR is for a CA certificate. | boolean | Default: "False" |
| key_size | Size measured in bits of the public key used in a cryptographic algorithm. | integer | Default: "4096" |
| pem_encoded | PEM encoded certificate data. | string | Readonly |
| resource_type | Must be set to the value CsrWithDaysValid | string | |
| subject | The certificate owner's information. (CN, O, OU, C, ST, L) | Principal | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
CsvListResult (schema)
Base type for CSV result.
| Name | Description | Type | Notes |
|---|---|---|---|
| file_name | File name File name set by HTTP server if API returns CSV result as a file. |
string |
CsvRecord (schema)
Base type for CSV records.
| Name | Description | Type | Notes |
|---|---|---|---|
| CsvRecord | Base type for CSV records. | object |
CurrentBackupOperationStatus (schema)
Current backup operation status
| Name | Description | Type | Notes |
|---|---|---|---|
| backup_id | Unique identifier of current backup | string | |
| current_step | Current step of operation | string | Enum: BACKUP_CREATING_CLUSTER_BACKUP, BACKUP_CREATING_NODE_BACKUP |
| current_step_message | Additional human-readable status information about current step | string | |
| end_time | Time when operation is expected to end | EpochMsTimestamp | |
| operation_type | Type of operation that is in progress. Returns none if no operation is in progress, in which case none of the other fields will be set. | string | Enum: NONE, BACKUP |
| start_time | Time when operation was started | EpochMsTimestamp |
CustomAttributeAction (schema)
Request Parameters for Custom Context Profile Attributes
Request Parameter which specify action to either add or remove the custom values.
| Name | Description | Type | Notes |
|---|---|---|---|
| action | Add or Remove Custom Context Profile Attribute values. Action parameter determines whether to add or remove Custom Context Profile Attribute values. |
string | Required Enum: add, remove |
CustomFilterWidgetConfiguration (schema)
Custom Filter widget Configuration
Represents configuration for custom filter widget. For this widget the data source is not applicable. It defines ui identifer for filter UI component and render it on dashboard view. This configuration can only be used for system owned widgets.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| alias | Alias to be used when emitting filter value Alias to be used when emitting filter value. |
string | |
| condition | Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally. |
string | Maximum length: 1024 |
| datasources | Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API. |
array of Datasource | Minimum items: 0 |
| default_filter_value | Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values. |
array of DefaultFilterValue | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title. |
string | Maximum length: 255 |
| drilldown_id | Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget. |
string | Maximum length: 255 |
| feature_set | Features required to view the widget Features required to view the widget. |
FeatureSet | |
| filter | Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property. |
string | Deprecated |
| filter_value_required | Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory. |
boolean | Default: "True" |
| filters | A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget. |
array of string | |
| footer | Footer | ||
| icons | Icons Icons to be applied at dashboard for widgets and UI elements. |
array of Icon | |
| id | Unique identifier of this resource | string | Sortable |
| is_drilldown | Set as a drilldown widget Set to true if this widget should be used as a drilldown. |
boolean | Default: "False" |
| legend | Legend for the widget Legend to be displayed. If legend is not needed, do not include it. |
Legend | |
| plot_configs | List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here. |
array of WidgetPlotConfiguration | |
| resource_type | Must be set to the value CustomFilterWidgetConfiguration | string | Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255 |
| rowspan | Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px. |
int | Minimum: 1 |
| shared | Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users. |
boolean | Deprecated |
| show_header | This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header. |
boolean | |
| span | Horizontal span Represents the horizontal span of the widget / container. |
int | Minimum: 1 Maximum: 12 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| ui_component_identifier | UI identifier for filter component to be rendered inside view/container User defined filter component selector to be rendered inside view/container. |
string | Required |
| weight | Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details. |
int | Deprecated |
CustomWidgetConfiguration (schema)
Custom widget Configuration
Represents configuration for custom widget. For this widget the data source is not applicable. It defines ui identifer to identify UI component and render it on dashboard view. This configuration can only be used for system owned widgets.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| condition | Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally. |
string | Maximum length: 1024 |
| datasources | Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API. |
array of Datasource | Minimum items: 0 |
| default_filter_value | Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values. |
array of DefaultFilterValue | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title. |
string | Maximum length: 255 |
| drilldown_id | Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget. |
string | Maximum length: 255 |
| feature_set | Features required to view the widget Features required to view the widget. |
FeatureSet | |
| filter | Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property. |
string | Deprecated |
| filter_value_required | Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory. |
boolean | Default: "True" |
| filters | A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget. |
array of string | |
| footer | Footer | ||
| icons | Icons Icons to be applied at dashboard for widgets and UI elements. |
array of Icon | |
| id | Unique identifier of this resource | string | Sortable |
| is_drilldown | Set as a drilldown widget Set to true if this widget should be used as a drilldown. |
boolean | Default: "False" |
| legend | Legend for the widget Legend to be displayed. If legend is not needed, do not include it. |
Legend | |
| plot_configs | List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here. |
array of WidgetPlotConfiguration | |
| resource_type | Must be set to the value CustomWidgetConfiguration | string | Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255 |
| rowspan | Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px. |
int | Minimum: 1 |
| shared | Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users. |
boolean | Deprecated |
| show_header | This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header. |
boolean | |
| span | Horizontal span Represents the horizontal span of the widget / container. |
int | Minimum: 1 Maximum: 12 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| ui_component_identifier | UI identifier for component to be rendered inside view/container User defined component selector to be rendered inside view/container. |
string | |
| weight | Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details. |
int | Deprecated |
CvxConnectionInfo (schema)
CVX Connection Info
Credential info to connect to a CVX type of enforcement point.
| Name | Description | Type | Notes |
|---|---|---|---|
| enforcement_point_address | Enforcement Point Address Value of this property could be Hostname or IP. For instance: - On an NSX-T MP running on default port, the value could be "10.192.1.1" - On an NSX-T MP running on custom port, the value could be "192.168.1.1:32789" - On an NSX-T MP in VMC deployments, the value could be "192.168.1.1:5480/nsxapi" |
string | Required |
| password | Password Password. |
secure_string | Required |
| resource_type | Must be set to the value CvxConnectionInfo | string | Required Enum: NSXTConnectionInfo, NSXVConnectionInfo, CvxConnectionInfo, AviConnectionInfo |
| thumbprint | Thumbprint of Enforcement Point Thumbprint of EnforcementPoint in the form of a SHA-256 hash represented in lower case HEX. |
string | |
| username | Username Username. |
secure_string | Required |
DADMode (schema)
DAD Mode
Duplicate address detection modes.
| Name | Description | Type | Notes |
|---|---|---|---|
| DADMode | DAD Mode Duplicate address detection modes. |
string | Enum: LOOSE, STRICT |
DADStatus (schema)
DAD Status
Duplicate address detection status for IP address on port.
| Name | Description | Type | Notes |
|---|---|---|---|
| DADStatus | DAD Status Duplicate address detection status for IP address on port. |
string | Enum: DUPLICATED, TENTATIVE, ASSIGNED, NOT_APPLICABLE, UNKNOWN |
DNSForwarderStatisticsPerEnforcementPoint (schema)
DNS forwarder statistics per enforcement point
DNS forwarder statistics per enforcement point.
This is an abstract type. Concrete child types:
NsxTDNSForwarderStatistics
| Name | Description | Type | Notes |
|---|---|---|---|
| enforcement_point_path | Enforcement point path Policy path referencing the enforcement point from where the statistics are fetched. |
string | Readonly |
| resource_type | string | Required Enum: NsxTDNSForwarderStatistics |
DNSForwarderStatusPerEnforcementPoint (schema)
DNS forwarder status per enforcement point
DNS forwarder status per enforcement point.
This is an abstract type. Concrete child types:
NsxTDNSForwarderStatus
| Name | Description | Type | Notes |
|---|---|---|---|
| enforcement_point_path | Enforcement point path Policy path referencing the enforcement point from where the status is fetched. |
string | Readonly |
| resource_type | string | Required Enum: NsxTDNSForwarderStatus |
DataCounter (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| dropped | The dropped packets or bytes | integer | |
| multicast_broadcast | The multicast and broadcast packets or bytes | integer | |
| total | The total packets or bytes | integer | Required |
DataSourceParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| source | The data source, either realtime or cached. If not provided, cached data is returned. | DataSourceType |
DataSourceType (schema)
Data source type.
| Name | Description | Type | Notes |
|---|---|---|---|
| DataSourceType | Data source type. | string | Enum: realtime, cached |
Datasource (schema)
Datasource Instance
An instance of a datasource configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| display_name | Datasource instance's display name Name of a datasource instance. |
string | Required Maximum length: 255 |
| keystore_info | Key Store Info Key Store information for all the url aliases defined in datasource. Use this property if key store information is same for each url aliases in the datasource. |
KeyStoreInfo | |
| urls | Array of relative urls and their aliases Array of urls relative to the datasource configuration. For example, api/v1/fabric/nodes is a relative url of nsx-manager instance. |
array of UrlAlias | Required |
DatetimeUTC (schema)
Datetime string in UTC
Datetime string in UTC in the RFC3339 format 'yyyy-mm-ddThh:mm:ssZ'
| Name | Description | Type | Notes |
|---|---|---|---|
| DatetimeUTC | Datetime string in UTC Datetime string in UTC in the RFC3339 format 'yyyy-mm-ddThh:mm:ssZ' |
string |
DecryptionFailAction (schema)
TLS handshake fail action
Action to take when TLS handshake fails.
| Name | Description | Type | Notes |
|---|---|---|---|
| DecryptionFailAction | TLS handshake fail action Action to take when TLS handshake fails. |
string | Readonly Enum: BLOCK, BYPASS |
DefaultFilterValue (schema)
Default filter values
An instance of a datasource configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| alias | Filter alias Filter alias. |
string | Required |
| value | Filter default value Filter default value. |
string | Required |
DeleteRequestParameters (schema)
Parameters that affect how delete operations are processed
| Name | Description | Type | Notes |
|---|---|---|---|
| force | Force delete the resource even if it is being used somewhere
If true, deleting the resource succeeds even if it is being referred as a resource reference. |
boolean | Default: "False" |
DependentServices (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| dependent_services | List of firewall dependent services List of firewall dependent services. |
array of string |
DeploymentZone (schema) (Deprecated)
Deployment zone
Logical grouping of enforcement points.
This is a deprecated type. DeploymentZone has been renamed to Site.
Use Site.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enforcement_points | Logical grouping of enforcement points | array of EnforcementPoint | |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value DeploymentZone | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
DetachClusterParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| force | string | Enum: true, false | |
| graceful-shutdown | string | Enum: true, false Default: "false" |
|
| ignore-repository-ip-check | string | Enum: true, false Default: "false" |
DfwFirewallConfiguration (schema)
DFW Firewall related configurations
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildPolicyExcludeList |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| disable_auto_drafts | Auto draft disable flag To disable auto drafts, set it to true. By default, auto drafts are enabled. |
boolean | Default: "False" |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enable_firewall | Firewall enable flag If set to true, Firewall is enabled. |
boolean | Default: "True" |
| global_addrset_mode_enabled | A flag to indicate if global address set is enabled in DFW When this flag is set to true, global address set is enabled in Distributed Firewall. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| idfw_enabled | Identity firewall enable flag If set to true, identity firewall is enabled. |
boolean | Default: "False" |
| idfw_event_log_scraper_enabled | Enable event log scraping Enables event log scraping for Identity firewall. |
boolean | Default: "False" |
| idfw_loginsight_enabled | Enable Loginsight server for Identity Firewall If set to true, collection of login/logout events from Loginsight server is enabled. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value DfwFirewallConfiguration | string | Required Enum: DfwFirewallConfiguration |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
DhGroup (schema)
Diffie-Hellman groups
Diffie-Hellman groups represent algorithm used to derive shared
keys between IPSec VPN initiator and responder over an
unsecured network.
GROUP2 uses 1048-bit Modular Exponentiation (MODP) group.
GROUP5 uses 1536-bit MODP group.
GROUP14 uses 2048-bit MODP group.
GROUP15 uses 3072-bit MODP group.
GROUP16 uses 4096-bit MODP group.
GROUP19 uses 256-bit Random Elliptic Curve (ECP) group.
GROUP20 uses 384-bit Random ECP group.
GROUP21 uses 521-bit Random ECP group.
| Name | Description | Type | Notes |
|---|---|---|---|
| DhGroup | Diffie-Hellman groups Diffie-Hellman groups represent algorithm used to derive shared keys between IPSec VPN initiator and responder over an unsecured network. GROUP2 uses 1048-bit Modular Exponentiation (MODP) group. GROUP5 uses 1536-bit MODP group. GROUP14 uses 2048-bit MODP group. GROUP15 uses 3072-bit MODP group. GROUP16 uses 4096-bit MODP group. GROUP19 uses 256-bit Random Elliptic Curve (ECP) group. GROUP20 uses 384-bit Random ECP group. GROUP21 uses 521-bit Random ECP group. |
string | Enum: GROUP2, GROUP5, GROUP14, GROUP15, GROUP16, GROUP19, GROUP20, GROUP21 |
DhcpDeleteLeaseRequestParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| ip | IPAddress | Required | |
| mac | MACAddress | Required |
DhcpDeleteLeases (schema)
List of DHCP leases to be deleted
| Name | Description | Type | Notes |
|---|---|---|---|
| leases | List of DHCP leases | array of DhcpDeleteLeaseRequestParameters | Required Minimum items: 1 Maximum items: 100 |
DhcpHeader (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| op_code | Message op code / message type This is used to specify the general type of message. A client sending request to a server uses an op code of BOOTREQUEST, while a server replying uses an op code of BOOTREPLY. |
string | Enum: BOOTREQUEST, BOOTREPLY Default: "BOOTREQUEST" |
DhcpIpPoolUsage (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| allocated_number | allocated number. COULD BE INACCURATE, REFERENCE ONLY. | integer | Required |
| allocated_percentage | allocated percentage. COULD BE INACCURATE, REFERENCE ONLY. | integer | Required |
| dhcp_ip_pool_id | uuid of dhcp ip pool | string | Required |
| pool_size | pool size | integer | Required |
DhcpLeasePerIP (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| expire_time | expire time of the lease | string | |
| ip_address | ip address of client | string | Required |
| lease_time | lease time of the ip address, in seconds | string | |
| mac_address | mac address of client | string | Required |
| start_time | start time of lease | string | Required |
| subnet | subnet of client network | string |
DhcpLeases (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| dhcp_server_id | dhcp server uuid | string | |
| leases | The lease info list of the server | array of DhcpLeasePerIP | Minimum items: 0 Maximum items: 65535 |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
| timestamp | timestamp of the lease info | EpochMsTimestamp |
DhcpLeasesResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| connectivity_path | Policy path to Segment, Tier0 or Tier1 gateway Policy path to Segment, Tier0 or Tier1 gateway where DHCP server is attached. |
string | |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| dhcp_server_id | dhcp server uuid | string | |
| leases | The lease info list of the server | array of DhcpLeasePerIP | Minimum items: 0 Maximum items: 65535 |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
| timestamp | timestamp of the lease info | EpochMsTimestamp |
DhcpOption121 (schema) (Deprecated)
DHCP option 121
DHCP option 121 to define classless static route.
| Name | Description | Type | Notes |
|---|---|---|---|
| static_routes | DHCP classless static routes Classless static route of DHCP option 121. |
array of ClasslessStaticRoute | Required Minimum items: 1 Maximum items: 27 |
DhcpRelayConfig (schema)
DHCP relay configuration
DHCP relay configuration.
Please note, the realized-state of this entity returned by the
"GET /policy/api/v1/infra/realized-state/realized-entity" with this entity
policy-path is irrelevant with the application status of this entity.
Please do not rely on this returned realized-state to determine how this
dhcp-relay-config was applied. The dhcp realization information was
reflected in the realization states of the referencing Segment or T0/T1
gateway.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value DhcpRelayConfig | string | |
| server_addresses | DHCP relay addresses DHCP server IP addresses for DHCP relay configuration. Both IPv4 and IPv6 addresses are supported. |
array of IPAddress | Required Maximum items: 8 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
DhcpRelayConfigListResult (schema)
Paged collection of DhcpRelayConfigs
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | DhcpRelayConfig results | array of DhcpRelayConfig | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
DhcpServerConfig (schema)
DHCP server configuration
DHCP server configuration.
Please note, the realized-state of this entity returned by the
"GET /policy/api/v1/infra/realized-state/realized-entity" with this entity
policy-path is irrelevant with the application status of this entity.
Please do not rely on this returned realized-state to determine how this
dhcp-server-config was applied. The dhcp realization information was
reflected in the realization states of the referencing Segment or T0/T1
gateway.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| edge_cluster_path | Edge cluster path The reference to the edge cluster using the policy path of the edge cluster. Auto assigned if only one edge cluster is configured on enforcement-point. Modifying edge cluster will reallocate DHCP server to the new edge cluster. Please note that re-allocating edge-cluster will result in losing of all exisitng DHCP lease information. Change edge cluster only when losing DHCP leases is not a real problem, e.g. cross-site migration or failover and all client hosts will be reboot and get new IP addresses. |
string | |
| enable_standby_relocation | Stand-By Relocation If no "preferred-edge-paths" were defined, and the "enable-standby-relocation"=true, once a new edge-node was added to the edge-cluster, the stand-by node of the DHCP could possibly be moved to another edge-node. But there is no guarantee that the stand-by will be moved. Please note, if the dhcp-server-config was applied to a gateway, and this gateway has defined its own edge-cluster and preferred edge-nodes, then the edge-cluster and nodes defined in dhcp-server-config will be ignored. |
boolean | Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| lease_time | IP address lease time in seconds IP address lease time in seconds. |
integer | Deprecated Minimum: 60 Maximum: 4294967295 Default: "86400" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| preferred_edge_paths | Edge node path Policy paths to edge nodes on which the DHCP servers run. The first edge node is assigned as active edge, and second one as stanby edge. If only one edge node is specified, the DHCP servers will run without HA support. When this property is not specified, edge nodes are auto-assigned during realization of the DHCP server. |
array of string | Maximum items: 2 |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value DhcpServerConfig | string | |
| server_address | DHCP server address in CIDR format DHCP server address in CIDR format. Prefix length should be less than or equal to 30. DHCP server is deployed as DHCP relay service. This property is deprecated, use server_addresses instead. Both properties cannot be specified together with different new values. |
string | Deprecated Format: ip-cidr-block |
| server_addresses | DHCP server address in CIDR format DHCP server address in CIDR format. Both IPv4 and IPv6 address families are supported. Prefix length should be less than or equal to 30 for IPv4 address family and less than or equal to 126 for IPv6. When not specified, IPv4 value is auto-assigned to 100.96.0.1/30. Ignored when this object is configured at a Segment. |
array of string | Maximum items: 2 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
DhcpServerConfigListResult (schema)
Paged collection of DhcpServerConfigs
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | DhcpServerConfig results | array of DhcpServerConfig | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
DhcpServerLeaseRequestParameters (schema)
DHCP server lease request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| address | IP or MAC address IP address, IP range or MAC address to retrieve specific lease information. Either a "address" or a "segment_path" can be provided, but not both in the same call. |
string | |
| connectivity_path | String Path of Tier0, Tier1 or Segment String Path of Tier0, Tier1 or Segment where DHCP server is deployed. Specify Tier0/Tier1 gateway path for DHCP server attached to the gateway. Segment path must be specified for local DHCP server configuration. |
string | Required |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| enforcement_point_path | String Path of the enforcement point Enforcement point path. Required when multiple enforcement points are configured. |
string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| segment_path | Segment path to retrieve lease information Segment path to retrieve lease information. Either a "address" or a "segment_path" can be provided, but not both in the same call. |
string | |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string | |
| source | The data source The data source, either realtime or cached. If not provided, cached data is returned. |
DataSourceType |
DhcpServerRequestParameters (schema)
DHCP server list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| connectivity_path | String Path of Tier0, Tier1 or Segment String Path of Tier0, Tier1 or Segment where DHCP server is deployed. Specify Tier0/Tier1 gateway path for DHCP server attached to the gateway. Segment path must be specified for local DHCP server configuration. |
string | Required |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| enforcement_point_path | String Path of the enforcement point Enforcement point path. Required when multiple enforcement points are configured. |
string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
DhcpServerState (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| details | Array of configuration state of various sub systems | array of ConfigurationStateElement | Readonly |
| failure_code | Error code | integer | Readonly |
| failure_message | Error message in case of failure | string | Readonly |
| state | Overall state of desired configuration Gives details of state of desired configuration. Additional enums with more details on progress/success/error states are sent for edge node. The success states are NODE_READY and TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values indicate failures. "in_sync" state indicates that the desired configuration has been received by the host to which it applies, but is not yet in effect. When the configuration is actually in effect, the state will change to "success". Please note, failed state is deprecated. |
string | Required Readonly Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown, error, in_sync, NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, EDGE_CONFIG_ERROR, VM_DEPLOYMENT_RESTARTED, REGISTRATION_FAILED, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, TRANSPORT_NODE_READY, VM_NETWORK_EDIT_PENDING, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, REGISTRATION_TIMEDOUT, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, VM_RESOURCE_RESERVATION_FAILED, DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER, DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, EDGE_NODE_SETTINGS_MISMATCH_RESOLVE, EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE, EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE, EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE, COMPUTE_MANAGER_NOT_FOUND, DELETE_IN_PROGRESS, ADVANCED_CONFIG_EDIT_FAILED, UPT_MODE_REALIZATION_POLL_TIMED_OUT, DATAPATH_CONFIGURATION_EDIT_FAILED, MAINTENANCE_MODE_ENABLED, ERROR_IN_ENABLE_MAINTENANCE_MODE, ERROR_IN_DISABLE_MAINTENANCE_MODE, CONFIGURE_UPT_ON_VM_FAILED, VM_VERSION_IS_UPT_INCOMPATIBLE, DELETE_FAILED_FOR_DIFFERENT_MOREF_ID, DELETE_FAILED_ON_VM_NOT_FOUND, DELETE_FAILED_FOR_NON_LCM_EDGE |
DhcpServerStatistics (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| acks | The total number of DHCP ACK packets | integer | Required |
| declines | The total number of DHCP DECLINE packets | integer | Required |
| dhcp_server_id | dhcp server uuid | string | Required |
| discovers | The total number of DHCP DISCOVER packets | integer | Required |
| errors | The total number of DHCP errors | integer | Required |
| informs | The total number of DHCP INFORM packets | integer | Required |
| ip_pool_stats | The DHCP ip pool usage statistics | array of DhcpIpPoolUsage | |
| nacks | The total number of DHCP NACK packets | integer | Required |
| offers | The total number of DHCP OFFER packets | integer | Required |
| releases | The total number of DHCP RELEASE packets | integer | Required |
| requests | The total number of DHCP REQUEST packets | integer | Required |
| timestamp | timestamp of the statistics | EpochMsTimestamp | Required |
DhcpServerStatus (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| active_node | uuid of active transport node | string | Required |
| error_message | Error message, if available | string | |
| service_status | UP means the dhcp service is working fine on both active transport-node
and stand-by transport-node (if have), hence fail-over can work at this time if there is failure happens on one of the transport-node; DOWN means the dhcp service is down on both active transport-node and stand-by node (if have), hence the dhcp-service will not repsonse any dhcp request; Error means error happens on transport-node(s) or no status is reported from transport-node(s). The dhcp service may be working (or not working); NO_STANDBY means dhcp service is working in one of the transport node while not in the other transport-node (if have). Hence if the dhcp service in the working transport-node is down, fail-over will not happen and the dhcp service will go down. |
string | Required Enum: UP, DOWN, ERROR, NO_STANDBY |
| stand_by_node | uuid of stand_by transport node. null if non-HA mode | string |
DhcpStaticBindingConfig (schema)
Base class for DHCP options
DHCP IPv4 and IPv6 static bindings are extended from this abstract class.
This is an abstract type. Concrete child types:
DhcpV4StaticBindingConfig
DhcpV6StaticBindingConfig
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value DhcpStaticBindingConfig | string | Required Enum: DhcpV4StaticBindingConfig, DhcpV6StaticBindingConfig |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
DhcpStaticBindingConfigListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paginated list of DhcpStaticBindingConfig | array of DhcpStaticBindingConfig (Abstract type: pass one of the following concrete types) DhcpV4StaticBindingConfig DhcpV6StaticBindingConfig |
Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
DhcpStaticBindingState (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| details | Array of configuration state of various sub systems | array of ConfigurationStateElement | Readonly |
| failure_code | Error code | integer | Readonly |
| failure_message | Error message in case of failure | string | Readonly |
| state | Overall state of desired configuration Gives details of state of desired configuration. Additional enums with more details on progress/success/error states are sent for edge node. The success states are NODE_READY and TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values indicate failures. "in_sync" state indicates that the desired configuration has been received by the host to which it applies, but is not yet in effect. When the configuration is actually in effect, the state will change to "success". Please note, failed state is deprecated. |
string | Required Readonly Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown, error, in_sync, NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, EDGE_CONFIG_ERROR, VM_DEPLOYMENT_RESTARTED, REGISTRATION_FAILED, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, TRANSPORT_NODE_READY, VM_NETWORK_EDIT_PENDING, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, REGISTRATION_TIMEDOUT, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, VM_RESOURCE_RESERVATION_FAILED, DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER, DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, EDGE_NODE_SETTINGS_MISMATCH_RESOLVE, EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE, EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE, EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE, COMPUTE_MANAGER_NOT_FOUND, DELETE_IN_PROGRESS, ADVANCED_CONFIG_EDIT_FAILED, UPT_MODE_REALIZATION_POLL_TIMED_OUT, DATAPATH_CONFIGURATION_EDIT_FAILED, MAINTENANCE_MODE_ENABLED, ERROR_IN_ENABLE_MAINTENANCE_MODE, ERROR_IN_DISABLE_MAINTENANCE_MODE, CONFIGURE_UPT_ON_VM_FAILED, VM_VERSION_IS_UPT_INCOMPATIBLE, DELETE_FAILED_FOR_DIFFERENT_MOREF_ID, DELETE_FAILED_ON_VM_NOT_FOUND, DELETE_FAILED_FOR_NON_LCM_EDGE |
DhcpStatistics (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| acks | The total number of DHCP ACK packets | integer | Required |
| declines | The total number of DHCP DECLINE packets | integer | Required |
| dhcp_server_id | dhcp server uuid | string | Required |
| discovers | The total number of DHCP DISCOVER packets | integer | Required |
| errors | The total number of DHCP errors | integer | Required |
| informs | The total number of DHCP INFORM packets | integer | Required |
| ip_pool_stats | The DHCP ip pool usage statistics | array of DhcpIpPoolUsage | |
| nacks | The total number of DHCP NACK packets | integer | Required |
| offers | The total number of DHCP OFFER packets | integer | Required |
| releases | The total number of DHCP RELEASE packets | integer | Required |
| requests | The total number of DHCP REQUEST packets | integer | Required |
| timestamp | timestamp of the statistics | EpochMsTimestamp | Required |
DhcpV4Options (schema)
DHCP options for IPv4 address family
DHCP options for IPv4 server.
| Name | Description | Type | Notes |
|---|---|---|---|
| option121 | DHCP option 121 DHCP option 121 to define classless static routes. |
DhcpOption121 | |
| others | Other DHCP options To define DHCP options other than option 121 in generic format. Please note, only the following options can be defined in generic format. Those other options will be accepted without validation but will not take effect. -------------------------- Code Name -------------------------- 2 Time Offset 6 Domain Name Server 13 Boot File Size 19 Forward On/Off 26 MTU Interface 28 Broadcast Address 35 ARP Timeout 40 NIS Domain 41 NIS Servers 42 NTP Servers 44 NETBIOS Name Srv 45 NETBIOS Dist Srv 46 NETBIOS Node Type 47 NETBIOS Scope 58 Renewal Time 59 Rebinding Time 64 NIS+-Domain-Name 65 NIS+-Server-Addr 66 TFTP Server-Name (used by PXE) 67 Bootfile-Name (used by PXE) 117 Name Service Search 119 Domain Search 150 TFTP server address (used by PXE) 209 PXE Configuration File 210 PXE Path Prefix 211 PXE Reboot Time |
array of GenericDhcpOption | Minimum items: 0 Maximum items: 255 |
DhcpV4StaticBindingConfig (schema)
DHCP static binding
DHCP IPv4 static bindings are configured for each segment.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| gateway_address | Gateway IP address When not specified, gateway address is auto-assigned from segment configuration. |
IPv4Address | |
| host_name | Host name Hostname to assign to the host. |
string | Maximum length: 63 |
| id | Unique identifier of this resource | string | Sortable |
| ip_address | IP assigned to host IP assigned to host. The IP address must belong to the subnet, if any, configured on Segment. |
IPv4Address | Required |
| lease_time | Lease time DHCP lease time in seconds. |
integer | Minimum: 60 Maximum: 4294967295 Default: "86400" |
| mac_address | MAC address of host MAC address of the host. |
MACAddress | Required |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| options | DHCP options IPv4 DHCP options. |
DhcpV4Options | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value DhcpV4StaticBindingConfig | string | Required Enum: DhcpV4StaticBindingConfig, DhcpV6StaticBindingConfig |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
DhcpV6StaticBindingConfig (schema)
DHCP static binding
DHCP IPv6 static bindings are configured for each segment.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| dns_nameservers | DNS nameservers to be set to client host When not specified, no DNS nameserver will be set to client host. |
array of string | Minimum items: 0 Maximum items: 2 |
| domain_names | Domain names to be assigned to client host When not specified, no domain name will be assigned to client host. |
array of string | |
| id | Unique identifier of this resource | string | Sortable |
| ip_addresses | IP addresses to be assigned to client host When not specified, no ip address will be assigned to client host. |
array of IPv6Address | Minimum items: 0 Maximum items: 1 |
| lease_time | Lease time Lease time, in seconds. |
integer | Minimum: 60 Maximum: 4294967295 Default: "86400" |
| mac_address | MAC address The MAC address of the client host. Either client-duid or mac-address, but not both. |
MACAddress | Required |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| preferred_time | Preferred time Preferred time, in seconds. If this value is not provided, the value of lease_time*0.8 will be used. |
integer | Minimum: 48 Maximum: 4294967295 |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value DhcpV6StaticBindingConfig | string | Required Enum: DhcpV4StaticBindingConfig, DhcpV6StaticBindingConfig |
| sntp_servers | SNTP server ips SNTP server IP addresses. |
array of IPv6Address | Minimum items: 0 Maximum items: 2 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
Dhcpv6Header (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| msg_type | DHCP message type This is used to specify the DHCP v6 message. To request the assignment of one or more IPv6 addresses, a client first locates a DHCP server and then requests the assignment of addresses and other configuration information from the server. The client sends a Solicit message to the All_DHCP_Relay_Agents_and_Servers address to find available DHCP servers. Any server that can meet the client's requirements responds with an Advertise message. The client then chooses one of the servers and sends a Request message to the server asking for confirmed assignment of addresses and other configuration information. The server responds with a Reply message that contains the confirmed addresses and configuration. SOLICIT - A client sends a Solicit message to locate servers. ADVERTISE - A server sends and Advertise message to indicate that it is available. REQUEST - A client sends a Request message to request configuration parameters. REPLY - A server sends a Reply message containing assigned addresses and configuration parameters. |
string | Enum: SOLICIT, ADVERTISE, REQUEST, REPLY Default: "SOLICIT" |
DirectoryDomainSyncSettings (schema)
Domain synchronization settings
| Name | Description | Type | Notes |
|---|---|---|---|
| delta_sync_interval | Delta synchronization inverval in minutes Directory domain delta synchronization interval time between two delta sync in minutes. |
integer | Minimum: 5 Maximum: 720 Default: "180" |
| full_sync_cron_expr | Full synchronization cron expression Directory domain full synchronization schedule using cron expression. For example, cron expression "0 0 12 ? * SUN *" means full sync is scheduled every Sunday midnight. If this object is null, it means there is no background cron job running for full sync. |
string | |
| sync_delay_in_sec | Sync delay (in second). Sync delay after Directory domain has been successfully created. if delay is -1, initial full sync will not be triggered. |
int | Minimum: -1 Maximum: 600 Default: "30" |
DirectoryEventLogServerStatus (schema)
Event log server connection status
| Name | Description | Type | Notes |
|---|---|---|---|
| error_message | Additional optional detail error message | string | Readonly |
| last_event_record_id | Last event record ID Last event record ID is an opaque integer value that shows the last successfully received event from event log server. |
integer | Readonly |
| last_event_time_created | Time when last event record ID was received Time of last successfully received and record event from event log server. |
EpochMsTimestamp | Readonly |
| last_polling_time | Last polling time | EpochMsTimestamp | Readonly |
| status | Current connection status of event log server Connection status: OK: All OK ERROR: Generic error |
string | Required Readonly Enum: OK, ERROR |
DiscoveredResource (schema)
Base class for resources that are discovered and automatically updated
| Name | Description | Type | Notes |
|---|---|---|---|
| _last_sync_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| resource_type | The type of this resource. | string | Required |
| scope | List of scopes for discovered resource Specifies list of scope of discovered resource. e.g. if VHC path is associated with principal identity, who owns the discovered resource, then scope id will be VHC path and scope type will be VHC. |
array of DiscoveredResourceScope | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
DiscoveredResourceScope (schema)
Scope of discovered resource
| Name | Description | Type | Notes |
|---|---|---|---|
| scope_id | Scope Id of scope for discovered resource Specifies the scope id of discovered resource. |
string | |
| scope_type | Type of scope Type of the scope for the discovered resource. |
string | Enum: CONTAINER_CLUSTER, VPC |
DiscoveryProfileBindingMap (schema)
Base Discovery Profile Binding Map
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value DiscoveryProfileBindingMap | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
DiskProvisioning (schema)
Disk provisioning type
Disk provisioning type for deploying VM.
| Name | Description | Type | Notes |
|---|---|---|---|
| DiskProvisioning | Disk provisioning type Disk provisioning type for deploying VM. |
string | Required Enum: THIN, LAZY_ZEROED_THICK, EAGER_ZEROED_THICK |
DistributedFloodProtectionProfile (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enable_rst_spoofing | Flag to indicate rst spoofing is enabled If set to true, rst spoofing will be enabled. Flag is used only for distributed firewall profiles. |
boolean | Default: "False" |
| enable_syncache | Flag to indicate syncache is enabled If set to true, sync cache will be enabled. Flag is used only for distributed firewall profiles. |
boolean | Default: "False" |
| icmp_active_flow_limit | Active ICMP connections limit If this field is empty, firewall will not set a limit to active ICMP connections. |
integer | Minimum: 1 Maximum: 1000000 |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| other_active_conn_limit | Timeout after first TN If this field is empty, firewall will not set a limit to other active connections. besides UDP, ICMP and half open TCP connections. |
integer | Minimum: 1 Maximum: 1000000 |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value DistributedFloodProtectionProfile | FloodProtectionProfileResourceType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_half_open_conn_limit | Active half open TCP connections limit If this field is empty, firewall will not set a limit to half open TCP connections. |
integer | Minimum: 1 Maximum: 1000000 |
| udp_active_flow_limit | Active UDP connections limit If this field is empty, firewall will not set a limit to active UDP connections. |
integer | Minimum: 1 Maximum: 1000000 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
DnsHeader (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| address | Domain name/IP to query/response This is used to define what is being asked or responded. |
string | Format: hostname-or-ip |
| address_type | This is used to specify the type of the address. V4 - The address provided is an IPv4 domain name/IP address, the Type in query or response will be A V6 - The address provided is an IPv6 domain name/IP address, the Type in query or response will be AAAA | string | Enum: V4, V6 Default: "V4" |
| message_type | Specifies the message type whether it is a query or a response. | string | Enum: QUERY, RESPONSE Default: "QUERY" |
DnsNameString (schema)
An IA5String instance for DNS Name
DNS name string in the "preferred name syntax", as specified by
Section 3.5 of [RFC1034] and as modified by Section 2.1 of [RFC1123].
| Name | Description | Type | Notes |
|---|---|---|---|
| DnsNameString | An IA5String instance for DNS Name DNS name string in the "preferred name syntax", as specified by Section 3.5 of [RFC1034] and as modified by Section 2.1 of [RFC1123]. |
string | Maximum length: 200 Format: hostname |
DnsSecurityProfile (schema)
DNS security profile
Used to configure DNS security profile
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value DnsSecurityProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| ttl | Time to live for DNS cache entry Time to live for DNS cache entry in seconds. Valid TTL values are between 3600 to 864000. However, this field accepts values between 0 through 864000. We define TTL type based on the value of TTL as follows: TTL 0 - cached entry never expires. TTL 1 to 3599 - invalid input and error is thrown TTL 3600 to 864000 - ttl is set to user input TTL field not set by user - TTL type is 'AUTO' and ttl value is set from DNS response packet. User defined TTL value is used only when it is betweeen 3600 to 864000. |
integer | Minimum: 0 Maximum: 864000 Default: "86400" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
DnsSecurityProfileBindingMap (schema)
Binding Map for DNS Security Profile
This entity will be used to establish association between DNS security profile and
Group. With this entity, user can specify intent for applying DNS security profile
profile to particular Group.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| profile_path | Profile Path PolicyPath of associated Profile |
string | Required |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value DnsSecurityProfileBindingMap | string | |
| sequence_number | Sequence number DNS Security Profile Binding Map Sequence number used to resolve conflicts betweeen two profiles applied on the same group. Lower sequence number takes higher precedence. Two binding maps applied to the same profile must have the same sequence number. User defined sequence numbers range from 1 through 100,000. System defined sequence numbers range from 100,001 through 200,000. |
integer | Minimum: 1 Maximum: 100000 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
DnsSecurityProfileBindingMapListRequestParameters (schema)
DNS Security Profile Binding Map List Request Parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
DnsSecurityProfileBindingMapListResult (schema)
Paged collection of DNS Security Profile Binding Map
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | DNS Security Profile Binding Map List Results | array of DnsSecurityProfileBindingMap | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
DnsSecurityProfileListResult (schema)
Paged Collection of DnsSecurityProfile
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | DnsSecurityProfile list results | array of DnsSecurityProfile | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
Domain (schema)
Domain
Domain.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildDomainDeploymentMap ChildForwardingPolicy ChildGatewayPolicy ChildGroup ChildSecurityPolicy |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value Domain | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
DomainDeploymentMap (schema)
Domain Deployment Map
Binding of domain to the enforcement point.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enforcement_point_path | Absolute path of enforcement point Path of enforcement point on which domain shall be enforced. |
string | Required |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value DomainDeploymentMap | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
DomainDeploymentMapListRequestParameters (schema)
Domain Deployment Map List Request Parameters
Domain Deployment Map list request parameters.
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
DomainDeploymentMapListResult (schema)
Paged Collection of Domain Deployment Map
Paged collection of Domain Deployment Map.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Domain Deployment Map List Result Domain Deployment Map list result. |
array of DomainDeploymentMap | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
DomainListRequestParameters (schema)
Domain list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
DomainListResult (schema)
Paged Collection of Domains
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Domain list results | array of Domain | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
DonutConfiguration (schema)
Donut Configuration
Represents configuration of a Donut
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| condition | Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally. |
string | Maximum length: 1024 |
| count | Expression to retrieve count to be shown on Donut Expression to retrieve count to be shown on Donut. |
string | |
| datasources | Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API. |
array of Datasource | Minimum items: 0 |
| default_filter_value | Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values. |
array of DefaultFilterValue | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_count | Show or hide the count of entities If true, displays the count of entities in the donut |
boolean | Default: "True" |
| display_name | Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title. |
string | Maximum length: 255 |
| drilldown_id | Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget. |
string | Maximum length: 255 |
| feature_set | Features required to view the widget Features required to view the widget. |
FeatureSet | |
| filter | Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property. |
string | Deprecated |
| filter_value_required | Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory. |
boolean | Default: "True" |
| filters | A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget. |
array of string | |
| footer | Footer | ||
| icons | Icons Icons to be applied at dashboard for widgets and UI elements. |
array of Icon | |
| id | Unique identifier of this resource | string | Sortable |
| is_drilldown | Set as a drilldown widget Set to true if this widget should be used as a drilldown. |
boolean | Default: "False" |
| label | Label of the Donut Configuration Displayed at the middle of the donut, by default. It labels the entities of donut. |
Label | |
| legend | Legend for the widget Legend to be displayed. If legend is not needed, do not include it. |
Legend | |
| navigation | Navigation to a specified UI page Hyperlink of the specified UI page that provides details. |
string | Maximum length: 1024 |
| plot_configs | List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here. |
array of WidgetPlotConfiguration | |
| resource_type | Must be set to the value DonutConfiguration | string | Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255 |
| rowspan | Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px. |
int | Minimum: 1 |
| sections | Sections | array of DonutSection | Required Minimum items: 1 |
| shared | Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users. |
boolean | Deprecated |
| show_header | This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header. |
boolean | |
| span | Horizontal span Represents the horizontal span of the widget / container. |
int | Minimum: 1 Maximum: 12 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| weight | Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details. |
int | Deprecated |
DonutPart (schema)
Portion of a donut or stats chart
Represents an entity or portion to be plotted on a donut or stats chart.
| Name | Description | Type | Notes |
|---|---|---|---|
| condition | Expression for evaluating condition If the condition is met then the part will be displayed. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API. |
string | |
| drilldown_id | Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget. |
string | |
| field | Value of the portion or entity of donut or stats chart A numerical value that represents the portion or entity of the donut or stats chart. |
string | Required Maximum length: 1024 |
| hide_empty_legend | Hide the legend if the data for the part is not available If true, legend will be shown only if the data for the part is available. This is applicable only if legends are specified in widget configuration. |
boolean | Default: "False" |
| label | Label of the portion or entity of donut or stats chart If a section 'template' holds this donut or stats part, then the label is auto-generated from the fetched field values after applying the template. |
Label | |
| navigation | Navigation to a specified UI page Hyperlink of the specified UI page that provides details. If drilldown_id is provided, then navigation cannot be used. |
string | |
| render_configuration | Render Configuration Additional rendering or conditional evaluation of the field values to be performed, if any. |
array of RenderConfiguration | Minimum items: 0 |
| tooltip | Multi-line tooltip Multi-line text to be shown on tooltip while hovering over the portion. |
array of Tooltip | Minimum items: 0 |
DonutSection (schema)
Section of a donut or stats chart
Represents high level logical grouping of portions or segments of a donut / stats chart.
| Name | Description | Type | Notes |
|---|---|---|---|
| parts | Parts of a donut / stats chart Array of portions or parts of the donut or stats chart. |
array of DonutPart | Required Minimum items: 1 |
| row_list_field | Field from which parts of the donut or stats chart are formed Field of the root of the api result set for forming parts. |
string | Maximum length: 1024 |
| template | Template, if any, for automatically forming the donut or stats parts If true, the section will be appled as template for forming parts. Only one part will be formed from each element of 'row_list_field'. |
boolean | Default: "False" |
DpuStatusProperties (schema)
Data processing unit status properties
| Name | Description | Type | Notes |
|---|---|---|---|
| cpu_cores | CPU core count The number of CPU cores on the system. |
integer | Readonly |
| dpu_id | Data processing unit ID | string | Readonly |
| load_average | System load average One, five, and fifteen minute load averages for the system. |
array of number | Readonly |
| mem_cache | Cached RAM size in kilobytes Amount of RAM on the system that can be flushed out to disk, in kilobytes. |
integer | Readonly |
| mem_total | Total RAM size in kilobytes System Amount of RAM allocated to the system, in kilobytes. |
integer | Readonly |
| mem_used | Used RAM size in kilobytes Amount of RAM in use on the system, in kilobytes. |
integer | Readonly |
DropdownFilterPlotConfiguration (schema)
Dropdown Filtert plotting configuration
Dropdown Filter plotting configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| allow_maximize | Allow maximize capability for this widget Allow maximize capability for this widget |
boolean | |
| allow_search | Allow search on drop down filter Allow search on drop down filter. |
boolean | Default: "False" |
| condition | Expression for evaluating condition for this chart config If the condition is met then the given chart config is applied to the widget configuration. |
string | Maximum length: 1024 |
DropdownFilterWidgetConfiguration (schema)
Dropdown Filter widget Configuration
Represents configuration for dropdown filter widget.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| alias | Alias to be used when emitting filter value Alias to be used when emitting filter value. |
string | |
| condition | Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally. |
string | Maximum length: 1024 |
| datasources | Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API. |
array of Datasource | Minimum items: 0 |
| default_filter_value | Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values. |
array of DefaultFilterValue | |
| default_value | Expression to specify default value Expression to specify default value of filter. |
string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title. |
string | Maximum length: 255 |
| drilldown_id | Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget. |
string | Maximum length: 255 |
| dropdown_filter_plot_config | Dropdown filter plotting configuration Dropdown filter plotting configuration. This plotting configuration will be applicable for the Dropdown filter only. |
DropdownFilterPlotConfiguration | |
| dropdown_item | Definition for item of a dropdown Defines the item of a dropdown. |
DropdownItem | |
| feature_set | Features required to view the widget Features required to view the widget. |
FeatureSet | |
| filter | Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property. |
string | Deprecated |
| filter_value_required | Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory. |
boolean | Default: "True" |
| filters | A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget. |
array of string | |
| footer | Footer | ||
| icons | Icons Icons to be applied at dashboard for widgets and UI elements. |
array of Icon | |
| id | Unique identifier of this resource | string | Sortable |
| is_drilldown | Set as a drilldown widget Set to true if this widget should be used as a drilldown. |
boolean | Default: "False" |
| legend | Legend for the widget Legend to be displayed. If legend is not needed, do not include it. |
Legend | |
| placeholder_msg | Placeholder message to be shown in filter Placeholder message to be displayed in dropdown filter. |
string | |
| plot_configs | List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here. |
array of WidgetPlotConfiguration | |
| resource_type | Must be set to the value DropdownFilterWidgetConfiguration | string | Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255 |
| rowspan | Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px. |
int | Minimum: 1 |
| shared | Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users. |
boolean | Deprecated |
| show_header | This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header. |
boolean | |
| span | Horizontal span Represents the horizontal span of the widget / container. |
int | Minimum: 1 Maximum: 12 |
| static_filter_condition | Expression for evaluating condition If the condition is met then the static filter will be added. If no condition is provided, then the static filters will be applied unconditionally. |
string | |
| static_filters | Additional static items to be added in dropdown filter Additional static items to be added in dropdown filter. Example can be 'ALL'. |
array of StaticFilter | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| weight | Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details. |
int | Deprecated |
DropdownItem (schema)
Dropdown item definition
| Name | Description | Type | Notes |
|---|---|---|---|
| additional_value | An additional value for item to be display in dropdown. An additional key-value pair for item to be display in dropdown. |
object | |
| display_name | Display name for item to be displayed in dropdown expression to extract display name to be shown in the drop down. |
string | Maximum length: 1024 |
| field | Expression for dropdown items of filter An expression that represents the items of the dropdown filter. |
string | Required |
| short_display_name | A property value to be shown once value is selected for a filter. Property value is shown in the drop down input box for a filter. If the value is not provided 'display_name' property value is used. |
string | Maximum length: 1024 |
| value | Value for item to be displayed in dropdown Value of filter inside dropdown filter. |
string | Required |
DscpBit (schema)
Dscp bit config
| Name | Description | Type | Notes |
|---|---|---|---|
| dscp_bit | DSCP bit for indicating the existence of INT header. A DSCP bit is allocated to indicate the existence of INT header. It takes effect only when the INT indicator mode is DSCP_BIT. The user should guarantee that the given DSCP bit is specifically allocated for INT. |
int | Required Minimum: 0 Maximum: 5 |
| indicator_type | Must be set to the value DscpBit | string | Required Enum: DSCP_BIT, DSCP_VALUE |
DscpIndicator (schema)
Abstract base type for Global In-band network telemetry configuration
The DscpIndicator is the base class for global In-band network telemetry
configurations for different types in a NSX domain.
This is an abstract type. Concrete child types:
DscpBit
DscpValue
| Name | Description | Type | Notes |
|---|---|---|---|
| indicator_type | The method for indicating the existence of INT header. | string | Required Enum: DSCP_BIT, DSCP_VALUE |
DscpTrustMode (schema)
Trust settings
When you select the Trusted mode the inner header DSCP value is applied
to the outer IP header for IP/IPv6 traffic. For non IP/IPv6 traffic,
the outer IP header takes the default value.Untrusted mode is supported
on overlay-based and VLAN-based logical port.
| Name | Description | Type | Notes |
|---|---|---|---|
| DscpTrustMode | Trust settings When you select the Trusted mode the inner header DSCP value is applied to the outer IP header for IP/IPv6 traffic. For non IP/IPv6 traffic, the outer IP header takes the default value.Untrusted mode is supported on overlay-based and VLAN-based logical port. |
string | Enum: TRUSTED, UNTRUSTED Default: "TRUSTED" |
DscpValue (schema)
Dscp bit config
| Name | Description | Type | Notes |
|---|---|---|---|
| dscp_value | DSCP value for indicating the existence of INT header. A DSCP value is allocated to indicate the existence of INT header. It takes effects only when the INT indicator mode is DSCP_VALUE. The user should guarantee that the given DSCP value is specifically allocated for INT. |
int | Required Minimum: 1 Maximum: 63 |
| indicator_type | Must be set to the value DscpValue | string | Required Enum: DSCP_BIT, DSCP_VALUE |
DuplicateAddressBindingEntry (schema) (Deprecated)
Duplicate address binding information
| Name | Description | Type | Notes |
|---|---|---|---|
| binding | Combination of IP-MAC-VLAN binding | PacketAddressClassifier | |
| binding_timestamp | Timestamp of binding Timestamp at which the binding was discovered via snooping or manually specified by the user |
EpochMsTimestamp | |
| conflicting_port | ID of logical port with the same address binding Provides the ID of the port on which the same address bidning exists |
string | |
| source | Address binding source Source from which the address binding entry was obtained |
AddressBindingSource | Default: "UNKNOWN" |
DuplicateIPDetectionOptions (schema)
Controls duplicate IP detection options
Contains dupliacte IP detection related discovery options.
| Name | Description | Type | Notes |
|---|---|---|---|
| duplicate_ip_detection_enabled | Duplicate IP detection Indicates whether duplicate IP detection should be enabled |
boolean | Default: "False" |
DynamicContentFilterQueryParameter (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| scope | Restrict scope of dynamic content filters to report | string | Enum: NAPP |
DynamicContentFilterValue (schema)
Support bundle dynamic content filter allowed values, for example, NAPP:SERVICE:PLATFORM_SERVICES
| Name | Description | Type | Notes |
|---|---|---|---|
| DynamicContentFilterValue | Support bundle dynamic content filter allowed values, for example, NAPP:SERVICE:PLATFORM_SERVICES | string |
DynamicContentFilters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| dynamic_content_filters | Support bundle content filter allowed values These filter values will be set by the remote node like the NSX Intelligence Platform for instance. We would not need to know or act on these dynamic content filters, except for passing them on as request parameters along with the support bundle collection API. |
array of DynamicContentFilterValue |
EPActionForDnsForwarderRequestParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| action | An action to be performed for DNS forwarder on EP The valid DNS forwarder actions to be performed on EP are, - clear_cache: Clear the current cache of the dns forwarder from specified enforcement point. |
string | Required Enum: clear_cache |
| enforcement_point_path | An enforcement point path, on which the action is to be performed An enforcement point path, on which the action is to be performed. If not specified, default enforcement point path, /infra/sites/default/enforcement-points/default will be considered. |
string | Default: "/infra/sites/default/enforcement-points/default" |
EULAAcceptance (schema)
EULA acceptance status
Indicate the status of End User License Agreement acceptance
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| acceptance | End User License Agreement acceptance status Acceptance status of End User License Agreement |
boolean | Required |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| resource_type | Must be set to the value EULAAcceptance | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
EULAContent (schema)
EULA content
End User License Agreement content
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| content | End User License Agreement content Content of End User License Agreement |
secure_string | Required |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| resource_type | Must be set to the value EULAContent | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
EULAOutputFormatRequestParameters (schema)
Indicate output format of End User License Agreement content
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string | |
| value_format | End User License Agreement content output format | string |
EdgeClusterNodeType (schema)
Supported edge cluster node type.
| Name | Description | Type | Notes |
|---|---|---|---|
| EdgeClusterNodeType | Supported edge cluster node type. | string | Enum: EDGE_NODE, PUBLIC_CLOUD_GATEWAY_NODE, UNKNOWN |
EdgeConfigurationState (schema)
Configuration State for Edge and VPN entities.
This contains fields that captures state of Trackable entities.
Edge and VPN state entities extend this object.
| Name | Description | Type | Notes |
|---|---|---|---|
| details | Array of configuration state of various sub systems | array of ConfigurationStateElement | Readonly |
| failure_code | Error code | integer | Readonly |
| failure_message | Error message in case of failure | string | Readonly |
| pending_change_list | List of pending changes Request identifier of the API which modified the entity. |
array of string | Readonly |
| state | Overall state of desired configuration Gives details of state of desired configuration. Additional enums with more details on progress/success/error states are sent for edge node. The success states are NODE_READY and TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values indicate failures. "in_sync" state indicates that the desired configuration has been received by the host to which it applies, but is not yet in effect. When the configuration is actually in effect, the state will change to "success". Please note, failed state is deprecated. |
string | Required Readonly Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown, error, in_sync, NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, EDGE_CONFIG_ERROR, VM_DEPLOYMENT_RESTARTED, REGISTRATION_FAILED, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, TRANSPORT_NODE_READY, VM_NETWORK_EDIT_PENDING, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, REGISTRATION_TIMEDOUT, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, VM_RESOURCE_RESERVATION_FAILED, DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER, DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, EDGE_NODE_SETTINGS_MISMATCH_RESOLVE, EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE, EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE, EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE, COMPUTE_MANAGER_NOT_FOUND, DELETE_IN_PROGRESS, ADVANCED_CONFIG_EDIT_FAILED, UPT_MODE_REALIZATION_POLL_TIMED_OUT, DATAPATH_CONFIGURATION_EDIT_FAILED, MAINTENANCE_MODE_ENABLED, ERROR_IN_ENABLE_MAINTENANCE_MODE, ERROR_IN_DISABLE_MAINTENANCE_MODE, CONFIGURE_UPT_ON_VM_FAILED, VM_VERSION_IS_UPT_INCOMPATIBLE, DELETE_FAILED_FOR_DIFFERENT_MOREF_ID, DELETE_FAILED_ON_VM_NOT_FOUND, DELETE_FAILED_FOR_NON_LCM_EDGE |
EdgeTransportNodeDatapathMemoryPoolUsage (schema)
Usage of datapath memory pool
Datapath memory pool usage value.
| Name | Description | Type | Notes |
|---|---|---|---|
| description | Description of the memory pool Description of the memory pool. |
string | Readonly |
| name | Name of the datapath memory pool Name of the datapath memory pool as available on edge node CLI. |
string | Readonly |
| usage | Percentage of memory pool in use Percentage of memory pool in use. |
number | Readonly |
EdgeTransportNodeDatapathMemoryUsage (schema)
Detailed view of the datapath memory usage. Details out the heap and per memory pool usage
Detailed view of the datapath memory usage. Details out the heap and per memory pool point in time usage.
| Name | Description | Type | Notes |
|---|---|---|---|
| datapath_heap_usage | Percentage of heap memory in use Percentage of heap memory in use. |
number | Readonly |
| datapath_mem_pools_usage | array of EdgeTransportNodeDatapathMemoryPoolUsage | ||
| highest_datapath_mem_pool_usage | Highest percentage usage value among datapath memory pools Highest percentage usage value among datapath memory pools. |
number | Readonly |
| highest_datapath_mem_pool_usage_names | array of string |
EdgeTransportNodeMemoryUsage (schema)
Memory usage details of edge node
Point in time usage of system, datapath, swap and cache memory in edge node.
| Name | Description | Type | Notes |
|---|---|---|---|
| cache_usage | Percentage of RAM on the system that can be flushed out to disk Percentage of RAM on the system that can be flushed out to disk. |
number | Readonly |
| datapath_mem_usage_details | Detailed view of the datapath memory usage. Details out the heap and per memory pool usage Detailed view of the datapath memory usage. Details out the heap and per memory pool point in time usage. |
EdgeTransportNodeDatapathMemoryUsage | Readonly |
| datapath_total_usage | Percentage of memory in use by datapath processes Percentage of memory in use by datapath processes which includes RES and hugepage memory. |
number | Readonly |
| swap_usage | Percentage of swap disk in use Percentage of swap disk in use. |
number | Readonly |
| system_mem_usage | Percentage of RAM in use on edge node Percentage of RAM in use on edge node. |
number | Readonly |
EdgeUpgradeStatus (schema)
Status of edge upgrade
| Name | Description | Type | Notes |
|---|---|---|---|
| can_rollback | Can perform rollback This field indicates whether we can perform upgrade rollback. |
boolean | Readonly |
| can_skip | Can the upgrade of the remaining units in this component be skipped | boolean | Readonly |
| component_type | Component type for the upgrade status | string | Readonly |
| current_version_node_summary | Mapping of current versions of nodes and counts of nodes at the respective versions. | NodeSummaryList | Readonly |
| details | Details about the upgrade status | string | Readonly |
| node_count_at_target_version | Count of nodes at target component version Number of nodes of the type and at the component version |
int | Readonly |
| percent_complete | Indicator of upgrade progress in percentage | number | Required Readonly |
| pre_upgrade_status | Pre-upgrade status of the component-type | UpgradeChecksExecutionStatus | Readonly |
| status | Upgrade status of component | string | Required Readonly Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED |
| target_component_version | Target component version | string | Readonly |
EffectiveIPInfo (schema)
List of effective ip address along with site id
| Name | Description | Type | Notes |
|---|---|---|---|
| effective_ips | array of IPElement | Required | |
| site_id | Id of the site to which the effective IPs belong to | string | Required |
EffectiveProfilesResponse (schema)
Enforcement point request entity
| Name | Description | Type | Notes |
|---|---|---|---|
| profiles_list | array of SwitchingProfileTypeIdEntry |
EgressRateLimiter (schema)
A shaper that specifies egress rate properties in Mb/s
| Name | Description | Type | Notes |
|---|---|---|---|
| average_bandwidth | Average bandwidth in Mb/s | int | Minimum: 0 Default: "0" |
| burst_size | Burst size in bytes | int | Minimum: 0 Default: "0" |
| enabled | boolean | Required | |
| peak_bandwidth | Peak bandwidth in Mb/s | int | Minimum: 0 Default: "0" |
| resource_type | Must be set to the value EgressRateLimiter | string | Required Enum: IngressRateLimiter, IngressBroadcastRateLimiter, EgressRateLimiter Default: "IngressRateLimiter" |
EndpointPolicy (schema)
Contains ordered list of Endpoint Rules
Ordered list of Endpoint Rules ordered by sequence number of the entries.
The maximum number of policies is 25.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| endpoint_rules | Endpoint Rules that are a part of this EndpointPolicy | array of EndpointRule | |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value EndpointPolicy | string | |
| sequence_number | Precedence to resolve conflicts across Domains This field is used to resolve conflicts between maps across domains. |
int | Minimum: 0 Maximum: 499 Default: "0" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
EndpointRule (schema)
Endpoint Rule for guest introspection.
Endpoint Rule comes from user configuration. User configures Endpoint Rule to specify what services are applied on the groups.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| groups | group paths We need paths as duplicate names may exist for groups under different domains. In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Required Maximum items: 50 |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value EndpointRule | string | |
| sequence_number | Sequence number of this Entry This field is used to resolve conflicts between multiple entries under EndpointPolicy. It will be system default value when not specified by user. |
int | Minimum: 0 Maximum: 499 Default: "0" |
| service_profiles | Names of service profiles The policy paths of service profiles are listed here. It pecifies what services are applied on the group. Currently only one is allowed. |
array of string | Required Maximum items: 1 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
EnforcedStatusDetailsNsxT (schema)
NSX-T Enforced Realized Status Details
Detailed Realized Status of an intent object on an NSX-T type of enforcement point. This is
a detailed view of the Realized Status of an intent object from an NSX-T enforcement point
perspective.
| Name | Description | Type | Notes |
|---|---|---|---|
| enforced_status_info | Enforced Realized Status Info Information about the realized status of the intent on this enforcement point. Some very recent changes may be excluded when preparing this information, which is indicated by Pending Changes Info. |
EnforcedStatusInfoNsxT | Readonly |
| pending_changes_info | Pending Changes Info Information about pending changes, if any, that aren't reflected in the Enforced Realized Status. |
PendingChangesInfoNsxT | Readonly |
EnforcedStatusInfoNsxT (schema)
NSX-T Enforced Realized Status Information
Information about the realized status of the intent object on an NSX-T type of enforcement point.
Some very recent changes may be excluded when preparing this information, which is indicated by
Pending Changes Info. In addition to the realized status across all scopes, this information holds
details about enforced realized status per scope.
| Name | Description | Type | Notes |
|---|---|---|---|
| enforced_status | Enforced Realized Status Consolidated Realized Status of an Intent object across all scopes of an NSX-T type of enforcement point. |
EnforcedStatusNsxT | Readonly |
| enforced_status_per_scope | List of Enforced Realized Status per Scope List of Enforced Realized Status per Scope. |
array of EnforcedStatusPerScopeNsxT (Abstract type: pass one of the following concrete types) TransportNodeSpanEnforcedStatus |
Readonly |
EnforcedStatusNsxT (schema)
NSX-T Enforced Status
NSX-T Enforced Status.
| Name | Description | Type | Notes |
|---|---|---|---|
| status | Enforced Realized Status Enforced Realized Status. |
RuntimeState | Readonly |
| status_message | Status Message Status Message conveying hints depending on the status value. |
string | Readonly |
EnforcedStatusPerScopeNsxT (schema)
NSX-T Enforced Realized Status Per Scope
NSX-T Detailed Realized Status Per Scope.
This is an abstract type. Concrete child types:
TransportNodeSpanEnforcedStatus
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_type | Resource Type Enforced Realized Status Per Scope Resource Type. |
string | Required Readonly Enum: TransportNodeSpanEnforcedStatus |
EnforcedStatusPerTransportNode (schema)
Enforced Realized Status Per Transport Node
Detailed Realized Status Per Transport Node.
| Name | Description | Type | Notes |
|---|---|---|---|
| display_name | Transport Node Display Name Display name of the transport node. |
string | Readonly |
| enforced_status | Enforced Realized Status Realized Status of an Intent object on this Transport Node. |
EnforcedStatusNsxT | Readonly |
| nsx_id | Transport Node Identifier UUID identifying uniquely the Transport Node. |
string | Readonly |
| path | Transport Node Path Policy Path referencing the transport node. |
string | Readonly |
EnforcementPoint (schema)
Enforcement Point
Enforcement point is the endpoint where policy configurations are applied.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| auto_enforce | Auto Enforce Flag Auto enforce flag suggests whether the policy objects shall be automatically enforced on this enforcement point or not. When this flag is set to true, all policy objects will be automatically enforced on this enforcement point. If this flag is set to false, user shall rely on the usual means of realization, i.e., deployment maps. |
boolean | Default: "True" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildPolicyEdgeCluster ChildPolicyTransportZone |
|
| connection_info | Enforcement Point Connection Info Connection Info of the Enforcement Point. |
EnforcementPointConnectionInfo (Abstract type: pass one of the following concrete types) AviConnectionInfo CvxConnectionInfo NSXTConnectionInfo NSXVConnectionInfo |
Required |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value EnforcementPoint | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| version | Enforcement point Version Version of the Enforcement point. |
string | Readonly |
EnforcementPointConnectionInfo (schema)
Enforcement Point Connection Info
Contains information required to connect to enforcement point.
This is an abstract type. Concrete child types:
AviConnectionInfo
CvxConnectionInfo
NSXTConnectionInfo
NSXVConnectionInfo
| Name | Description | Type | Notes |
|---|---|---|---|
| enforcement_point_address | Enforcement Point Address Value of this property could be Hostname or IP. For instance: - On an NSX-T MP running on default port, the value could be "10.192.1.1" - On an NSX-T MP running on custom port, the value could be "192.168.1.1:32789" - On an NSX-T MP in VMC deployments, the value could be "192.168.1.1:5480/nsxapi" |
string | Required |
| resource_type | Connection Info Resource Type Resource Type of Enforcement Point Connection Info. |
string | Required Enum: NSXTConnectionInfo, NSXVConnectionInfo, CvxConnectionInfo, AviConnectionInfo |
EnforcementPointListRequestParameters (schema)
Enforcement Point List Request Parameters
Enforcement point list request parameters.
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
EnforcementPointListResult (schema)
Paged Collection of EnforcementPoints
Paged collection of enforcement points.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Enforcement Point List Results Enforcement Point list Results. |
array of EnforcementPoint | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
EnforcementPointRequest (schema)
Enforcement point request entity
| Name | Description | Type | Notes |
|---|---|---|---|
| enforcement_point_path | Enforcement point path Policy path of enforcement point on request is to be made. |
string |
EntityInstanceCountConstraintExpression (schema)
Represents the leaf level constraint to restrict the number instances of type.
Represents the leaf level constraint to restrict the number of instances of an entity
type that can be created.
Lowering the limit on the number of instances of a given type is allowed even in cases
where there are instances more than the specified limit already in the system.
In this case, creation of new instances of that type will be disallowed unless the number
of instances goes below the limit.
One of the main usage of this expression is to implement Quotas in the multi-tenancy context.
It allows to limit the number of resources which can be created inside a Project.
It also allows to forbid consumption of specific resource by putting its entity count to 0.
Note that, update/delete operations will continue to be allowed on already created instances.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| count | Instance count. Instance count. |
integer | Required |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| operator | Operations supported '<' and '<='. | string | Required |
| resource_type | Must be set to the value EntityInstanceCountConstraintExpression | string | Required Enum: ValueConstraintExpression, RelatedAttributeConditionalExpression, EntityInstanceCountConstraintExpression, FieldSanityConstraintExpression |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| target_resource_type | Resource type of the target entity. This needs to be set for all
cases where the target does not specify the type.
The resource type |
string |
EpochMsTimestamp (schema)
Timestamp in milliseconds since epoch
| Name | Description | Type | Notes |
|---|---|---|---|
| EpochMsTimestamp | Timestamp in milliseconds since epoch | integer |
ErrorResolverInfo (schema)
Metadata related to a given error_id
| Name | Description | Type | Notes |
|---|---|---|---|
| error_id | The error id for which metadata information is needed | integer | Required |
| resolver_present | Indicates whether there is a resolver associated with the error or not | boolean | Required |
| user_metadata | User supplied metadata that might be required by the resolver | ErrorResolverUserMetadata |
ErrorResolverInfoList (schema)
Collection of all registered ErrorResolverInfo
| Name | Description | Type | Notes |
|---|---|---|---|
| results | ErrorResolverInfo list | array of ErrorResolverInfo | Required |
ErrorResolverMetadata (schema)
Error along with its metadata
| Name | Description | Type | Notes |
|---|---|---|---|
| entity_id | The entity/node UUID where the error has occurred. | string | Required |
| error_id | The error id as reported by the entity where the error occurred. | integer | Required |
| system_metadata | This can come from some external system like syslog collector | ErrorResolverSystemMetadata | |
| user_metadata | User supplied metadata that might be required by the resolver | ErrorResolverUserMetadata |
ErrorResolverMetadataList (schema)
List of errors with their metadata
| Name | Description | Type | Notes |
|---|---|---|---|
| errors | List of errors with their corresponding metadata. | array of ErrorResolverMetadata | Required |
ErrorResolverSystemMetadata (schema)
Metadata fetched from an external system like Syslog or LogInsight.
| Name | Description | Type | Notes |
|---|---|---|---|
| value | The value fetched from another system | string |
ErrorResolverUserInputData (schema)
Corresponds to one property entered by the user
| Name | Description | Type | Notes |
|---|---|---|---|
| data_type | The datatype of the given property. Useful for data validation | string | Required Enum: TEXT, NUMBER, PASSWORD |
| property_name | Name of the property supplied by the user | string | Required |
| property_value | The value associated with the above property | string |
ErrorResolverUserMetadata (schema)
User supplied metadata needed for resolving errors
| Name | Description | Type | Notes |
|---|---|---|---|
| user_input_list | List of user supplied input data. | array of ErrorResolverUserInputData |
EtherTypeServiceEntry (schema)
A ServiceEntry that represents an ethertype protocol
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| ether_type | Type of the encapsulated protocol | integer | Required |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value EtherTypeServiceEntry | string | Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
EthernetHeader (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| dst_mac | Destination MAC address of the Ethernet header The destination MAC address of form: "^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$". For example: 00:00:00:00:00:00. |
string | |
| eth_type | The value of the type field to be put into the Ethernet header This field defaults to IPv4. |
integer | Minimum: 1 Maximum: 65535 Default: "2048" |
| src_mac | Source MAC address of the Ethernet header The source MAC address of form: "^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$". For example: 00:00:00:00:00:00. |
string |
Evaluation (schema)
Criterion Evaluation
Criterion Evaluation is the basic logical condition to evaluate
whether the event could be potentially met.
This is an abstract type. Concrete child types:
SourceFieldEvaluation
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_type | Resource Type Criterion Evaluation resource type. |
string | Required Enum: SourceFieldEvaluation |
Event (schema)
Reaction Event
The Event is the criterion or criteria applied to the source and,
when met, prompt Policy to run the action.
All Reaction Events are constructed with reference to
the object, the "source", that is logically deemed to be the
object upon which the Event in question initially occurred upon.
Some example events include:
- New object was created.
- Change in realization state.
- Specific API is called.
| Name | Description | Type | Notes |
|---|---|---|---|
| criteria | Event Criteria Criteria applied to the source and, if satisfied, would trigger the action. Criteria is composed of criterions. In order for the Criteria to be met, only one of the criterion must be fulfilled (implicit OR). |
array of Criterion | |
| source | Event Source Source that is logically deemed to be the "object" upon which the Event in question initially occurred upon. |
Source (Abstract type: pass one of the following concrete types) ApiRequestBody ResourceOperation |
Required |
EvpnConfig (schema)
Evpn Configuration
Evpn Configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| advanced_config | Advanced configuration for evpn config Advanced configuration for evpn config. |
EvpnConfigAdvancedConfig | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| encapsulation_method | Encapsulation method for EVPN. Encapsulation method for EVPN service that is used by the transport layer. |
EvpnEncapConfig | |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| mode | EVPN service mode In INLINE mode, edge nodes participate both in the BGP EVPN control plane route exchange and in data path tunneling between edge nodes and data center gateways. In ROUTE_SERVER mode, edge nodes participate in the BGP EVPN control plane route exchanges only and do not participate in the data forwarding, i.e., the data path tunnels are directly established between the hypervisors and the data center gateways. DISABLE mode disables EVPN service capability. |
string | Enum: INLINE, ROUTE_SERVER, DISABLE Default: "DISABLE" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value EvpnConfig | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
EvpnConfigAdvancedConfig (schema)
Advanced configuration for evpn config
NSX specific configuration for evpn config
| Name | Description | Type | Notes |
|---|---|---|---|
| EvpnConfigAdvancedConfig | Advanced configuration for evpn config NSX specific configuration for evpn config |
object |
EvpnEncapConfig (schema)
Encapsulation method for EVPN
Encapsulation method for EVPN.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| evpn_tenant_config_path | EVPN tenant config path | string | |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value EvpnEncapConfig | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| vni_pool_path | vni pool path | string |
EvpnTenantConfig (schema)
Evpn Tenant Configuration for Evpn in ROUTE-SERVER mode.
This resource is relevant only when Evpn Service is configured in ROUTE-SERVER mode.
The resource defines Vlans to VNIs mappings used by Evpn tenant VMs for overlay VXLAN transmission when attached
to vRouter. The resource contains overlay transport_zone_path and vni_pool_path to orchestrate creation of child Logical-Switches.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mappings | VLANs to VNIs mapping spec This property specifies a mapping spec of incoming Evpn tenant vlan-ids to VXLAN VNIs used for overlay transmission to Physical-Gateways used by vRouters. |
array of VlanVniRangePair | Required Minimum items: 1 Maximum items: 2000 |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value EvpnTenantConfig | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| transport_zone_path | Policy path to the transport zone Policy path to transport zone. Only overlay transport zone is supported. |
string | Required |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| vni_pool_path | Policy path to the vni pool Policy path to the vni pool used for Evpn in ROUTE-SERVER mode. |
string | Required |
EvpnTunnelEndpointConfig (schema)
Evpn Tunnel Endpoint Configuration
Evpn Tunnel Endpoint Configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| edge_path | edge path | string | Required |
| id | Unique identifier of this resource | string | Sortable |
| local_addresses | local addresses | array of IPv4Address | Required Minimum items: 1 Maximum items: 1 |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| mtu | MTU | int | Minimum: 64 Maximum: 9100 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value EvpnTunnelEndpointConfig | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ExcludedMembersList (schema)
Represents the list of members that need to be excluded
Represents the list of members that need to be excluded
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_address_expression | IP addresses which need to be excluded | IPAddressExpression | |
| path_expression | Paths which need to be excluded. Paths can be only IP address based groups. Upto 50 paths are allowed. |
PathExpression |
ExportRequestParameter (schema)
Export task request parameters
This holds the request parameters required to invoke export task.
| Name | Description | Type | Notes |
|---|---|---|---|
| draft_path | Policy path of draft Policy path of a draft which is to be exported. If not provided, current firewall configuration will then be exported. |
string | |
| passphrase | Passphrase to sign exported files Passphrase to sign exported files. The passphrase specified must be at least 8 characters in length and must contain at least one lowercase, one uppercase, one numeric character and one non-space special character. |
secure_string | Required |
ExportTask (schema)
Export task information
This object holds the information of the export task.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| async_response_available | True if response for asynchronous request is available | boolean | Readonly |
| cancelable | True if this task can be canceled | boolean | Readonly |
| description | Description of the task | string | Readonly |
| draft_path | Policy path of a draft Policy path of a draft if this is an export task to export draft configuration. |
string | Readonly |
| end_time | The end time of the task in epoch milliseconds | EpochMsTimestamp | Readonly |
| exported_file | Name of the exported file Name of the exported file generated after completion of export task. |
string | Readonly |
| failure_msg | Reason of the task failure This property holds the reason of the task failure, if any. |
string | Readonly |
| id | Identifier for this task | string | Readonly |
| message | A message describing the disposition of the task | string | Readonly |
| progress | Task progress if known, from 0 to 100 | integer | Readonly Minimum: 0 Maximum: 100 |
| request_method | HTTP request method | string | Readonly |
| request_uri | URI of the method invocation that spawned this task | string | Readonly |
| start_time | The start time of the task in epoch milliseconds | EpochMsTimestamp | Readonly |
| status | Current status of the task | TaskStatus | Readonly |
| user | Name of the user who created this task | string | Readonly |
Expression (schema)
Base class for each node of the expression
All the nodes of the expression extend from this abstract class. This
is present for extensibility.
This is an abstract type. Concrete child types:
Condition
ConjunctionOperator
ExternalIDExpression
GroupScopeExpression
IPAddressExpression
IdentityGroupExpression
MACAddressExpression
NestedExpression
PathExpression
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value Expression | string | Required Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ExternalGatewayBfdConfig (schema)
External Bidirectional Flow Detection configuration
Configuration for BFD session between host nodes and external gateways.
If this configuration is not provided, system defaults are applied.
| Name | Description | Type | Notes |
|---|---|---|---|
| bfd_profile_path | Policy path to Bfd Profile | string | |
| enable | Enable BFD session Flag to enable BFD session. |
boolean | Default: "True" |
ExternalIDExpression (schema)
External ID expression node
Represents external ID expressions in the form of an array, to support addition of objects like virtual interfaces, virtual machines, CloudNativeServiceInstance PhysicalServer to a group.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| external_ids | Array of external IDs for the specified member type This array can consist of one or more external IDs for the specified member type. |
array of string | Required Minimum items: 1 |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| member_type | External ID member type | string | Required Enum: VirtualMachine, VirtualNetworkInterface, CloudNativeServiceInstance, PhysicalServer |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ExternalIDExpression | string | Required Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
FIPSGlobalConfig (schema)
Global configuration
Global configuration
| Name | Description | Type | Notes |
|---|---|---|---|
| lb_fips_enabled | A flag to turn on or turn off the FIPS compliance of load balancer feature. When this flag is set to true FIPS mode will be set on ssl encryptions of load balancer feature. |
boolean | Default: "False" |
| tls_fips_enabled | A flag to turn on or turn off the FIPS compliance of TLS inspection feature. When this flag is set to true FIPS mode will be set on ssl encryptions of TLS inspection feature. |
boolean | Readonly Default: "False" |
FailedNodeSupportBundleResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| error_code | Error code | string | Required Readonly |
| error_message | Error message | string | Required Readonly |
| node_display_name | Display name of node | string | Required Readonly |
| node_id | UUID of node | string | Required Readonly |
| node_ip | IPv4 address of node | string | Required Readonly |
| node_ipv6 | IPv6 address of node | string | Required Readonly |
FeatureCompatibilityInfo (schema)
Feature Compatibility Info
Feature status information indicating site configuration compatibility with
global manager configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| details | array of CompatibilityDetail | Readonly Maximum items: 10 |
|
| feature | OnboardingFeatureInfo | Required Readonly |
|
| status | Compatibility Status | OnboardingCompatibilityStatus | Required Readonly |
FeatureConflictInfo (schema)
Feature Conflict Info
Feature status information with number of conflicting entities and its total
count associated with the feature.
| Name | Description | Type | Notes |
|---|---|---|---|
| conflict_count | Conflict Count Number of conflicting entities with global entities in the feature during an onboarding stage. |
integer | Readonly |
| feature | OnboardingFeatureInfo | Readonly | |
| total_count | Total Count Total number of entities in the feature during an onboarding stage. |
integer | Readonly |
FeaturePermission (schema)
Feature Permission
| Name | Description | Type | Notes |
|---|---|---|---|
| feature | Feature Id | string | Required |
| feature_description | Feature Description | string | |
| feature_name | Feature Name | string | |
| is_execute_recommended | Is execute recommended | boolean | Readonly |
| is_internal | Is internal | boolean | Readonly |
| permission | Permission | string | Required Enum: crud, read, execute, none |
FeaturePermissionArray (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| feature_permissions | Array of FeaturePermission | array of FeaturePermission | Required |
FeaturePermissionListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | List results | array of FeaturePermission | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
FeaturePermissionRequestParameters (schema)
RBAC Objects qualifier
| Name | Description | Type | Notes |
|---|---|---|---|
| feature_name | Feature name | string | Required |
| object_path | Exact object Policy path | string | Required |
FeatureSet (schema)
List of features required to view the widget
Represents list of features required to view the widget.
| Name | Description | Type | Notes |
|---|---|---|---|
| feature_list | List of features required for to view wdiget List of features required for to view widget. |
array of string | |
| require_all_permissions | Flag for specifying if permission to all features is required Flag for specifying if permission to all features is required If set to false, then if there is permission for any of the feature from feature list, widget will be available. |
boolean |
FeatureSummary (schema)
Feature Summary
Feature summary defining overall conflicting count against total number of
entities.
| Name | Description | Type | Notes |
|---|---|---|---|
| total_conflict_count | Total Conflict Count Total number of conflicting entities with global entities accross all features during an onboarding stage. |
integer | Readonly |
| total_count | Total Count Total number of entities across all features during an onboarding stage. |
integer | Readonly |
FeatureSummaryRequestParameters (schema)
Onboarding Feature Summary Request Parameters
Feature summary request parameters for a site.
| Name | Description | Type | Notes |
|---|---|---|---|
| feature | UnsupportedFeature | Required Readonly |
FederationComponentUpgradeStatus (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| component_type | Component type for the upgrade status | string | Readonly |
| current_version_node_summary | Mapping of current versions of nodes and counts of nodes at the respective versions. | array of FederationNodeSummary | Readonly |
| details | Details about the upgrade status | string | Readonly |
| percent_complete | Indicator of upgrade progress in percentage | number | Required Readonly |
| status | Upgrade status of component | string | Required Readonly Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSED |
| target_version | Target component version | string | Readonly |
FederationConfig (schema)
Global Manager federation configuration
Global Manager federation configuration. This configuration is distributed
to all Sites participating in federation.
| Name | Description | Type | Notes |
|---|---|---|---|
| site_config | Federation configurations of all Sites | array of SiteFederationConfig | Readonly |
FederationConfiguration (schema)
Federation configuration
Federation configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| epoch | Epoch | integer | Required |
| id | Federation id | string | Required |
| sites | Sites | array of FederationSite | Required |
FederationConnectivityConfig (schema)
Federation connectivity configuration
Additional configuration required for federation.
| Name | Description | Type | Notes |
|---|---|---|---|
| global_overlay_id | Auto generated federation global 24-bit id Global id for by Layer3 services for federation usecases. |
integer | Readonly |
FederationGatewayConfig (schema)
Federation gateway configuration
Additional gateway configuration required for federation
| Name | Description | Type | Notes |
|---|---|---|---|
| global_overlay_id | Auto generated federation global 24-bit id Global id for by Layer3 services for federation usecases. |
integer | Readonly |
| site_allocation_indices | Indicies for cross site allocation
Indicies for cross site allocation for edge cluster and its members referred by gateway. |
array of SiteAllocationIndexForEdge | Readonly |
| transit_segment_id | Auto generated federation global id for transit segment Global UUID for transit segment id to be used by Layer2 services for federation usecases. |
string | Readonly |
FederationInvalidConfigurationDetailsResponse (schema)
Federation Invalid Configuration Details Response
| Name | Description | Type | Notes |
|---|---|---|---|
| feature | Feature information Federation feature with invalid configuration for onboarding a site. |
OnboardingFeatureInfo | Readonly |
| invalid_config_summary | array of InvalidConfigSummary | Readonly Maximum items: 8 |
|
| total_count | Total Resource Count Total resource count in invalid configuration. |
integer | Required Readonly |
FederationNodeSummary (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| node_count | Count of nodes Number of nodes of the type and at the component version. |
int | Required Readonly |
| version | Component version | string | Required Readonly |
FederationQueueInfo (schema)
Details about a specific queue in the flow
Provides insights into details of a specific queue in the flows. For example
Global Manager to Local Manager flow, there is a queue on the Global Manager
for sending and a queue on Local Manager for receiving.
| Name | Description | Type | Notes |
|---|---|---|---|
| current_size | Number of messages in the queue | integer | |
| max_size | Maixmum capacity of the queue | integer | |
| name | Queue name | string | |
| namespace | Queue namespace Every persistent queue has name and namespace. For more debugging like dumping queue, namespace is needed. |
string | |
| type | Queue type - sender or receiver side | string | Enum: TRANSMITTER, RECEIVER |
FederationSite (schema)
Site information
Site information.
| Name | Description | Type | Notes |
|---|---|---|---|
| active_gm | Does site have active GM | string | Required Enum: ACTIVE, STANDBY, NONE, INVALID |
| aph_list | Aph services in the site | array of AphInfo | Required |
| cert_hash | Hash of the trustManagerCert | string | |
| cluster_id | Cluster id | string | |
| config_version | Site config version | integer | |
| id | Id of the site | string | Required |
| is_federated | Is site federated | boolean | Required |
| is_local | Is site local | boolean | Required |
| name | Name of the site | string | Required |
| node_type | Type of node | string | Required Enum: GM, LM, GM_AND_LM |
| site_version | Version of the site | string | Required |
| split_brain | Split brain | boolean | |
| system_id | System id | integer | Required |
| trust_manager_cert | Cert string from trust manager | string | |
| vip_ip | Vip ip | string |
FederationStatus (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| active_standby_sync_statuses | Status of synchronization between active and standby sites. | array of ActiveStandbySyncStatus | Required |
| remote_connections | Site connection status | array of SiteStatus |
FederationUpgradeSummary (schema)
Upgrade Summary
Provides upgrade summary for a specific site.
| Name | Description | Type | Notes |
|---|---|---|---|
| component_status | List of component statuses | array of FederationComponentUpgradeStatus | Required Readonly |
| current_version | Current version of the site This is NSX version for the site. |
string | Required Readonly |
| gpm_name | Name of the global manager Name of the global manager if present. |
string | Readonly |
| id | UUID of this resource Unique identifier of this resource. |
string | Required Readonly |
| last_upgrade_timestamp | Last upgrade timestamp Indicates the time when the site was upgraded. |
string | Readonly |
| name | Name of the site Name of the site. |
string | Readonly |
| overall_upgrade_status | Status of upgrade | string | Required Readonly Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSED |
| site_id | UUID of the site This is the Site Manager generated UUID for every NSX deployment. |
string | Required Readonly |
| site_ip | Site IP IP address of the site. |
string | Required Readonly |
| site_type | Site type Type of this site. |
string | Required Readonly Enum: ACTIVE_GM_SITE, STANDBY_GM_SITE, NON_GM_SITE |
| target_version | Target version for the site This is NSX target version for the site, if it is undergoing upgrade. |
string | Readonly |
FederationUpgradeSummaryListRequestParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| current_version | Filter on site current_version Get upgrade information from sites are at a given version. |
string | |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
FederationUpgradeSummaryListResult (schema)
Paged Collection of site upgrade information
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paged collection of site upgrade information | array of FederationUpgradeSummary | Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
FieldSanityConstraintExpression (schema)
Represents the field value sanity constraint
Represents the field value constraint to constrain specified field
value based on defined sanity checks.
Example - For DNS.upstream_servers, all the IP addresses must either be
public or private.
{
"target": {
"target_resource_type": "DnsForwarderZone",
"attribute": "upstreamServers",
"path_prefix": "/infra/dns-forwarder-zones/"
},
"constraint_expression": {
"resource_type": "FieldSanityConstraintExpression",
"operator": "OR",
"checks": ["ALL_PUBLIC_IPS", "ALL_PRIVATE_IPS"]
}
}
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| checks | Array of sanity checks to be performed on field value List of sanity checks. |
array of string | Required Enum: ALL_PUBLIC_IPS, ALL_PRIVATE_IPS, ALL_IPV6_CIDRS, ALL_IPV6_IPS, ALL_IPV4_CIDRS, ALL_IPV4_IPS |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| operator | A conditional operator | string | Required Enum: OR, AND |
| resource_type | Must be set to the value FieldSanityConstraintExpression | string | Required Enum: ValueConstraintExpression, RelatedAttributeConditionalExpression, EntityInstanceCountConstraintExpression, FieldSanityConstraintExpression |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
FieldSetting (schema)
FieldSetting
Field Setting.
| Name | Description | Type | Notes |
|---|---|---|---|
| field_pointer | Field Pointer Field Pointer. |
string | Required |
| value | Value Value that the field must be set to. |
FieldSettingValue (Abstract type: pass one of the following concrete types) ConstantFieldValue |
Required |
FieldSettingValue (schema)
Field Setting Value
Field Setting Value.
This is an abstract type. Concrete child types:
ConstantFieldValue
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_type | Resource Type Field Setting Value resource type. |
string | Required Enum: ConstantFieldValue |
FieldsFilterData (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_info | IP address information This property is deprecated. Please use the property network_info instead. |
IpInfo | Deprecated |
| network_info | Network layer information Network layer information. |
NetworkInfo | |
| resource_type | Must be set to the value FieldsFilterData | string | Required Enum: FieldsFilterData, PlainFilterData Default: "FieldsFilterData" |
| transport_info | Transport layer information Transport layer information. |
TransportInfo |
FieldsPacketData (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| arp_header | The ARP header | ArpHeader | |
| eth_header | The ethernet header | EthernetHeader | |
| frame_size | Requested total size of the (logical) packet in bytes If the requested frame_size is too small (given the payload and traceflow metadata requirement of 16 bytes), the traceflow request will fail with an appropriate message. The frame will be zero padded to the requested size. |
integer | Minimum: 60 Maximum: 1000 Default: "128" |
| ip_header | The IPv4 header | Ipv4Header | |
| ipv6_header | The IPv6 header | Ipv6Header | |
| payload | RFC3548 compatible base64-encoded payload Up to 1000 bytes of payload may be supplied (with a base64-encoded length of 1336 bytes.) Additional bytes of traceflow metadata will be appended to the payload. The payload contains any data the user wants to put after the transport header. |
string | Maximum length: 1336 |
| resource_type | Must be set to the value FieldsPacketData | string | Required Enum: BinaryPacketData, FieldsPacketData Default: "FieldsPacketData" |
| routed | Awareness of logical routing When this flag is set, traceflow packet will have its destination overwritten as the gateway address of the logical router to which the source logical switch is connected. More specifically: - For ARP request, the target IP will be overwritten as gateway IP if the target IP is not in the same subnet of gateway. - For ARP response, the target IP and destination MAC will be overwritten as gateway IP/MAC respectively, if the target IP is not in the same subnet of gateway. - For IP packet, the destination MAC will be overwritten as gateway MAC. |
boolean | |
| transport_header | The transport header This field contains a protocol that is above IP. It is not restricted to the 'transport' defined by the OSI model (e.g., ICMP is supported). |
TransportProtocolHeader | |
| transport_type | Transport type of the traceflow packet This type takes effect only for IP packet. |
string | Enum: BROADCAST, UNICAST, MULTICAST, UNKNOWN Default: "UNICAST" |
FileProperties (schema)
File properties
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| created_epoch_ms | File creation time in epoch milliseconds | integer | Required |
| modified_epoch_ms | File modification time in epoch milliseconds | integer | Required |
| name | File name | string | Required Pattern: "^[^/]+$" |
| path | File path | string | Readonly |
| size | Size of the file in bytes | integer | Required |
FilePropertiesListResult (schema)
File properties query results
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | File property results | array of FileProperties | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
FileThumbprint (schema)
File thumbprint
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| name | File name | string | Required Pattern: "^[^/]+$" |
| sha1 | File's SHA1 thumbprint | string | Deprecated Required |
| sha256 | File's SHA256 thumbprint | string | Required |
FileTransferAuthenticationScheme (schema)
Remote server authentication details
| Name | Description | Type | Notes |
|---|---|---|---|
| identity_file | SSH private key data | secure_string | |
| password | Password to authenticate with | secure_string | |
| scheme_name | Authentication scheme name | string | Required Enum: PASSWORD, KEY |
| username | User name to authenticate with | string | Required Pattern: "^([a-zA-Z][a-zA-Z0-9-.]*[a-zA-Z]\\\){0,1}\w[\w.-]+$" |
FileTransferProtocol (schema)
Protocol to transfer backup file to remote server
| Name | Description | Type | Notes |
|---|---|---|---|
| authentication_scheme | Scheme to authenticate if required | FileTransferAuthenticationScheme | Required |
| protocol_name | Protocol name | string | Required Enum: sftp Default: "sftp" |
| ssh_fingerprint | SSH fingerprint of server The expected SSH fingerprint of the server. If the server's fingerprint does not match this fingerprint, the connection will be terminated. Only ECDSA fingerprints hashed with SHA256 are supported. To obtain the host's ssh fingerprint, you should connect via some method other than SSH to obtain this information. You can use one of these commands to view the key's fingerprint: 1. ssh-keygen -l -E sha256 -f ssh_host_ecdsa_key.pub 2. awk '{print $2}' ssh_host_ecdsa_key.pub | base64 -d | sha256sum -b | sed 's/ .*$//' | xxd -r -p | base64 | sed 's/.//44g' | awk '{print "SHA256:"$1}' |
string | Required Pattern: "^SHA256:.*$" |
FileType (schema)
MalwarePrevention File type
| Name | Description | Type | Notes |
|---|---|---|---|
| FileType | MalwarePrevention File type | string | Enum: DOCUMENT, EXECUTABLE, MEDIA, ARCHIVE, DATA, SCRIPT, OTHER |
FilterWidgetConfiguration (schema)
Filter widget Configuration
Represents configuration for filter widget. This is abstract representation of filter widget.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| alias | Alias to be used when emitting filter value Alias to be used when emitting filter value. |
string | |
| condition | Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally. |
string | Maximum length: 1024 |
| datasources | Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API. |
array of Datasource | Minimum items: 0 |
| default_filter_value | Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values. |
array of DefaultFilterValue | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title. |
string | Maximum length: 255 |
| drilldown_id | Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget. |
string | Maximum length: 255 |
| feature_set | Features required to view the widget Features required to view the widget. |
FeatureSet | |
| filter | Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property. |
string | Deprecated |
| filter_value_required | Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory. |
boolean | Default: "True" |
| filters | A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget. |
array of string | |
| footer | Footer | ||
| icons | Icons Icons to be applied at dashboard for widgets and UI elements. |
array of Icon | |
| id | Unique identifier of this resource | string | Sortable |
| is_drilldown | Set as a drilldown widget Set to true if this widget should be used as a drilldown. |
boolean | Default: "False" |
| legend | Legend for the widget Legend to be displayed. If legend is not needed, do not include it. |
Legend | |
| plot_configs | List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here. |
array of WidgetPlotConfiguration | |
| resource_type | Must be set to the value FilterWidgetConfiguration | string | Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255 |
| rowspan | Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px. |
int | Minimum: 1 |
| shared | Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users. |
boolean | Deprecated |
| show_header | This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header. |
boolean | |
| span | Horizontal span Represents the horizontal span of the widget / container. |
int | Minimum: 1 Maximum: 12 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| weight | Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details. |
int | Deprecated |
FirewallConfiguration (schema)
Firewall related configurations
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| disable_auto_drafts | Auto draft disable flag To disable auto drafts, set it to true. By default, auto drafts are enabled. |
boolean | Default: "False" |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enable_firewall | Firewall enable flag If set to true, Firewall is enabled. |
boolean | Default: "True" |
| global_addrset_mode_enabled | A flag to indicate if global address set is enabled in DFW When this flag is set to true, global address set is enabled in Distributed Firewall. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value FirewallConfiguration | string | Required Enum: DfwFirewallConfiguration |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
FirewallFilterByRequestParameters (schema)
Request parameters for filtering entities based on the given criteria
| Name | Description | Type | Notes |
|---|---|---|---|
| enforcement_point_path | Path of the enforcement point Path of the enforcement point from where the result need to be fetched. If not provided, default enforcement point will be considered. It is mandatory parameter on global manager. |
string | |
| parent_path | Path of the parent object of the entities The path of the parent object of entities that are need to be filtered based in the given criteria. Parent path is required for filtering rules of particular policy. |
string | |
| scope | Scope filter criteria All those firewall entities, policies/rules, will be returned whose scope value satisfies the given criteria. The value for scope can be, - virtual machine id or - logical router id. Based on the given scope value, the entities will be filtered. |
string | Required |
FloodProtectionProfile (schema)
Flood Protection profile
A profile holding TCP, UDP and ICMP and other protcol connection limits.
This is an abstract type. Concrete child types:
DistributedFloodProtectionProfile
GatewayFloodProtectionProfile
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| icmp_active_flow_limit | Active ICMP connections limit If this field is empty, firewall will not set a limit to active ICMP connections. |
integer | Minimum: 1 Maximum: 1000000 |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| other_active_conn_limit | Timeout after first TN If this field is empty, firewall will not set a limit to other active connections. besides UDP, ICMP and half open TCP connections. |
integer | Minimum: 1 Maximum: 1000000 |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value FloodProtectionProfile | FloodProtectionProfileResourceType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_half_open_conn_limit | Active half open TCP connections limit If this field is empty, firewall will not set a limit to half open TCP connections. |
integer | Minimum: 1 Maximum: 1000000 |
| udp_active_flow_limit | Active UDP connections limit If this field is empty, firewall will not set a limit to active UDP connections. |
integer | Minimum: 1 Maximum: 1000000 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
FloodProtectionProfileBindingListResult (schema)
Paged Collection of flood protection profile binding maps
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Flood protection profile binding maps list results | array of FloodProtectionProfileBindingMap | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
FloodProtectionProfileBindingMap (schema)
Policy Flood Protection Profile binding map
This entity will be used to establish association between Flood Protection
profile and Logical Routers.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| profile_path | Profile Path PolicyPath of associated Profile |
string | Required |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value FloodProtectionProfileBindingMap | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
FloodProtectionProfileListRequestParameters (schema)
Flood Protection profile list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
FloodProtectionProfileListResult (schema)
Paged Collection of flood protection profiles
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Flood protection profile list results | array of FloodProtectionProfile (Abstract type: pass one of the following concrete types) DistributedFloodProtectionProfile GatewayFloodProtectionProfile |
Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
FloodProtectionProfileResourceType (schema)
Resource types of flood protection profiles
GatewayFloodProtectionProfile is used for all Tier0 and Tier1 gateways.
DistributedFloodProtectionProfile is used for all Transport Nodes.
| Name | Description | Type | Notes |
|---|---|---|---|
| FloodProtectionProfileResourceType | Resource types of flood protection profiles GatewayFloodProtectionProfile is used for all Tier0 and Tier1 gateways. DistributedFloodProtectionProfile is used for all Transport Nodes. |
string | Enum: GatewayFloodProtectionProfile, DistributedFloodProtectionProfile |
FlowInfo (schema)
Details of config flow
Provides details of config flow in federation
Federation has the following flows
- Global Manager to Local Manager (GM -> LM)
- Local Manager to Glocal Manager (LM -> GM)
- Global Manager Active to Glocal Manager Standby (GM -> GM)
- Local Manager to Local Manager (LM -> LM)
| Name | Description | Type | Notes |
|---|---|---|---|
| cross_site_flow_info | Corss site flow information for the flow | CrossSiteFlowInfo | |
| flow_type | Flow identifier | string | Enum: GM_TO_LM, LM_TO_GM, GM_TO_GM, LM_TO_LM, GM_WORK_QUEUE, GM_DELETE_QUEUE |
| id | System identifier for the flow | string | |
| queue_infos | Queue information for the flow Every flow will have transmitter and receiver queues. |
array of FederationQueueInfo |
Footer (schema)
Widget Footer
Footer of a widget that provides additional information or allows an action such as clickable url for navigation. An example usage of footer is provided under 'example_request' section of 'CreateWidgetConfiguration' API.
| Name | Description | Type | Notes |
|---|---|---|---|
| actions | Footer Actions Action to be performed at the footer of a widget. An action at the footer can be simple text description or a hyperlink to a UI page. Action allows a clickable url for navigation. An example usage of footer action is provided under 'example_request' section of 'CreateWidgetConfiguration' API. |
array of FooterAction | Minimum items: 0 |
| condition | Expression for evaluating condition If the condition is met then the footer will be applied. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API. |
string | Maximum length: 1024 |
FooterAction (schema)
Widget Footer Action
Action specified at the footer of a widget to provide additional information or to provide a clickable url for navigation. An example usage of footer action is provided under the 'example_request' section of 'CreateWidgetConfiguration' API.
| Name | Description | Type | Notes |
|---|---|---|---|
| dock_to_container_footer | Dock the footer at container If true, the footer will appear in the underlying container that holds the widget. |
boolean | Default: "True" |
| label | Label for action Label to be displayed against the footer action. |
Label | Required |
| url | Clickable hyperlink, if any Hyperlink to the UI page that provides details of action. |
string | Maximum length: 1024 |
ForceRevisionCheckRequestParameter (schema)
Parameter to enforce revision check before updating objects
Forces revision check before updating
| Name | Description | Type | Notes |
|---|---|---|---|
| enforce_revision_check | Force revision check If this is set to true, each child object in the request needs to have _revision property set correctly. System will honor the revision numbers while updating the resources. |
boolean | Default: "False" |
ForwardingPolicy (schema)
Forwarding Policy
Contains ordered list of forwarding rules that determine when to
forward traffic to / from the underlay for accessing cloud native services.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| category | A way to classify a security policy, if needed. - Distributed Firewall - Policy framework provides five pre-defined categories for classifying a security policy. They are "Ethernet","Emergency", "Infrastructure" "Environment" and "Application". There is a pre-determined order in which the policy framework manages the priority of these security policies. Ethernet category is for supporting layer 2 firewall rules. The other four categories are applicable for layer 3 rules. Amongst them, the Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a security policy into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four categories. - Edge Firewall - Policy Framework for Edge Firewall provides six pre-defined categories "Emergency", "SystemRules", "SharedPreRules", "LocalGatewayRules", "AutoServiceRules" and "Default", in order of priority of rules. All categories are allowed for Gatetway Policies that belong to 'default' Domain. However, for user created domains, category is restricted to "SharedPreRules" or "LocalGatewayRules" only. Also, the users can add/modify/delete rules from only the "SharedPreRules" and "LocalGatewayRules" categories. If user doesn't specify the category then defaulted to "Rules". System generated category is used by NSX created rules, for example BFD rules. Autoplumbed category used by NSX verticals to autoplumb data path rules. Finally, "Default" category is the placeholder default rules with lowest in the order of priority. |
string | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildForwardingRule |
|
| comments | SecurityPolicy lock/unlock comments Comments for security policy lock/unlock. |
string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| internal_sequence_number | Internal sequence number This field is to indicate the internal sequence number of a policy with respect to the policies across categories. |
int | Readonly |
| is_default | Default policy flag A flag to indicate whether policy is a default policy. |
boolean | Readonly |
| lock_modified_by | User who locked the security policy ID of the user who last modified the lock for the secruity policy. |
string | Readonly |
| lock_modified_time | SecuirtyPolicy locked/unlocked time SecurityPolicy locked/unlocked time in epoch milliseconds. |
EpochMsTimestamp | Readonly |
| locked | Lock a security policy Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy. Once the user releases the lock, other users can update this security policy. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ForwardingPolicy | string | |
| rule_count | Rule count The count of rules in the policy. |
int | Readonly |
| rules | Rules that are a part of this ForwardingPolicy | array of ForwardingRule | |
| scheduler_path | Path to the scheduler for time based scheduling Provides a mechanism to apply the rules in this policy for a specified time duration. |
string | |
| scope | The list of group paths where the rules in this policy will get
applied. This scope will take precedence over rule level scope. Supported only for security and redirection policies. In case of RedirectionPolicy, it is expected only when the policy is NS and redirecting to service chain. |
array of string | Maximum items: 128 |
| sequence_number | Sequence number to resolve conflicts across Domains This field is used to resolve conflicts between security policies across domains. In order to change the sequence number of a policy one can fire a POST request on the policy entity with a query parameter action=revise The sequence number field will reflect the value of the computed sequence number upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several security policies, the only way to set the sequence number is to explicitly specify the sequence number for each security policy. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple policies with the same sequence number then their order is not deterministic. If a specific order of policies is desired, then one has to specify unique sequence numbers or use the POST request on the policy entity with a query parameter action=revise to let the framework assign a sequence number. The value of sequence number must be between 0 and 999,999. |
int | Minimum: 0 |
| stateful | Stateful nature of the entries within this security policy. Stateful or Stateless nature of security policy is enforced on all rules in this security policy. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Layer3 security policies can be stateful or stateless. By default, they are stateful. Layer2 security policies can only be stateless. |
boolean | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_strict | Enforce strict tcp handshake before allowing data packets Ensures that a 3 way TCP handshake is done before the data packets are sent. tcp_strict=true is supported only for stateful security policies. If the tcp_strict flag is not specified and the security policy is stateful, then tcp_strict will be set to true. |
boolean | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ForwardingPolicyListResult (schema)
Paged Collection of ForwardingPolicy objects
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | ForwardingPolicy list results | array of ForwardingPolicy | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ForwardingRule (schema)
Forwarding rule
Forwarding rule that determine how to forward traffic from a VM.
Traffic from VM can either be routed via Overlay or Underlay when VM is on hybrid port.
Additionally NAT can be performed for VM or container on overlay to route traffic to/from underlay
ROUTE_TO_UNDERLAY - Access a service on underlay space from a VM connected to hybrid port. Eg access to AWS S3 on AWS underlay
ROUTE_TO_OVERLAY - Access a service on overlay space from a VM connected to hybrid port.
ROUTE_FROM_UNDERLAY - Access a service hosted on a VM (that is connected to hybrid port) from underlay space. Eg access from AWS ELB to VM
ROUTE_FROM_OVERLAY - Access a service hosted on a VM (that is connected to hybrid port) from overlay space
NAT_FROM_UNDERLAY - Access a service on overlay VM/container from underlay space using DNAT from underlay IP to overlay IP
NAT_TO_UNDERLAY - Access an underlay service from a VM/container on overlay space using SNAT from overlay IP to underlay IP
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| action | Action The action to be applied to all the services |
string | Enum: ROUTE_TO_UNDERLAY, ROUTE_TO_OVERLAY, ROUTE_FROM_UNDERLAY, ROUTE_FROM_OVERLAY, NAT_FROM_UNDERLAY, NAT_TO_UNDERLAY |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| destination_groups | Destination group paths We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| destinations_excluded | Negation of destination groups If set to true, the rule gets applied on all the groups that are NOT part of the destination groups. If false, the rule applies to the destination groups |
boolean | Default: "False" |
| direction | Direction Define direction of traffic. |
string | Enum: IN, OUT, IN_OUT Default: "IN_OUT" |
| disabled | Flag to disable the rule Flag to disable the rule. Default is enabled. |
boolean | Default: "False" |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ip_protocol | IPv4 vs IPv6 packet type Type of IP packet that should be matched while enforcing the rule. The value is set to IPV4_IPV6 for Layer3 rule if not specified. For Layer2/Ether rule the value must be null. |
string | Enum: IPV4, IPV6, IPV4_IPV6 |
| is_default | Default rule flag A flag to indicate whether rule is a default rule. |
boolean | Readonly |
| logged | Enable logging flag Flag to enable packet logging. Default is disabled. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| notes | Text for additional notes on changes Text for additional notes on changes. |
string | Maximum length: 2048 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| profiles | Layer 7 service profiles or TLS action profile Holds the list of layer 7 service profile paths. These profiles accept attributes and sub-attributes of various network services (e.g. L4 AppId, encryption algorithm, domain name, etc) as key value pairs. Instead of Layer 7 service profiles you can use a L7 access profile. One of either Layer 7 service profiles or L7 Access Profile can be used in firewall rule. In case of L7 access profile only one is allowed. |
array of string | Maximum items: 128 |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ForwardingRule | string | |
| rule_id | Unique rule ID This is a unique 4 byte positive number that is assigned by the system. This rule id is passed all the way down to the data path. The first 1GB (1000 to 2^30) will be shared by GM and LM with zebra style striped number space. For E.g 1000 to (1Million -1) by LM, (1M - 2M-1) by GM and so on. |
integer | Readonly |
| scope | The list of policy paths where the rule is applied
LR/Edge/T0/T1/LRP etc. Note that a given rule can be applied on multiple LRs/LRPs. |
array of string | Maximum items: 128 |
| sequence_number | Sequence number of the this Rule This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple rules with the same sequence number then their order is not deterministic. If a specific order of rules is desired, then one has to specify unique sequence numbers or use the POST request on the rule entity with a query parameter action=revise to let the framework assign a sequence number |
int | Minimum: 0 |
| service_entries | Raw services In order to specify raw services this can be used, along with services which contains path to services. This can be empty or null. |
array of ServiceEntry (Abstract type: pass one of the following concrete types) ALGTypeServiceEntry EtherTypeServiceEntry ICMPTypeServiceEntry IGMPTypeServiceEntry IPProtocolServiceEntry L4PortSetServiceEntry NestedServiceServiceEntry |
Maximum items: 128 |
| services | Names of services In order to specify all services, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the services array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| source_groups | Source group paths We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| sources_excluded | Negation of source groups If set to true, the rule gets applied on all the groups that are NOT part of the source groups. If false, the rule applies to the source groups |
boolean | Default: "False" |
| tag | Tag applied on the rule User level field which will be printed in CLI and packet logs. Even though there is no limitation on length of a tag, internally tag will get truncated after 32 characters. |
string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ForwardingRuleListRequestParameters (schema)
ForwardingRule list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
ForwardingRuleListResult (schema)
Paged Collection of ForwardingRules
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Rule list results | array of ForwardingRule | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
FqdnAnalysisConfig (schema)
FQDN Analysis feature configuration entity
The type contains information about the configuration of the FqdnAnalysis feature for a
specific node.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | Enabled Property which specifies the enabling/disabling of the feature. |
boolean | Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value FqdnAnalysisConfig | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
FullSyncInfo (schema)
Full sync details for the flow
Represents details of the last full sync if full sync is not running,
otherwise returns the status of current full sync.
| Name | Description | Type | Notes |
|---|---|---|---|
| data_streaming_from_source_end_time | End time of streaming full state from source | integer | |
| data_streaming_from_source_progress | Details about full sync on sender side | string | |
| data_streaming_from_source_start_time | Start time of streaming full state from source | integer | |
| end_time | Full sync end time | integer | |
| errors | Errors if any | array of string | |
| fullSyncId | Full sync id | string | |
| reason | Description of full sync reason | string | |
| reason_code | Reason code for full sync Full sync can happen for various internal reasons, as well user can request for one. The code provides the classification of possible reasons to start a full sync. |
string | Enum: QUEUE_OVERFLOW_ON_TRANSMITTER, QUEUE_OVERFLOW_ON_RECEIVER, CONNECTION_RESTORED, LM_ONBOARDED, GM_SWITCHOVER, RESTORED_GM_FROM_BACKUP, RESTORED_LM_FROM_BACKUP, BROWNFIELD_CONFIG_MIGRATION_FROM_LM_TO_GM, GM_REQUESTED_OVERSIZED_PAYLOAD, GM_REQUESTED_SITE_ONBOARDING, GM_REQUESTED_OTHER, LM_REQUSTED_OVERSIZED_PAYLOAD, LM_REQUESTED_OTHER, USER_REQUSTED, OTHER_AR_INTERNAL, POST_UPGRADE_GM, POST_UPGRADE_LM, UNKNOWN |
| receiver_end_time | End time of completing applying full state on receiver side | integer | |
| receiver_start_time | Start time of applying full state on receiver side | integer | |
| receiver_state | Internal receiver state This is optional information, provides useful insights on receiver side once async channel hands over full state data to receiver. |
string | |
| receiver_time_to_apply_in_millis | Time taken by application receiver to apply the full state received | integer | |
| stage | Current stage details if full sync in progress This provides the insights into current full sync stage if in progress. |
string | Enum: NOT_STARTED, REQUESTED_FULL_STATE_FROM_SOURCE, TRANSFERRING_FULL_STATE, COMPLETED_TRANSFERRING_FULL_STATE, DESTINATION_APPLYING_FULL_STATE, COMPLETED_SUCCESSFUL, TIMEOUT_ON_SOURCE_RECEIVE_FULL_STATE, TIMEOUT_ON_DESTINATION_APPLY, COMPLETED_FAILED |
| start_time | Full sync start time | integer | |
| status | Full sync status | string | Enum: NOT_STARTED, IN_PROGRESS, COMPLETED |
| warnings | Errors if any | array of string |
FullSyncState (schema)
Full sync state
Provides FullSync state for Local Manager from Global Manager.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| errors | Errors occurred during full sync Errors occurred during full sync. |
array of string | Readonly |
| full_sync_id | Full sync id Full sync id generated by Async Replicator (AR) service. |
string | Readonly |
| id | Unique identifier of this resource | string | Sortable |
| last_completed_stage | Full sync stage that is last completed for this request. The current stage of full sync completion for ongoing sync. When Local Manager (LM) receives full sync data from AR, LM starts with workflow to prserve the state and restore the full sync from where it has left off in case of change of leadership of the service to different NSX node or LM is restarted. LM starts the full sync workflow with state INITIAL capturing the AR full sync id and data location details. The stage/state transition follows the order given below INITIAL - Full sync started PROCESSED_FULLSYNC_DATA - Compelted processing the full state data provided by AR PRCESSED_DELTAS - Completed processing pending delta changes provided by AR. DELETED_STALE_ENTITIES - Completed deletion of all global entities on LM that are not in GM anymore COMPLETED - Full sync handling is completed on LM ERROR - Full sync failed with errors on LM, in which case AR will re-attempt full sync later point in time for the LM ABORTED - Indicates that the full sync cancelled as per user request |
string | Readonly Enum: INITIAL, PAUSE_DCNS, DELETED_STALE_ENTITIES, PROCESSED_FULLSYNC_DATA, PROCESSED_DELTAS, UNPAUSE_DCNS, COMPLETED, ERROR, ABORTED |
| last_upate_time | Deprecated, refer to last_update_time for the last update time stamp. | EpochMsTimestamp | Deprecated Readonly Sortable |
| last_update_time | Timestamp of last update, could be progress or success or error. | EpochMsTimestamp | Readonly Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value FullSyncState | string | |
| start_time | Timestamp of Full Sync start. | EpochMsTimestamp | Readonly Sortable |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
FullSyncStateListResult (schema)
Paged Collection of FullSync states.
Paged Collection of FullSync states.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | FullSync states list FullSync states list. |
array of FullSyncState | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
FullSyncStatus (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| completed_at | Time at which the full sync was completed. | string | Required |
| snapshot_version | Snapshot version targeted by full sync. | string | Required |
| status | Status of full sync. | string | Required Enum: UNAVAILABLE, ERROR, ONGOING, COMPLETE, NOT_STARTED |
| sync_id | Identifier for the full sync. | string | Required |
| sync_type | Type of full sync. | string | Required Enum: UNAVAILABLE, STANDARD, FORCED |
GatewayFloodProtectionProfile (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| icmp_active_flow_limit | Active ICMP connections limit If this field is empty, firewall will not set a limit to active ICMP connections. |
integer | Minimum: 1 Maximum: 1000000 |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| nat_active_conn_limit | Maximum limit of active NAT connections The maximum limit of active NAT connections. This limit only apply to EDGE components (such as, gateway). If this property is omitted, or set to null, then there is no limit on the specific component. Meanwhile there is an implicit limit which depends on the underlying hardware resource. |
integer | Minimum: 1 Maximum: 4294967295 Default: "4294967295" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| other_active_conn_limit | Timeout after first TN If this field is empty, firewall will not set a limit to other active connections. besides UDP, ICMP and half open TCP connections. |
integer | Minimum: 1 Maximum: 1000000 |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value GatewayFloodProtectionProfile | FloodProtectionProfileResourceType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_half_open_conn_limit | Active half open TCP connections limit If this field is empty, firewall will not set a limit to half open TCP connections. |
integer | Minimum: 1 Maximum: 1000000 |
| udp_active_flow_limit | Active UDP connections limit If this field is empty, firewall will not set a limit to active UDP connections. |
integer | Minimum: 1 Maximum: 1000000 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
GatewayGeneralSecurityProfile (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enable_double_flow | Flag to indicate double flow check is enabled or not The flag to indicate double flow check is enabled or not. This option applies only to EDGE components. |
boolean | Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value GatewayGeneralSecurityProfile | GeneralSecurityProfileResourceType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
GatewayInterfaceReference (schema)
Gateway interface reference
Contains gateway interface details.
| Name | Description | Type | Notes |
|---|---|---|---|
| interface_path | interface path Absolute policy path of member interface. |
string | Required |
GatewayPolicy (schema)
Contains ordered list of Rules for GatewayPolicy
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| category | A way to classify a security policy, if needed. - Distributed Firewall - Policy framework provides five pre-defined categories for classifying a security policy. They are "Ethernet","Emergency", "Infrastructure" "Environment" and "Application". There is a pre-determined order in which the policy framework manages the priority of these security policies. Ethernet category is for supporting layer 2 firewall rules. The other four categories are applicable for layer 3 rules. Amongst them, the Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a security policy into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four categories. - Edge Firewall - Policy Framework for Edge Firewall provides six pre-defined categories "Emergency", "SystemRules", "SharedPreRules", "LocalGatewayRules", "AutoServiceRules" and "Default", in order of priority of rules. All categories are allowed for Gatetway Policies that belong to 'default' Domain. However, for user created domains, category is restricted to "SharedPreRules" or "LocalGatewayRules" only. Also, the users can add/modify/delete rules from only the "SharedPreRules" and "LocalGatewayRules" categories. If user doesn't specify the category then defaulted to "Rules". System generated category is used by NSX created rules, for example BFD rules. Autoplumbed category used by NSX verticals to autoplumb data path rules. Finally, "Default" category is the placeholder default rules with lowest in the order of priority. |
string | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildRule |
|
| comments | SecurityPolicy lock/unlock comments Comments for security policy lock/unlock. |
string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| internal_sequence_number | Internal sequence number This field is to indicate the internal sequence number of a policy with respect to the policies across categories. |
int | Readonly |
| is_default | Default policy flag A flag to indicate whether policy is a default policy. |
boolean | Readonly |
| lock_modified_by | User who locked the security policy ID of the user who last modified the lock for the secruity policy. |
string | Readonly |
| lock_modified_time | SecuirtyPolicy locked/unlocked time SecurityPolicy locked/unlocked time in epoch milliseconds. |
EpochMsTimestamp | Readonly |
| locked | Lock a security policy Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy. Once the user releases the lock, other users can update this security policy. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value GatewayPolicy | string | |
| rule_count | Rule count The count of rules in the policy. |
int | Readonly |
| rules | Rules that are a part of this SecurityPolicy | array of Rule | |
| scheduler_path | Path to the scheduler for time based scheduling Provides a mechanism to apply the rules in this policy for a specified time duration. |
string | |
| scope | The list of group paths where the rules in this policy will get
applied. This scope will take precedence over rule level scope. Supported only for security and redirection policies. In case of RedirectionPolicy, it is expected only when the policy is NS and redirecting to service chain. |
array of string | Maximum items: 128 |
| sequence_number | Sequence number to resolve conflicts across Domains This field is used to resolve conflicts between security policies across domains. In order to change the sequence number of a policy one can fire a POST request on the policy entity with a query parameter action=revise The sequence number field will reflect the value of the computed sequence number upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several security policies, the only way to set the sequence number is to explicitly specify the sequence number for each security policy. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple policies with the same sequence number then their order is not deterministic. If a specific order of policies is desired, then one has to specify unique sequence numbers or use the POST request on the policy entity with a query parameter action=revise to let the framework assign a sequence number. The value of sequence number must be between 0 and 999,999. |
int | Minimum: 0 |
| stateful | Stateful nature of the entries within this security policy. Stateful or Stateless nature of security policy is enforced on all rules in this security policy. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Layer3 security policies can be stateful or stateless. By default, they are stateful. Layer2 security policies can only be stateless. |
boolean | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_strict | Enforce strict tcp handshake before allowing data packets Ensures that a 3 way TCP handshake is done before the data packets are sent. tcp_strict=true is supported only for stateful security policies. If the tcp_strict flag is not specified and the security policy is stateful, then tcp_strict will be set to true. |
boolean | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
GatewayPolicyListResult (schema)
Paged Collection of gateway policies
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | GatewayPolicy list results | array of GatewayPolicy | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
GatewayQosProfile (schema)
QoS configuration of Tier1 gateway
QoS profile contains configuration of rate limiting properties which can be
applied in ingress and egress directions at Tier1 gateways
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| burst_size | Burst size in bytes Burst size in bytes. |
int | Minimum: 1 Default: "1" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| committed_bandwidth | Committed bandwidth in Mbps Committed bandwidth in both directions specified in Mbps. Bandwidth is limited to line rate when the value configured is greater than line rate. |
int | Minimum: 1 Default: "1" |
| committed_bandwitdth | Committed bandwidth in Mbps Committed bandwidth in both directions specified in Mbps. Bandwidth is limited to line rate when the value configured is greater than line rate. This property is deprecated, use committed_bandwidth instead. |
int | Deprecated Minimum: 1 Default: "1" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| excess_action | Action on traffic exceeding bandwidth. Action on traffic exceeding bandwidth. |
string | Enum: DROP |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value GatewayQosProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
GatewayQosProfileConfig (schema)
Gateway QoS profile configuration
| Name | Description | Type | Notes |
|---|---|---|---|
| egress_qos_profile_path | Egress QoS profile Policy path to gateway QoS profile in egress direction. |
string | |
| ingress_qos_profile_path | Ingress QoS profile Policy path to gateway QoS profile in ingress direction. |
string |
GatewayQosProfileListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paginated list of GatewayQosProfile | array of GatewayQosProfile | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
GatewayRecoverySiteConfig (schema)
Recovery site config
Recovery site config
| Name | Description | Type | Notes |
|---|---|---|---|
| failover_linked_tier1_gateway | Failover Linked Tier-1 Gateway Linked Tier1 gateway whose primary site matches from_site_path and are stretched to new primary site are recovered on new primary site path. |
boolean | Default: "True" |
| tier0_gateway_path | Tier-0 gateway path Path of Tier-0 gateway |
string | Required |
| to_primary_site_path | Recovery site path Recovery site path |
string | Required |
GatewayRouteCsvRecord (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| admin_distance | The admin distance of the next hop | integer | |
| edge_path | Edge path Edge node policy path. |
string | Readonly |
| interface | The policy path of the interface which is used as the next hop | string | |
| lr_component_id | Logical router component(Service Router/Distributed Router) id | string | |
| lr_component_type | Logical router component(Service Router/Distributed Router) type | string | |
| network | CIDR network address | IPCIDRBlock | Required |
| next_hop | The IP of the next hop | IPAddress | |
| next_hop_gateway | Next hop gateway path | string | |
| route_type | Route type (USER, CONNECTED, NSX_INTERNAL,..) | string | Required |
GatewayRouteTableInCsvFormat (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| file_name | File name File name set by HTTP server if API returns CSV result as a file. |
string | |
| last_update_timestamp | Timestamp when the data was last updated; unset if data source has never updated the data. | EpochMsTimestamp | Readonly |
| results | array of GatewayRouteCsvRecord |
GatewaySiteFailoverActionConfig (schema)
Gateway site failover action
configuration to trigger site failover for one or more Tier0 and linked Tier1 gateway(s).
| Name | Description | Type | Notes |
|---|---|---|---|
| from_site_path | Source site path Source site path for failover. Gateway whose primary site path matches from_site_path are considered for recovery. |
string | Required |
| to_primary_site_config | Recovery site for gateway Recovery stie for Tier-0 gateway and linked Tier-1 gateway. |
array of GatewayRecoverySiteConfig | Required Maximum items: 200 |
GeneralSecurityProfile (schema)
General Security profile
A profile holding general security settings.
This is an abstract type. Concrete child types:
GatewayGeneralSecurityProfile
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value GeneralSecurityProfile | GeneralSecurityProfileResourceType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
GeneralSecurityProfileBindingMap (schema)
Policy General Security profile binding map
This entity will be used to establish association between General Security
profile and Logical Routers.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| profile_path | Profile Path PolicyPath of associated Profile |
string | Required |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value GeneralSecurityProfileBindingMap | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
GeneralSecurityProfileResourceType (schema)
Resource types of General Security profiles
GatewayGeneralSecurityProfile is used for all Tier0 and Tier1 gateways.
| Name | Description | Type | Notes |
|---|---|---|---|
| GeneralSecurityProfileResourceType | Resource types of General Security profiles GatewayGeneralSecurityProfile is used for all Tier0 and Tier1 gateways. |
string | Enum: GatewayGeneralSecurityProfile |
GenericDhcpOption (schema) (Deprecated)
Generic DHCP option
Define DHCP options other than option 121.
| Name | Description | Type | Notes |
|---|---|---|---|
| code | DHCP option code, [0-255] Code of the dhcp option. |
integer | Required Minimum: 0 Maximum: 255 |
| values | DHCP option value Value of the option. |
array of string | Required Minimum items: 1 Maximum items: 10 |
GenericPolicyRealizedResource (schema)
Generic realized entity
Represents realized entity
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| alarms | Alarm info detail | array of PolicyAlarmResource | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enforcement_point_path | Enforcement Point Path The path of the enforcement point. |
string | Readonly |
| entity_type | Type of realized entity | string | Readonly |
| extended_attributes | Collection of type specific properties | array of AttributeVal | Readonly |
| id | Unique identifier of this resource | string | Sortable |
| intent_paths | Collection of intent paths | array of string | Readonly |
| intent_reference | Desire state paths of this object | array of string | |
| operational_status | String representation of operational status Possible values could be UP, DOWN, UNKNOWN, FAILURE This list is not exhaustive. |
string | |
| operational_status_error | String representation of operational status error It defines the root cause for operational status error. |
string | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| publish_status | String representation of publish status Possible values could be UP, DOWN, UNKNOWN, SUCCESS This list is not exhaustive. |
string | |
| publish_status_error | String representation of publish status error It defines the root cause for publish status error. |
string | |
| publish_status_error_code | Represents error code for publish status. It defines error code for publish status error. |
int | |
| publish_status_error_details | Details for publich status error. Error details for publish status. |
array of ConfigurationStateElement | |
| realization_api | Realization API of this object on enforcement point | string | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| realization_specific_identifier | Realization id of this object | string | |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value GenericPolicyRealizedResource | string | |
| runtime_error | String representation of runtime error It define the root cause for runtime error. |
string | |
| runtime_status | String representation of runtime status Possible values could be UP, DOWN, UNKNOWN, DEGRADED This list is not exhaustive. |
string | Deprecated |
| site_path | Site Path The site where this entity resides. |
string | Readonly |
| state | Realization state of this object | string | Required Enum: UNAVAILABLE, UNREALIZED, REALIZED, ERROR |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
GenericPolicyRealizedResourceListResult (schema)
GenericPolicyRealizedResource list result
GenericPolicyRealizedResource list result
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paged Collection of GenericPolicyRealizedResources List of realized resources |
array of GenericPolicyRealizedResource | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
GetBackupUiFramesInfoRequestParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string | |
| ui_tab_type | string | Readonly Enum: LOCAL_MANAGER_TAB, GLOBAL_MANAGER_TAB Default: "LOCAL_MANAGER_TAB" |
GetCertParameter (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| details | whether to expand the pem data and show all its details | boolean | Default: "False" |
GetSNMPParameters (schema)
Get SNMP request parameters
Get SNMP request parameters.
| Name | Description | Type | Notes |
|---|---|---|---|
| show_sensitive_data | Show SNMP sensitive data or not Whether to show SNMP service properties including community strings if any applicable. |
boolean | Default: "False" |
GlobalCollectorConfig (schema)
Abstract base type for Global collector configurations of different types
The GlobalCollectorConfig is the base class for global collector configurations for
different types in a NSX domain.
This is an abstract type. Concrete child types:
VrniGlobalCollector
WaveFrontGlobalCollector
| Name | Description | Type | Notes |
|---|---|---|---|
| collector_ip | IP address for the global collector collector IP address for the global collector. |
IPAddress | Required |
| collector_port | Port for the global collector Port for the global collector. |
int | Required Minimum: 0 Maximum: 65535 |
| collector_type | Specify the global collector type. | GlobalCollectorType | Required |
GlobalCollectorType (schema)
Valid Global collector types
| Name | Description | Type | Notes |
|---|---|---|---|
| GlobalCollectorType | Valid Global collector types | string | Enum: VRNI, WAVE_FRONT |
GlobalConfig (schema)
Global configuration
Global configuration
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| allow_changing_vdr_mac_in_use | A flag to indicate if changing the VDR MAC being used is allowed When this flag is set to true, it is allowed to change the VDR MAC being used by existing transport nodes in a NSX system. The VDR MAC used by a host switch in a transport node is decided by the OVERLAY transport zone(s) which the host switch joins. If any of the OVERLAY transport zone(s) has "nested_nsx" property set to true, the MAC in "vdr_mac_nested" is used; otherwise the MAC in "vdr_mac" is used. Thus the VDR MAC being used by a host switch in a transport node can be changed in below ways. If the host switch is not in any OVERLAY transport zone whose "nested_nsx" property is true but is in an OVERLAY transport zone, the first way is updating the "vdr_mac" property. The 2nd way is updating one of the OVERLAY tranport zones joined by the host switch to set "nested_nsx" property true which will make the host switch use the VDR MAC in "vdr_mac_nested". The third way is directly updating the transport node to add an OVERLAY transport zone whose "nested_nsx" property is true into the host switch which will also make the host switch use the VDR MAC in "vdr_mac_nested". If the host switch is in some OVERLAY transport zone(s) whose "nested_nsx" property is true, the first way is updating the "vdr_mac_nested" property. The 2nd way is updating all those OVERLAY tranport zones to set "nested_nsx" property false which will make the host switch use the VDR MAC in "vdr_mac". The third way is directly updating the transport node to remove all those OVERLAY transport zones from the host switch which will also make the host switch use the VDR MAC in "vdr_mac". Please note that changing the VDR MAC being used by existing transport nodes will most likely cause traffic disruption and network outage! |
boolean | Default: "False" |
| arp_limit_per_gateway | ARP limit per Tier0/Tier1 gateway Global configuration of maximum number of ARP entries per transport node at each Tier0/Tier1 gateway. |
int | Minimum: 5000 Maximum: 50000 Default: "50000" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| external_gateway_bfd | External Bidirectional Flow Detection configuration Configuration for BFD session between host nodes and external gateways. If this configuration is not provided, system defaults are applied. |
ExternalGatewayBfdConfig | |
| fips | FIPS enabled config Contains the FIPSGlobalConfig object. |
FIPSGlobalConfig | |
| global_replication_mode_enabled | A flag to indicate if global replication mode is enabled When this flag is set true, certain types of BUM packets will be sent to all VTEPs in the global VTEP table, ignoring the logical switching span. |
boolean | Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| l3_forwarding_mode | L3 forwarding mode Configure forwarding mode for routing. This setting does not restrict configuration for other modes. |
string | Enum: IPV4_ONLY, IPV4_AND_IPV6 Default: "IPV4_ONLY" |
| lb_ecmp | Flag for controlling equal-cost multi-path(ECMP) load balancing. Flag to enable/disable ECMP load balancing. By default ECMP load balancing is disabled. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| mtu | MTU size Maximum transmission unit (MTU) specifies the size of the largest packet that a network protocol can transmit. This is the global default MTU for all the EXTERNAL (uplink) and SERVICE (CSP) interfaces in the NSX domain. There is no option to override this value at the transport zone level or transport node level. |
int | Minimum: 1280 |
| operation_collectors | Operation global collector config This property is a part of OpsGlobalConfig object. Use /infra/ops-global-config instead. The VRNI and WAVE_FRONT collector type can be defined to collect the metric data. The WAVE_FRONT collector type can only be used in VMC mode. |
array of GlobalCollectorConfig (Abstract type: pass one of the following concrete types) VrniGlobalCollector WaveFrontGlobalCollector |
Deprecated |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| physical_uplink_mtu | MTU for the physical uplinks This is the global default MTU for all the physical uplinks in a NSX domain. This is the default value for the optional uplink profile MTU field. When the MTU value is not specified in the uplink profile, this global value will be used. This value can be overridden by providing a value for the optional MTU field in the uplink profile. Whenever this value is updated, the updated value will only be propagated to the uplinks that don't have the MTU value in their uplink profiles. If this value is not set, the default value of 1700 will be used. The Transport Node state can be monitored to confirm if the updated MTU value has been realized. |
int | Default: "1700" |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| remote_tunnel_physical_mtu | The physical MTU for the remote tunnel endpoints This is the global default MTU for all the physical remote tunnel endpoints in an NSX domain. Please consider intersite link MTU minus any external overhead when defining the MTU. If this value is not set, the default value of 1500 will be used. |
int | Default: "1700" |
| resource_type | Must be set to the value GlobalConfig | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| uplink_mtu_threshold | Upper threshold for MTU on physical and logical uplinks This value defines the upper threshold for the Maximum Transmission Unit (MTU) value that can be configured at a physical uplink level or a logical routing uplink level in a NSX domain. All Uplink profiles validate against this value so that the MTU specified in an Uplink profile does not exceed this global upper threshold. Similarly, when this value is modified, the new value must be greater than or equal to any existing Uplink profile's MTU. |
int | Default: "9000" |
| vdr_mac | MAC address of the Virtual Distributed Router (VDR) port This is the global default MAC address for all VDRs in all transport nodes in a NSX system. It can be changed only when there is no transport node in the NSX system. This value cannot be same as vdr_mac_nested. When the property "allow_changing_vdr_mac_in_use" is false, it can not be changed if the current VDR MAC is being used by any transport node. A transport node uses this VDR MAC if any host switch in the node is in OVERLAY transport zone(s) but none of the transport zone(s) has "nested_nsx" property being true. |
MACAddress | Default: "02:50:56:56:44:52" |
| vdr_mac_nested | The MAC address of the Virtual Distributed Router (VDR) port in a nested NSX environment. This is the global default MAC address for all VDRs in all transport nodes in a NSX system nested in another NSX system. It can be changed only when there is no transport node in the NSX system. All transport zones in such a nested NSX system will have the "nested_nsx" property being true so that all transport nodes will use this MAC for the VDR ports to avoid conflict with the VDR MAC in the outer NSX system. When the property "allow_changing_vdr_mac_in_use" is false, it can not be changed if the current VDR MAC is being used by any transport node in a nested NSX environment. A transport node uses this VDR MAC if any host switch in the node is in an OVERLAY transport zone whose "nested_nsx" property is true. |
MACAddress | Default: "02:50:56:56:44:53" |
GlobalDfwConfiguration (schema)
Global distributed firewall configuration for a specific site
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enable_firewall | Distributed firewall enable flag If set to true, distributed firewall is enabled on a specified site. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value GlobalDfwConfiguration | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
GlobalDfwConfigurationListResult (schema)
Paged Collection of global distributed firewall configurations for all the sites
Paged Collection of global distributed firewall configurations for all the sites.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Global distributed firewall configuration list results Global distributed firewall configuration list results. |
array of GlobalDfwConfiguration | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
GlobalIdsSettings (schema)
Global Intrusion Detection System settings
Represents the Intrusion Detection System settings for PMaaS.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| auto_update | Auto update signatures flag Parameter to let the user decide whether to update the IDS Signatures automatically or not. |
boolean | Default: "False" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value GlobalIdsSettings | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
GlobalIdsSignature (schema)
Global IDS signature
Global IDS signature.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| action | Global IDS signature's action It denotes the global action of a IDS Signature. This will take precedence over IDS signature's action. |
string | Enum: ALERT, DROP, REJECT |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enable | Flag to Enable/Disable a IDS Signature globally. Flag through which user can Enable/Disable a Signature at Global Level. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value GlobalIdsSignature | string | |
| signature_id | Signature ID Represents the Signature's id. |
string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
GlobalManager (schema)
Global Manager
Global Manager.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| connection_info | Connection information To create a standby GM, the connection information (username, password, and API thumbprint) for at least one NSX manager node in the remote site must be provided. Once the GM has been successfully onboarded, the connection_info is discarded and authentication to the standby GM occurs using an X.509 client certificate. |
array of SiteNodeConnectionInfo | Maximum items: 3 |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| fail_if_rtt_exceeded | Fail onboarding if maximum RTT exceeded Fail onboarding if maximum RTT exceeded. |
boolean | Default: "True" |
| federation_id | Global manager federation UUID Internally generated UUID to the federation of Global Manager. |
string | Readonly |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| maximum_rtt | Maximum acceptable packet round trip time (RTT) If provided and fail_if_rtt_exceeded is true, onboarding of the site will fail if measured RTT is greater than this value. |
integer | Minimum: 0 Maximum: 1000 Default: "250" |
| mode | Mode of the global manager There can be at most one ACTIVE global manager and one STANDBY global manager. In order to add a STANDBY manager, there must be an ACTIVE manager defined. |
string | Required Enum: ACTIVE, STANDBY |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value GlobalManager | string | |
| site_id | UUID of the site where Global manager is running UUID of the site where Global manager is running. This is the Site Manager generated UUID for every NSX deployment. |
string | Readonly |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
GlobalManagerConfig (schema)
Global Manager configuration
This configuration is distributed to all Sites participating in federation.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value GlobalManagerConfig | string | |
| rtep_config | Global Manager federation RTEP configuration Global Manager federation RTEP configuration. This configuration is distributed to all Sites participating in federation. |
GmRtepConfig | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
GlobalManagerListRequestParameters (schema)
Site List Request Parameters
Site list request parameters.
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
GlobalManagerListResult (schema)
Paged Collection of Global Managers
Paged Collection of Global Managers.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Global Manager List Result Global Manager List Result. |
array of GlobalManager | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
GlobalManagerSwitchOverRequestParameter (schema)
Parameter to force switchover
Parameter to force switch over from Standby to Active.
| Name | Description | Type | Notes |
|---|---|---|---|
| force | Indciates force switchover to Active If true indicates that user requested make standby Global Manager as active ignoring the state of current active Global Manager. Typically, recommended to use when active Global Manager is failed or not reachable. |
boolean |
GlobalRestoreStatus (schema)
Overall restore process status
| Name | Description | Type | Notes |
|---|---|---|---|
| description | A description of the restore status | string | Required Readonly |
| value | Global rolled-up restore status value | string | Required Readonly Enum: INITIAL, SUCCESS, FAILED, RUNNING, SUSPENDED_BY_USER, SUSPENDED_FOR_USER_ACTION, SUSPENDED, ABORTED |
GmConfigOnboardingConflictEntityInfo (schema)
GM config Onboarding Conflicting Entity Info
Conflicting Entity information on GM.
| Name | Description | Type | Notes |
|---|---|---|---|
| error_messages | ConfigOnboardingError | Readonly | |
| example | Conflict example Conflict example |
OnboardingFeatureInfo | Readonly |
GmFederationSiteConfig (schema)
Federation configuration for the site
Additional configuration required for federation at Site.
| Name | Description | Type | Notes |
|---|---|---|---|
| transit_subnet | Transit subnet in CIDR format IP Addresses to be allocated for transit segment when the gateway is stretched. Note that Global Manager will carve out the IP Pool for each site to be used for edge nodes when gateway is stretched based on the user provided subnet and maximum number of edge nodes allowed per site. |
string | Format: ip-cidr-block |
GmNodeStatus (schema)
Represents the Global Manager node switchover status
| Name | Description | Type | Notes |
|---|---|---|---|
| end_time | End time of the switchover operation | integer | |
| errors | Errors if any | array of string | |
| node_id | UUID of the Global Manager node | string | |
| start_time | Start time of the switchover operation | integer | |
| status | Status of switchover operation | string | Enum: IN_PROGRESS, COMPLETED, FAILED |
| warnings | Errors if any | array of string |
GmOperationalState (schema)
Represents the operational state of Global Manager
Represents the switchover operational state of Global Manager. Offers information
about the current switchover operation including status from each Global Manager
node and the errors if any.
| Name | Description | Type | Notes |
|---|---|---|---|
| consolidated_progress | Consolidated status of the current operation | string | Enum: IN_PROGRESS, COMPLETED, FAILED |
| end_time | End time of the switchover operation | integer | |
| errors | Errors if any | array of string | |
| node_statuses | Switchover status from each NSX Global Manager appliance node | array of GmNodeStatus | |
| site_manager_ref | Timestamp reference for the change provided by SiteManager | integer | |
| start_time | Start time of the switchover operation | integer | |
| status | The current switchover operation requested. | string | Required Enum: NONE, ACTIVE, STANDBY, SWITCHING_TO_ACTIVE, SWITCHING_TO_STANDBY, DECOMMISSIONED |
| warnings | Errors if any | array of string |
GmRtepConfig (schema)
Global Manager federation RTEP configuration
Global Manager federation RTEP configuration. This configuration is distributed
to all Sites participating in federation.
| Name | Description | Type | Notes |
|---|---|---|---|
| ibgp_password | Password for IBGP sessions between federated sites Password to authenticate IBGP session between remote tunnel endpoints created on federated sites. This is applied to inter-site underlay IBGP neighbors created over remote tunnel endpoints on all sites. Empty string ("") clears existing password. |
secure_string | Maximum length: 20 |
GraphConfiguration (schema)
Graph Configuration
Represents configuration of a graph widget
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| axes | Axes of a graph | Axes | |
| condition | Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally. |
string | Maximum length: 1024 |
| datasources | Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API. |
array of Datasource | Minimum items: 0 |
| default_filter_value | Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values. |
array of DefaultFilterValue | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title. |
string | Maximum length: 255 |
| display_x_value | Show or hide the value of a point on X axis If true, value of a point is shown as label on X axis. If false, value of point is not shown as label on X axis. false can be useful in situations where there are too many points and showing the X value as label can clutter the X axis. |
boolean | Default: "False" |
| drilldown_id | Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget. |
string | Maximum length: 255 |
| feature_set | Features required to view the widget Features required to view the widget. |
FeatureSet | |
| filter | Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property. |
string | Deprecated |
| filter_value_required | Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory. |
boolean | Default: "True" |
| filters | A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget. |
array of string | |
| footer | Footer | ||
| graphs | Graphs | array of GraphDefinition | Required Minimum items: 1 |
| graphs_colors | A colors for the graph An array of graphs colors which will be applied to each graph seperately. if number of provided colors are smaller than number of graph in the widget then colors are applied in circular manner. |
array of string | |
| icons | Icons Icons to be applied at dashboard for widgets and UI elements. |
array of Icon | |
| id | Unique identifier of this resource | string | Sortable |
| is_drilldown | Set as a drilldown widget Set to true if this widget should be used as a drilldown. |
boolean | Default: "False" |
| legend | Legend for the widget Legend to be displayed. If legend is not needed, do not include it. |
Legend | |
| line_chart_plot_configs | List of line chart plotting configuration List of line chart plotting configuration. This plotting configuration will be applicable for the LINE_GRAPH only. |
array of LineChartPlotConfiguration | |
| navigation | Navigation to a specified UI page Hyperlink of the specified UI page that provides details. |
string | |
| plot_configs | List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here. |
array of WidgetPlotConfiguration | |
| resource_type | Must be set to the value GraphConfiguration | string | Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255 |
| rowspan | Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px. |
int | Minimum: 1 |
| shared | Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users. |
boolean | Deprecated |
| show_header | This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header. |
boolean | |
| span | Horizontal span Represents the horizontal span of the widget / container. |
int | Minimum: 1 Maximum: 12 |
| sub_type | Subtype of a graph Describes the the type of graph. LINE_GRAPH shows a line graph chart BAR_GRAPH shows a simple bar graph chart STACKED_BAR_GRAPH shows a stacked bar graph chart |
string | Enum: LINE_GRAPH, BAR_GRAPH, STACKED_BAR_GRAPH Default: "BAR_GRAPH" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| weight | Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details. |
int | Deprecated |
| x_value_type | x value type x value type. |
string | Enum: string, number, date, millisecond, second Default: "string" |
| y_value_type | y value type y value type. |
string | Enum: integer, double |
GraphDefinition (schema)
Definition of a graph
Defines a graph
| Name | Description | Type | Notes |
|---|---|---|---|
| id | Identifier of graph Identifier of graph. It can be used to differentiate multiple graph series present in GraphWidgetConfiguration. |
string | |
| label | Label of a graph Describes the graph. It labels the entities of graph. If the label is not provided then it is not shown for a graph. For example, for a single graph, the title of widget can describe the graph and a label may not be necessary to be shown. |
Label | |
| point_definition | Definition for points of a graph Defines the points of a graph. |
PointDefinition | Required |
| render_configuration | Render Configuration Additional rendering or conditional evaluation of the field values to be performed, if any. |
array of RenderConfiguration | Minimum items: 0 |
| row_list_field | Expression for series of the graph An expression that represents the series of the graph |
string |
GridConfiguration (schema)
Grid Configuration
Represents configuration of a Grid or Table widget.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| columns | Columns Array of columns of a Grid widget |
array of ColumnItem | Required |
| condition | Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally. |
string | Maximum length: 1024 |
| datasources | Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API. |
array of Datasource | Minimum items: 0 |
| default_filter_value | Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values. |
array of DefaultFilterValue | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title. |
string | Maximum length: 255 |
| drilldown_id | Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget. |
string | Maximum length: 255 |
| feature_set | Features required to view the widget Features required to view the widget. |
FeatureSet | |
| filter | Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property. |
string | Deprecated |
| filter_value_required | Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory. |
boolean | Default: "True" |
| filters | A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget. |
array of string | |
| footer | Footer | ||
| icons | Icons Icons to be applied at dashboard for widgets and UI elements. |
array of Icon | |
| id | Unique identifier of this resource | string | Sortable |
| is_drilldown | Set as a drilldown widget Set to true if this widget should be used as a drilldown. |
boolean | Default: "False" |
| legend | Legend for the widget Legend to be displayed. If legend is not needed, do not include it. |
Legend | |
| page_size | Page Size Number of records per page. page_size will be effective only when the urls provided in the datasource support paging. |
int | Default: "30" |
| plot_configs | List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here. |
array of WidgetPlotConfiguration | |
| resource_type | Must be set to the value GridConfiguration | string | Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255 |
| row_list_fields | List of fields from which rows are formed Rows of grid or table are formed from the list of objects returned by a row list field. |
array of RowListField | Required Minimum items: 1 |
| rowspan | Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px. |
int | Minimum: 1 |
| shared | Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users. |
boolean | Deprecated |
| show_header | This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header. |
boolean | |
| span | Horizontal span Represents the horizontal span of the widget / container. |
int | Minimum: 1 Maximum: 12 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| weight | Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details. |
int | Deprecated |
Group (schema)
Group
Group.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildDnsSecurityProfileBindingMap ChildGroupDiscoveryProfileBindingMap ChildPolicyFirewallFloodProtectionProfileBindingMap ChildPolicyFirewallSessionTimerProfileBindingMap |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| expression | Expression The expression list must follow below criteria: 1. A non-empty expression list, must be of odd size. In a list, with indices starting from 0, all non-conjunction expressions must be at even indices, separated by a conjunction expression at odd indices. 2. The total of ConditionExpression and NestedExpression in a list should not exceed 5. 3. The total of IPAddressExpression, MACAddressExpression, external IDs in an ExternalIDExpression and paths in a PathExpression must not exceed 500. 4. Each expression must be a valid Expression. See the definition of the Expression type for more information. |
array of Expression (Abstract type: pass one of the following concrete types) Condition ConjunctionOperator ExternalIDExpression GroupScopeExpression IPAddressExpression IdentityGroupExpression MACAddressExpression NestedExpression PathExpression |
|
| extended_expression | Extended Expression Extended Expression allows additional higher level context to be specified for grouping criteria. (e.g. user AD group) This field allow users to specified user context as the source of a firewall rule for IDFW feature. Current version only support a single IdentityGroupExpression. In the future, this might expand to support other conjunction and non-conjunction expression. The extended expression list must follow below criteria: 1. Contains a single IdentityGroupExpression. No conjunction expression is supported. 2. No other non-conjunction expression is supported, except for IdentityGroupExpression. 3. Each expression must be a valid Expression. See the definition of the Expression type for more information. 4. Extended expression are implicitly AND with expression. 5. No nesting can be supported if this value is used. 6. If a Group is using extended expression, this group must be the only member in the source field of an communication map. |
array of Expression (Abstract type: pass one of the following concrete types) Condition ConjunctionOperator ExternalIDExpression GroupScopeExpression IPAddressExpression IdentityGroupExpression MACAddressExpression NestedExpression PathExpression |
Maximum items: 1 |
| group_type | Indicates the group type. Group type can be specified during create and update of a group. Empty group type indicates a 'generic' group, ie group can include any entity from the valid GroupMemberType. |
array of GroupTypes | Maximum items: 1 |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| reference | Indicates if the group is a reference. If true, indicates that this is a remote reference group. Such group will have span different from the its parent domain. Default value is false. |
boolean | Readonly Default: "False" |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value Group | string | |
| state | Realization state of this group | string | Enum: IN_PROGRESS, SUCCESS, FAILURE |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
GroupDeleteRequestParameters (schema) (Deprecated)
Group delete request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| fail_if_subtree_exists | Do not delete if the group subtree has any entities Check if the group sub-tree has any entities. These primarily include the binding maps that point to various profiles. If this flag is passed as true, the group delete fails if any binding maps exist in the group sub-tree. By default, this flag is false, which means that the group is deleted along with the group sub-tree. |
boolean | Default: "False" |
| force | Force delete the resource even if it is being used somewhere
If true, deleting the resource succeeds even if it is being referred as a resource reference. |
boolean | Default: "False" |
GroupDiscoveryProfileBindingMap (schema)
Map for binding group with discovery profile
This entity will be used to establish association between discovery profile and
Group. With this entity, user can specify intent for applying discovery profile
profile to particular Group.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| profile_path | Profile Path PolicyPath of associated Profile |
string | Required |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value GroupDiscoveryProfileBindingMap | string | |
| sequence_number | Sequence number group discovery profile Binding Map Sequence number used to resolve conflicts betweeen two profiles applied on the same group. Lower sequence number takes higher precedence. Two binding maps applied to the same profile must have the same sequence number. User defined sequence numbers range from 1 through 100,000. System defined sequence numbers range from 100,001 through 200,000. |
integer | Minimum: 1 Maximum: 100000 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
GroupDiscoveryProfileBindingMapListRequestParameters (schema)
Group Discovery Profile Binding Map List Request Parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
GroupDiscoveryProfileBindingMapListResult (schema)
Paged collection of Group Discovery Profile Binding Map
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Group Discovery Profile Binding Map List Results | array of GroupDiscoveryProfileBindingMap | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
GroupListRequestParameters (schema)
Group list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| member_types | Comma Seperated Member types Optionally, specify valid member types as request parameter to filter NSGroups. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
GroupListResult (schema)
Paged Collection of Groups
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Group list results | array of Group | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
GroupMemberActionParameters (schema)
Request Parameters for Group members
Request Parameter to either add or remove the Group members.
| Name | Description | Type | Notes |
|---|---|---|---|
| action | Add or Remove group members. Action parameter determines whether to add or remove the group members. |
string | Required Enum: add, remove |
GroupMemberList (schema)
Members to add or remove for a Group.
List of same type members to either add or remove from a group.
| Name | Description | Type | Notes |
|---|---|---|---|
| members | Groups members collection This array contains group members of similar types. |
array of string | Required Minimum items: 1 Maximum items: 4000 |
GroupMemberTagsList (schema)
Group tags list for a particular member type
Collection of tags used in a policy group for a particular member type
| Name | Description | Type | Notes |
|---|---|---|---|
| member_type | Member type for which we will list the tags | string | Required |
| tags | List of tags for the member type | array of string | Required |
GroupMemberType (schema)
Valid Group member type
| Name | Description | Type | Notes |
|---|---|---|---|
| GroupMemberType | Valid Group member type | string | Enum: VirtualMachine, VirtualNetworkInterface, SegmentPort, Segment, CloudNativeServiceInstance, IPAddress, MACAddress, IPSet, IdentityGroup, PhysicalServer, Pod, Service, Namespace, Cluster, TransportNode, Group, DVPG, DVPort, KubernetesCluster, KubernetesNamespace, AntreaEgress, AntreaIPPool, KubernetesIngress, KubernetesGateway, KubernetesService, KubernetesNode |
GroupMemberTypeListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| result_count | Count of the member types in the results array | integer | Required Readonly |
| results | Collection of member types for the given Group | array of GroupMemberType | Required |
GroupMonitoringProfileBindingMap (schema)
Group Monitoring Profile binding map
This entity will be used to establish association between monitoring
profile and Group. Using this entity, you can specify intent for applying
monitoring profile to particular Group. Group with membership criteria vm
only supported as source group. Port mirroring is only supported on group
with five vms.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ipfix_dfw_profile_path | IPFIX DFW Profile Path PolicyPath of associated IPFIX DFW Profile |
string | |
| ipfix_l2_profile_path | IPFIX L2 Profile Path PolicyPath of associated IPFIX L2 Profile |
string | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| port_mirroring_profile_path | Port Mirroring Profile Path PolicyPath of associated Port Mirroring Profile |
string | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value GroupMonitoringProfileBindingMap | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
GroupScopeExpression (schema)
Scope association expression node
Represents scope of the workloads that needs to be added to the Group.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value GroupScopeExpression | string | Required Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression |
| scope_path | Path of the scope | string | Required |
| scope_type | Scope type | string | Required Enum: PROJECT |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
GroupStatusListRequestParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| has_errors | Flag to indicate whether to return only upgrade units with errors | boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
GroupTagsList (schema)
Group tags list listed per member type
Collection of tags used in a policy group listed per member type
| Name | Description | Type | Notes |
|---|---|---|---|
| results | Collection of tags used in a policy group listed per member type | array of GroupMemberTagsList | Required |
GroupTypes (schema)
Valid Group Types.
ANTREA group type includes IPAddress, Pod, NameSpace and Service group member types.
| Name | Description | Type | Notes |
|---|---|---|---|
| GroupTypes | Valid Group Types. ANTREA group type includes IPAddress, Pod, NameSpace and Service group member types. |
string | Enum: IPAddress, ANTREA |
Header (schema)
Widget Header
Header of a widget that provides additional information. This will be shown at the container level. It includes details as label value pairs.
| Name | Description | Type | Notes |
|---|---|---|---|
| condition | Expression for evaluating condition If the condition is met then the header will be applied. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API. |
string | Maximum length: 1024 |
| content_alignment | alignment for labelvalue pair Alignment of header labels. |
string | Enum: LEFT, RIGHT Default: "RIGHT" |
| sub_header_widgets | An array of widgets inside the container header An array of widgets which will appear inside the container header Instead of 'sub_headers' property use this property. |
array of WidgetItem | Minimum items: 0 |
| sub_headers | Rows An array of label-value properties. This field is deprecated instead used 'sub_header_widgets' property to define header widgets. |
array of PropertyItem | Deprecated Minimum items: 0 |
HostUpgradeStatus (schema)
Status of host upgrade
| Name | Description | Type | Notes |
|---|---|---|---|
| can_rollback | Can perform rollback This field indicates whether we can perform upgrade rollback. |
boolean | Readonly |
| can_skip | Can the upgrade of the remaining units in this component be skipped | boolean | Readonly |
| component_type | Component type for the upgrade status | string | Readonly |
| current_version_node_summary | Mapping of current versions of nodes and counts of nodes at the respective versions. | NodeSummaryList | Readonly |
| details | Details about the upgrade status | string | Readonly |
| node_count_at_target_version | Count of nodes at target component version Number of nodes of the type and at the component version |
int | Readonly |
| percent_complete | Indicator of upgrade progress in percentage | number | Required Readonly |
| pre_upgrade_status | Pre-upgrade status of the component-type | UpgradeChecksExecutionStatus | Readonly |
| status | Upgrade status of component | string | Required Readonly Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED |
| target_component_version | Target component version | string | Readonly |
HostnameOrIPAddress (schema)
Hostname or IPv4 or IPv6 address
| Name | Description | Type | Notes |
|---|---|---|---|
| HostnameOrIPAddress | Hostname or IPv4 or IPv6 address | string | Format: hostname-or-ip |
HostnameOrIPv46Address (schema)
Hostname or IPv4 or IPv6 address
| Name | Description | Type | Notes |
|---|---|---|---|
| HostnameOrIPv46Address | Hostname or IPv4 or IPv6 address | string | Maximum length: 255 Pattern: "^(?=.{1,255}$)[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?(?:\.[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?)*\.?$|^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$" |
HostnameOrIPv4Address (schema)
Hostname or IPv4 address
| Name | Description | Type | Notes |
|---|---|---|---|
| HostnameOrIPv4Address | Hostname or IPv4 address | string | Format: hostname-or-ipv4 |
HostnameOrIPv4AddressOrEmptyString (schema)
Hostname or IPv4 address
| Name | Description | Type | Notes |
|---|---|---|---|
| HostnameOrIPv4AddressOrEmptyString | Hostname or IPv4 address | string | Maximum length: 255 Pattern: "^(?=.{1,255}$)[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?(?:\.[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?)*\.?$|^$" |
HttpProtocol (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| authentication_scheme | Scheme to authenticate if required | BasicAuthenticationScheme | |
| name | Must be set to the value HttpProtocol | string | Required Enum: http, https, scp, sftp |
HttpRequestMethodType (schema) (Deprecated)
http monitor method
| Name | Description | Type | Notes |
|---|---|---|---|
| HttpRequestMethodType | http monitor method | string | Deprecated Enum: GET, OPTIONS, POST, HEAD, PUT |
HttpRequestVersionType (schema) (Deprecated)
http request version
| Name | Description | Type | Notes |
|---|---|---|---|
| HttpRequestVersionType | http request version | string | Deprecated Enum: HTTP_VERSION_1_0, HTTP_VERSION_1_1 |
HttpServiceProperties (schema)
HTTP Service properties
| Name | Description | Type | Notes |
|---|---|---|---|
| basic_authentication_enabled | Enable or disable basic authentication Identifies whether basic authentication is enabled or disabled in API calls. |
boolean | Deprecated Default: "True" |
| certificate | Certificate | Deprecated Required Readonly |
|
| cipher_suites | Cipher suites used to secure contents of connection | array of CipherSuite | Deprecated Minimum items: 1 |
| client_api_concurrency_limit | Client API rate limit in calls The maximum number of concurrent API requests that will be serviced for a given authenticated client. If the number of API requests being processed exceeds this limit, new API requests will be refused and a 503 Service Unavailable response will be returned to the client. To disable API concurrency limiting, set this value to 0. |
integer | Deprecated Minimum: 0 Default: "40" |
| client_api_rate_limit | Client API rate limit in calls per second The maximum number of API requests that will be serviced per second for a given authenticated client. If more API requests are received than can be serviced, a 429 Too Many Requests HTTP response will be returned. To disable API rate limiting, set this value to 0. |
integer | Deprecated Minimum: 0 Default: "100" |
| connection_timeout | NSX connection timeout, set to 0 to configure no timeout | integer | Deprecated Minimum: 0 Maximum: 2147483647 |
| cookie_based_authentication_enabled | Enable or disable cookie-based authentication Identifies whether cookie-based authentication is enabled or disabled in API calls. When cookie-based authentication is disabled, new sessions cannot be created via /api/session/create. |
boolean | Deprecated Default: "True" |
| global_api_concurrency_limit | Global API rate limit in calls The maximum number of concurrent API requests that will be serviced. If the number of API requests being processed exceeds this limit, new API requests will be refused and a 503 Service Unavailable response will be returned to the client. To disable API concurrency limiting, set this value to 0. |
integer | Deprecated Minimum: 0 Default: "100" |
| logging_level | Service logging level | string | Enum: OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE Default: "INFO" |
| protocol_versions | TLS protocol versions | array of ProtocolVersion | Deprecated Minimum items: 1 |
| redirect_host | Host name or IP address to use for redirect location headers, or empty string to derive from current request | HostnameOrIPv4AddressOrEmptyString | Deprecated Default: "" |
| session_timeout | NSX session inactivity timeout, set to 0 to configure no timeout | integer | Deprecated Minimum: 0 Maximum: 2147483647 |
HttpsProtocol (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| authentication_scheme | Scheme to authenticate if required | BasicAuthenticationScheme | |
| name | Must be set to the value HttpsProtocol | string | Required Enum: http, https, scp, sftp |
| sha256_thumbprint | SSL thumbprint of server | string | Required |
ICMPTypeServiceEntry (schema)
A ServiceEntry that represents IPv4 or IPv6 ICMP protocol
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| icmp_code | ICMP message code | integer | Minimum: 0 Maximum: 255 |
| icmp_type | ICMP message type | integer | Minimum: 0 Maximum: 255 |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| protocol | string | Required Enum: ICMPv4, ICMPv6 |
|
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ICMPTypeServiceEntry | string | Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IGMPTypeServiceEntry (schema)
A ServiceEntry that represents IGMP protocol
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IGMPTypeServiceEntry | string | Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPAddress (schema)
IPv4 or IPv6 address
| Name | Description | Type | Notes |
|---|---|---|---|
| IPAddress | IPv4 or IPv6 address | string | Format: ip |
IPAddressExpression (schema)
IP address expression node
Represents IP address expressions in the form of an array, to support addition of IP addresses in a group. Avoid creating groups with multiple IPAddressExpression. In future releases, group will be restricted to contain a single IPAddressExpression. To group IPAddresses, use nested groups instead of multiple IPAddressExpressions.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ip_addresses | Array of IP addresses This array can consist of a single IP address, IP address range or a subnet. Its type can be of either IPv4 or IPv6. Both IPv4 and IPv6 addresses within one expression is not allowed. Supported list of formats are, "192.168.1.1", "192.168.1.1-192.168.1.100", "192.168.0.0/24", "fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:318c/64". |
array of IPElement | Required Minimum items: 1 Maximum items: 4000 |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IPAddressExpression | string | Required Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPAddressGroupAssociationRequestParams (schema)
List request parameters containing ip address and enforcement point path
List request parameters containing ip address and enforcement point path
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| enforcement_point_path | String Path of the enforcement point The path of the enforcement point from which the list of groups needs to be fetched. Forward slashes must be escaped using %2F. If no enforcement point path is specified, the default enforcement point is considered |
string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| ip_address | IPAddress | string | Required |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
IPAddressList (schema)
IP Address collection.
Collection of IP Addresses.
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_addresses | Array of IP addresses The array contains IP addresses. |
array of IPElement | Required Minimum items: 1 Maximum items: 4000 |
IPAddressOrCIDRBlock (schema)
IPAddress or CIDR Block
| Name | Description | Type | Notes |
|---|---|---|---|
| IPAddressOrCIDRBlock | IPAddress or CIDR Block | string | Format: address-or-cidr-block |
IPAddresses (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_addresses | IPs of the filter The IP addresses in the form of IP Address, IP Range, CIDR, used as source IPs or destination IPs of filters. |
array of IPElement | Minimum items: 1 |
IPCIDRBlock (schema)
IPv4 or IPv6 CIDR Block
| Name | Description | Type | Notes |
|---|---|---|---|
| IPCIDRBlock | IPv4 or IPv6 CIDR Block | string | Format: ip-cidr-block |
IPDiscoveryProfile (schema)
IP Discovery Profile
Using this profile to configure different options of IP Discovery
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| arp_nd_binding_timeout | ARP and ND cache timeout (in minutes) This property controls the ARP and ND cache timeout period. It is recommended that this property be greater than the ARP/ND cache timeout on the VM. |
int | Minimum: 5 Maximum: 120 Default: "10" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| duplicate_ip_detection | Duplicate IP Dection Options Duplicate IP detection is used to determine if there is any IP conflict with any other port on the same logical switch. If a conflict is detected, then the IP is marked as a duplicate on the port where the IP was discovered last. The duplicate IP will not be added to the realized address binings for the port and hence will not be used in DFW rules or other security configurations for the port.rt. |
DuplicateIPDetectionOptions | |
| id | Unique identifier of this resource | string | Sortable |
| ip_v4_discovery_options | IPv4 Discovery options Indicates IPv4 Discovery options |
IPv4DiscoveryOptions | |
| ip_v6_discovery_options | IPv6 Discovery options Indicates IPv6 Discovery options |
IPv6DiscoveryOptions | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IPDiscoveryProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tofu_enabled | Is TOFU enabled or not Indicates whether "Trust on First Use(TOFU)" paradigm is enabled. |
boolean | Default: "True" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPDiscoveryProfileListRequestParameters (schema)
IP Discovery Profile request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
IPDiscoveryProfileListResult (schema)
Paged collection of IP Discovery Profiles
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | IP Discovery profile list results | array of IPDiscoveryProfile | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
IPElement (schema)
IP address, range, or subnet
IPElement can be a single IP address, IP address range or a Subnet. Its
type can be of IPv4 or IPv6. Supported list of formats are "192.168.1.1",
"192.168.1.1-192.168.1.100", "192.168.0.0/24",
"fe80::250:56ff:fe83:318c",
"fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c",
"fe80::250:56ff:fe83:318c/64"
| Name | Description | Type | Notes |
|---|---|---|---|
| IPElement | IP address, range, or subnet IPElement can be a single IP address, IP address range or a Subnet. Its type can be of IPv4 or IPv6. Supported list of formats are "192.168.1.1", "192.168.1.1-192.168.1.100", "192.168.0.0/24", "fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:318c/64" |
string | Format: address-or-block-or-range |
IPElementList (schema)
List of IP address, range, or subnet
IPElement can be a single IP address, IP address range or a Subnet. Its
type can be of IPv4 or IPv6. Supported list of formats are "192.168.1.1",
"192.168.1.1-192.168.1.100", "192.168.0.0/24",
"fe80::250:56ff:fe83:318c",
"fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c",
"fe80::250:56ff:fe83:318c/64"
| Name | Description | Type | Notes |
|---|---|---|---|
| IPElementList | List of IP address, range, or subnet IPElement can be a single IP address, IP address range or a Subnet. Its type can be of IPv4 or IPv6. Supported list of formats are "192.168.1.1", "192.168.1.1-192.168.1.100", "192.168.0.0/24", "fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:3181-fe80::250:56ff:fe83:318c", "fe80::250:56ff:fe83:318c/64" |
string | Format: list-of-address-or-block-or-range |
IPFIXDFWCollector (schema)
IPFIX DFW Collector
IPFIX DFW data will be collected on collector
Host IP and Port address should be provided for collector.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| collector_ip_address | IP address IP address for the IPFIX DFW collector. IP addresses such as 0.0.0.0, 127.0.0.1, 255.255.255.255 are invalid. |
IPAddress | Required |
| collector_port | Port Port for the IPFIX DFW collector. |
int | Required Minimum: 0 Maximum: 65535 |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IPFIXDFWCollector | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPFIXDFWCollectorProfile (schema)
IPFIX DFW Collector Profile
IPFIX data for the NSX distributed firewall will be sent to the specified
IPFIX collectors.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ipfix_dfw_collectors | IPFIX DFW Collectors. It accepts Multiple Collectors. |
array of IPFIXDFWCollector | Required Minimum items: 1 |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IPFIXDFWCollectorProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPFIXDFWProfile (schema)
IPFIX DFW Profile
IPFIX packets from source will be sent to IPFIX DFW collector.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| active_flow_export_timeout | Active timeout (Minutes) For long standing active flows, IPFIX records will be sent per timeout period in minutes. |
int | Required Minimum: 1 Maximum: 60 Default: "1" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ipfix_dfw_collector_profile_path | IPFIX collector Paths Policy path for IPFIX collector profiles. IPFIX data from these logical segments will be sent to all specified IPFIX collectors. |
string | Required |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| observation_domain_id | Observation domain ID An identifier that is unique to the exporting process and used to meter the flows. |
int | Minimum: 0 Maximum: 65536 Default: "0" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| priority | Config Priority This priority field is used to resolve conflicts in Segment Ports which are covered by more than one IPFIX profiles. The IPFIX exporter will send records to Collectors in highest priority profile (lowest number) only. |
int | Minimum: 0 Maximum: 32000 Default: "0" |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IPFIXDFWProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPFIXL2Collector (schema)
IPFIX L2 Collector
IPFIX packets will be collected on collector.
IP and port address should be provided for collector.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| collector_ip_address | IP address IP address for the IPFIX L2 collector. IP addresses such as 0.0.0.0, 127.0.0.1, 255.255.255.255 are invalid. |
IPAddress | Required |
| collector_port | Port Port number for the IPFIX L2 collector. |
int | Minimum: 0 Maximum: 65535 Default: "4739" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IPFIXL2Collector | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPFIXL2CollectorProfile (schema)
IPFIX L2 Collector Profile
IPFIX L2 data will be collected on collectors.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ipfix_l2_collectors | It accepts Multiple Collector objects. It accepts Multiple Collector objects. |
array of IPFIXL2Collector | Required Minimum items: 1 Maximum items: 4 |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IPFIXL2CollectorProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPFIXL2Profile (schema)
IPFIX L2 Profile
IPFIX data from source logical segment, port, group will be forwarded to IPFIX
collector.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| active_timeout | Active timeout The time in seconds after a flow is expired even if more packets matching this flow are received by the cache. |
int | Minimum: 60 Maximum: 3600 Default: "300" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| export_overlay_flow | Export overlay Flow This property controls whether overlay flow info is included in the sample result. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| idle_timeout | Idle timeout The time in seconds after a flow is expired if no more packets matching this flow are received by the cache. |
int | Minimum: 60 Maximum: 3600 Default: "300" |
| ipfix_collector_profile_path | IPFIX collector Path Policy path for IPFIX collector profile. User can specify only one IPFIX collector. |
string | Required |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| max_flows | Max flows The maximum number of flow entries in each exporter flow cache. |
integer | Minimum: 0 Maximum: 4294967295 Default: "16384" |
| observation_domain_id | Observation domain ID An identifier that is unique to the exporting process and used to meter the flows. |
integer | Minimum: 0 Maximum: 4294967295 Default: "0" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| packet_sample_probability | Packet sample probability The probability in percentage that a packet is sampled, in range 0-100. The probability is equal for every packet. |
number | Required Minimum: 0 Maximum: 100 Default: "0.1" |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| priority | Config Priority This priority field is used to resolve conflicts in Segment Ports which are covered by more than one IPFIX profiles. The IPFIX exporter will send records to Collectors in highest priority profile (lowest number) only. |
int | Minimum: 0 Maximum: 32000 Default: "0" |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IPFIXL2Profile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPInfo (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_addresses | IPv4 Addresses | array of IPv4Address | Required Minimum items: 1 Maximum items: 1 |
| prefix_length | Subnet Prefix Length | integer | Required Minimum: 1 Maximum: 32 |
IPProtocolServiceEntry (schema)
A ServiceEntry that represents an IP protocol
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| protocol_number | integer | Required Minimum: 0 Maximum: 255 |
|
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IPProtocolServiceEntry | string | Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPSecDigestAlgorithm (schema)
Digest Algorithms used in IPSec tunnel establishment
The IPSecDigestAlgorithms are used to verify message
integrity during IPSec VPN tunnel establishment.
SHA1 produces 160 bits hash and SHA2_XXX produces
XXX bit hash.
| Name | Description | Type | Notes |
|---|---|---|---|
| IPSecDigestAlgorithm | Digest Algorithms used in IPSec tunnel establishment The IPSecDigestAlgorithms are used to verify message integrity during IPSec VPN tunnel establishment. SHA1 produces 160 bits hash and SHA2_XXX produces XXX bit hash. |
string | Enum: SHA1, SHA2_256, SHA2_384, SHA2_512 |
IPSecEncryptionAlgorithm (schema)
Encryption algorithm used in IPSec tunnel
IPSecEncryptionAlgorithms are used to ensure confidentiality
of the messages exchanged during Tunnel negotiations. AES
stands for Advanced Encryption Standards. AES_128 uses 128-bit
keys whereas AES_256 uses 256-bit keys for encryption and
decryption. AES_128 and AES_256 use CBC mode of encryption.
AES_GCM stands for Advanced Encryption Standard(AES)
in Galois/Counter Mode (GCM) and is used to provide both
confidentiality and data origin authentication.
NO_ENCRYPTION_AUTH_AES_GMAC_* enables authentication on input
data without encyption. Digest algorithm should be empty for this
option.
| Name | Description | Type | Notes |
|---|---|---|---|
| IPSecEncryptionAlgorithm | Encryption algorithm used in IPSec tunnel IPSecEncryptionAlgorithms are used to ensure confidentiality of the messages exchanged during Tunnel negotiations. AES stands for Advanced Encryption Standards. AES_128 uses 128-bit keys whereas AES_256 uses 256-bit keys for encryption and decryption. AES_128 and AES_256 use CBC mode of encryption. AES_GCM stands for Advanced Encryption Standard(AES) in Galois/Counter Mode (GCM) and is used to provide both confidentiality and data origin authentication. NO_ENCRYPTION_AUTH_AES_GMAC_* enables authentication on input data without encyption. Digest algorithm should be empty for this option. |
string | Enum: AES_128, AES_256, AES_GCM_128, AES_GCM_192, AES_GCM_256, NO_ENCRYPTION_AUTH_AES_GMAC_128, NO_ENCRYPTION_AUTH_AES_GMAC_192, NO_ENCRYPTION_AUTH_AES_GMAC_256, NO_ENCRYPTION |
IPSecVpnDpdProfile (schema)
Dead peer detection (DPD) profile
Dead peer detection (DPD) is a method that allows detection of unreachable internet key excahnge (IKE) peers. Any changes affects all IPSec VPN sessions consuming this profile.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| dpd_probe_interval | DPD Probe Interval DPD probe interval defines an interval for DPD probes (in seconds). - When the DPD probe mode is periodic, this interval is the number of seconds between DPD messages. - When the DPD probe mode is on-demand, this interval is the number of seconds during which traffic is not received from the peer before DPD retry messages are sent if there is IPSec traffic to send. For PERIODIC Mode: Minimum: 3 Maximum: 360 Default: 60 For ON_DEMAND Mode: Minimum: 1 Maximum: 10 Default: 10 |
integer | |
| dpd_probe_mode | DPD Probe Mode DPD probe mode is used to query the liveliness of the peer. Two modes are possible: - PERIODIC: is used to query the liveliness of the peer at regular intervals (dpd_probe_interval). It does not take into consideration traffic coming from the peer. The benefit of this mode over the on-demand mode is earlier detection of dead peers. However, use of periodic DPD incurs extra overhead. When communicating to large numbers of peers, please consider using on-demand DPD instead. - ON_DEMAND: is used to query the liveliness of the peer by instructing the local endpoint to send DPD message to a peer if there is traffic to send to the peer AND the peer was idle for dpd_probe_interval seconds (i.e. there was no traffic from the peer for dpd_probe_interval seconds). |
string | Enum: PERIODIC, ON_DEMAND Default: "PERIODIC" |
| enabled | Enable dead peer detection (DPD) If true, enable dead peer detection. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IPSecVpnDpdProfile | string | |
| retry_count | Retry Count Maximum number of DPD messages' retry attempts. This value is applicable for both dpd probe modes, periodic and on-demand. |
integer | Minimum: 1 Maximum: 100 Default: "10" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPSecVpnIkeProfile (schema)
Internet key exchange (IKE) profile
IKE Profile is a reusable profile that captures IKE phase one negotiation parameters. Any changes affects all IPSec VPN sessions consuming this profile.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| dh_groups | DH group Diffie-Hellman group to be used if PFS is enabled. Default is GROUP14. |
array of DhGroup | |
| digest_algorithms | Algorithm for message hash Algorithm to be used for message digest during Internet Key Exchange(IKE) negotiation. A default value of SHA2_256 will be applied only when the supplied encryption algorithms contain either AES_128 or AES_256. |
array of IkeDigestAlgorithm | |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| encryption_algorithms | Encryption algorithm for IKE Encryption algorithm is used during Internet Key Exchange(IKE) negotiation. Default is AES_128. |
array of IkeEncryptionAlgorithm | |
| id | Unique identifier of this resource | string | Sortable |
| ike_version | IKE version IKE protocol version to be used. IKE-Flex will initiate IKE-V2 and responds to both IKE-V1 and IKE-V2. |
string | Enum: IKE_V1, IKE_V2, IKE_FLEX Default: "IKE_V2" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IPSecVpnIkeProfile | string | |
| sa_life_time | Security association (SA) life time Life time for security association. Default is 86400 seconds (1 day). |
integer | Minimum: 21600 Maximum: 31536000 Default: "86400" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPSecVpnLocalEndpoint (schema)
IPSec VPN Local Endpoint
Local endpoint represents a tier-0/tier-1 on which tunnel needs to be terminated. In federation, all the configuration done for the local endpoint on GM will be realized based on the scope attribute at the corresponding LM. Local endpoint without any scope will be realized on all sites. The scope attribute is applicable only on GM not on LM.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| certificate_path | Certificate path Policy path referencing site certificate. |
string | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| local_address | IPv4 or IPv6 Address of local endpoint IPv4 or IPv6 Address of local endpoint. Please note that configuring local_address as IPv6 address is not supported in the deprecated IPSecVpnLocalEndpoint Patch/PUT APIs. |
IPAddress | Required |
| local_id | Local identifier Local identifier. |
string | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IPSecVpnLocalEndpoint | string | |
| scope | scope identify the site to which LocalEndpoint configuration associated with. Applicable only in GM Scope attribute refers to the Policy path identifying the LocaleService of specific site where all the local end point configurations will be realized. In federation, all the configuration done for the local endpoint on GM will be realized based on the scope at the corresponding LM. Local endpoint without any scope will be realized on all sites. This attribute will not be applicable on LM. |
string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| trust_ca_paths | Certificate authority (CA) paths List of policy paths referencing certificate authority (CA) to verify peer certificates. |
array of string | |
| trust_crl_paths | Certificate revocation list (CRL) paths List of policy paths referencing certificate revocation list (CRL) to peer certificates. |
array of string | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPSecVpnRule (schema)
IPSec VPN Rule
For policy-based IPsec VPNs, a security policy specifies as its action the VPN tunnel to be used for transit traffic that meets the policy’s match criteria.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| action | Action to be applied PROTECT - Protect rules are defined per policy based IPSec VPN session. BYPASS - Bypass rules are defined per IPSec VPN service and affects all policy based IPSec VPN sessions. Bypass rules are prioritized over protect rules. |
string | Readonly Enum: PROTECT, BYPASS Default: "PROTECT" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| destinations | Destination list List of IPv4 or IPv6 peer subnets. Specifying no value is interpreted as 0.0.0.0/0, ::/0. The maximum number of IPv4 or IPv6 local subnets allowed is 128 Please note that configuring IPv6 peer subnets is not supported in the deprecated IPSecVpnSession Patch/PUT APIs. |
array of IPSecVpnSubnet | Maximum items: 256 |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | Enabled flag A flag to enable/disable the rule. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| logged | Logging flag A flag to enable/disable the logging for the rule. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IPSecVpnRule | string | |
| sequence_number | Sequence number of the IPSecVpnRule A sequence number is used to give a priority to an IPSecVpnRule. |
int | Minimum: 0 |
| sources | Source list List of IPv4 or IPv6 local subnets. Specifying no value is interpreted as 0.0.0.0/0, ::/0. The maximum number of IPv4 or IPv6 local subnets allowed is 128 Please note that configuring IPv6 local subnets is not supported in the deprecated IPSecVpnSession Patch/PUT APIs. |
array of IPSecVpnSubnet | Maximum items: 256 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPSecVpnService (schema)
IPSec VPN service
Create and manage IPSec VPN service under tier-0/tier-1.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| bypass_rules | Bypass Policy rules Bypass policy rules are configured using VPN service. Bypass rules always have higher priority over protect rules and they affect all policy based vpn sessions associated with the IPSec VPN service. Protect rules are defined per policy based vpn session. |
array of IPSecVpnRule | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | Enable virtual private network (VPN) service If true, enable VPN services under tier-0/tier-1. |
boolean | Default: "True" |
| ha_sync | Flag to enable IPSec HA State Sync Enable/disable IPSec HA state sync. IPSec HA state sync can be disabled if in case there are performance issues w.r.t. the state sync messages. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| ike_log_level | Internet key exchange (IKE) log level Log level for internet key exchange (IKE). |
string | Enum: DEBUG, INFO, WARN, ERROR, EMERGENCY Default: "INFO" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IPSecVpnService | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPSecVpnSession (schema)
IPSec VPN session
VPN session defines connection between local and peer endpoint. Until VPN session is defined configuration is not realized.
This is an abstract type. Concrete child types:
PolicyBasedIPSecVpnSession
RouteBasedIPSecVpnSession
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| authentication_mode | Authentication Mode Peer authentication mode. PSK - In this mode a secret key shared between local and peer sites is to be used for authentication. The secret key can be a string with a maximum length of 128 characters. CERTIFICATE - In this mode a certificate defined at the global level is to be used for authentication. |
string | Enum: PSK, CERTIFICATE Default: "PSK" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| compliance_suite | Compliance suite Compliance suite. |
string | Enum: CNSA, SUITE_B_GCM_128, SUITE_B_GCM_256, PRIME, FOUNDATION, FIPS, NONE |
| connection_initiation_mode | Connection initiation mode Connection initiation mode used by local endpoint to establish ike connection with peer site. INITIATOR - In this mode local endpoint initiates tunnel setup and will also respond to incoming tunnel setup requests from peer gateway. RESPOND_ONLY - In this mode, local endpoint shall only respond to incoming tunnel setup requests. It shall not initiate the tunnel setup. ON_DEMAND - In this mode local endpoint will initiate tunnel creation once first packet matching the policy rule is received and will also respond to incoming initiation request. |
string | Enum: INITIATOR, RESPOND_ONLY, ON_DEMAND Default: "INITIATOR" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| dpd_profile_path | Dead peer detection (DPD) profile path Policy path referencing Dead Peer Detection (DPD) profile. Default is set to system default profile. |
string | |
| enabled | Enable/Disable IPSec VPN session Enable/Disable IPSec VPN session. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| ike_profile_path | Internet key exchange (IKE) profile path Policy path referencing IKE profile to be used. Default is set according to system default profile. |
string | |
| local_endpoint_path | Local endpoint path Policy path referencing Local endpoint. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided. |
string | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| peer_address | IPV4 or IPV6 address of peer endpoint on remote site Public IPV4 or IPV6 address of the remote device terminating the VPN connection. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided. Please note that configuring peer_address as IPv6 address is not supported in the deprecated IPSecVpnSession Patch/PUT APIs. |
IPAddress | |
| peer_id | Peer id Peer ID to uniquely identify the peer site. The peer ID is the public IP address of the remote device terminating the VPN tunnel. When NAT is configured for the peer, enter the private IP address of the peer. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided. |
string | |
| psk | Pre-shared key IPSec Pre-shared key. Maximum length of this field is 128 characters. |
secure_string | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IPSecVpnSession | IPSecVpnSessionResourceType | Required |
| site_overrides | SiteOverride list A collection of site specific attributes specificed only on GM |
array of SiteOverride | Maximum items: 128 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_mss_clamping | TCP MSS Clamping TCP Maximum Segment Size Clamping Direction and Value. |
TcpMaximumSegmentSizeClamping | |
| tunnel_profile_path | IPSec tunnel profile path Policy path referencing Tunnel profile to be used. Default is set to system default profile. |
string | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPSecVpnSessionResourceType (schema)
Resource types of IPsec VPN session
A Policy Based VPN requires to define protect rules that match
local and peer subnets. IPSec security associations is
negotiated for each pair of local and peer subnet.
A Route Based VPN is more flexible, more powerful and recommended over
policy based VPN. IP Tunnel port is created and all traffic routed via
tunnel port is protected. Routes can be configured statically
or can be learned through BGP. A route based VPN is must for establishing
redundant VPN session to remote site.
| Name | Description | Type | Notes |
|---|---|---|---|
| IPSecVpnSessionResourceType | Resource types of IPsec VPN session A Policy Based VPN requires to define protect rules that match local and peer subnets. IPSec security associations is negotiated for each pair of local and peer subnet. A Route Based VPN is more flexible, more powerful and recommended over policy based VPN. IP Tunnel port is created and all traffic routed via tunnel port is protected. Routes can be configured statically or can be learned through BGP. A route based VPN is must for establishing redundant VPN session to remote site. |
string | Enum: PolicyBasedIPSecVpnSession, RouteBasedIPSecVpnSession |
IPSecVpnSubnet (schema)
Subnet for IPSec Policy based VPN
Used to specify the local/peer subnets in IPSec VPN rule.
| Name | Description | Type | Notes |
|---|---|---|---|
| subnet | IPv4/IPv6 Peer or local subnet Subnet used in policy rule. |
IPCIDRBlock | Required |
IPSecVpnTunnelInterface (schema)
IP tunnel interface configuration
IP tunnel interface configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ip_subnets | IP Tunnel interface subnet IP Tunnel interface (commonly referred as VTI) subnet. Supports assigning both IPv4 and IPV6 subnets to VTI. If two IPs are provided for VTI, both cannot be of same IP versions. Please note that configuring IPv6 subnets to VTI is not supported in the deprecated IPSecVpnSession Patch/PUT APIs. |
array of TunnelInterfaceIPSubnet | Required Minimum items: 1 Maximum items: 2 |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IPSecVpnTunnelInterface | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPSecVpnTunnelProfile (schema)
IPSec VPN tunnel profile
IPSec VPN tunnel profile is a reusable profile that captures phase two negotiation parameters and IPSec tunnel properties. Any changes affects all IPSec VPN sessions consuming this profile.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| df_policy | Policy for handling defragmentation bit Defragmentation policy helps to handle defragmentation bit present in the inner packet. COPY copies the defragmentation bit from the inner IP packet into the outer packet. CLEAR ignores the defragmentation bit present in the inner packet. |
string | Enum: COPY, CLEAR Default: "COPY" |
| dh_groups | Dh group Diffie-Hellman group to be used if PFS is enabled. Default is GROUP14. |
array of DhGroup | |
| digest_algorithms | Algorithm for message hash Algorithm to be used for message digest. Default digest algorithm is implicitly covered by default encryption algorithm "AES_GCM_128". |
array of IPSecDigestAlgorithm | |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enable_perfect_forward_secrecy | Enable perfect forward secrecy If true, perfect forward secrecy (PFS) is enabled. |
boolean | Default: "True" |
| encryption_algorithms | Encryption algorithm to use in IPSec tunnel establishement Encryption algorithm to encrypt/decrypt the messages exchanged between IPSec VPN initiator and responder during tunnel negotiation. Default is AES_GCM_128. |
array of IPSecEncryptionAlgorithm | |
| extended_attributes | Extended Attributes. Collection of type specific properties. As of now, to hold encapsulation mode and transform protocol. |
array of AttributeVal | Readonly |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IPSecVpnTunnelProfile | string | |
| sa_life_time | Security association (SA) life time SA life time specifies the expiry time of security association. Default is 3600 seconds. |
integer | Minimum: 900 Maximum: 31536000 Default: "3600" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IPSubnet (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_addresses | IP Addresses All IP addresses, some of which may be automatically configured. When updating this field, the payload may contain only the IP addresses that should be changed, or may contain the IP addresses to change as well as the automatically assigned addresses. Currently, only one updatable address and one system-maintained address are supported. Currently, the system-maintained address supported is Extended Unique Identifier(EUI)-64 address. EUI-64 address is generated by the system only when user configured ip-subnet has prefix length less than or equal to 64. |
array of IPAddress | Required Minimum items: 1 Maximum items: 2 |
| prefix_length | Subnet Prefix Length | integer | Required Minimum: 1 Maximum: 128 |
IPv4Address (schema)
IPv4 address
| Name | Description | Type | Notes |
|---|---|---|---|
| IPv4Address | IPv4 address | string | Format: ipv4 |
IPv4AddressProperties (schema)
IPv4 address properties
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_address | Interface IPv4 address | string | Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$" |
| netmask | Interface netmask | string | Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$" |
IPv4CIDRBlock (schema)
IPv4 CIDR Block
| Name | Description | Type | Notes |
|---|---|---|---|
| IPv4CIDRBlock | IPv4 CIDR Block | string | Format: ipv4-cidr-block |
IPv4DiscoveryOptions (schema)
IPv4 discovery options
Contains IPv4 related discovery options.
| Name | Description | Type | Notes |
|---|---|---|---|
| arp_snooping_config | ARP snooping configuration Indicates ARP snooping options |
ArpSnoopingConfig | |
| dhcp_snooping_enabled | Is DHCP snooping enabled or not Indicates whether DHCP snooping is enabled |
boolean | Default: "True" |
| vmtools_enabled | Is VM tools enabled or not Indicates whether fetching IP using vm-tools is enabled. This option is only supported on ESX where vm-tools is installed. |
boolean | Default: "True" |
IPv6Address (schema)
IPv6 address
| Name | Description | Type | Notes |
|---|---|---|---|
| IPv6Address | IPv6 address | string | Format: ipv6 |
IPv6AddressProperties (schema)
IPv6 address properties
| Name | Description | Type | Notes |
|---|---|---|---|
| ip6_address | Interface IPv6 address | string | Pattern: "^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$" |
| ip6_gateway | IPv6 Gateway | string | Pattern: "^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$" |
| prefixlen | Prefix length | integer |
IPv6CIDRBlock (schema)
IPv6 CIDR Block
| Name | Description | Type | Notes |
|---|---|---|---|
| IPv6CIDRBlock | IPv6 CIDR Block | string | Format: ipv6-cidr-block |
IPv6DADStatus (schema)
IPv6 DAD status
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_address | IP address IP address on the port for which DAD status is reported. |
IPAddress | Readonly |
| status | DAD Status DAD status for IP address on the port. |
DADStatus | Readonly |
| transport_node | Transport node Array of transport node id on which DAD status is reported for given IP address. |
array of ResourceReference | Readonly |
IPv6DiscoveryOptions (schema)
IPv6 discovery options
Contains IPv6 related discovery options.
| Name | Description | Type | Notes |
|---|---|---|---|
| dhcp_snooping_v6_enabled | Is DHCP snoping v6 enabled or not Enable this method will snoop the DHCPv6 message transaction which a VM makes with a DHCPv6 server. From the transaction, we learn the IPv6 addresses assigned by the DHCPv6 server to this VM along with its lease time. |
boolean | Default: "False" |
| nd_snooping_config | ND snooping configuration Indicates ND snooping options |
NdSnoopingConfig | |
| vmtools_v6_enabled | Enable this method will learn the IPv6 addresses which are
configured on interfaces of a VM with the help of the VMTools software. |
boolean | Default: "False" |
IPv6Status (schema)
IPv6 status
| Name | Description | Type | Notes |
|---|---|---|---|
| connected_segment_path | Connected segment path Path of the segment attached to the interface. |
string | Readonly |
| dad_statuses | IPv6 DAD status Array of DAD status which contains DAD information for IP addresses on the interface. |
array of IPv6DADStatus | Readonly |
| interface_id | Policy path or realization ID of interface Policy path or realization ID of interface for which IPv6 DAD status is returned. |
string | |
| tier0_gateway | Tier-0 Gateway Tier-0 Gateway this router Link belongs to. |
string | |
| tier1_gateway | Tier-1 Gateway Tier-1 Gateway this router Link belongs to. |
string |
IcmpEchoRequestHeader (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| id | ICMP id | integer | Minimum: 0 Maximum: 65535 Default: "0" |
| sequence | ICMP sequence number | integer | Minimum: 0 Maximum: 65535 Default: "0" |
Icon (schema)
Icon
Icon to be applied at dashboard for widgets and UI elements.
| Name | Description | Type | Notes |
|---|---|---|---|
| color | Icon color applied to icon in hex format Icon color applied to icon in hex format. |
string | |
| placement | Position at which to display icon, if any If specified as PRE, the icon appears before the UI element. If set as POST, the icon appears after the UI element. |
string | Enum: PRE, POST Default: "PRE" |
| size | Icon size in unit Icon size in unit applied to icon.A unit can be specified by the 'size_unit' property. |
number | Minimum: 1 |
| size_unit | Icon size unit in rem/px/pc Icon size unit applied to icon along with size. if 'size' property value is provided and no value is provided for this property then default value for this proerty is set to 'px'. |
string | Enum: px, rem, pc |
| tooltip | Multi-line tooltip Multi-line text to be shown on tooltip while hovering over the icon. |
array of Tooltip | |
| type | Type of icon Icon will be rendered based on its type. For example, if ERROR is chosen, then icon representing error will be rendered. or else custom svg icon name can be given. |
string |
IdentityFirewallAdStore (schema)
Active IdentityFirewallStore
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| base_distinguished_name | IdentityFirewallStore base distinguished name Each active directory domain has a domain naming context (NC), which contains domain-specific data. The root of this naming context is represented by a domain's distinguished name (DN) and is typically referred to as the NC head. |
string | Required |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| event_log_servers | Event Log server of IdentityFirewallStore IdentityFirewallStore Event Log server's information including host, name, protocol and so on. |
array of IdentityFirewallStoreEventLogServer | Readonly Maximum items: 50 |
| id | Unique identifier of this resource | string | Sortable |
| ldap_servers | LDAP server of IdentityFirewallStore IdentityFirewallStore LDAP servers' information including host, name, port, protocol and so on. |
array of IdentityFirewallStoreLdapServer | Required Maximum items: 50 |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| name | IdentityFirewallStore name IdentityFirewallStore name which best describes the Directory domain. It could be unique fqdn name or it could also be descriptive. There is no unique contraint for domain name among different domains. |
string | Required |
| netbios_name | IdentityFirewallStore NETBIOS name NetBIOS names can contain all alphanumeric characters except for the certain disallowed characters. Names can contain a period, but names cannot start with a period. NetBIOS is similar to DNS in that it can serve as a directory service, but more limited as it has no provisions for a name hierarchy and names are limited to 15 characters. The netbios name is case insensitive and is stored in upper case regardless of input case. |
string | Required |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdentityFirewallAdStore | string | Required Enum: IdentityFirewallAdStore |
| selective_sync_settings | SelectiveSync settings SelectiveSync settings toggle the SelectiveSync feature and selected OrgUnits. If this is not specified, SelectiveSync is disabled by default. |
SelectiveSyncSettings | |
| sync_settings | IdentityFirewallStore sync settings Each domain sync settings can be changed using this object. It is not required since there are default values used if there is no specification for this object. |
DirectoryDomainSyncSettings | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IdentityFirewallStore (schema)
IdentityFirewallStore
This is an abstract type. Concrete child types:
IdentityFirewallAdStore
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| event_log_servers | Event Log server of IdentityFirewallStore IdentityFirewallStore Event Log server's information including host, name, protocol and so on. |
array of IdentityFirewallStoreEventLogServer | Readonly Maximum items: 50 |
| id | Unique identifier of this resource | string | Sortable |
| ldap_servers | LDAP server of IdentityFirewallStore IdentityFirewallStore LDAP servers' information including host, name, port, protocol and so on. |
array of IdentityFirewallStoreLdapServer | Required Maximum items: 50 |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| name | IdentityFirewallStore name IdentityFirewallStore name which best describes the Directory domain. It could be unique fqdn name or it could also be descriptive. There is no unique contraint for domain name among different domains. |
string | Required |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdentityFirewallStore | string | Required Enum: IdentityFirewallAdStore |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IdentityFirewallStoreEventLogServer (schema)
Event log server of IdentityFirewallStore
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| domain_name | IdentityFirewallStore name IdentityFirewallStore name which best describes the IdentityFirewallStore. It could be unique fqdn name or it could also be descriptive. There is no unique contraint for IdentityFirewallStore name among different IdentityFirewallStores. |
string | |
| host | Event log server host name Directory Event Log server DNS host name or ip address which is reachable by NSX manager to be connected and do event fetching. |
string | Required Format: hostname-or-ip |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| password | Event log server password IdentityFirewallStore event log server connection password. |
secure_string | |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdentityFirewallStoreEventLogServer | string | |
| status | Event log server connection status Event log server connection status object |
DirectoryEventLogServerStatus | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| username | Event log server username Directory event log server connection user name. |
string |
IdentityFirewallStoreLdapServer (schema)
LDAP server of directory domain
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| domain_name | IdentityFirewallStore name IdentityFirewallStore name which best describes the domain. It could be unique fqdn name or it could also be descriptive. There is no unique contraint for IdentityFirewallStore name among different IdentityFirewallStores. |
string | |
| host | LDAP server host name IdentityFirewallStore LDAP server DNS host name or ip address which is reachable by NSX manager to be connected and do object synchronization. |
string | Required Format: hostname-or-ip |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| password | LDAP server password IdentityFirewallStore LDAP server connection password. |
secure_string | |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| port | LDAP server TCP/UDP port IdentityFirewallStore LDAP server connection TCP/UDP port. |
integer | Default: "389" |
| protocol | LDAP server protocol IdentityFirewallStore LDAP server connection protocol which is either LDAP or LDAPS. |
string | Enum: LDAP, LDAPS Default: "LDAP" |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdentityFirewallStoreLdapServer | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| thumbprint | LDAP server certificate thumbprint using SHA-256 algorithm IdentityFirewallStore LDAP server certificate thumbprint used in secure LDAPS connection. |
string | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| username | LDAP server username IdentityFirewallStore LDAP server connection user name. |
string |
IdentityGroupAssociationRequestParams (schema)
List request parameters containing Identity Group external ID and enforcement point path
List request parameters containing Identity Group external ID and enforcement point path
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| enforcement_point_path | String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F. |
string | |
| identity_group_external_id | Identity Group external ID | string | Required |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
IdentityGroupExpression (schema)
IdentityGroup expression node
Represents a list of identity group (Ad group SID) expressions.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| identity_groups | Array of identity group This array consists of set of identity group object. All members within this array are implicitly OR'ed together. |
array of IdentityGroupInfo | Required Minimum items: 1 Maximum items: 500 |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdentityGroupExpression | string | Required Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IdentityGroupInfo (schema)
Identity (Directory) group
| Name | Description | Type | Notes |
|---|---|---|---|
| distinguished_name | LDAP distinguished name Each LDAP object is uniquely identified by its distinguished name (DN). A DN is a sequence of relative distinguished names (RDN) connected by commas. e.g. CN=Larry Cole,CN=admin,DC=corp,DC=acme,DC=com. A valid fully qualified distinguished name should be provided to include specific groups else the create / update realization of the Group containing an invalid/ partial DN will fail. This value is valid only if it matches to exactly 1 LDAP object on the LDAP server. |
string | Required |
| domain_base_distinguished_name | Identity (Directory) domain base distinguished name This is the base distinguished name for the domain where this particular group resides. (e.g. dc=example,dc=com) Each active directory domain has a domain naming context (NC), which contains domain-specific data. The root of this naming context is represented by a domain's distinguished name (DN) and is typically referred to as the NC head. |
string | Required |
| sid | Identity (Directory) Group SID (security identifier) A security identifier (SID) is a unique value of variable length used to identify a trustee. A SID consists of the following components: The revision level of the SID structure; A 48-bit identifier authority value that identifies the authority that issued the SID; A variable number of subauthority or relative identifier (RID) values that uniquely identify the trustee relative to the authority that issued the SID. This field is only populated for Microsoft Active Directory identity store. |
string |
IdentitySourceLdapServer (schema)
An LDAP server
Information about a single LDAP server.
| Name | Description | Type | Notes |
|---|---|---|---|
| bind_identity | Username or DN for LDAP authentication A username used to authenticate to the directory when admnistering roles in NSX. This user should have privileges to search the LDAP directory for groups and users. This user is also used in some cases (OpenLDAP) to look up an NSX user's distinguished name based on their NSX login name. If omitted, NSX will authenticate to the LDAP server using an LDAP anonymous bind operation. For Active Directory, provide a userPrincipalName (e.g. [email protected]) or the full distinguished nane. For OpenLDAP, provide the distinguished name of the user (e.g. uid=admin, cn=airius, dc=com). |
string | |
| certificates | TLS certificate(s) for LDAP server(s) If using LDAPS or STARTTLS, provide the X.509 certificate of the LDAP server in PEM format. This property is not required when connecting without TLS encryption and is ignored in that case. |
array of string | |
| enabled | If true, this LDAP server is enabled Allows the LDAP server to be enabled or disabled. When disabled, this LDAP server will not be used to authenticate users. |
boolean | Default: "True" |
| password | Username for LDAP authentication A password used when authenticating to the directory. |
secure_string | |
| url | The URL for the LDAP server The URL for the LDAP server. Supported URL schemes are LDAP and LDAPS. Either a hostname or an IP address may be given, and the port number is optional and defaults to 389 for the LDAP scheme and 636 for the LDAPS scheme. |
string | Required |
| use_starttls | Enable/disable StartTLS If set to true, Use the StartTLS extended operation to upgrade the connection to TLS before sending any sensitive information. The LDAP server must support the StartTLS extended operation in order for this protocol to operate correctly. This option is ignored if the URL scheme is LDAPS. |
boolean | Default: "False" |
IdentitySourceLdapServerEndpoint (schema)
An LDAP server endpoint
Information about a single LDAP server endpoint.
| Name | Description | Type | Notes |
|---|---|---|---|
| url | The URL for the LDAP server The URL for the LDAP server. Supported URL schemes are LDAP and LDAPS. Either a hostname or an IP address may be given, and the port number is optional and defaults to 389 for the LDAP scheme and 636 for the LDAPS scheme. |
string | Required |
| use_starttls | Eanble/disable StartTLS If set to true, Use the StartTLS extended operation to upgrade the connection to TLS before sending any sensitive information. The LDAP server must support the StartTLS extended operation in order for this protocol to operate correctly. This option is ignored if the URL scheme is LDAPS. |
boolean | Default: "False" |
IdentitySourceLdapServerProbeResult (schema)
Results from one LDAP server probe
The results of probing an individual LDAP server.
| Name | Description | Type | Notes |
|---|---|---|---|
| errors | Error details Detail about errors encountered during the probe. |
array of LdapProbeError | |
| result | Overall result Overall result of the probe. If the probe was able to connect to the LDAP service, authenticate using the provided credentials, and perform searches of the configured user and group search bases without error, the result is SUCCESS. Otherwise, the result is FAILURE, and additional details may be found in the errors property. |
string | Enum: SUCCESS, FAILURE |
| url | LDAP Server URL THe URL of the probed LDAP host. |
string |
IdsClusterConfig (schema)
Intrusion Detection System cluster configuration
IDS configuration to enable/disable IDS on cluster level.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| cluster | PolicyResourceReference Contains policy resource reference object |
PolicyResourceReference | Required |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ids_enabled | Ids enabled flag If set to true, IDS is enabled on the respective cluster |
boolean | Required |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdsClusterConfig | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IdsGatewayPolicy (schema)
Contains ordered list of IDS Rules
Represents the Intrusion Detection System Gateway Policy, which contains
the list of IDS Rules.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| category | A way to classify a security policy, if needed. - Distributed Firewall - Policy framework provides five pre-defined categories for classifying a security policy. They are "Ethernet","Emergency", "Infrastructure" "Environment" and "Application". There is a pre-determined order in which the policy framework manages the priority of these security policies. Ethernet category is for supporting layer 2 firewall rules. The other four categories are applicable for layer 3 rules. Amongst them, the Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a security policy into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four categories. - Edge Firewall - Policy Framework for Edge Firewall provides six pre-defined categories "Emergency", "SystemRules", "SharedPreRules", "LocalGatewayRules", "AutoServiceRules" and "Default", in order of priority of rules. All categories are allowed for Gatetway Policies that belong to 'default' Domain. However, for user created domains, category is restricted to "SharedPreRules" or "LocalGatewayRules" only. Also, the users can add/modify/delete rules from only the "SharedPreRules" and "LocalGatewayRules" categories. If user doesn't specify the category then defaulted to "Rules". System generated category is used by NSX created rules, for example BFD rules. Autoplumbed category used by NSX verticals to autoplumb data path rules. Finally, "Default" category is the placeholder default rules with lowest in the order of priority. |
string | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| comments | SecurityPolicy lock/unlock comments Comments for security policy lock/unlock. |
string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| internal_sequence_number | Internal sequence number This field is to indicate the internal sequence number of a policy with respect to the policies across categories. |
int | Readonly |
| is_default | Default policy flag A flag to indicate whether policy is a default policy. |
boolean | Readonly |
| lock_modified_by | User who locked the security policy ID of the user who last modified the lock for the secruity policy. |
string | Readonly |
| lock_modified_time | SecuirtyPolicy locked/unlocked time SecurityPolicy locked/unlocked time in epoch milliseconds. |
EpochMsTimestamp | Readonly |
| locked | Lock a security policy Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy. Once the user releases the lock, other users can update this security policy. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdsGatewayPolicy | string | |
| rule_count | Rule count The count of rules in the policy. |
int | Readonly |
| rules | IDS Rules that are a part of this SecurityPolicy | array of IdsRule | |
| scheduler_path | Path to the scheduler for time based scheduling Provides a mechanism to apply the rules in this policy for a specified time duration. |
string | |
| scope | The list of group paths where the rules in this policy will get
applied. This scope will take precedence over rule level scope. Supported only for security and redirection policies. In case of RedirectionPolicy, it is expected only when the policy is NS and redirecting to service chain. |
array of string | Maximum items: 128 |
| sequence_number | Sequence number to resolve conflicts across Domains This field is used to resolve conflicts between security policies across domains. In order to change the sequence number of a policy one can fire a POST request on the policy entity with a query parameter action=revise The sequence number field will reflect the value of the computed sequence number upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several security policies, the only way to set the sequence number is to explicitly specify the sequence number for each security policy. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple policies with the same sequence number then their order is not deterministic. If a specific order of policies is desired, then one has to specify unique sequence numbers or use the POST request on the policy entity with a query parameter action=revise to let the framework assign a sequence number. The value of sequence number must be between 0 and 999,999. |
int | Minimum: 0 |
| stateful | Stateful nature of the entries within this security policy. Stateful or Stateless nature of security policy is enforced on all rules in this security policy. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Layer3 security policies can be stateful or stateless. By default, they are stateful. Layer2 security policies can only be stateless. |
boolean | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_strict | Enforce strict tcp handshake before allowing data packets Ensures that a 3 way TCP handshake is done before the data packets are sent. tcp_strict=true is supported only for stateful security policies. If the tcp_strict flag is not specified and the security policy is stateful, then tcp_strict will be set to true. |
boolean | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IdsGlobalEventConfig (schema)
Intrusion Detection System global event configuration
Represents IDS event publishing configuration for NSX-I and NDR.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ids_data_topic_name | kafka topic into which to publish IDS events. | string | Default: "ids_data" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| publish_ids_events | A flag to indicate if IDS events need to be sent to kafka When this flag is set to true, IDS events will be sent to kafka, for consumption by components such as NSX-I and NDR. |
boolean | Default: "False" |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdsGlobalEventConfig | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IdsPolicy (schema)
Contains ordered list of IDS Rules
Represents the Intrusion Detection System Policy, which contains
the list of IDS Rules.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| category | A way to classify a security policy, if needed. - Distributed Firewall - Policy framework provides five pre-defined categories for classifying a security policy. They are "Ethernet","Emergency", "Infrastructure" "Environment" and "Application". There is a pre-determined order in which the policy framework manages the priority of these security policies. Ethernet category is for supporting layer 2 firewall rules. The other four categories are applicable for layer 3 rules. Amongst them, the Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a security policy into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four categories. - Edge Firewall - Policy Framework for Edge Firewall provides six pre-defined categories "Emergency", "SystemRules", "SharedPreRules", "LocalGatewayRules", "AutoServiceRules" and "Default", in order of priority of rules. All categories are allowed for Gatetway Policies that belong to 'default' Domain. However, for user created domains, category is restricted to "SharedPreRules" or "LocalGatewayRules" only. Also, the users can add/modify/delete rules from only the "SharedPreRules" and "LocalGatewayRules" categories. If user doesn't specify the category then defaulted to "Rules". System generated category is used by NSX created rules, for example BFD rules. Autoplumbed category used by NSX verticals to autoplumb data path rules. Finally, "Default" category is the placeholder default rules with lowest in the order of priority. |
string | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| comments | SecurityPolicy lock/unlock comments Comments for security policy lock/unlock. |
string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| internal_sequence_number | Internal sequence number This field is to indicate the internal sequence number of a policy with respect to the policies across categories. |
int | Readonly |
| is_default | Default policy flag A flag to indicate whether policy is a default policy. |
boolean | Readonly |
| lock_modified_by | User who locked the security policy ID of the user who last modified the lock for the secruity policy. |
string | Readonly |
| lock_modified_time | SecuirtyPolicy locked/unlocked time SecurityPolicy locked/unlocked time in epoch milliseconds. |
EpochMsTimestamp | Readonly |
| locked | Lock a security policy Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy. Once the user releases the lock, other users can update this security policy. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdsPolicy | string | |
| rule_count | Rule count The count of rules in the policy. |
int | Readonly |
| rules | IDS Rules that are a part of this SecurityPolicy | array of IdsRule | |
| scheduler_path | Path to the scheduler for time based scheduling Provides a mechanism to apply the rules in this policy for a specified time duration. |
string | |
| scope | The list of group paths where the rules in this policy will get
applied. This scope will take precedence over rule level scope. Supported only for security and redirection policies. In case of RedirectionPolicy, it is expected only when the policy is NS and redirecting to service chain. |
array of string | Maximum items: 128 |
| sequence_number | Sequence number to resolve conflicts across Domains This field is used to resolve conflicts between security policies across domains. In order to change the sequence number of a policy one can fire a POST request on the policy entity with a query parameter action=revise The sequence number field will reflect the value of the computed sequence number upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several security policies, the only way to set the sequence number is to explicitly specify the sequence number for each security policy. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple policies with the same sequence number then their order is not deterministic. If a specific order of policies is desired, then one has to specify unique sequence numbers or use the POST request on the policy entity with a query parameter action=revise to let the framework assign a sequence number. The value of sequence number must be between 0 and 999,999. |
int | Minimum: 0 |
| stateful | Stateful nature of the entries within this security policy. Stateful or Stateless nature of security policy is enforced on all rules in this security policy. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Layer3 security policies can be stateful or stateless. By default, they are stateful. Layer2 security policies can only be stateless. |
boolean | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_strict | Enforce strict tcp handshake before allowing data packets Ensures that a 3 way TCP handshake is done before the data packets are sent. tcp_strict=true is supported only for stateful security policies. If the tcp_strict flag is not specified and the security policy is stateful, then tcp_strict will be set to true. |
boolean | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IdsProfile (schema)
Intrusion Detection System Profile
IDS Profile which contains the signatures and will be used in IDS rules.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| criteria | Filtering criteria of IDS Profile Represents the filtering criteria for the IDS Profile. 1. A non-empty criteria list, must be of odd size. In a list, with indices starting from 0, all IdsProfileFilterCriteria must be at even indices, separated by the IdsProfileConjunctionOperator AND at odd indices. 2. There may be at most 7 IdsProfileCriteria objects inside a list. |
array of IdsProfileCriteria (Abstract type: pass one of the following concrete types) IdsProfileConjunctionOperator IdsProfileFilterCriteria |
Maximum items: 7 |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| overridden_signatures | Represents the signatures that is overridden for the Profile Represents the signatures that has been overridden for this Profile. |
array of IdsProfileLocalSignature | |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| profile_severity | IDS Profile severity Represents the severities of signatures which are part of this profile. |
array of ProfileSeverity | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdsProfile | string | |
| severities | IDS Profile severity Represents the severities of signatures which are part of this profile. |
array of IdsProfileSeverity | Deprecated |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IdsProfileConjunctionOperator (schema)
Represents the operator AND
Represents the operator AND.
| Name | Description | Type | Notes |
|---|---|---|---|
| operator | IDS Profile Filter Condition | string | Required Enum: AND |
| resource_type | Must be set to the value IdsProfileConjunctionOperator | string | Required Enum: IdsProfileConjunctionOperator, IdsProfileFilterCriteria |
IdsProfileCriteria (schema)
Base class for IDS Profile criteria
All the filtering criteria objects extend from this abstract class.
This is present for extensibility.
This is an abstract type. Concrete child types:
IdsProfileConjunctionOperator
IdsProfileFilterCriteria
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_type | string | Required Enum: IdsProfileConjunctionOperator, IdsProfileFilterCriteria |
IdsProfileFilterCriteria (schema)
IDS Profile filter criteria
Represents the filtering criteria of a IDS Profile.
| Name | Description | Type | Notes |
|---|---|---|---|
| filter_name | Represents the filter name Represents the filter for IDS Profile. |
string | Required Enum: CVSS, ATTACK_TARGET, ATTACK_TYPE, PRODUCT_AFFECTED |
| filter_value | Represents the value of selected filter name Represents the value of selected filter name. Note : The supported values for filter name CVSS are NONE, LOW, MEDIUM, HIGH, CRITICAL. NONE means CVSS score as 0.0 LOW means CVSS score as 0.1-3.9 MEDIUM means CVSS score as 4.0-6.9 HIGH means CVSS score as 7.0-8.9 CRITICAL means CVSS score as 9.0-10.0 |
array of string | Required |
| resource_type | Must be set to the value IdsProfileFilterCriteria | string | Required Enum: IdsProfileConjunctionOperator, IdsProfileFilterCriteria |
IdsProfileLocalSignature (schema)
IDS Profile local signature
IDS Profile local signature.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| action | Global IDS signature's action It denotes the global action of a IDS Signature. This will take precedence over IDS signature's action. |
string | Enum: ALERT, DROP, REJECT |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enable | Flag to Enable/Disable a IDS Signature globally. Flag through which user can Enable/Disable a Signature at Global Level. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdsProfileLocalSignature | string | |
| signature_id | Signature ID Represents the Signature's id. |
string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IdsProfileSeverity (schema)
Intrusion Detection System Profile severity
Intrusion Detection System Profile severity.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ignore_signatures | Represents the signatures that will be ignored Contains the id of signatures that will be ignored as part of the profile. This field is deprecated, please use ignore_signatures field under IdsProfile to ignore the signatures. |
array of string | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdsProfileSeverity | string | |
| severity | Severity of profile Represents the severity of a profile. |
string | Required Enum: CRITICAL, HIGH, MEDIUM, LOW, SUSPICIOUS |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IdsRule (schema)
A rule specifies the IDS security policy rule between the workload groups
Represents the Intrusion Detection System rule which indicates the action to be performed for the corresponding workload groups.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| action | Action The action to be applied. |
string | Enum: DETECT, DETECT_PREVENT |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| destination_groups | Destination group paths We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| destinations_excluded | Negation of destination groups If set to true, the rule gets applied on all the groups that are NOT part of the destination groups. If false, the rule applies to the destination groups |
boolean | Default: "False" |
| direction | Direction Define direction of traffic. |
string | Enum: IN, OUT, IN_OUT Default: "IN_OUT" |
| disabled | Flag to disable the rule Flag to disable the rule. Default is enabled. |
boolean | Default: "False" |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ids_profiles | IDS profiles collections of IDS or Anti-Malware profiles. At Max 1 each Profile will be supported. |
array of string | Minimum items: 1 Maximum items: 2 |
| ip_protocol | IPv4 vs IPv6 packet type Type of IP packet that should be matched while enforcing the rule. The value is set to IPV4_IPV6 for Layer3 rule if not specified. For Layer2/Ether rule the value must be null. |
string | Enum: IPV4, IPV6, IPV4_IPV6 |
| is_default | Default rule flag A flag to indicate whether rule is a default rule. |
boolean | Readonly |
| logged | Enable logging flag Flag to enable packet logging. Default is disabled. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| notes | Text for additional notes on changes Text for additional notes on changes. |
string | Maximum length: 2048 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| oversubscription | Rule-level selection for oversubscription behavior Following are the choices for oversubscription configuration at the rule-level. INHERIT_GLOBAL: Inherit the behavior from the global settings BYPASSED: Oversubscribed packets would be bypassed from the IDPS Engine DROPPED: Oversubscribed packets would be dropped |
Oversubscription | Default: "INHERIT_GLOBAL" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| profiles | Layer 7 service profiles or TLS action profile Holds the list of layer 7 service profile paths. These profiles accept attributes and sub-attributes of various network services (e.g. L4 AppId, encryption algorithm, domain name, etc) as key value pairs. Instead of Layer 7 service profiles you can use a L7 access profile. One of either Layer 7 service profiles or L7 Access Profile can be used in firewall rule. In case of L7 access profile only one is allowed. |
array of string | Maximum items: 128 |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdsRule | string | |
| rule_id | Unique rule ID This is a unique 4 byte positive number that is assigned by the system. This rule id is passed all the way down to the data path. The first 1GB (1000 to 2^30) will be shared by GM and LM with zebra style striped number space. For E.g 1000 to (1Million -1) by LM, (1M - 2M-1) by GM and so on. |
integer | Readonly |
| scope | The list of policy paths where the rule is applied
LR/Edge/T0/T1/LRP etc. Note that a given rule can be applied on multiple LRs/LRPs. |
array of string | Maximum items: 128 |
| sequence_number | Sequence number of the this Rule This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple rules with the same sequence number then their order is not deterministic. If a specific order of rules is desired, then one has to specify unique sequence numbers or use the POST request on the rule entity with a query parameter action=revise to let the framework assign a sequence number |
int | Minimum: 0 |
| service_entries | Raw services In order to specify raw services this can be used, along with services which contains path to services. This can be empty or null. |
array of ServiceEntry (Abstract type: pass one of the following concrete types) ALGTypeServiceEntry EtherTypeServiceEntry ICMPTypeServiceEntry IGMPTypeServiceEntry IPProtocolServiceEntry L4PortSetServiceEntry NestedServiceServiceEntry |
Maximum items: 128 |
| services | Names of services In order to specify all services, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the services array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| source_groups | Source group paths We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| sources_excluded | Negation of source groups If set to true, the rule gets applied on all the groups that are NOT part of the source groups. If false, the rule applies to the source groups |
boolean | Default: "False" |
| tag | Tag applied on the rule User level field which will be printed in CLI and packet logs. Even though there is no limitation on length of a tag, internally tag will get truncated after 32 characters. |
string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IdsSecurityPolicy (schema)
Contains ordered list of IDS Rules
Represents the Intrusion Detection System Security Policy, which contains
the list of IDS Rules.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| category | A way to classify a security policy, if needed. - Distributed Firewall - Policy framework provides five pre-defined categories for classifying a security policy. They are "Ethernet","Emergency", "Infrastructure" "Environment" and "Application". There is a pre-determined order in which the policy framework manages the priority of these security policies. Ethernet category is for supporting layer 2 firewall rules. The other four categories are applicable for layer 3 rules. Amongst them, the Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a security policy into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four categories. - Edge Firewall - Policy Framework for Edge Firewall provides six pre-defined categories "Emergency", "SystemRules", "SharedPreRules", "LocalGatewayRules", "AutoServiceRules" and "Default", in order of priority of rules. All categories are allowed for Gatetway Policies that belong to 'default' Domain. However, for user created domains, category is restricted to "SharedPreRules" or "LocalGatewayRules" only. Also, the users can add/modify/delete rules from only the "SharedPreRules" and "LocalGatewayRules" categories. If user doesn't specify the category then defaulted to "Rules". System generated category is used by NSX created rules, for example BFD rules. Autoplumbed category used by NSX verticals to autoplumb data path rules. Finally, "Default" category is the placeholder default rules with lowest in the order of priority. |
string | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| comments | SecurityPolicy lock/unlock comments Comments for security policy lock/unlock. |
string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| internal_sequence_number | Internal sequence number This field is to indicate the internal sequence number of a policy with respect to the policies across categories. |
int | Readonly |
| is_default | Default policy flag A flag to indicate whether policy is a default policy. |
boolean | Readonly |
| lock_modified_by | User who locked the security policy ID of the user who last modified the lock for the secruity policy. |
string | Readonly |
| lock_modified_time | SecuirtyPolicy locked/unlocked time SecurityPolicy locked/unlocked time in epoch milliseconds. |
EpochMsTimestamp | Readonly |
| locked | Lock a security policy Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy. Once the user releases the lock, other users can update this security policy. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdsSecurityPolicy | string | |
| rule_count | Rule count The count of rules in the policy. |
int | Readonly |
| rules | IDS Rules that are a part of this SecurityPolicy | array of IdsRule | |
| scheduler_path | Path to the scheduler for time based scheduling Provides a mechanism to apply the rules in this policy for a specified time duration. |
string | |
| scope | The list of group paths where the rules in this policy will get
applied. This scope will take precedence over rule level scope. Supported only for security and redirection policies. In case of RedirectionPolicy, it is expected only when the policy is NS and redirecting to service chain. |
array of string | Maximum items: 128 |
| sequence_number | Sequence number to resolve conflicts across Domains This field is used to resolve conflicts between security policies across domains. In order to change the sequence number of a policy one can fire a POST request on the policy entity with a query parameter action=revise The sequence number field will reflect the value of the computed sequence number upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several security policies, the only way to set the sequence number is to explicitly specify the sequence number for each security policy. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple policies with the same sequence number then their order is not deterministic. If a specific order of policies is desired, then one has to specify unique sequence numbers or use the POST request on the policy entity with a query parameter action=revise to let the framework assign a sequence number. The value of sequence number must be between 0 and 999,999. |
int | Minimum: 0 |
| stateful | Stateful nature of the entries within this security policy. Stateful or Stateless nature of security policy is enforced on all rules in this security policy. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Layer3 security policies can be stateful or stateless. By default, they are stateful. Layer2 security policies can only be stateless. |
boolean | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_strict | Enforce strict tcp handshake before allowing data packets Ensures that a 3 way TCP handshake is done before the data packets are sent. tcp_strict=true is supported only for stateful security policies. If the tcp_strict flag is not specified and the security policy is stateful, then tcp_strict will be set to true. |
boolean | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IdsSettings (schema)
Intrusion Detection System settings
Represents the Intrusion Detection System settings.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| auto_update | Auto update signatures flag Parameter to let the user decide whether to update the IDS Signatures automatically or not. |
boolean | Default: "False" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ids_events_to_syslog | Flag to send IDS events to syslog server. Flag to send IDS events to syslog server. |
boolean | Default: "False" |
| ids_ever_enabled | Flag which tells whether IDS was ever enabled. Flag which tells whether IDS was ever enabled. |
boolean | Readonly |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| oversubscription | Global toggle for whether the IDS oversubscribed packets need to be bypassed or dropped Following are the choices for oversubscription configuration at the global level. BYPASSED: Oversubscribed packets would be bypassed from the IDPS Engine DROPPED: Oversubscribed packets would be dropped |
Oversubscription | Default: "BYPASSED" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdsSettings | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IdsSignature (schema)
Intrusion Detection System Signature
Intrusion Detection System Signature .
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| action | Represents the signature's action Signature action. |
string | |
| attack_target | Signature attack target Target of the signature. |
string | |
| categories | IDS Signature Internal category Represents the internal categories a signature belongs to. |
array of IdsSignatureInternalCategory | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| class_type | Signature class type Class type of Signature. |
string | |
| confidence | Confidence Signature's confidence score. |
string | |
| cves | Represents the cve score. CVE score |
array of string | |
| cvss | CVSS of signature Represents the cvss value of a Signature. The value is derived from cvssv3 or cvssv2 score. NONE means cvssv3/cvssv2 score as 0.0 LOW means cvssv3/cvssv2 score as 0.1-3.9 MEDIUM means cvssv3/cvssv2 score as 4.0-6.9 HIGH means cvssv3/cvssv2 score as 7.0-8.9 CRITICAL means cvssv3/cvssv2 score as 9.0-10.0 |
string | Enum: NONE, LOW, MEDIUM, HIGH, CRITICAL |
| cvss_score | Signature CVSS score Represents the cvss value of a Signature. The value is derived from cvssv3 or cvssv2 score. If cvssv3 exists, then this is the cvssv3 score, else it is the cvssv2 score. |
string | |
| cvssv2 | Signature cvssv2 score Signature cvssv2 score. |
string | |
| cvssv3 | Signature cvssv3 score Signature cvssv3 score. |
string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| direction | Direction Source-destination direction. |
string | |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enable | Enable/Disable flag Flag which tells whether the signature is enabled or not. |
boolean | |
| flow | Flow established. Flow established from server, from client etc. |
string | |
| id | Unique identifier of this resource | string | Sortable |
| impact | Impact Impact of Signature. |
string | |
| malware_family | Malware Family Family of the malware tracked in the signature. |
string | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| mitre_attack | MitreAttack Mitre Attack details of Signature. |
array of MitreAttack | |
| name | Represents the signature name Signature name. |
string | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| performance_impact | Performance impact Performance impact of the signature. |
string | |
| policy | Policy Signature policy. |
array of string | |
| product_affected | Signature product affected Product affected by this signature. |
string | |
| protocol | Protocol Protocol used in the packet analysis. |
string | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdsSignature | string | |
| risk_score | Risk Score Risk score of signature. |
string | |
| severity | Signature severity Represents the severity of the Signature. |
string | |
| signature | Signature Decoded Signature. |
string | |
| signature_id | Signature ID Represents the Signature's id. |
string | |
| signature_revision | Signature revision Represents revision of the Signature. |
string | |
| signature_severity | Signature severity Signature vendor set severity of the signature rule. |
string | |
| tag | Signature tag Vendor assigned classification tag. |
array of string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| type | Type Signature type. |
array of string | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| urls | List of mitre attack URLs pertaining to signature. List of mitre attack URLs pertaining to signature |
array of string |
IdsSignatureInternalCategory (schema)
IDS signature internal categories
Represents the internal categories.
APPLICATION : IDS signature having protocol comes under APPLICATION internal category.
MALWARE: IDS signature having malware_family comes under this internal category.
VULNERABILITY : IDS signature having cvssv3 score comes under this internal category.
| Name | Description | Type | Notes |
|---|---|---|---|
| IdsSignatureInternalCategory | IDS signature internal categories Represents the internal categories. APPLICATION : IDS signature having protocol comes under APPLICATION internal category. MALWARE: IDS signature having malware_family comes under this internal category. VULNERABILITY : IDS signature having cvssv3 score comes under this internal category. |
string | Enum: APPLICATION, MALWARE, VULNERABILITY |
IdsSignatureStatus (schema)
Intrusion Detection System signature status
Ids signature status.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| download_status | IDS signature download status READY means signatures were downloaded and parsed successfully. PENDING means that signatures download is in progress. ERROR means error occurred during signature processing. DISABLED means IDS is disabled. |
string | Readonly Enum: READY, PENDING, ERROR, DISABLED |
| failure_cause | Failure Cause If signature download fails then this will tell the failure cause. |
string | Readonly |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdsSignatureStatus | string | |
| signature_status | IDS signature status AVAILABLE means the signatures are available for the version. UNAVAILABLE means there are no available signatures for the version. |
string | Readonly Enum: AVAILABLE, UNAVAILABLE |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| version_id | Version Id Represents the version id. |
string | Readonly |
IdsSignatureVersion (schema)
Intrusion Detection System signature version
It represents the version information corresponding to which the
signatures will be available.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| change_log | Change log Represents the version's change log. |
string | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdsSignatureVersion | string | |
| sites | Represents the Sites mapped with the Signature Version. Contains the path of sites that has been mapped with the Signature Version. |
array of string | |
| state | State of the Version This flag tells which Version is currently active. ACTIVE: It means the signatures under this version is currently been used under IDS Profiles. NOTACTIVE: It means signatures of this version are available but not being used in IDS Profiles. |
string | Readonly Enum: ACTIVE, NOTACTIVE |
| status | Status of the Version This flag tells the status of the signatures under a version. OUTDATED: It means the signatures under this version are outdated and new version is available. LATEST: It means the signatures of this version are up to date. |
string | Readonly Enum: OUTDATED, LATEST |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| update_time | IDS Signature Version update time Time when this version was downloaded and saved. |
EpochMsTimestamp | Readonly |
| user_uploaded | User Uploaded Signature bundle flag Flag which tells whether the Signature version is uploaded by user or not. |
boolean | Readonly |
| version_id | Version Id Represents the version id. |
string | Readonly |
IdsStandaloneHostConfig (schema)
Intrusion Detection System configuration
IDS configuration to enable/disable IDS on standalone host level.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ids_enabled | IDS enabled flag If set to true, IDS is enabled on standalone hosts. |
boolean | Required |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IdsStandaloneHostConfig | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IkeDigestAlgorithm (schema)
Digest Algorithms used in IKE negotiations
The IkeDigestAlgorithms are used to verify message
integrity during Ike negotiation. SHA1 produces 160
bits hash and SHA2_XXX produces XXX bit hash.
| Name | Description | Type | Notes |
|---|---|---|---|
| IkeDigestAlgorithm | Digest Algorithms used in IKE negotiations The IkeDigestAlgorithms are used to verify message integrity during Ike negotiation. SHA1 produces 160 bits hash and SHA2_XXX produces XXX bit hash. |
string | Enum: SHA1, SHA2_256, SHA2_384, SHA2_512 |
IkeEncryptionAlgorithm (schema)
Encryption algorithms used in IKE
IKEEncryption algorithms are used to ensure confidentiality of
the messages exchanged during IKE negotiations. AES stands for
Advanced Encryption Standards. AES_128 uses 128-bit keys whereas
AES_256 uses 256-bit keys for encryption and decryption. AES_128
and AES_256 use CBC mode of encryption. AES_GCM stands for
Advanced Encryption Standard(AES) in Galois/Counter Mode(GCM) and
is used to provide both confidentiality and data origin
authentication. AES_GCM composed of two separate functions one
for encryption(AES) and one for authentication(GMAC).
AES_GCM algorithms will be available with IKE_V2 version only.
AES_GCM_128 uses 128-bit keys.
AES_GCM_192 uses 192-bit keys.
AES_GCM_256 uses 256-bit keys.
| Name | Description | Type | Notes |
|---|---|---|---|
| IkeEncryptionAlgorithm | Encryption algorithms used in IKE IKEEncryption algorithms are used to ensure confidentiality of the messages exchanged during IKE negotiations. AES stands for Advanced Encryption Standards. AES_128 uses 128-bit keys whereas AES_256 uses 256-bit keys for encryption and decryption. AES_128 and AES_256 use CBC mode of encryption. AES_GCM stands for Advanced Encryption Standard(AES) in Galois/Counter Mode(GCM) and is used to provide both confidentiality and data origin authentication. AES_GCM composed of two separate functions one for encryption(AES) and one for authentication(GMAC). AES_GCM algorithms will be available with IKE_V2 version only. AES_GCM_128 uses 128-bit keys. AES_GCM_192 uses 192-bit keys. AES_GCM_256 uses 256-bit keys. |
string | Enum: AES_128, AES_256, AES_GCM_128, AES_GCM_192, AES_GCM_256 |
ImportRequestParameter (schema)
Import task request parameters
This holds the request parameters required to invoke the import task.
| Name | Description | Type | Notes |
|---|---|---|---|
| draft_description | Description to be set on the draft Description to be set on the draft, which will hold the imported configuration. |
string | |
| draft_display_name | Display name to be set on the draft Display name to be set on the draft, which will hold the imported configuration. |
string | Required Minimum length: 1 |
| file | File to be imported The file having stored firewall configuration. Only zip file will be accepted. |
multipart_file | Required |
| passphrase | Passphrase to verify imported files Passphrase to verify imported files. Passphrase needs to be same as provided earlier to export operation which generated these imported files. The passphrase specified must be at least 8 characters in length and must contain at least one lowercase, one uppercase, one numeric character and one non-space special character. |
secure_string | Required |
ImportTask (schema)
Import task information
This object holds the information of the import task.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| async_response_available | True if response for asynchronous request is available | boolean | Readonly |
| cancelable | True if this task can be canceled | boolean | Readonly |
| description | Description of the task | string | Readonly |
| draft_path | Policy path of a draft Policy path of a draft in which the imported configuration gets stored after completion of import task. |
string | Readonly |
| end_time | The end time of the task in epoch milliseconds | EpochMsTimestamp | Readonly |
| failure_msg | Reason of the task failure This property holds the reason of the task failure, if any. |
string | Readonly |
| id | Identifier for this task | string | Readonly |
| message | A message describing the disposition of the task | string | Readonly |
| progress | Task progress if known, from 0 to 100 | integer | Readonly Minimum: 0 Maximum: 100 |
| request_method | HTTP request method | string | Readonly |
| request_uri | URI of the method invocation that spawned this task | string | Readonly |
| start_time | The start time of the task in epoch milliseconds | EpochMsTimestamp | Readonly |
| status | Current status of the task | TaskStatus | Readonly |
| user | Name of the user who created this task | string | Readonly |
IncludedFieldsParameters (schema)
A list of fields to include in query results
| Name | Description | Type | Notes |
|---|---|---|---|
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string |
Infra (schema)
Infra
Infra space related policy.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildALBAnalyticsProfile ChildALBApplicationPersistenceProfile ChildALBApplicationProfile ChildALBAuthProfile ChildALBAutoScaleLaunchConfig ChildALBDnsPolicy ChildALBErrorPageBody ChildALBErrorPageProfile ChildALBHTTPPolicySet ChildALBHardwareSecurityModuleGroup ChildALBHealthMonitor ChildALBIpAddrGroup ChildALBL4PolicySet ChildALBNetworkProfile ChildALBNetworkSecurityPolicy ChildALBPKIProfile ChildALBPool ChildALBPoolGroup ChildALBPoolGroupDeploymentPolicy ChildALBPriorityLabels ChildALBProtocolParser ChildALBSSLKeyAndCertificate ChildALBSSLProfile ChildALBSSOPolicy ChildALBSecurityPolicy ChildALBServerAutoScalePolicy ChildALBStringGroup ChildALBTrafficCloneProfile ChildALBVSDataScriptSet ChildALBVirtualService ChildALBVsVip ChildALBWafCRS ChildALBWafPolicy ChildALBWafPolicyPSMGroup ChildALBWafProfile ChildALBWebhook ChildBfdProfile ChildCaBundle ChildConstraint ChildDhcpRelayConfig ChildDhcpServerConfig ChildDnsSecurityProfile ChildDomain ChildEnforcementPoint ChildEvpnTenantConfig ChildFloodProtectionProfile ChildFullSyncState ChildGatewayQosProfile ChildGlobalManager ChildGlobalManagerConfig ChildIPDiscoveryProfile ChildIpv6DadProfile ChildIpv6NdraProfile ChildMacDiscoveryProfile ChildPolicyContextProfile ChildPolicyDnsForwarderZone ChildPolicyDraft ChildPolicyFirewallScheduler ChildPolicyFirewallSessionTimerProfile ChildPolicyLabel ChildPolicyLatencyStatProfile ChildPolicyTransportZoneProfile ChildQoSProfile ChildSegment ChildSegmentSecurityProfile ChildService ChildSite ChildSpan ChildSpoofGuardProfile ChildTier0 ChildTier1 ChildTlsCertificate ChildTlsCrl ChildTlsCsr ChildTraceflowConfig ChildVMTagReplicationPolicy |
|
| connectivity_strategy | Connectivity strategy used by this tenant The connectivity strategy is deprecated. Use default layer3 rule, /infra/domains/default/security-policies/default-layer3-security-policy/rules/default-layer3-rule. This field indicates the default connectivity policy for the infra or tenant space WHITELIST - Adds a default drop rule. Administrator can then use "allow" rules (aka whitelist) to allow traffic between groups BLACKLIST - Adds a default allow rule. Admin can then use "drop" rules (aka blacklist) to block traffic between groups WHITELIST_ENABLE_LOGGING - Whitelising with logging enabled BLACKLIST_ENABLE_LOGGING - Blacklisting with logging enabled NONE - No default rules are added. |
string | Deprecated Enum: WHITELIST, BLACKLIST, WHITELIST_ENABLE_LOGGING, BLACKLIST_ENABLE_LOGGING, NONE |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| domains | Domains for infra This field is used while creating or updating the infra space. |
array of Domain | |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value Infra | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
InfraSecurityConfig (schema)
NSX global configs for security purposes, like trust store and trust manager.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| ca_signed_only | A flag to indicate whether the server certs are only allowed to be ca-signed. When this flag is set to true (for NDcPP compliance) only ca-signed certificates will be allowed to be applied as server certificates. |
boolean | |
| crl_checking_enabled | A flag to indicate whether the Java trust-managers check certificate revocation When this flag is set to true, during certificate checking the CRL is fetched and checked whether the certificate is revoked or not. Setting this property to false results in lower security. It is not advisible to import certificate without CRL info while CRL checking is disabled, and then re-enable CRL checking. |
boolean | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| eku_checking_enabled | A flag to indicate whether the Extended Key Usage extension in the certificate is checked. When this flag is set to true, during certificate checking the Extended Key Usage extension is expected to be present, indicating whether the certificate is to be used a client certificate or server certificate. Setting this value to false is not recommended as it leads to lower security and operational risk. |
boolean | |
| id | Unique identifier of this resource | string | Sortable |
| resource_type | Must be set to the value InfraSecurityConfig | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
IngressBroadcastRateLimiter (schema)
A shaper that specifies ingress rate properties in kb/s
| Name | Description | Type | Notes |
|---|---|---|---|
| average_bandwidth | Average bandwidth in kb/s | int | Minimum: 0 Default: "0" |
| burst_size | Burst size in bytes | int | Minimum: 0 Default: "0" |
| enabled | boolean | Required | |
| peak_bandwidth | Peak bandwidth in kb/s | int | Minimum: 0 Default: "0" |
| resource_type | Must be set to the value IngressBroadcastRateLimiter | string | Required Enum: IngressRateLimiter, IngressBroadcastRateLimiter, EgressRateLimiter Default: "IngressRateLimiter" |
IngressRateLimiter (schema)
A shaper that specifies ingress rate properties in Mb/s
| Name | Description | Type | Notes |
|---|---|---|---|
| average_bandwidth | Average bandwidth in Mb/s You can use the average bandwidth to reduce network congestion. |
int | Minimum: 0 Default: "0" |
| burst_size | Burst size in bytes The burst duration is set in the burst size setting. |
int | Minimum: 0 Default: "0" |
| enabled | boolean | Required | |
| peak_bandwidth | Peak bandwidth in Mb/s The peak bandwidth rate is used to support burst traffic. |
int | Minimum: 0 Default: "0" |
| resource_type | Must be set to the value IngressRateLimiter | string | Required Enum: IngressRateLimiter, IngressBroadcastRateLimiter, EgressRateLimiter Default: "IngressRateLimiter" |
InitiateClusterRestoreRequest (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_address | IP address or FQDN of the node from which the backup was taken | string | Readonly Format: hostname-or-ip |
| node_id | Unique id of the backed-up configuration from which the appliance will be restored | string | Required Readonly |
| timestamp | Timestamp of the backed-up configuration from which the appliance will be restored | EpochMsTimestamp | Required Readonly |
Injection (schema)
Injection
Injection holding a key and a corresponding value.
| Name | Description | Type | Notes |
|---|---|---|---|
| key | Key Injection key. |
string | Required |
| value | Value Injection value. |
InjectionValue (Abstract type: pass one of the following concrete types) UnaryOperationBasedInjectionValue |
Required |
InjectionValue (schema)
Injection Value
Injection Value.
This is an abstract type. Concrete child types:
UnaryOperationBasedInjectionValue
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_type | Resource Type Injection Value resource type. |
string | Required Enum: UnaryOperationBasedInjectionValue |
InstallUpgradeServiceProperties (schema)
install-upgrade service properties
| Name | Description | Type | Notes |
|---|---|---|---|
| enabled | True if service enabled; otherwise, false | boolean | Required |
| enabled_on | IP of manager on which install-upgrade is enabled | string | Readonly |
InstructionInfo (schema)
Details of the instructions displayed during restore process
| Name | Description | Type | Notes |
|---|---|---|---|
| actions | Actions list A list of actions that are to be applied to resources |
array of string | Required Readonly |
| fields | Displayable fields A list of fields that are displayable to users in a table |
array of string | Required Readonly |
| id | UUID of the instruction | string | Required Readonly |
| name | Instruction name | string | Required Readonly |
IntegerArrayConstraintValue (schema)
Array of Integer Values to perform operation
List of values
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_type | Must be set to the value IntegerArrayConstraintValue | string | Required Enum: StringArrayConstraintValue, CidrArrayConstraintValue, IntegerArrayConstraintValue |
| values | Array of Integer Array of integer values |
array of int | Required Minimum items: 1 Maximum items: 100 |
IntentEnforcementPointListRequestParams (schema)
List request parameters containing intent path and enforcement point path
List request parameters containing intent path and enforcement point path
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| enforcement_point_path | String Path of the enforcement point The path of the enforcement point from which the list of groups needs to be fetched. Forward slashes must be escaped using %2F. If no enforcement point path is specified, the default enforcement point is considered |
string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| intent_path | String path of the intent object | string | Required |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
IntentPathRequestParameter (schema)
Parameter to filter realized entities by intent path
Intent path for which state/realized entities would be fetched.
| Name | Description | Type | Notes |
|---|---|---|---|
| intent_path | String Path of the intent object Intent path of object, forward slashes must be escaped using %2F |
string | Required |
| site_path | Policy Path of the site Policy Path referencing a site. This is applicable only on a GlobalManager. If no site_path is specified, then based on the span of the intent the response will be fetched from the respective sites |
string |
IntentRuntimeRequestParameters (schema)
Request Parameters for Intent Runtime Information
Request parameters that represents a an intent path.
| Name | Description | Type | Notes |
|---|---|---|---|
| intent_path | Policy Path of the intent object Policy Path referencing an intent object. |
string | Required |
| site_path | Policy Path of the site from where the realization status needs to be fetched Policy Path referencing a site. This is applicable only on a GlobalManager. If no site_path is specified, then based on the span of the intent the response will be fetched from the respective sites |
string |
IntentStatusRequestParameters (schema)
Request Parameters for Intent Status Information
Request parameters that represents a binding between an intent path and whether the
enforcement point specific status shall be retrieved from the enforcement point or
not. A request can be parameterized with this pair and will be evaluated as follows:
- <intent_path>: the request is evaluated on all enforcement points for the given
intent with no enforced statuses' details returned.
- <intent_path, include_enforced_status=true>: the request is evaluated on all
enforcement points for the given intent with enforced statuses' details returned.
| Name | Description | Type | Notes |
|---|---|---|---|
| include_enforced_status | Include Enforced Status Flag Flag conveying whether to include detailed view of the enforcement point specific status or not. |
boolean | Default: "False" |
| intent_path | Policy Path of the intent object Policy Path referencing an intent object. |
string | Required |
| site_path | Policy Path of the site from where the realization status needs to be fetched Policy Path referencing a site. This is applicable only on a GlobalManager. If no site_path is specified, then based on the span of the intent the response will be fetched from the respective sites |
string |
InterSitePortCounters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| blocked_packets | The number of blocked packets The total number of packets blocked. |
integer | |
| dad_dropped_packets | The number of duplicate address detected packets dropped Number of duplicate address detected packets dropped. |
integer | |
| destination_unsupported_dropped_packets | The number of destination unsupported packets dropped Number of packtes dropped as destination is not supported. |
integer | |
| dropped_packets | The number of dropped packets The total number of packets dropped. |
integer | |
| firewall_dropped_packets | The number of firewall packets dropped Number of firewall packets dropped. |
integer | |
| frag_needed_dropped_packets | The number of fragmentation needed packets dropped Number of fragmentation needed packets dropped. |
integer | |
| ipsec_dropped_packets | The number of IPSec packets dropped Number of IPSec packets dropped |
integer | |
| ipsec_no_sa_dropped_packets | The number of IPSec no security association packets dropped Number of IPSec no security association packets dropped. |
integer | |
| ipsec_no_vti_dropped_packets | The number of IPSec no VTI packets dropped Number of IPSec packets dropped as no VTI is present. |
integer | |
| ipsec_pol_block_dropped_packets | The number of IPSec policy block packets dropped Number of IPSec policy block packets dropped. |
integer | |
| ipsec_pol_err_dropped_packets | The number of IPSec policy error packets dropped Number of IPSec policy error packets dropped. |
integer | |
| ipv6_dropped_packets | The number of IPV6 packets dropped Number of IPV6 packets dropped. |
integer | |
| kni_dropped_packets | The number of kernal NIC interface packets dropped Number of DPDK kernal NIC interface packets dropped. |
integer | |
| l4port_unsupported_dropped_packets | The number of L4 port unsupported packets dropped Number of packets dropped due to unsupported L4 port. |
integer | |
| malformed_dropped_packets | The number of malformed packets dropped Number of packtes dropped as they are malformed. |
integer | |
| no_arp_dropped_packets | The number of no ARP packets dropped Number of no ARP packets dropped. |
integer | |
| no_linked_dropped_packets | The number of no linked packets dropped Number of packets dropped as no linked ports are present. |
integer | |
| no_mem_dropped_packets | The number of no memory packets dropped Number of packets dropped due to insufficient memory. |
integer | |
| no_receiver_dropped_packets | The number of no receiver packets dropped Number of packets dropped due to absence of receiver. |
integer | |
| no_route_dropped_packets | The number of no route packets dropped | integer | |
| non_ip_dropped_packets | The number of non IP packets dropped Number of non IP packets dropped. |
integer | |
| proto_unsupported_dropped_packets | The number of protocol unsupported packets dropped Number of packets dropped as protocol is unsupported. |
integer | |
| redirect_dropped_packets | The number of redirect packets dropped Number of redirect packets dropped. |
integer | |
| rpf_check_dropped_packets | The number of reverse-path forwarding check packets dropped Number of reverse-path forwarding check packets dropped. |
integer | |
| service_insert_dropped_packets | The number of service insert packets dropped Number of service insert packets dropped. |
integer | |
| total_bytes | The total number of bytes The total number of bytes transferred. |
integer | |
| total_packets | The total number of packets The total number of packets transferred. |
integer | |
| ttl_exceeded_dropped_packets | The number of time to live exceeded packets dropped Number of time to live exceeded packets dropped. |
integer |
InterVrfRouteAdvertisementTypes (schema)
Inter-vrf route advertisement types
Inter-vrf route advertisement types.
TIER0_STATIC: Redistribute user added static routes.
TIER0_CONNECTED: Redistribute TIER0 connected subnets.
TIER0_NAT: Redistribute NAT IPs owned by TIER0.
TIER0_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets.
TIER0_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint subnets advertised by TIER0.
TIER1_STATIC: Redistribute user added static routes.
TIER1_CONNECTED: Redistribute Tier1 connected subnets.
TIER1_NAT: Redistribute NAT IPs advertised by Tier-1 instances.
TIER1_LB_VIP: Redistribute LB VIP IPs advertised by Tier-1 instances.
TIER1_LB_SNAT: Redistribute LB SNAT IPs advertised by Tier-1 instances.
TIER1_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets on Tier-1 instances.
TIER1_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint subnets advertised by TIER1.
| Name | Description | Type | Notes |
|---|---|---|---|
| InterVrfRouteAdvertisementTypes | Inter-vrf route advertisement types Inter-vrf route advertisement types. TIER0_STATIC: Redistribute user added static routes. TIER0_CONNECTED: Redistribute TIER0 connected subnets. TIER0_NAT: Redistribute NAT IPs owned by TIER0. TIER0_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets. TIER0_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint subnets advertised by TIER0. TIER1_STATIC: Redistribute user added static routes. TIER1_CONNECTED: Redistribute Tier1 connected subnets. TIER1_NAT: Redistribute NAT IPs advertised by Tier-1 instances. TIER1_LB_VIP: Redistribute LB VIP IPs advertised by Tier-1 instances. TIER1_LB_SNAT: Redistribute LB SNAT IPs advertised by Tier-1 instances. TIER1_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets on Tier-1 instances. TIER1_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint subnets advertised by TIER1. |
string | Enum: TIER0_STATIC, TIER0_CONNECTED, TIER0_NAT, TIER0_DNS_FORWARDER_IP, TIER0_IPSEC_LOCAL_ENDPOINT, TIER1_STATIC, TIER1_CONNECTED, TIER1_LB_SNAT, TIER1_LB_VIP, TIER1_NAT, TIER1_DNS_FORWARDER_IP, TIER1_IPSEC_LOCAL_ENDPOINT |
InterfaceArpCsvRecord (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| ip | The IP address | IPAddress | Required |
| mac_address | The MAC address | string | Required |
InterfaceArpEntry (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| ip | The IP address | IPAddress | Required |
| mac_address | The MAC address | string | Required |
InterfaceArpProxy (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| arp_proxy_entries | Array of ARP proxy table entries | array of PolicyArpProxyEntry | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| interface_path | Policy path of gateway interface | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
InterfaceArpProxyCsvEntry (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| arp_proxy_ip | ARP proxy service addresses ARP proxy information for a service with ip. |
string | Readonly |
| interface_path | Policy path of gateway interface | string | Readonly |
| service_id | Service type id Identifier of connected service on port. |
string | Readonly |
InterfaceArpTable (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| edge_path | Policy path of edge node Policy path of edge node. |
string | |
| enforcement_point_path | Enforcement point path String Path of the enforcement point. |
string | |
| interface_path | The ID of the logical router port | string | Required |
| last_update_timestamp | Timestamp when the data was last updated; unset if data source has never updated the data. | EpochMsTimestamp | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | array of InterfaceArpEntry | ||
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
InterfaceArpTableInCsvFormat (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| file_name | File name File name set by HTTP server if API returns CSV result as a file. |
string | |
| last_update_timestamp | Timestamp when the data was last updated; unset if data source has never updated the data. | EpochMsTimestamp | Readonly |
| results | array of InterfaceArpCsvRecord |
InterfaceDADState (schema)
Interface DAD status
Duplicate address detection status on the interface.
| Name | Description | Type | Notes |
|---|---|---|---|
| dad_statuses | IPv6 DAD status Array of DAD status which contains DAD information for IP addresses on the interface. |
array of InterfaceIPv6DADStatus | Readonly |
| interface_path | Policy path or realization ID of interface Policy path or realization ID of interface for which IPv6 DAD status is returned. |
string | Readonly |
InterfaceIPv6DADStatus (schema)
IPv6 DAD status for Interface
Duplicate address detection status for IP address on the interface.
| Name | Description | Type | Notes |
|---|---|---|---|
| edge_paths | Edge node paths Array of edge nodes on which DAD status is reported for given IP address. |
array of string | Readonly |
| ip_address | IP address IP address on the port for which DAD status is reported. |
IPAddress | Readonly |
| status | DAD Status DAD status for IP address on the port. |
DADStatus | Readonly |
InterfaceSubnet (schema)
Subnet specification for interface connectivity
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_addresses | IP addresses assigned to interface | array of IPAddress | Required |
| prefix_len | Subnet prefix length | int | Required Minimum: 1 Maximum: 128 |
IntersiteGatewayConfig (schema)
Intersite gateway configuration
Intersite gateway configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| fallback_sites | Fallback sites Fallback site to be used as new primary site on current primary site failure. Disaster recovery must be initiated via API/UI. Fallback site configuration is supported only for T0 gateway. T1 gateway will follow T0 gateway's primary site during disaster recovery. |
array of string | |
| intersite_transit_subnet | Transit subnet in CIDR format IPv4 subnet for inter-site transit segment connecting service routers across sites for stretched gateway. For IPv6 link local subnet is auto configured. |
string | Default: "169.254.32.0/20" Format: ip-cidr-block |
| last_admin_active_epoch | Epoch of last time admin changing active LocaleServices Epoch(in seconds) is auto updated based on system current timestamp when primary locale service is updated. It is used for resolving conflict during site failover. If system clock not in sync then User can optionally override this. New value must be higher than the current value. |
integer | Maximum: 4294967295 |
| primary_site_path | Primary egress site for gateway. Primary egress site for gateway. T0/T1 gateway in Active/Standby mode supports stateful services on primary site. In this mode primary site must be set if gateway is stretched to more than one site. For T0 gateway in Active/Active primary site is optional field. If set then secondary site prefers routes learned from primary over locally learned routes. This field is not applicable for T1 gateway with no services. |
string |
IntervalBackupSchedule (schema)
Schedule to specify the interval time at which automated backups need to be taken
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_type | Must be set to the value IntervalBackupSchedule | string | Required Enum: WeeklyBackupSchedule, IntervalBackupSchedule |
| seconds_between_backups | Time interval in seconds between two consecutive automated backups | integer | Minimum: 300 Maximum: 86400 Default: "3600" |
InvalidCertificateAction (schema)
Action for invalid certificates
If presented invalid certificates take this action.
| Name | Description | Type | Notes |
|---|---|---|---|
| InvalidCertificateAction | Action for invalid certificates If presented invalid certificates take this action. |
string | Readonly Enum: BLOCK, ALLOW |
InvalidConfigSummary (schema)
Invalid Configuration Summary
Invalid Configuration details for a category.
| Name | Description | Type | Notes |
|---|---|---|---|
| category | Configuration Category Configuration category representing resources not supported for the federation site configuration onboarding. |
string | Required Readonly |
| resource_count | Resource Count Total resource count for category |
integer | Required Readonly |
| resource_summary_details | Resource Summary List Represents list of resource summaries for a configuration category which are not supported for the federation site configuration onboarding. |
array of ResourceSummaryDetail | Required Readonly Maximum items: 10 |
IpAddressAllocation (schema)
Parameters for IP allocation
Allocation parameters for the IP address (e.g. specific IP address) can be specified. Tags, display_name and description attributes are not supported in this release.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| allocation_ip | Address that is allocated from pool | IPAddress | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IpAddressAllocation | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IpAddressBlock (schema)
IP address space represented by network address and prefix
A block of IP addresses defined by a start address and a mask/prefix (network CIDR). An IP block is typically large & allocated to a tenant for automated consumption. An IP block is always a contiguous address space, for example 192.0.0.1/8. An IP block can be further subdivided into subnets called IP block subnets. These IP block subnets can be added to IP pools and used for IP allocation.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| available_allocation_size | Current available size of an IpAddressBlock This size indicates available allocation size of an IpAddressBlock. |
string | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| cidr | A contiguous IP address space represented by network address and prefix length Represents a network address and the prefix length which will be associated with a layer-2 broadcast domain. Support IPv4 and IPv6 CIDR. |
string | Required Format: ip-cidr-block |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ip_address_type | Type of IP address. This indicates the type of IP address. |
string | Readonly Enum: IPV4, IPV6 |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IpAddressBlock | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| visibility | Visibility of IpAddressBlock Represents visibility or scope of IpAddressBlock and expected consumption of IpAddressBlock with same scope. |
string | Enum: PRIVATE, PUBLIC |
IpAddressInfo (schema)
Ipaddress information of the fabric node.
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_addresses | IP Addresses of the the virtual network interface, as discovered in the source. | array of IPAddress | Required Readonly |
| source | Source of the ipaddress information. | string | Required Readonly Enum: VM_TOOLS |
IpAddressPool (schema)
A collection of IP subnets
IpAddressPool is a collection of subnets. The subnets can either be derived from an IpBlock or specified by the user. User can request for IP addresses to be allocated from a pool. When an IP is requested from a pool, the IP that is returned can come from any subnet that belongs to the pool.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| check_overlap_with_existing_pools | Whether to perform overlap check with existing IpAddressPools while realization. If an existing IpAddressPool is found that overlaps with the given IpAddressPool, then a validation error would be thrown while realization. It is false by default. |
boolean | Default: "False" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ip_release_delay | IP address release delay in milliseconds Delay in milliseconds, while releasing allocated IP address from IP pool (Default is 2 mins). |
integer | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| pool_usage | IpAddressPool usage statistics Shows Pool statistics like total IPs, allocated IPs, requested IP allocations and available IPs of an IpAddressPool. |
PolicyPoolUsage | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IpAddressPool | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| visibility | Visibility of IpAddressPool Represents visibility or scope of IpAddressPool and expected consumption of IpAddressPool with same scope. |
string | Enum: PRIVATE, PUBLIC |
IpAddressPoolBlockSubnet (schema)
IpAddressPoolSubnet dynamically carved out of a IpAddressBlock
This type of subnet allows user to dynamically carve a subnet out of a preconfigured IpAddressBlock. The user must specify the size of the subnet and the IpAddressBlock from which the subnet is to be derived. If the required amount of IP address space is available in the specified IpAddressBlock, the system automatically configures subnet range. IpAddressBlock available size is calculated based on the size of IpAddressPoolBlockSubnet intent object and not on realized. The user should delete failed IpAddressPoolBlockSubnet to utilize IpAddressBlock size correctly.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| allocation_range | Range used for allocation/release of IPs from subnet. Allocation range is used to limit subnet range to be used for allocations of IPs from subnet. This must be less than or equal to subnet size. Instead of taking whole subnet range for allocations, user can limit the range used for allocation of IPs. This is very useful in IPv6 case where big subnets needs to be carved out from IpAddressBlock but whole subnet range will not be needed for IP allocations. Eg: subnet range is (2002:2345::0001-2002:2345::7fff:ffff): subnet_start_ip: 2002:2345::0001-2002:2345 subnet_end_ip: 2002:2345::7fff:ffff User would like to use only 128 IPs for allocations. allocation_range: 128 allocation range used (2002:2345::0001-2002:2345::7fff:007f): allocation_range_start_ip: 2002:2345::0001-2002:2345 allocation_range_end_ip: 2002:2345::7fff:007f |
integer | Minimum: 1 Maximum: 1048576 |
| auto_assign_gateway | Indicate whether default gateway is to be reserved from the range If this property is set to true, the first IP in the range will be reserved for gateway. |
boolean | Default: "True" |
| broadcast_address | Broadcast Address Represents Broadcast address of the subnet in a PMaaS instance. |
string | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| gateway_address | Gateway Address Represents Gateway address of the subnet in a PMaaS instance. |
string | |
| id | Unique identifier of this resource | string | Sortable |
| ip_block_path | The path of the IpAddressBlock from which the subnet is to be created. | string | Required |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| network_address | Network Address Represents Network address of the subnet in a PMaaS instance. |
string | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IpAddressPoolBlockSubnet | IpAddressPoolSubnetType | Required |
| size | Represents the size or number of IP addresses in the subnet The size parameter is required for subnet creation. It must be specified during creation but cannot be changed later. Please use subnet_size instead as integer type cannot hold big values needs for IPv6. |
integer | Deprecated |
| start_ip | Represents start ip address of the subnet For internal system use Only. Represents start ip address of the subnet from IP block. Subnet ip adddress will start from this ip address. |
IPAddress | |
| subnet_size | Represents the size or number of IP addresses in the subnet The size parameter is required for subnet creation. It must be specified during creation but cannot be changed later. |
string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IpAddressPoolStaticSubnet (schema)
IpAddressPoolSubnet statically configured by a user
This type of subnet is statically configured by the user. The user provides the range details and the gateway for the subnet.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| allocation_ranges | A collection of IPv4 or IPv6 IP Pool Ranges. | array of IpPoolRange | Required |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| cidr | Subnet representation is a network address and prefix length | string | Required |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| dns_nameservers | The collection of upto 3 DNS servers for the subnet. | array of IPAddress | Maximum items: 3 |
| dns_suffix | The DNS suffix for the DNS server. | string | Format: hostname |
| gateway_ip | The default gateway address on a layer-3 router. | IPAddress | |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IpAddressPoolStaticSubnet | IpAddressPoolSubnetType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IpAddressPoolSubnet (schema)
Abstract class for IpSubnet in a IpAddressPool
IpAddressPoolSubnet can either be carved out of a PolicyBlock or statically specified by the user. In the first case where the subnet is carved out of a IpAddressBlock, the user must specify the ID of the block from which this subnet is to be derived. This block must be pre-created. The subnet range is auto populated by the system. In the second case, the user configures the subnet range directly. No IpAddressBlock is required.
This is an abstract type. Concrete child types:
IpAddressPoolBlockSubnet
IpAddressPoolStaticSubnet
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value IpAddressPoolSubnet | IpAddressPoolSubnetType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
IpAddressPoolSubnetType (schema)
Type of IpAddressPoolSubnet
IpAddressPoolSubnet can either be carved out of a PolicyBlock or statically specified. A subnet to be carved out of a IpAddressBlock is of type IpAddressPoolBlockSubnet A subnet statically specified by the user is of type IpAddressPoolStaticSubnet
| Name | Description | Type | Notes |
|---|---|---|---|
| IpAddressPoolSubnetType | Type of IpAddressPoolSubnet IpAddressPoolSubnet can either be carved out of a PolicyBlock or statically specified. A subnet to be carved out of a IpAddressBlock is of type IpAddressPoolBlockSubnet A subnet statically specified by the user is of type IpAddressPoolStaticSubnet |
string | Enum: IpAddressPoolBlockSubnet, IpAddressPoolStaticSubnet |
IpInfo (schema) (Deprecated)
Only support IP address or subnet. Its type can be of
IPv4 or IPv6. It will be converted to subnet when netmask
is specified(e.g., 192.168.1.3/24 => 192.168.1.0/24,
2008:12:12:12::2/64 => 2008:12:12:12::/64).
This type is deprecated. Please use the type NetworkInfo instead.
| Name | Description | Type | Notes |
|---|---|---|---|
| dst_ip | The destination IP address or subnet The destination IP can be an IP address or a subnet. |
IPElement | |
| src_ip | The source IP address or subnet The source IP can be an IP address or a subnet. |
IPElement |
IpPoolRange (schema)
A set of IPv4 or IPv6 addresses defined by a start and end address.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| end | The end IP Address of the IP Range. | IPAddress | Required |
| start | The start IP Address of the IP Range. | IPAddress | Required |
Ipv4Header (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| dst_ip | The destination ip address. | IPv4Address | |
| flags | IP flags | integer | Minimum: 0 Maximum: 8 Default: "0" |
| protocol | IP protocol - defaults to ICMP | integer | Minimum: 0 Maximum: 255 Default: "1" |
| src_ip | The source ip address. | IPv4Address | |
| src_subnet_prefix_len | source subnet prefix length. This is used together with src_ip to calculate dst_ip for broadcast when dst_ip is not given; not used in all other cases. |
integer | Minimum: 1 Maximum: 32 |
| ttl | Time to live (ttl) | integer | Minimum: 0 Maximum: 255 Default: "64" |
Ipv6DadProfile (schema)
Duplicate address detection profile.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| dad_mode | DAD Mode | DADMode | Default: "LOOSE" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| ns_retries | NS retries count Number of Neighbor solicitation packets generated before completing the Duplicate address detection process. |
integer | Minimum: 0 Maximum: 10 Default: "3" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value Ipv6DadProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| wait_time | Wait time The time duration in seconds, to wait for Neighbor advertisement after sending the Neighbor solicitation message. |
integer | Minimum: 0 Maximum: 60 Default: "1" |
Ipv6DadProfileListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paginated list of Ipv6DadProfile | array of Ipv6DadProfile | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
Ipv6Header (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| dst_ip | The destination ip address. | IPv6Address | |
| hop_limit | hop limit Decremented by 1 by each node that forwards the packets. The packet is discarded if Hop Limit is decremented to zero. |
integer | Minimum: 0 Maximum: 255 Default: "64" |
| next_header | Identifies the type of header immediately following the IPv6 header. | integer | Minimum: 0 Maximum: 255 Default: "58" |
| src_ip | The source ip address. | IPv6Address |
Ipv6NdraProfile (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| dns_config | DNS Configurations | RaDNSConfig | |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| ndra_advertised_route | Route advertised in NDRAProfile.
|
array of NDRAAdvertisedRoute | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| ra_config | RA Configuration | RAConfig | Required |
| ra_mode | RA Mode | RAMode | Required Default: "SLAAC_DNS_THROUGH_RA" |
| reachable_timer | Reachable timer Neighbour reachable time duration in milliseconds. A value of 0 means unspecified. |
integer | Minimum: 0 Maximum: 3600000 Default: "0" |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value Ipv6NdraProfile | string | |
| retransmit_interval | Retransmission interval The time, in milliseconds, between retransmitted neighbour solicitation messages. |
integer | Minimum: 0 Maximum: 4294967295 Default: "1000" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
Ipv6NdraProfileListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paginated list of Ipv6NdraProfile | array of Ipv6NdraProfile | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
IssuerSerialNumber (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| issuer | Issuer Distinguished Name (DN) Issuer Distinguished Name of the revoked certificates. |
string | |
| serial_numbers | Certificate Serial Numbers List of Certificate Serial Numbers issued by the specified issuers. |
array of string |
JoinClusterParameters (schema)
Parameters needed for this node to join the NSX cluster
To join a new node to the NSX cluster, issue a JoinCluster API on the new node. The JoinCluster API takes this object as a parameter. Provide the ID of the NSX cluster you want the new node to join and the IP address of one of the nodes already in that cluster. The Cluster Boot Manager running on the new node will then add the new node to the NSX cluster by making a AttachClusterNode REST API call on the node that is already part of the cluster. In order to make a REST API call to the node in the cluster, the Cluster Boot Manager will need username and password of a priviledged user on the node in the cluster. In place of a username and password, Cluster Boot Manager could also use a OAuth token provided. The Cluster Boot Manager needs either the username and password or the OAuth token to make the REST call but not both.
| Name | Description | Type | Notes |
|---|---|---|---|
| certficate_sha256_thumbprint | SHA256 Thumbprint of the API certificate of the cluster node | string | Deprecated |
| certificate_sha256_thumbprint | SHA256 Thumbprint of the API certificate of the cluster node | string | |
| cluster_id | UUID of the cluster to join | string | Required |
| ip_address | IP address of a node already part of the cluster to join | string | Required |
| password | Password of the user on the cluster node | string | |
| port | API port on the cluster node | integer | Minimum: 1 Maximum: 65535 Default: "443" |
| token | Limited time OAuth token instead of the username/password | string | |
| username | Username on the cluster node | string |
KeySize (schema)
Crypto key size
| Name | Description | Type | Notes |
|---|---|---|---|
| KeySize | Crypto key size | integer |
KeyStoreInfo (schema)
KeyStoreInfo
Key Store information about the url alias or datasource.
| Name | Description | Type | Notes |
|---|---|---|---|
| keystore | A location of the keystore file A location of the keystor file which stores private key and identity certificates that will be presented to both parties (server or client) for verification. |
string | |
| keystore_alias | An alias is used to uniquely identifies the entry in keystore Its an alias specified when an entity is added to the keystore. |
string | |
| keystore_phrase | A location of the key store pass phrase file. A location of the key store pass phrase file. |
string | |
| truststore | A location of the trust store file. A location of the trust store file which stores the certificate from CA that verify the certificate presented by the server in SSL connection. |
string |
KeyValue (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| key | Key name. | string | Required |
| value | Key value. | string | Required |
KeyValuePair (schema)
An arbitrary key-value pair
| Name | Description | Type | Notes |
|---|---|---|---|
| key | Key | string | Required Maximum length: 255 |
| value | Value | string | Required Maximum length: 255 |
KnownHostParameter (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| host | Known host hostname or IP address | HostnameOrIPv4Address | Required |
| port | Known host port | integer | Minimum: 1 Maximum: 65535 Default: "22" |
L2AutoRD (schema)
Layer 2 Auto assigned Route Distinguisher
| Name | Description | Type | Notes |
|---|---|---|---|
| l2_auto_rd | Layer 2 auto assigned route distinghusher | string | |
| l2_vni | Layer 2 Virtual Network Interface | string |
L2BridgeEndpointProfile (schema)
Layer 2 Bridge Endpoint Profile
Used to configure L2 Bridge endpoint profile
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| edge_paths | List of path of Edge nodes List of policy paths to edge nodes. Edge allocation for L2 bridging. |
array of string | Minimum items: 1 Maximum items: 2 |
| failover_mode | Failover mode for the edge bridge cluster | string | Enum: PREEMPTIVE, NON_PREEMPTIVE Default: "PREEMPTIVE" |
| ha_mode | High availability mode for the edge bridge cluster High avaialability mode can be active-active or active-standby. High availability mode cannot be modified after realization. |
string | Enum: ACTIVE_STANDBY Default: "ACTIVE_STANDBY" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value L2BridgeEndpointProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
L2BridgeEndpointProfileListRequestParameters (schema)
Layer 2 bridge endpoint list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
L2BridgeEndpointProfileListResult (schema)
Paged Collection of L2BridgeEndpointProfile
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | L2BridgeEndpointProfile list results | array of L2BridgeEndpointProfile | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
L2Extension (schema)
Segment specific L2 VPN configuration
| Name | Description | Type | Notes |
|---|---|---|---|
| l2vpn_path | Policy path of associated L2 VPN session This property has been deprecated. Please use the property l2vpn_paths for setting the paths of associated L2 VPN session. This property will continue to work as expected to provide backwards compatibility. However, when both l2vpn_path and l2vpn_paths properties are specified, only l2vpn_paths is used. |
string | Deprecated |
| l2vpn_paths | Policy paths of associated L2 VPN sessions Policy paths corresponding to the associated L2 VPN sessions |
array of string | |
| local_egress | Local Egress Local Egress. |
LocalEgress | |
| tunnel_id | Tunnel ID | int | Minimum: 1 Maximum: 4093 |
L2ForwarderRemoteMacsPerSite (schema) (Experimental)
| Name | Description | Type | Notes |
|---|---|---|---|
| remote_active_ips | Remote active IPs Remote active IP addresses. |
array of IPAddress | Readonly |
| remote_mac_addresses | Remote mac addresses Remote mac addresses. |
array of string | Readonly |
| remote_site | Remote site Remote site details. |
ResourceReference | Required Readonly |
| remote_standby_ips | Remote standby IPs Remote standby IP addresses. |
array of IPAddress | Readonly |
| rtep_group_id | RTEP group id of logical switch per site 32 bit unique RTEP group id of the logical switch per site. |
integer | Required Readonly |
L2ForwarderStatusPerNode (schema) (Experimental)
| Name | Description | Type | Notes |
|---|---|---|---|
| high_availability_status | Service router's HA status High Availability status of a service router on the edge node. |
string | Required Readonly Enum: ACTIVE, STANDBY, DOWN, SYNC, UNKNOWN |
| transport_node | Transport node Edge node details from where the router status is being retrieved. |
ResourceReference | Required Readonly |
L2L3RuntimeRequestParameters (schema)
L2 L3 connectivity runtime status request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| edge_path | Policy path of edge node Policy path of edge node. Edge should be member of enforcement point. |
string | |
| enforcement_point_path | String Path of the enforcement point Enforcement point path. |
string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
L2TcpMaxSegmentSizeClamping (schema)
TCP MSS Clamping
TCP MSS Clamping Direction and Value.
| Name | Description | Type | Notes |
|---|---|---|---|
| direction | Maximum Segment Size Clamping Direction Specifies the traffic direction for which to apply MSS Clamping. |
string | Enum: NONE, BOTH Default: "BOTH" |
| max_segment_size | Maximum Segment Size Value MSS defines the maximum amount of data that a host is willing to accept in a single TCP segment. This field is set in TCP header during connection establishment. To avoid packet fragmentation, you can set this field depending on uplink MTU and VPN overhead. This is an optional field and in case it is left unconfigured, best possible MSS value will be calculated based on effective mtu of uplink interface. Supported MSS range is 108 to 8852. |
integer | Minimum: 108 Maximum: 8860 |
L2VPNService (schema)
L2VPN Service
L2VPN Service defines if service running as server or client. It also
defines all the common properties for the multiple L2VPN Sessions
associated with this service.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enable_hub | Enable spoke to spoke (client) forwarding via hub (server) This property applies only in SERVER mode. If set to true, traffic from any client will be replicated to all other clients. If set to false, traffic received from clients is only replicated to the local VPN endpoint. |
boolean | Default: "False" |
| encap_ip_pool | IP Pool for Logical Taps IP Pool to allocate local and peer endpoint IPs for L2VpnSession logical tap. |
array of IPv4CIDRBlock | |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| mode | L2VPN Service Mode Specify an L2VPN service mode as SERVER or CLIENT. |
string | Enum: SERVER, CLIENT Default: "SERVER" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value L2VPNService | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
L2VPNSession (schema)
L2VPN Session
Defines the tunnel local and peer addresses along with multiple
tansport tunnels for redundancy. L2VPNSession belongs to only one
L2VPNService.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | Enable L2VPN session Enable to extend all the associated segments. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value L2VPNSession | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_mss_clamping | TCP MSS Clamping TCP Maximum Segment Size Clamping Direction and Value. This feature is supported for L2VPN Sessions that are Server mode only. |
L2TcpMaxSegmentSizeClamping | |
| transport_tunnels | List of transport tunnels List of transport tunnels for redundancy. |
array of string | Required Minimum items: 1 Maximum items: 1 |
| tunnel_encapsulation | Tunnel encapsulation config Tunnel encapsulation config. This property only applies in CLIENT mode. It is auto-populated from the L2VPNSessionData. |
L2VPNTunnelEncapsulation | Readonly |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
L2VPNTunnelEncapsulation (schema)
L2VPN Tunnel Encapsulation
L2VPN tunnel encapsulation config.
| Name | Description | Type | Notes |
|---|---|---|---|
| local_endpoint_address | IP Address of the tunnel port IP Address of the local tunnel port. This property only applies in CLIENT mode. |
IPv4Address | Readonly |
| peer_endpoint_address | IP Address of the peer tunnel port IP Address of the peer tunnel port. This property only applies in CLIENT mode. |
IPv4Address | Readonly |
| protocol | Encapsulation protocol Encapsulation protocol used by the tunnel. |
string | Readonly Enum: GRE Default: "GRE" |
L2Vpn (schema) (Deprecated)
L2 Virtual Private Network Configuration
Contains information necessary to configure L2Vpn.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | Enable L2Vpn Enable to extend all the associated segments. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value L2Vpn | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| transport_tunnels | List of paths referencing transport tunnels List of paths referencing transport tunnels. |
array of string | Required Minimum items: 1 Maximum items: 1 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
L2VpnContext (schema) (Deprecated)
L2Vpn Context
L2Vpn Context provides meta-data information about the parent Tier-0.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enable_hub | Enable to act as hub If enabled, the tier-0 acts as a Hub and replicates traffic received from peer to all other peers. If disabled, the tier-0 acts as a Spoke and replicates only the local. |
boolean | Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value L2VpnContext | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
L3Vpn (schema) (Deprecated)
L3 Virtual Private Network Configuration
Contains information necessary to configure IPSec VPN.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| dh_groups | DH group Diffie-Hellman group to be used if PFS is enabled. Default group is GROUP14. |
array of PolicyDHGroup | Maximum items: 1 |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enable_perfect_forward_secrecy | Enable perfect forward secrecy If true, perfect forward secrecy (PFS) is enabled. |
boolean | Default: "True" |
| enabled | Enable L3Vpn Flag to enable L3Vpn. Default is enabled. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| ike_digest_algorithms | Digest Algorithm for IKE Algorithm to be used for message digest during Internet Key Exchange(IKE) negotiation. Default is SHA2_256. |
array of PolicyIKEDigestAlgorithm | Maximum items: 1 |
| ike_encryption_algorithms | Encryption algorithm for IKE Algorithm to be used during Internet Key Exchange(IKE) negotiation. Default is AES_128. |
array of PolicyIKEEncryptionAlgorithm | Maximum items: 1 |
| ike_version | IKE version IKE protocol version to be used. IKE-Flex will initiate IKE-V2 and responds to both IKE-V1 and IKE-V2. |
PolicyIKEVersion | Default: "IKE_V2" |
| l3vpn_session | L3Vpn Session | L3VpnSession (Abstract type: pass one of the following concrete types) PolicyBasedL3VpnSession RouteBasedL3VpnSession |
Required |
| local_address | IPv4 address of local gateway | IPv4Address | Required |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| passphrases | List of IPSec pre-shared keys List of IPSec pre-shared keys used for IPSec authentication. If not specified, the older passphrase values are retained if there are any. |
array of secure_string | Maximum items: 1 |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| remote_private_address | Identifier of the remote site This field is used to resolve conflicts in case of a remote site being behind NAT as remote public ip address is not enough. If it is not the case the remote public address should be provided here. If not provided, the value of this field is set to remote_public_address. |
string | |
| remote_public_address | Public IPv4 address of remote gateway | IPv4Address | Required |
| resource_type | Must be set to the value L3Vpn | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tunnel_digest_algorithms | Digest Algorithm for Tunnel Establishment Algorithm to be used for message digest during tunnel establishment. Default algorithm is empty. |
array of PolicyTunnelDigestAlgorithm | Maximum items: 1 |
| tunnel_encryption_algorithms | Encryption algorithm for Tunnel Establishement Encryption algorithm to encrypt/decrypt the messages exchanged between IPSec VPN initiator and responder during tunnel negotiation. Default is AES_GCM_128. |
array of PolicyTunnelEncryptionAlgorithm | Maximum items: 1 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
L3VpnContext (schema) (Deprecated)
L3Vpn Context
L3Vpn Context provides the configuration context that different L3Vpns can consume.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| available_local_addresses | IPv4 addresses of the local gateway Local gateway IPv4 addresses available for configuration of each L3Vpn. |
array of PolicyIPAddressInfo | |
| bypass_rules | List of Bypass L3VpnRules Bypass L3Vpn rules that will be shared across L3Vpns. Only Bypass action is supported on these L3Vpn rules. |
array of L3VpnRule | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | Enable L3 Virtual Private Network (VPN) service If true, enable L3Vpn Service for given tier-0. Enabling/disabling this service affects all L3Vpns under the given tier-0. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| ike_log_level | Internet key exchange (IKE) log level Log level for internet key exchange (IKE). |
string | Enum: DEBUG, INFO, WARN, ERROR, EMERGENCY Default: "INFO" |
| label | Policy path referencing Label Policy path referencing Label. A label is used as a mechanism to group route-based L3Vpns in order to apply edge firewall rules on members' VTIs. |
string | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value L3VpnContext | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
L3VpnRule (schema) (Deprecated)
L3Vpn Rule
For policy-based L3Vpn sessions, a rule specifies as its action the vpn tunnel to be used
for transit traffic that meets the rule's match criteria.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| action | Action to apply to the traffic transiting through the L3Vpn Action to exchange data with or without protection. PROTECT - Allows to exchange data with ipsec protection. Protect rules are defined per L3Vpn. BYPASS - Allows to exchange data without ipsec protection. Bypass rules are defined per L3VpnContext and affects all policy based L3Vpns. Bypass rules are prioritized over protect rules. |
string | Enum: PROTECT, BYPASS Default: "PROTECT" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| destinations | List of remote subnets List of remote subnets used in policy-based L3Vpn. |
array of L3VpnSubnet | Required Minimum items: 1 Maximum items: 128 |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value L3VpnRule | string | |
| sequence_number | Sequence number of the L3VpnRule This field is used to resolve conflicts between multiple L3VpnRules associated with a single L3Vpn or L3VpnContext. |
int | |
| sources | List of local subnets List of local subnets used in policy-based L3Vpn. |
array of L3VpnSubnet | Required Minimum items: 1 Maximum items: 128 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
L3VpnSession (schema) (Deprecated)
L3Vpn Session
Contains information about L3Vpn session.
This is an abstract type. Concrete child types:
PolicyBasedL3VpnSession
RouteBasedL3VpnSession
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_type | L3VpnSessionResourceType | Required |
L3VpnSessionResourceType (schema) (Deprecated)
Resource type of L3Vpn Session
- A Policy Based L3Vpn is a configuration in which protect rules to match local
and remote subnet needs to be defined. Tunnel is established for each pair of
local and remote subnet defined in protect rules.
- A Route Based L3Vpn is more flexible, more powerful and recommended over policy
based. IP Tunnel subnet is created and all traffic routed through tunnel subnet
(commonly known as VTI) is sent over tunnel. Routes can be learned through BGP.
A route based L3Vpn is required when using redundant L3Vpn.
| Name | Description | Type | Notes |
|---|---|---|---|
| L3VpnSessionResourceType | Resource type of L3Vpn Session - A Policy Based L3Vpn is a configuration in which protect rules to match local and remote subnet needs to be defined. Tunnel is established for each pair of local and remote subnet defined in protect rules. - A Route Based L3Vpn is more flexible, more powerful and recommended over policy based. IP Tunnel subnet is created and all traffic routed through tunnel subnet (commonly known as VTI) is sent over tunnel. Routes can be learned through BGP. A route based L3Vpn is required when using redundant L3Vpn. |
string | Deprecated Enum: PolicyBasedL3VpnSession, RouteBasedL3VpnSession |
L3VpnSubnet (schema) (Deprecated)
Subnet used in L3Vpn Rule
Used to specify subnets in L3Vpn rule.
| Name | Description | Type | Notes |
|---|---|---|---|
| subnet | Subnet Subnet used in L3Vpn Rule. |
IPv4CIDRBlock | Required |
L4PortSetServiceEntry (schema)
An ServiceEntry that represents TCP or UDP protocol
L4PortSet can be specified in comma separated notation of parts. Parts of a
L4PortSet includes single integer or range of port in hyphen notation.
Example of a PortSet: "22, 33-70, 44".
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| destination_ports | Number of values should not exceed 15, ranges count as 2 values.
|
array of PortElement | Maximum items: 15 |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| l4_protocol | string | Required Enum: TCP, UDP |
|
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value L4PortSetServiceEntry | string | Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry |
| source_ports | Number of values should not exceed 15, ranges count as 2 values.
|
array of PortElement | Maximum items: 15 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
L7AccessAttributes (schema)
Policy Attributes data holder
Supported Attribute Keys are APP_ID, URL_CATEGORY, URL_REPUTATION, CUSTOM_URL
| Name | Description | Type | Notes |
|---|---|---|---|
| attribute_source | Source of attribute value i.e whether system defined or custom value | string | Enum: SYSTEM, CUSTOM Default: "SYSTEM" |
| custom_url_partial_match | true value would be treated as a partial match for custom url True value for this flag will be treated as a partial match for custom url |
boolean | Default: "True" |
| datatype | Datatype for attribute | string | Required Enum: STRING |
| description | Description for attribute value | string | |
| isALGType | Is the value ALG type Describes whether the APP_ID value is ALG type or not. |
boolean | |
| key | Key for attribute URL_Reputation is currently not available. Please do not use it in Attribute Key while creating context profile |
string | Required Enum: APP_ID, DOMAIN_NAME, URL_CATEGORY, URL_REPUTATION, CUSTOM_URL |
| metadata | Provide additional meta information about key/values This is optional part that can hold additional data about the attribute key/values. Example - For URL CATEGORY key , it specified super category for url category value. This is generic array and can hold multiple meta information about key/values in future |
array of ContextProfileAttributesMetadata | |
| sub_attributes | Reference to sub attributes for the attribute | array of PolicySubAttributes | |
| value | Value for attribute key Multiple attribute values can be specified as elements of array. |
array of string | Required Minimum items: 1 |
L7AccessEntry (schema)
Policy L7 Access entry
An entity that encapsulates attributes like APP_ID, CUSTOM_URL, URL_CATEGORY, URL_REPUTATION.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| action | L7AccessEntryAction | Required | |
| attributes | Array of Policy L7 Access Profile attributes Property containing attributes/sub-attributes for Policy L7 Access Profile. |
array of L7AccessAttributes | Required Maximum items: 1 |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| disabled | Flag to disable the entry Flag to disable the entry. Default is enabled. |
boolean | Default: "False" |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| logged | Enable logging flag Flag to enable packet logging. Default is disabled. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value L7AccessEntry | string | |
| sequence_number | Policy L7 Access Entry Order Determines the order of the entry in this profile. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple rules with the same sequence number then their order is not deterministic. |
int | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
L7AccessEntryAction (schema)
L7 acces profile entry action
The action to be applied to all the services.
| Name | Description | Type | Notes |
|---|---|---|---|
| L7AccessEntryAction | L7 acces profile entry action The action to be applied to all the services. |
string | Required Enum: ALLOW, REJECT, REJECT_WITH_RESPONSE |
L7AccessProfile (schema)
Policy L7 Acces profile
An entity that encapsulates multiple L7 access profile entries.
The entity wil be consumed in firewall rules and can be added in new tuple called profile in
firewall rules. One of either Context Profile or L7 Access Profile can be used in firewall rule.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| default_action | L7AccessEntryAction | Required | |
| default_action_logged | Enable default logging flag Flag to enable packet logging. Default is disabled. |
boolean | Default: "False" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| entry_count | Entry count The count of entries in the L7 profile. |
int | Readonly |
| id | Unique identifier of this resource | string | Sortable |
| l7_access_entries | Array of Policy L7 Access Profile entries Property containing L7 access entries for Policy L7 Access Profile. |
array of L7AccessEntry | Maximum items: 1000 |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value L7AccessProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBAccessListControl (schema)
IP access list control to filter the connections from clients
LBAccessListControl is used to define how IP access list control can filter
the connections from clients.
| Name | Description | Type | Notes |
|---|---|---|---|
| action | IP access list control action ALLOW means connections matching grouping object IP list are allowed and requests not matching grouping object IP list are dropped. DROP means connections matching grouping object IP list are dropped and requests not matching grouping object IP list are allowed. |
string | Required Enum: ALLOW, DROP |
| enabled | Whether to enable access list control option The enabled flag indicates whether to enable access list control option. It is false by default. |
boolean | Default: "False" |
| group_path | Grouping object path The path of grouping object which defines the IP addresses or ranges to match the client IP. |
string | Required |
LBActiveMonitor (schema) (Deprecated)
Base class for each type of active LBMonitorProfile
All the active types of LBMonitorProfile extend from this abstract class.
This is present for extensibility.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| fall_count | Monitor fall count for active healthchecks Only if a healthcheck fails consecutively for a specified number of times, given with fall_count, to a member will the member status be marked DOWN. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| id | Unique identifier of this resource | string | Sortable |
| interval | Monitor interval in seconds for active healthchecks Active healthchecks are initiated periodically, at a configurable interval (in seconds), to each member of the Group. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| monitor_port | Monitor port for active healthchecks Typically, monitors perform healthchecks to Group members using the member IP address and pool_port. However, in some cases, customers prefer to run healthchecks against a different port than the pool member port which handles actual application traffic. In such cases, the port to run healthchecks against can be specified in the monitor_port value. For ICMP monitor, monitor_port is not required. |
int | Minimum: 0 Maximum: 65535 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBActiveMonitor | LBMonitorProfileType | Required |
| rise_count | Monitor rise count for active healthchecks Once a member is DOWN, a specified number of consecutive successful healthchecks specified by rise_count will bring the member back to UP state. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | Monitor timeout in seconds for active healthchecks Timeout specified in seconds. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBAppProfile (schema)
App profile
App profile.
This is an abstract type. Concrete child types:
LBFastTcpProfile
LBFastUdpProfile
LBHttpProfile
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBAppProfile | LBApplicationProfileType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBApplicationProfileType (schema)
Application profile type
An application profile can be bound to a virtual server
to specify the application protocol characteristics. It is used to
influence how load balancing is performed. Currently, three types of
application profiles are supported: LBFastTCPProfile,
LBFastUDPProfile and LBHttpProfile.
LBFastTCPProfile or LBFastUDPProfile is typically
used when the application is using a custom protocol or a standard protocol
not supported by the load balancer. It is also used in cases where the user
only wants L4 load balancing mainly because L4 load balancing has much
higher performance and scalability, and/or supports connection mirroring.
LBHttpProfile is used for both HTTP and HTTPS applications.
Though application rules, if bound to the virtual server, can be used
to accomplish the same goal, LBHttpProfile is intended to
simplify enabling certain common use cases.
LBHttpProfile is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBApplicationProfileType | Application profile type An application profile can be bound to a virtual server to specify the application protocol characteristics. It is used to influence how load balancing is performed. Currently, three types of application profiles are supported: LBFastTCPProfile, LBFastUDPProfile and LBHttpProfile. LBFastTCPProfile or LBFastUDPProfile is typically used when the application is using a custom protocol or a standard protocol not supported by the load balancer. It is also used in cases where the user only wants L4 load balancing mainly because L4 load balancing has much higher performance and scalability, and/or supports connection mirroring. LBHttpProfile is used for both HTTP and HTTPS applications. Though application rules, if bound to the virtual server, can be used to accomplish the same goal, LBHttpProfile is intended to simplify enabling certain common use cases. LBHttpProfile is deprecated as NSX-T Load Balancer is deprecated. |
string | Enum: LBHttpProfile, LBFastTcpProfile, LBFastUdpProfile |
LBClientCertificateIssuerDnCondition (schema) (Deprecated)
Match condition for client certficate issuer DN
Match condition for client certficate issuer DN.
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for issuer DN comparing If true, case is significant when comparing issuer DN value. |
boolean | Default: "True" |
| issuer_dn | Value of issuer DN Value of issuer DN. |
string | Required |
| match_type | Match type of issuer DN Match type of issuer DN. |
LbRuleMatchType | Default: "REGEX" |
LBClientCertificateSubjectDnCondition (schema) (Deprecated)
Match condition for client certficate subject DN
Match condition for client certficate subject DN.
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for subject DN comparing If true, case is significant when comparing subject DN value. |
boolean | Default: "True" |
| match_type | Match type of subject DN Match type of subject DN. |
LbRuleMatchType | Default: "REGEX" |
| subject_dn | Value of subject DN Value of subject DN. |
string | Required |
LBClientSslProfile (schema) (Deprecated)
Client SSL profile
Client SSL profile.
LBClientSslProfile is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| cipher_group_label | Label of cipher group It is a label of cipher group which is mostly consumed by GUI. |
SslCipherGroup | |
| ciphers | Supported SSL cipher list to client side Supported SSL cipher list to client side. |
array of SslCipher | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| is_fips | FIPS compliance of ciphers and protocols This flag is set to true when all the ciphers and protocols are FIPS compliant. It is set to false when one of the ciphers or protocols are not FIPS compliant.. |
boolean | Readonly |
| is_secure | Secure/Insecure SSL profile flag This flag is set to true when all the ciphers and protocols are secure. It is set to false when one of the ciphers or protocols is insecure. |
boolean | Readonly |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| prefer_server_ciphers | Prefer server ciphers flag During SSL handshake as part of the SSL client Hello client sends an ordered list of ciphers that it can support (or prefers) and typically server selects the first one from the top of that list it can also support. For Perfect Forward Secrecy(PFS), server could override the client's preference. |
boolean | Default: "True" |
| protocols | Supported SSL protocol list to client side SSL versions TLS1.1 and TLS1.2 are supported and enabled by default. SSLv2, SSLv3, and TLS1.0 are supported, but disabled by default. |
array of SslProtocol | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBClientSslProfile | string | |
| session_cache_enabled | Session cache enable/disable flag SSL session caching allows SSL client and server to reuse previously negotiated security parameters avoiding the expensive public key operation during handshake. |
boolean | Default: "True" |
| session_cache_timeout | SSL session cache timeout value Session cache timeout specifies how long the SSL session parameters are held on to and can be reused. |
integer | Minimum: 1 Maximum: 86400 Default: "300" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBClientSslProfileBinding (schema) (Deprecated)
Client SSL profile binding
Client SSL profile binding.
LBClientSslProfileBinding is deprecated as NSX-T Load Balancer is
deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| certificate_chain_depth | The maximum traversal depth of client certificate chain Authentication depth is used to set the verification depth in the client certificates chain. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| client_auth | Client authentication mode Client authentication mode. |
ClientAuthType | Default: "IGNORE" |
| client_auth_ca_paths | CA path list to verify client certificate If client auth type is REQUIRED, client certificate must be signed by one of the trusted Certificate Authorities (CAs), also referred to as root CAs, whose self signed certificates are specified. |
array of string | |
| client_auth_crl_paths | CRL path list to verify client certificate A Certificate Revocation List (CRL) can be specified in the client-side SSL profile binding to disallow compromised client certificates. |
array of string | |
| default_certificate_path | Default service certificate identifier A default certificate should be specified which will be used if the server does not host multiple hostnames on the same IP address or if the client does not support SNI extension. |
string | Required |
| sni_certificate_paths | SNI certificate path list Client-side SSL profile binding allows multiple certificates, for different hostnames, to be bound to the same virtual server. |
array of string | |
| ssl_profile_path | Client SSL profile path Client SSL profile defines reusable, application-independent client side SSL properties. |
string |
LBConnectionDropAction (schema) (Deprecated)
Action to drop connections
This action is used to drop the connections. There is no extra propery in
this action. If there is no match condition specified, the connection will
be always dropped. This action can be specified at HTTP_ACCESS or
HTTP_FORWARDING pahse.
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Must be set to the value LBConnectionDropAction | LBRuleActionType | Required |
LBCookiePersistenceProfile (schema) (Deprecated)
LBPersistenceProflie using Cookies for L7 LBVirtualServer
Some applications maintain state and require all relevant connections
to be sent to the same server as the application state is not
synchronized among servers. Persistence is enabled on a
LBVirtualServer by binding a persistence profile to it.
LBCookiePersistenceProfile is deprecated as NSX-T Load Balancer is
deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| cookie_domain | Cookie domain HTTP cookie domain could be configured, only available for insert mode. |
string | |
| cookie_fallback | Cookie persistence fallback If fallback is true, once the cookie points to a server that is down (i.e. admin state DISABLED or healthcheck state is DOWN), then a new server is selected by default to handle that request. If fallback is false, it will cause the request to be rejected if cookie points to a server. |
boolean | Default: "True" |
| cookie_garble | Cookie persistence garble If garble is set to true, cookie value (server IP and port) would be encrypted. If garble is set to false, cookie value would be plain text. |
boolean | Default: "True" |
| cookie_httponly | Cookie httponly flag If cookie httponly flag is true, it prevents a script running in the browser from accessing the cookie. Only available for insert mode. |
boolean | Default: "False" |
| cookie_mode | Cookie persistence mode Cookie persistence mode. |
CookiePersistenceModeType | Default: "INSERT" |
| cookie_name | Cookie name Cookie name. |
string | Default: "NSXLB" |
| cookie_path | Cookie path HTTP cookie path could be set, only available for insert mode. |
string | |
| cookie_secure | Cookie secure flag If cookie secure flag is true, it prevents the browser from sending a cookie over http. The cookie is sent only over https. Only available for insert mode. |
boolean | Default: "False" |
| cookie_time | Cookie time setting Both session cookie and persistence cookie are supported, if not specified, it's a session cookie. It expires when the browser is closed. |
LBCookieTime (Abstract type: pass one of the following concrete types) LBPersistenceCookieTime LBSessionCookieTime |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| persistence_shared | Persistence shared across LBVirtualServers Persistence shared setting indicates that all LBVirtualServers that consume this LBPersistenceProfile should share the same persistence mechanism when enabled. Meaning, persistence entries of a client accessing one virtual server will also affect the same client's connections to a different virtual server. For example, say there are two virtual servers vip-ip1:80 and vip-ip1:8080 bound to the same Group g1 consisting of two servers (s11:80 and s12:80). By default, each virtual server will have its own persistence table or cookie. So, in the earlier example, there will be two tables (vip-ip1:80, p1) and (vip-ip1:8080, p1) or cookies. So, if a client connects to vip1:80 and later connects to vip1:8080, the second connection may be sent to a different server than the first. When persistence_shared is enabled, then the second connection will always connect to the same server as the original connection. For COOKIE persistence type, the same cookie will be shared by multiple virtual servers. For SOURCE_IP persistence type, the persistence table will be shared across virtual servers. For GENERIC persistence type, the persistence table will be shared across virtual servers which consume the same persistence profile in LBRule actions. |
boolean | Default: "False" |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBCookiePersistenceProfile | string | Required Enum: LBSourceIpPersistenceProfile, LBCookiePersistenceProfile, LBGenericPersistenceProfile |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBCookieTime (schema) (Deprecated)
Cookie time
Cookie time.
This is an abstract type. Concrete child types:
LBPersistenceCookieTime
LBSessionCookieTime
| Name | Description | Type | Notes |
|---|---|---|---|
| type | LBCookieTimeType | Required |
LBCookieTimeType (schema) (Deprecated)
CookieTime type
Both session cookie and persistence cookie are supported,
Use LbSessionCookieTime for session cookie time setting,
Use LbPersistenceCookieTime for persistence cookie time setting
| Name | Description | Type | Notes |
|---|---|---|---|
| LBCookieTimeType | CookieTime type Both session cookie and persistence cookie are supported, Use LbSessionCookieTime for session cookie time setting, Use LbPersistenceCookieTime for persistence cookie time setting |
string | Deprecated Enum: LBSessionCookieTime, LBPersistenceCookieTime |
LBFastTcpProfile (schema)
Fast TCP profile
Fast TCP profile.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| close_timeout | TCP connection idle timeout in seconds It is used to specify how long a closing TCP connection (both FINs received or a RST is received) should be kept for this application before cleaning up the connection. |
integer | Minimum: 1 Maximum: 60 Default: "8" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| ha_flow_mirroring_enabled | Flow mirroring enabled flag If flow mirroring is enabled, all the flows to the bounded virtual server are mirrored to the standby node. |
boolean | Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| idle_timeout | TCP connection idle timeout in seconds It is used to configure how long an idle TCP connection in ESTABLISHED state should be kept for this application before cleaning up. |
integer | Minimum: 1 Maximum: 2147483647 Default: "1800" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBFastTcpProfile | LBApplicationProfileType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBFastUdpProfile (schema)
Fast UDP profile
Fast UDP profile.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| flow_mirroring_enabled | Flow mirroring enabled flag If flow mirroring is enabled, all the flows to the bounded virtual server are mirrored to the standby node. |
boolean | Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| idle_timeout | UDP idle timeout in seconds Though UDP is a connectionless protocol, for the purposes of load balancing, all UDP packets with the same flow signature (source and destination IP/ports and IP protocol) received within the idle timeout period are considered to belong to the same connection and are sent to the same backend server. If no packets are received for idle timeout period, the connection (association between flow signature and the selected server) is cleaned up. |
integer | Minimum: 1 Maximum: 2147483647 Default: "300" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBFastUdpProfile | LBApplicationProfileType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBGenericPersistenceProfile (schema) (Deprecated)
LB generic persistence profile
Some applications maintain state and require all relevant connections
to be sent to the same server as the application state is not
synchronized among servers. Persistence is enabled on a
LBVirtualServer by binding a persistence profile to it.
LBGenericPersistenceProfile cannot be attached to virtual server directly,
it can be specified in LB rule actions. In HTTP forwarding phase,
the profile can be specified in LBVariablePersistenceOnAction. In HTTP
response rewriting phase, the profile can be specified in
LBVariablePersistenceLearnAction.
LBGenericPersistenceProfile is deprecated as NSX-T Load Balancer is
deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| ha_persistence_mirroring_enabled | Mirroring enabled flag The mirroring enabled flag is to synchronize persistence entries. Persistence entries are not synchronized to the HA peer by default. |
boolean | Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| persistence_shared | Persistence shared across LBVirtualServers Persistence shared setting indicates that all LBVirtualServers that consume this LBPersistenceProfile should share the same persistence mechanism when enabled. Meaning, persistence entries of a client accessing one virtual server will also affect the same client's connections to a different virtual server. For example, say there are two virtual servers vip-ip1:80 and vip-ip1:8080 bound to the same Group g1 consisting of two servers (s11:80 and s12:80). By default, each virtual server will have its own persistence table or cookie. So, in the earlier example, there will be two tables (vip-ip1:80, p1) and (vip-ip1:8080, p1) or cookies. So, if a client connects to vip1:80 and later connects to vip1:8080, the second connection may be sent to a different server than the first. When persistence_shared is enabled, then the second connection will always connect to the same server as the original connection. For COOKIE persistence type, the same cookie will be shared by multiple virtual servers. For SOURCE_IP persistence type, the persistence table will be shared across virtual servers. For GENERIC persistence type, the persistence table will be shared across virtual servers which consume the same persistence profile in LBRule actions. |
boolean | Default: "False" |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBGenericPersistenceProfile | string | Required Enum: LBSourceIpPersistenceProfile, LBCookiePersistenceProfile, LBGenericPersistenceProfile |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | Persistence entry expiration time in seconds When all connections complete (reference count reaches 0), persistence entry timer is started with the expiration time. |
integer | Minimum: 1 Maximum: 2147483647 Default: "300" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBHttpMonitorProfile (schema) (Deprecated)
LBMonitorProfile for active health checks over HTTP
Active healthchecks are disabled by default and can be enabled for a
server pool by binding a health monitor to the Group through the LBRule
object. This represents active health monitoring over HTTP.
Active healthchecks are initiated periodically, at a configurable
interval, to each member of the Group. Only if a healthcheck fails
consecutively for a specified number of times (fall_count) to a member will
the member status be marked DOWN. Once a member is DOWN, a specified
number of consecutive successful healthchecks (rise_count) will bring the
member back to UP state. After a healthcheck is initiated, if it does not
complete within a certain period, then also the healthcheck is considered
to be unsuccessful.
Completing a healthcheck within timeout means establishing a connection
(TCP or SSL), if applicable, sending the request and receiving the
response, all within the configured timeout.
LBHttpMonitorProfile is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| fall_count | Monitor fall count for active healthchecks Only if a healthcheck fails consecutively for a specified number of times, given with fall_count, to a member will the member status be marked DOWN. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| id | Unique identifier of this resource | string | Sortable |
| interval | Monitor interval in seconds for active healthchecks Active healthchecks are initiated periodically, at a configurable interval (in seconds), to each member of the Group. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| monitor_port | Monitor port for active healthchecks Typically, monitors perform healthchecks to Group members using the member IP address and pool_port. However, in some cases, customers prefer to run healthchecks against a different port than the pool member port which handles actual application traffic. In such cases, the port to run healthchecks against can be specified in the monitor_port value. For ICMP monitor, monitor_port is not required. |
int | Minimum: 0 Maximum: 65535 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| request_body | HTTP health check request body String to send as part of HTTP health check request body. Valid only for certain HTTP methods like POST. |
string | |
| request_headers | Array of HTTP request headers Array of HTTP request headers. |
array of LbHttpRequestHeader | |
| request_method | The health check method for HTTP monitor type The health check method for HTTP monitor type. |
HttpRequestMethodType | Default: "GET" |
| request_url | Customized HTTP request url for active health checks For HTTP active healthchecks, the HTTP request url sent can be customized and can include query parameters. |
string | Default: "/" |
| request_version | HTTP request version HTTP request version. |
HttpRequestVersionType | Default: "HTTP_VERSION_1_1" |
| resource_type | Must be set to the value LBHttpMonitorProfile | LBMonitorProfileType | Required |
| response_body | Response body to match If HTTP response body match string (regular expressions not supported) is specified (using LBHttpMonitor.response_body) then the healthcheck HTTP response body is matched against the specified string and server is considered healthy only if there is a match. If the response body string is not specified, HTTP healthcheck is considered successful if the HTTP response status code is 2xx, but it can be configured to accept other status codes as successful. |
string | |
| response_status_codes | Array of single HTTP response status codes The HTTP response status code should be a valid HTTP status code. |
array of int | Maximum items: 64 |
| rise_count | Monitor rise count for active healthchecks Once a member is DOWN, a specified number of consecutive successful healthchecks specified by rise_count will bring the member back to UP state. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | Monitor timeout in seconds for active healthchecks Timeout specified in seconds. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBHttpProfile (schema) (Deprecated)
Http profile
Http profile.
LBHttpProfile is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| http_redirect_to | Http redirect static URL If a website is temporarily down or has moved, incoming requests for that virtual server can be temporarily redirected to a URL. |
string | |
| http_redirect_to_https | Flag to indicate whether enable HTTP-HTTPS redirect Certain secure applications may want to force communication over SSL, but instead of rejecting non-SSL connections, they may choose to redirect the client automatically to use SSL. |
boolean | Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| idle_timeout | HTTP application idle timeout in seconds It is used to specify the HTTP application idle timeout, it means that how long the load balancer will keep the connection idle to wait for the client to send the next keep-alive request. It is not a TCP socket setting. |
integer | Minimum: 1 Maximum: 5400 Default: "15" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| ntlm | NTLM support flag NTLM is an authentication protocol that can be used over HTTP. If the flag is set to true, LB will use NTLM challenge/response methodology. This property is deprecated. Please use the property server_keep_alive in order to keep the backend server connection alive for the client connection. When create a new profile, if both ntlm and server_keep_alive are set as different values, ERROR will be reported. When update an existing profile, if either ntlm or server_keep_alive value is changed, both of them are updated with the changed value. |
boolean | Deprecated |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| request_body_size | Maximum size of the buffer used to store HTTP request body If it is not specified, it means that request body size is unlimited. |
integer | Minimum: 1 Maximum: 2147483647 |
| request_header_size | Maximum size of the buffer used to store HTTP request headers A request with header equal to or below this size is guaranteed to be processed. A request with header larger than request_header_size will be processed up to 32K bytes on best effort basis. |
integer | Minimum: 1 Default: "1024" |
| resource_type | Must be set to the value LBHttpProfile | LBApplicationProfileType | Required |
| response_buffering | Enable or disable buffering of responses When buffering is disabled, the response is passed to a client synchronously, immediately as it is received. When buffering is enabled, LB receives a response from the backend server as soon as possible, saving it into the buffers. |
boolean | Default: "False" |
| response_header_size | Maximum size of the buffer used to store HTTP response headers A response with header larger than response_header_size will be dropped. |
integer | Minimum: 1 Maximum: 65536 Default: "4096" |
| response_timeout | Maximum server idle time in seconds If server doesn’t send any packet within this time, the connection is closed. |
integer | Minimum: 1 Maximum: 2147483647 Default: "60" |
| server_keep_alive | Server keep-alive flag If server_keep_alive is true, it means the backend connection will keep alive for the client connection. Every client connection is tied 1:1 with the corresponding server-side connection. If server_keep_alive is false, it means the backend connection won't keep alive for the client connection. If server_keep_alive is not specified for API input, its value in API output will be the same with the property ntlm. |
boolean | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| x_forwarded_for | Insert or replace x_forwarded_for When X-Forwareded-For is configured, X-Forwarded-Proto and X-Forwarded-Port information is added automatically. The two additional header information can be also modified or deleted in load balancer rules. |
LBXForwardedForType |
LBHttpRedirectAction (schema) (Deprecated)
Action to redirect HTTP request messages
This action is used to redirect HTTP request messages to a new URL. The
reply_status value specified in this action is used as the status code of
HTTP response message which is sent back to client (Normally a browser).
The HTTP status code for redirection is 3xx, for example, 301, 302, 303,
307, etc. The redirect_url is the new URL that the HTTP request message is
redirected to. Normally browser will send another HTTP request to the new
URL after receiving a redirection response message.
Captured variables and built-in variables can be used in redirect_url field.
For example, to redirect all HTTP requests to HTTPS requests for a virtual
server. We create an LBRule without any conditions, add an
LBHttpRedirectAction to the rule. Set the
redirect_url field of the LBHttpRedirectAction to:
https://$_host$_request_uri
And set redirect_status to "302", which means found. This rule will
redirect all HTTP requests to HTTPS server port on the same host.
| Name | Description | Type | Notes |
|---|---|---|---|
| redirect_status | HTTP response status code HTTP response status code. |
string | Required |
| redirect_url | The URL that the HTTP request is redirected to The URL that the HTTP request is redirected to. |
string | Required |
| type | Must be set to the value LBHttpRedirectAction | LBRuleActionType | Required |
LBHttpRejectAction (schema) (Deprecated)
Action to reject HTTP request messages
This action is used to reject HTTP request messages. The specified
reply_status value is used as the status code for the corresponding HTTP
response message which is sent back to client (Normally a browser)
indicating the reason it was rejected. Reference official HTTP status code
list for your specific HTTP version to set the reply_status properly.
LBHttpRejectAction does not support variables.
| Name | Description | Type | Notes |
|---|---|---|---|
| reply_message | Response message Response message. |
string | |
| reply_status | HTTP response status code HTTP response status code. |
string | Required |
| type | Must be set to the value LBHttpRejectAction | LBRuleActionType | Required |
LBHttpRequestBodyCondition (schema) (Deprecated)
Condition to match content of HTTP request message body
This condition is used to match the message body of an HTTP request.
Typically, only HTTP POST, PATCH, or PUT requests have request body.
The match_type field defines how body_value field is used to match the body
of HTTP requests.
| Name | Description | Type | Notes |
|---|---|---|---|
| body_value | HTTP request body | string | Required |
| case_sensitive | A case sensitive flag for HTTP body comparing If true, case is significant when comparing HTTP body value. |
boolean | Default: "True" |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| match_type | Match type of HTTP body | LbRuleMatchType | Default: "REGEX" |
| type | Must be set to the value LBHttpRequestBodyCondition | LBRuleConditionType | Required |
LBHttpRequestCookieCondition (schema) (Deprecated)
Condition to match HTTP request cookie
This condition is used to match HTTP request messages by cookie which is a
specific type of HTTP header. The match_type and case_sensitive define how
to compare cookie value.
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for cookie value comparing If true, case is significant when comparing cookie value. |
boolean | Default: "True" |
| cookie_name | Name of cookie Cookie name. |
string | Required |
| cookie_value | Value of cookie Cookie value. |
string | Required |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| match_type | Match type of cookie value Match type of cookie value. |
LbRuleMatchType | Default: "REGEX" |
| type | Must be set to the value LBHttpRequestCookieCondition | LBRuleConditionType | Required |
LBHttpRequestHeaderCondition (schema) (Deprecated)
Condition to match HTTP request header
This condition is used to match HTTP request messages by HTTP header
fields. HTTP header fields are components of the header section of HTTP
request and response messages. They define the operating parameters of an
HTTP transaction. For example, Cookie, Authorization, User-Agent, etc. One
condition can be used to match one header field, to match multiple header
fields, multiple conditions must be specified.
The match_type field defines how header_value field is used to match HTTP
requests. The header_name field does not support match types.
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for HTTP header value comparing If true, case is significant when comparing HTTP header value. |
boolean | Default: "True" |
| header_name | Name of HTTP header | string | Default: "Host" |
| header_value | Value of HTTP header | string | Required |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| match_type | Match type of HTTP header value | LbRuleMatchType | Default: "REGEX" |
| type | Must be set to the value LBHttpRequestHeaderCondition | LBRuleConditionType | Required |
LBHttpRequestHeaderDeleteAction (schema) (Deprecated)
Action to delete HTTP request header fields
This action is used to delete header fields of HTTP request messages at
HTTP_REQUEST_REWRITE phase. One action can be used to delete all headers
with same header name. To delete headers with different header names,
multiple actions must be defined.
| Name | Description | Type | Notes |
|---|---|---|---|
| header_name | Name of a header field of HTTP request message Name of a header field of HTTP request message. |
string | Required |
| type | Must be set to the value LBHttpRequestHeaderDeleteAction | LBRuleActionType | Required |
LBHttpRequestHeaderRewriteAction (schema) (Deprecated)
Action to rewrite header fields of HTTP request messages
This action is used to rewrite header fields of matched HTTP request
messages to specified new values. One action can be used to rewrite one
header field. To rewrite multiple header fields, multiple actions must be
defined.
Captured variables and built-in variables can be used in the header_value
field, header_name field does not support variables.
| Name | Description | Type | Notes |
|---|---|---|---|
| header_name | Name of HTTP request header Name of HTTP request header. |
string | Required |
| header_value | Value of HTTP request header Value of HTTP request header. |
string | Required |
| type | Must be set to the value LBHttpRequestHeaderRewriteAction | LBRuleActionType | Required |
LBHttpRequestMethodCondition (schema) (Deprecated)
Condition to match method of HTTP request messages
This condition is used to match method of HTTP requests. If the method of an
HTTP request is same as the method specified in this condition, the HTTP
request match this condition. For example, if the method field is set to
GET in this condition, any HTTP request with GET method matches the
condition.
| Name | Description | Type | Notes |
|---|---|---|---|
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| method | Type of HTTP request method | HttpRequestMethodType | Required |
| type | Must be set to the value LBHttpRequestMethodCondition | LBRuleConditionType | Required |
LBHttpRequestUriArgumentsCondition (schema) (Deprecated)
Condition to match URI arguments of HTTP requests
This condition is used to match URI arguments aka query string of Http
request messages, for example, in URI http://exaple.com?foo=1&bar=2, the
"foo=1&bar=2" is the query string containing URI arguments. In an URI
scheme, query string is indicated by the first question mark ("?")
character and terminated by a number sign ("#") character or by the end of
the URI.
The uri_arguments field can be specified as a regular expression(Set
match_type to REGEX). For example, "foo=(?<x>\d+)". It matches HTTP
requests whose URI arguments containing "foo", the value of foo contains
only digits. And the value of foo is captured as $x which can be used in
LBRuleAction fields which support variables.
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for URI arguments comparing If true, case is significant when comparing URI arguments. |
boolean | Default: "True" |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| match_type | Match type of URI arguments | LbRuleMatchType | Default: "REGEX" |
| type | Must be set to the value LBHttpRequestUriArgumentsCondition | LBRuleConditionType | Required |
| uri_arguments | URI arguments URI arguments, aka query string of URI. |
string | Required |
LBHttpRequestUriCondition (schema) (Deprecated)
Condition to match URIs of HTTP request messages
This condition is used to match URIs(Uniform Resource Identifier) of HTTP
request messages. The URI field can be specified as a regular expression.
If an HTTP request message is requesting an URI which matches specified
regular expression, it matches the condition.
The syntax of whole URI looks like this:
scheme:[//[user[:password]@]host[:port]][/path][?query][#fragment]
This condition matches only the path part of entire URI.
When match_type field is specified as REGEX, the uri field is used as a
regular expression to match URI path of HTTP requests. For example, to
match any URI that has "/image/" or "/images/", uri field can be specified
as: "/image[s]?/".
Named capturing groups can be used in the uri field to capture substrings
of matched URIs and store them in variables for use in LBRuleAction. For
example, specify uri field as:
"/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)"
If the URI path is /articles/news/2017/06/xyz.html, then substring "2017"
is captured in variable year, "06" is captured in variable month, and
"xyz.html" is captured in variable article. These variables can then
be used in an LBRuleAction field which supports variables, such as uri
field of LBHttpRequestUriRewriteAction. For example, set the uri field
of LBHttpRequestUriRewriteAction as:
"/articles/news/$year-$month-$article"
Then the URI path /articles/news/2017/06/xyz.html is rewritten to:
"/articles/news/2017-06-xyz.html"
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for URI comparing If true, case is significant when comparing URI. |
boolean | Default: "True" |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| match_type | Match type of URI | LbRuleMatchType | Default: "REGEX" |
| type | Must be set to the value LBHttpRequestUriCondition | LBRuleConditionType | Required |
| uri | A string used to identify resource | string | Required |
LBHttpRequestUriRewriteAction (schema) (Deprecated)
Action to rewrite HTTP request URIs.
This action is used to rewrite URIs in matched HTTP request messages.
Specify the uri and uri_arguments fields in this condition to rewrite the
matched HTTP request message's URI and URI arguments to the new values.
Full URI scheme of HTTP messages have following syntax:
scheme:[//[user[:password]@]host[:port]][/path][?query][#fragment]
The uri field of this action is used to rewrite the /path part in above
scheme. And the uri_arguments field is used to rewrite the query part.
Captured variables and built-in variables can be used in the uri and
uri_arguments fields.
Check the example in LBRuleAction to see how to use variables in this
action.
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Must be set to the value LBHttpRequestUriRewriteAction | LBRuleActionType | Required |
| uri | URI of HTTP request URI of HTTP request. |
string | Required |
| uri_arguments | URI arguments Query string of URI, typically contains key value pairs, for example: foo1=bar1&foo2=bar2. |
string |
LBHttpRequestVersionCondition (schema) (Deprecated)
Condition to match HTTP protocol version of HTTP requests
This condition is used to match the HTTP protocol version of the HTTP
request messages.
| Name | Description | Type | Notes |
|---|---|---|---|
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| type | Must be set to the value LBHttpRequestVersionCondition | LBRuleConditionType | Required |
| version | HTTP version | HttpRequestVersionType | Required |
LBHttpResponseHeaderCondition (schema) (Deprecated)
Condition to match a header field of HTTP response
This condition is used to match HTTP response messages from backend servers
by HTTP header fields. HTTP header fields are components of the header
section of HTTP request and response messages. They define the operating
parameters of an HTTP transaction. For example, Cookie, Authorization,
User-Agent, etc. One condition can be used to match one header field, to
match multiple header fields, multiple conditions must be specified.
The match_type field defines how header_value field is used to match HTTP
responses. The header_name field does not support match types.
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for HTTP header value comparing If true, case is significant when comparing HTTP header value. |
boolean | Default: "True" |
| header_name | Name of HTTP header field | string | Required |
| header_value | Value of HTTP header field | string | Required |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| match_type | Match type of HTTP header value | LbRuleMatchType | Default: "REGEX" |
| type | Must be set to the value LBHttpResponseHeaderCondition | LBRuleConditionType | Required |
LBHttpResponseHeaderDeleteAction (schema) (Deprecated)
Action to delete HTTP response header fields
This action is used to delete header fields of HTTP response messages at
HTTP_RESPONSE_REWRITE phase. One action can be used to delete allgi headers
with same header name. To delete headers with different header names,
multiple actions must be defined.
| Name | Description | Type | Notes |
|---|---|---|---|
| header_name | Name of a header field of HTTP response message Name of a header field of HTTP response message. |
string | Required |
| type | Must be set to the value LBHttpResponseHeaderDeleteAction | LBRuleActionType | Required |
LBHttpResponseHeaderRewriteAction (schema) (Deprecated)
Action to rewrite HTTP response header fields
This action is used to rewrite header fields of HTTP response messages to
specified new values at HTTP_RESPONSE_REWRITE phase. One action can be used
to rewrite one header field. To rewrite multiple header fields, multiple
actions must be defined.
Captured variables and built-in variables can be used in the header_value
field, header_name field does not support variables.
| Name | Description | Type | Notes |
|---|---|---|---|
| header_name | Name of a header field of HTTP request message Name of a header field of HTTP request message. |
string | Required |
| header_value | Value of header field Value of header field |
string | Required |
| type | Must be set to the value LBHttpResponseHeaderRewriteAction | LBRuleActionType | Required |
LBHttpSslCondition (schema) (Deprecated)
Condition to match SSL handshake and SSL connection
This condition is used to match SSL handshake and SSL connection at
all phases.If multiple properties are configured, the rule is considered
a match when all the configured properties are matched.
| Name | Description | Type | Notes |
|---|---|---|---|
| client_certificate_issuer_dn | The issuer DN match condition of the client certificate The issuer DN match condition of the client certificate for an established SSL connection. |
LBClientCertificateIssuerDnCondition | |
| client_certificate_subject_dn | The subject DN match condition of the client certificate The subject DN match condition of the client certificate for an established SSL connection. |
LBClientCertificateSubjectDnCondition | |
| client_supported_ssl_ciphers | Cipher list which supported by client Cipher list which supported by client. |
array of SslCipher | |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| session_reused | The type of SSL session reused The type of SSL session reused. |
LbSslSessionReusedType | Default: "IGNORE" |
| type | Must be set to the value LBHttpSslCondition | LBRuleConditionType | Required |
| used_protocol | Protocol of an established SSL connection Protocol of an established SSL connection. |
SslProtocol | |
| used_ssl_cipher | Cipher used for an established SSL connection Cipher used for an established SSL connection. |
SslCipher |
LBHttpsMonitorProfile (schema) (Deprecated)
LBMonitorProfile for active health checks over HTTPS
Active healthchecks are disabled by default and can be enabled for a
server pool by binding a health monitor to the Group through the LBRule
object. This represents active health monitoring over HTTPS. Active
healthchecks are initiated periodically, at a configurable interval, to
each member of the Group. Only if a healthcheck fails consecutively for a
specified number of times (fall_count) to a member will the member status
be marked DOWN. Once a member is DOWN, a specified number of consecutive
successful healthchecks (rise_count) will bring the member back to UP
state. After a healthcheck is initiated, if it does not complete within a
certain period, then also the healthcheck is considered to be
unsuccessful. Completing a healthcheck within timeout means establishing
a connection (TCP or SSL), if applicable, sending the request and
receiving the response, all within the configured timeout.
LBHttpsMonitorProfile is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| fall_count | Monitor fall count for active healthchecks Only if a healthcheck fails consecutively for a specified number of times, given with fall_count, to a member will the member status be marked DOWN. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| id | Unique identifier of this resource | string | Sortable |
| interval | Monitor interval in seconds for active healthchecks Active healthchecks are initiated periodically, at a configurable interval (in seconds), to each member of the Group. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| monitor_port | Monitor port for active healthchecks Typically, monitors perform healthchecks to Group members using the member IP address and pool_port. However, in some cases, customers prefer to run healthchecks against a different port than the pool member port which handles actual application traffic. In such cases, the port to run healthchecks against can be specified in the monitor_port value. For ICMP monitor, monitor_port is not required. |
int | Minimum: 0 Maximum: 65535 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| request_body | HTTP health check request body String to send as part of HTTP health check request body. Valid only for certain HTTP methods like POST. |
string | |
| request_headers | Array of HTTP request headers Array of HTTP request headers. |
array of LbHttpRequestHeader | |
| request_method | The health check method for HTTP monitor type The health check method for HTTP monitor type. |
HttpRequestMethodType | Default: "GET" |
| request_url | Customized HTTPS request url for active health checks For HTTPS active healthchecks, the HTTPS request url sent can be customized and can include query parameters. |
string | Default: "/" |
| request_version | HTTP request version HTTP request version. |
HttpRequestVersionType | Default: "HTTP_VERSION_1_1" |
| resource_type | Must be set to the value LBHttpsMonitorProfile | LBMonitorProfileType | Required |
| response_body | Response body to match If HTTP response body match string (regular expressions not supported) is specified (using LBHttpMonitor.response_body) then the healthcheck HTTP response body is matched against the specified string and server is considered healthy only if there is a match. If the response body string is not specified, HTTP healthcheck is considered successful if the HTTP response status code is 2xx, but it can be configured to accept other status codes as successful. |
string | |
| response_status_codes | Array of single HTTP response status codes The HTTP response status code should be a valid HTTP status code. |
array of int | Maximum items: 64 |
| rise_count | Monitor rise count for active healthchecks Once a member is DOWN, a specified number of consecutive successful healthchecks specified by rise_count will bring the member back to UP state. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| server_ssl_profile_binding | Pool side SSL binding setting The setting is used when the monitor acts as an SSL client and establishing a connection to the backend server. |
LBServerSslProfileBinding | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | Monitor timeout in seconds for active healthchecks Timeout specified in seconds. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBIcmpMonitorProfile (schema) (Deprecated)
LBMonitorProfile for active health checks over ICMP
Active healthchecks are disabled by default and can be enabled for a
server pool by binding a health monitor to the Group through the LBRule
object. This represents active health monitoring over ICMP.
Active healthchecks are initiated periodically, at a configurable
interval, to each member of the Group. Only if a healthcheck fails
consecutively for a specified number of times (fall_count) to a member will
the member status be marked DOWN. Once a member is DOWN, a specified
number of consecutive successful healt hchecks (rise_count) will bring the
member back to UP state. After a healthcheck is initiated, if it does not
complete within a certain period, then also the healthcheck is considered
to be unsuccessful. Completing a healthcheck within timeout means establishing
a connection (TCP or SSL), if applicable, sending the request and
receiving the response, all within the configured timeout.
LBIcmpMonitorProfile is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| data_length | The data size (in byte) of the ICMP healthcheck packet | integer | Minimum: 0 Maximum: 65507 Default: "56" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| fall_count | Monitor fall count for active healthchecks Only if a healthcheck fails consecutively for a specified number of times, given with fall_count, to a member will the member status be marked DOWN. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| id | Unique identifier of this resource | string | Sortable |
| interval | Monitor interval in seconds for active healthchecks Active healthchecks are initiated periodically, at a configurable interval (in seconds), to each member of the Group. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| monitor_port | Monitor port for active healthchecks Typically, monitors perform healthchecks to Group members using the member IP address and pool_port. However, in some cases, customers prefer to run healthchecks against a different port than the pool member port which handles actual application traffic. In such cases, the port to run healthchecks against can be specified in the monitor_port value. For ICMP monitor, monitor_port is not required. |
int | Minimum: 0 Maximum: 65535 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBIcmpMonitorProfile | LBMonitorProfileType | Required |
| rise_count | Monitor rise count for active healthchecks Once a member is DOWN, a specified number of consecutive successful healthchecks specified by rise_count will bring the member back to UP state. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | Monitor timeout in seconds for active healthchecks Timeout specified in seconds. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBIpHeaderCondition (schema) (Deprecated)
Condition to match IP header fields
This condition is used to match IP header fields of HTTP messages.
Either source_address or group_id should be specified.
| Name | Description | Type | Notes |
|---|---|---|---|
| group_path | Grouping object path Source IP address of HTTP message should match IP addresses which are configured in Group in order to perform actions. |
string | |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| source_address | Source IP address of HTTP message Source IP address of HTTP message. IP Address can be expressed as a single IP address like 10.1.1.1, or a range of IP addresses like 10.1.1.101-10.1.1.160. Both IPv4 and IPv6 addresses are supported. |
IPElement | |
| type | Must be set to the value LBIpHeaderCondition | LBRuleConditionType | Required |
LBJwtAuthAction (schema) (Deprecated)
Action to control access using JWT authentication
This action is used to control access to backend server resources using
JSON Web Token(JWT) authentication. The JWT authentication is done before
any HTTP manipulation if the HTTP request matches the given condition in
LBRule. Any verification failed, the HTTP process will be terminated, and
HTTP response with 401 status code and WWW-Authentication header will be
returned to client.
| Name | Description | Type | Notes |
|---|---|---|---|
| key | LBJwtKey used for verifying the signature of JWT token | LBJwtKey (Abstract type: pass one of the following concrete types) LBJwtCertificateKey LBJwtPublicKey LBJwtSymmetricKey |
|
| pass_jwt_to_pool | Whether to pass the JWT to backend server or remove it Specify whether to pass the JWT to backend server or remove it. By default, it is false which means will not pass the JWT to backend servers. |
boolean | Default: "False" |
| realm | JWT realm A description of the protected area. If no realm is specified, clients often display a formatted hostname instead. The configured realm is returned when client request is rejected with 401 http status. In the response, it will be "WWW-Authentication: Bearer realm=<realm>". |
string | |
| tokens | JWT tokens JWT is an open standard that defines a compact and self-contained way for securely transmitting information between parties as a JSON object. Load balancer will search for every specified tokens one by one for the jwt message until found. This parameter is optional. In case not found or this field is not configured, load balancer searches the Bearer header by default in the http request "Authorization: Bearer <token>". |
array of string | |
| type | Must be set to the value LBJwtAuthAction | LBRuleActionType | Required |
LBJwtCertificateKey (schema) (Deprecated)
Specifies certificate used to verify the signature of JWT tokens
The key is used to specify certificate which is used to verify the
signature of JWT tokens.
| Name | Description | Type | Notes |
|---|---|---|---|
| certificate_path | Certificate identifier | string | Required |
| type | Must be set to the value LBJwtCertificateKey | LBJwtKeyType | Required |
LBJwtKey (schema) (Deprecated)
Load balancer JWT key
LBJwtKey specifies the symmetric key or asymmetric public key used to
decrypt the data in JWT.
This is an abstract type. Concrete child types:
LBJwtCertificateKey
LBJwtPublicKey
LBJwtSymmetricKey
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Type of load balancer JWT key The property is used to identify JWT key type. |
LBJwtKeyType | Required |
LBJwtKeyType (schema) (Deprecated)
Type of load balancer JWT key
It is used to identify JWT key type.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBJwtKeyType | Type of load balancer JWT key It is used to identify JWT key type. |
string | Deprecated Enum: LBJwtCertificateKey, LBJwtSymmetricKey, LBJwtPublicKey |
LBJwtPublicKey (schema) (Deprecated)
Specifies public key content used to verify the signature of JWT tokens
The key is used to specify the public key content which is used to verify
the signature of JWT tokens.
| Name | Description | Type | Notes |
|---|---|---|---|
| public_key_content | Content of public key | string | Required |
| type | Must be set to the value LBJwtPublicKey | LBJwtKeyType | Required |
LBJwtSymmetricKey (schema) (Deprecated)
Specifies the symmetric key used to verify the signature of JWT tokens
The key is used to specify the symmetric key which is used to verify the
signature of JWT tokens.
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Must be set to the value LBJwtSymmetricKey | LBJwtKeyType | Required |
LBMonitorProfile (schema) (Deprecated)
The object is deprecated as NSX-T Load Balancer is deprecated.
This is an abstract type. Concrete child types:
LBActiveMonitor
LBHttpMonitorProfile
LBHttpsMonitorProfile
LBIcmpMonitorProfile
LBPassiveMonitorProfile
LBTcpMonitorProfile
LBUdpMonitorProfile
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBMonitorProfile | LBMonitorProfileType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBMonitorProfileType (schema) (Deprecated)
Monitor type
There are two types of healthchecks: active and passive.
Passive healthchecks depend on failures in actual client traffic (e.g. RST
from server in response to a client connection) to detect that the server
or the application is down.
In case of active healthchecks, load balancer itself initiates new
connections (or sends ICMP ping) to the servers periodically to check their
health, completely independent of any data traffic.
Currently, active health monitors are supported for HTTP, HTTPS, TCP, UDP
and ICMP protocols.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBMonitorProfileType | Monitor type There are two types of healthchecks: active and passive. Passive healthchecks depend on failures in actual client traffic (e.g. RST from server in response to a client connection) to detect that the server or the application is down. In case of active healthchecks, load balancer itself initiates new connections (or sends ICMP ping) to the servers periodically to check their health, completely independent of any data traffic. Currently, active health monitors are supported for HTTP, HTTPS, TCP, UDP and ICMP protocols. |
string | Deprecated Enum: LBTcpMonitorProfile, LBUdpMonitorProfile, LBIcmpMonitorProfile, LBHttpMonitorProfile, LBHttpsMonitorProfile, LBPassiveMonitorProfile |
LBPassiveMonitorProfile (schema) (Deprecated)
Base class for each type of active LBMonitorProfile
The passive type of LBMonitorProfile.
LBPassiveMonitorProfile is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| max_fails | Number of consecutive connection failures When the consecutive failures reach this value, then the member is considered temporarily unavailable for a configurable period |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBPassiveMonitorProfile | LBMonitorProfileType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | Timeout in seconds before it is selected again for a new connection After this timeout period, the member is tried again for a new connection to see if it is available. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBPersistenceCookieTime (schema) (Deprecated)
Persistence cookie time
Persistence cookie time.
| Name | Description | Type | Notes |
|---|---|---|---|
| cookie_max_idle | Persistence cookie max idle time in seconds HTTP cookie max-age to expire cookie, only available for insert mode. |
integer | Required Minimum: 1 Maximum: 2147483647 |
| type | Must be set to the value LBPersistenceCookieTime | LBCookieTimeType | Required |
LBPersistenceProfile (schema)
Contains the information related to load balancer persistence options
Some applications maintain state and require all relevant connections
to be sent to the same server as the application state is not
synchronized among servers. Persistence is enabled on a
LBVirtualServer by binding a persistence profile to it.
LBGenericPersistenceProfile cannot be attached to LBVirtualServer
directly, it can be specified in LBVariablePersistenceOnAction or
LBVariablePersistenceLearnAction in LBRule. If a user attaches a
LBGenericPersistenceProfile directly to a virtual server, the operation
is rejected.
This is an abstract type. Concrete child types:
LBCookiePersistenceProfile
LBGenericPersistenceProfile
LBSourceIpPersistenceProfile
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| persistence_shared | Persistence shared across LBVirtualServers Persistence shared setting indicates that all LBVirtualServers that consume this LBPersistenceProfile should share the same persistence mechanism when enabled. Meaning, persistence entries of a client accessing one virtual server will also affect the same client's connections to a different virtual server. For example, say there are two virtual servers vip-ip1:80 and vip-ip1:8080 bound to the same Group g1 consisting of two servers (s11:80 and s12:80). By default, each virtual server will have its own persistence table or cookie. So, in the earlier example, there will be two tables (vip-ip1:80, p1) and (vip-ip1:8080, p1) or cookies. So, if a client connects to vip1:80 and later connects to vip1:8080, the second connection may be sent to a different server than the first. When persistence_shared is enabled, then the second connection will always connect to the same server as the original connection. For COOKIE persistence type, the same cookie will be shared by multiple virtual servers. For SOURCE_IP persistence type, the persistence table will be shared across virtual servers. For GENERIC persistence type, the persistence table will be shared across virtual servers which consume the same persistence profile in LBRule actions. |
boolean | Default: "False" |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBPersistenceProfile | string | Required Enum: LBSourceIpPersistenceProfile, LBCookiePersistenceProfile, LBGenericPersistenceProfile |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBPool (schema)
Defining access a Group from a LBVirtualServer and binding to LBMonitorProfile
Defining access of a Group from a LBVirtualServer and binding to
LBMonitorProfile.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| active_monitor_paths | Active monitor path list In case of active healthchecks, load balancer itself initiates new connections (or sends ICMP ping) to the servers periodically to check their health, completely independent of any data traffic. Active healthchecks are disabled by default and can be enabled for a server pool by binding a health monitor to the pool. If multiple active monitors are configured, the pool member status is UP only when the health check status for all the monitors are UP. The property is deprecated as NSX-T Load Balancer is deprecated. |
array of string | Deprecated |
| algorithm | Load balancing algorithm Load Balancing algorithm chooses a server for each new connection by going through the list of servers in the pool. Currently, following load balancing algorithms are supported with ROUND_ROBIN as the default. ROUND_ROBIN means that a server is selected in a round-robin fashion. The weight would be ignored even if it is configured. WEIGHTED_ROUND_ROBIN means that a server is selected in a weighted round-robin fashion. Default weight of 1 is used if weight is not configured. LEAST_CONNECTION means that a server is selected when it has the least number of connections. The weight would be ignored even if it is configured. Slow start would be enabled by default. WEIGHTED_LEAST_CONNECTION means that a server is selected in a weighted least connection fashion. Default weight of 1 is used if weight is not configured. Slow start would be enabled by default. IP_HASH means that consistent hash is performed on the source IP address of the incoming connection. This ensures that the same client IP address will always reach the same server as long as no server goes down or up. It may be used on the Internet to provide a best-effort stickiness to clients which refuse session cookies. |
string | Enum: ROUND_ROBIN, WEIGHTED_ROUND_ROBIN, LEAST_CONNECTION, WEIGHTED_LEAST_CONNECTION, IP_HASH Default: "ROUND_ROBIN" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| member_group | Load balancer member setting with grouping object Load balancer pool support grouping object as dynamic pool members. When member group is defined, members setting should not be specified. |
LBPoolMemberGroup | |
| members | Load balancer pool members Server pool consists of one or more pool members. Each pool member is identified, typically, by an IP address and a port. |
array of LBPoolMember | |
| min_active_members | Minimum number of active pool members to consider pool as active A pool is considered active if there are at least certain minimum number of members. |
integer | Minimum: 1 Maximum: 2147483647 Default: "1" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| passive_monitor_path | Passive monitor path Passive healthchecks are disabled by default and can be enabled by attaching a passive health monitor to a server pool. Each time a client connection to a pool member fails, its failed count is incremented. For pools bound to L7 virtual servers, a connection is considered to be failed and failed count is incremented if any TCP connection errors (e.g. TCP RST or failure to send data) or SSL handshake failures occur. For pools bound to L4 virtual servers, if no response is received to a TCP SYN sent to the pool member or if a TCP RST is received in response to a TCP SYN, then the pool member is considered to have failed and the failed count is incremented. The property is deprecated as NSX-T Load Balancer is deprecated. |
string | Deprecated |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBPool | string | |
| snat_translation | Snat translation configuration Depending on the topology, Source NAT (SNAT) may be required to ensure traffic from the server destined to the client is received by the load balancer. SNAT can be enabled per pool. If SNAT is not enabled for a pool, then load balancer uses the client IP and port (spoofing) while establishing connections to the servers. This is referred to as no-SNAT or TRANSPARENT mode. By default Source NAT is enabled as LBSnatAutoMap. |
LBSnatTranslation (Abstract type: pass one of the following concrete types) LBSnatAutoMap LBSnatDisabled LBSnatIpPool |
|
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_multiplexing_enabled | TCP multiplexing enable flag TCP multiplexing allows the same TCP connection between load balancer and the backend server to be used for sending multiple client requests from different client TCP connections. The property is deprecated as NSX-T Load Balancer is deprecated. |
boolean | Deprecated Default: "False" |
| tcp_multiplexing_number | Maximum number of TCP connections for multiplexing The maximum number of TCP connections per pool that are idly kept alive for sending future client requests. The property is deprecated as NSX-T Load Balancer is deprecated. |
integer | Deprecated Minimum: 0 Maximum: 2147483647 Default: "6" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBPoolMember (schema)
Pool member
Pool member.
| Name | Description | Type | Notes |
|---|---|---|---|
| admin_state | Member admin state Member admin state. |
PoolMemberAdminStateType | Default: "ENABLED" |
| backup_member | Determine whether the pool member is for backup usage Backup servers are typically configured with a sorry page indicating to the user that the application is currently unavailable. While the pool is active (a specified minimum number of pool members are active) BACKUP members are skipped during server selection. When the pool is inactive, incoming connections are sent to only the BACKUP member(s). |
boolean | Default: "False" |
| display_name | Pool member name Pool member name. |
string | |
| ip_address | Pool member IP address Pool member IP address. |
IPAddress | Required |
| max_concurrent_connections | Maximum concurrent connection number To ensure members are not overloaded, connections to a member can be capped by the load balancer. When a member reaches this limit, it is skipped during server selection. If it is not specified, it means that connections are unlimited. |
integer | Minimum: 1 Maximum: 2147483647 |
| port | Pool member port number If port is specified, all connections will be sent to this port. Only single port is supported. If unset, the same port the client connected to will be used, it could be overrode by default_pool_member_port setting in virtual server. The port should not specified for port range case. |
PortElement | |
| weight | Pool member weight Pool member weight is used for WEIGHTED_ROUND_ROBIN balancing algorithm. The weight value would be ignored in other algorithms. |
integer | Minimum: 1 Maximum: 256 Default: "1" |
LBPoolMemberGroup (schema)
Pool member group
Pool member group.
| Name | Description | Type | Notes |
|---|---|---|---|
| customized_members | List of customized pool member settings The list is used to show the customized pool member settings. User can only user pool member action API to update the admin state for a specific IP address. |
array of PoolMemberSetting | |
| group_path | Grouping object path Load balancer pool support Group as dynamic pool members. The IP list of the Group would be used as pool member IP setting. |
string | Required |
| ip_revision_filter | Filter of ipv4 or ipv6 address of grouping object IP list Ip revision filter is used to filter IPv4 or IPv6 addresses from the grouping object. If the filter is not specified, both IPv4 and IPv6 addresses would be used as server IPs. The link local and loopback addresses would be always filtered out. |
string | Enum: IPV4, IPV6, IPV4_IPV6 Default: "IPV4" |
| max_ip_list_size | Maximum number of grouping object IP address list The size is used to define the maximum number of grouping object IP address list. These IP addresses would be used as pool members. If the grouping object includes more than certain number of IP addresses, the redundant parts would be ignored and those IP addresses would not be treated as pool members. If the size is not specified, one member is budgeted for this dynamic pool so that the pool has at least one member even if some other dynamic pools grow beyond the capacity of load balancer service. Other members are picked according to available dynamic capacity. The unused members would be set to DISABLED so that the load balancer system itself is not overloaded during runtime. |
integer | Minimum: 0 Maximum: 2147483647 |
| port | Pool member port for all IP addresses of the grouping object If port is specified, all connections will be sent to this port. If unset, the same port the client connected to will be used, it could be overridden by default_pool_member_ports setting in virtual server. The port should not specified for multiple ports case. |
int | Minimum: 1 Maximum: 65535 |
LBRule (schema) (Deprecated)
Binding of a LBPool and Group to a LBVirtualServer
Binding of a LBPool and Group to a LBVirtualServer
used to route application traffic passing through load balancers.
LBRule uses match conditions to match application traffic passing
through a LBVirtualServer using HTTP or HTTPS. Can bind
multiple LBVirtualServers to a Group. Each LBRule
consists of two optional match conditions, each match contidion defines a
criterion for application traffic. If no match conditions are
specified, then the LBRule will always match and it is used
typically to define default rules. If more than one match condition is
specified, then matching strategy determines if all conditions should
match or any one condition should match for the LBRule to be
considered a match. A match indicates that the LBVirtualServer
should route the request to the Group (parent of LBRule).
LBRule is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| actions | Actions to be executed A list of actions to be executed at specified phase when load balancer rule matches. The actions are used to manipulate application traffic, such as rewrite URI of HTTP messages, redirect HTTP messages, etc. |
array of LBRuleAction (Abstract type: pass one of the following concrete types) LBConnectionDropAction LBHttpRedirectAction LBHttpRejectAction LBHttpRequestHeaderDeleteAction LBHttpRequestHeaderRewriteAction LBHttpRequestUriRewriteAction LBHttpResponseHeaderDeleteAction LBHttpResponseHeaderRewriteAction LBJwtAuthAction LBSelectPoolAction LBSslModeSelectionAction LBVariableAssignmentAction LBVariablePersistenceLearnAction LBVariablePersistenceOnAction |
Required Maximum items: 60 |
| display_name | Display name for LBRule A display name useful for identifying an LBRule. |
string | |
| match_conditions | Conditions to match application traffic A list of match conditions used to match application traffic. Multiple match conditions can be specified in one load balancer rule, each match condition defines a criterion to match application traffic. If no match conditions are specified, then the load balancer rule will always match and it is used typically to define default rules. If more than one match condition is specified, then match strategy determines if all conditions should match or any one condition should match for the load balancer rule to considered a match. |
array of LBRuleCondition (Abstract type: pass one of the following concrete types) LBHttpRequestBodyCondition LBHttpRequestCookieCondition LBHttpRequestHeaderCondition LBHttpRequestMethodCondition LBHttpRequestUriArgumentsCondition LBHttpRequestUriCondition LBHttpRequestVersionCondition LBHttpResponseHeaderCondition LBHttpSslCondition LBIpHeaderCondition LBSslSniCondition LBTcpHeaderCondition LBVariableCondition |
Maximum items: 60 |
| match_strategy | Match strategy for determining match of multiple conditions If more than one match condition is specified, then matching strategy determines if all conditions should match or any one condition should match for the LB Rule to be considered a match. - ALL indicates that both host_match and path_match must match for this LBRule to be considered a match. - ANY indicates that either host_match or patch match may match for this LBRule to be considered a match. |
string | Enum: ALL, ANY Default: "ANY" |
| phase | Load balancer processing phase Each load balancer rule is used at a specific phase of load balancer processing. Currently five phases are supported, HTTP_REQUEST_REWRITE, HTTP_FORWARDING, HTTP_RESPONSE_REWRITE, HTTP_ACCESS and TRANSPORT. When an HTTP request message is received by load balancer, all HTTP_REQUEST_REWRITE rules, if present are executed in the order they are applied to virtual server. And then if HTTP_FORWARDING rules present, only first matching rule's action is executed, remaining rules are not checked. HTTP_FORWARDING rules can have only one action. If the request is forwarded to a backend server and the response goes back to load balancer, all HTTP_RESPONSE_REWRITE rules, if present, are executed in the order they are applied to the virtual server. In HTTP_ACCESS phase, user can define action to control access using JWT authentication. In TRANSPORT phase, user can define the condition to match SNI in TLS client hello and define the action to do SSL end-to-end, SSL offloading or SSL passthrough using a specific load balancer server pool. |
string | Enum: HTTP_REQUEST_REWRITE, HTTP_FORWARDING, HTTP_RESPONSE_REWRITE, HTTP_ACCESS, TRANSPORT Default: "HTTP_FORWARDING" |
LBRuleAction (schema) (Deprecated)
Load balancer rule action
Load balancer rule actions are used to manipulate application traffic.
Currently load balancer rules can be used at three load balancer processing
phases. Each phase has its own supported type of actions.
Supported actions in HTTP_REQUST_REWRITE phase are:
LBHttpRequestUriRewriteAction
LBHttpRequestHeaderRewriteAction
LBHttpRequestHeaderDeleteAction
LBVariableAssignmentAction
Supported actions in HTTP_FORWARDING phase are:
LBHttpRejectAction
LBHttpRedirectAction
LBSelectPoolAction
LBVariablePersistenceOnAction
LBConnectionDropAction
Supported action in HTTP_RESPONSE_REWRITE phase is:
LBHttpResponseHeaderRewriteAction
LBHttpResponseHeaderDeleteAction
LBVariablePersistenceLearnAction
Supported action in HTTP_ACCESS phase is:
LBJwtAuthAction
LBConnectionDropAction
LBVariableAssignmentAction
Supported action in TRANSPORT phase is:
LBSslModeSelectionAction
LBSelectPoolAction
If the match type of an LBRuleCondition field is specified as REGEX and
named capturing groups are used in the specified regular expression. The
groups can be used as variables in LBRuleAction fields.
For example, define a rule with LBHttpRequestUriCondition as match
condition and LBHttpRequestUriRewriteAction as action. Set match_type field
of LBHttpRequestUriCondition to REGEX, and set uri field to
"/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)".
Set uri field of LBHttpRequestUriRewriteAction to:
"/news/$year-$month/$article"
In uri field of LBHttpRequestUriCondition, the (?<year>\d+),
(?<month>\d+) and (?<article>.*) are named capturing groups,
they define variables named $year, $month and $article respectively. The
defined variables are used in LBHttpRequestUriRewriteAction.
For a matched HTTP request with URI "/news/2017/06/xyz.html", the substring
"2017" is captured in variable $year, "06" is captured in variable $month,
and "xyz.html" is captured in variable $article. The
LBHttpRequestUriRewriteAction will rewrite the URI to:
"/news/2017-06/xyz.html"
A set of built-in variables can be used in LBRuleAction as well. The name
of built-in variables start with underscore, the name of user defined
variables is not allowed to start with underscore.
Following are some of the built-in variables:
$_scheme: Reference the scheme part of matched HTTP messages, could be
"http" or "https".
$_host: Host of matched HTTP messages, for example "www.example.com".
$_server_port: Port part of URI, it is also the port of the server which
accepted a request. Default port is 80 for http and 443 for https.
$_uri: The URI path, for example "/products/sample.html".
$_request_uri: Full original request URI with arguments, for example,
"/products/sample.html?a=b&c=d".
$_args: URI arguments, for instance "a=b&c=d"
$_is_args: "?" if a request has URI arguments, or an empty string
otherwise.
For the full list of built-in variables, please reference the NSX-T
Administrator's Guide.
This is an abstract type. Concrete child types:
LBConnectionDropAction
LBHttpRedirectAction
LBHttpRejectAction
LBHttpRequestHeaderDeleteAction
LBHttpRequestHeaderRewriteAction
LBHttpRequestUriRewriteAction
LBHttpResponseHeaderDeleteAction
LBHttpResponseHeaderRewriteAction
LBJwtAuthAction
LBSelectPoolAction
LBSslModeSelectionAction
LBVariableAssignmentAction
LBVariablePersistenceLearnAction
LBVariablePersistenceOnAction
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Type of load balancer rule action The property identifies the load balancer rule action type. |
LBRuleActionType | Required |
LBRuleActionType (schema) (Deprecated)
Types of load balancer rule actions
Types of load balancer rule actions.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBRuleActionType | Types of load balancer rule actions Types of load balancer rule actions. |
string | Deprecated Enum: LBSelectPoolAction, LBHttpRequestUriRewriteAction, LBHttpRequestHeaderRewriteAction, LBHttpRejectAction, LBHttpRedirectAction, LBHttpResponseHeaderRewriteAction, LBHttpRequestHeaderDeleteAction, LBHttpResponseHeaderDeleteAction, LBVariableAssignmentAction, LBVariablePersistenceOnAction, LBVariablePersistenceLearnAction, LBJwtAuthAction, LBSslModeSelectionAction, LBConnectionDropAction |
LBRuleCondition (schema) (Deprecated)
Match condition of load balancer rule
Match conditions are used to match application traffic passing through
load balancers. Multiple match conditions can be specified in one load
balancer rule, each match condition defines a criterion for application
traffic.
If inverse field is set to true, the match result of the condition is
inverted.
If more than one match condition is specified, match strategy determines
if all conditions should match or any one condition should match for the
load balancer rule to be considered a match.
Currently only HTTP messages are supported by load balancer rules.
Each load balancer rule is used at a specific phase of load balancer
processing. Currently three phases are supported, HTTP_REQUEST_REWRITE,
HTTP_FORWARDING and HTTP_RESPONSE_REWRITE.
Each phase supports certain types of match conditions, supported match
conditions in HTTP_REQUEST_REWRITE phase are:
LBHttpRequestMethodCondition
LBHttpRequestUriCondition
LBHttpRequestUriArgumentsCondition
LBHttpRequestVersionCondition
LBHttpRequestHeaderCondition
LBHttpRequestCookieCondition
LBHttpRequestBodyCondition
LBTcpHeaderCondition
LBIpHeaderCondition
LBVariableCondition
LBHttpSslCondition
Supported match conditions in HTTP_FORWARDING phase are:
LBHttpRequestMethodCondition
LBHttpRequestUriCondition
LBHttpRequestUriArgumentsCondition
LBHttpRequestVersionCondition
LBHttpRequestHeaderCondition
LBHttpRequestCookieCondition
LBHttpRequestBodyCondition
LBTcpHeaderCondition
LBIpHeaderCondition
LBVariableCondition
LBHttpSslCondition
LBSslSniCondition
Supported match conditions in HTTP_RESPONSE_REWRITE phase are:
LBHttpResponseHeaderCondition
LBHttpRequestMethodCondition
LBHttpRequestUriCondition
LBHttpRequestUriArgumentsCondition
LBHttpRequestVersionCondition
LBHttpRequestHeaderCondition
LBHttpRequestCookieCondition
LBTcpHeaderCondition
LBIpHeaderCondition
LBVariableCondition
LBHttpSslCondition
Supported match condition in HTTP_ACCESS phase is:
LBHttpRequestMethodCondition
LBHttpRequestUriCondition
LBHttpRequestUriArgumentsCondition
LBHttpRequestVersionCondition
LBHttpRequestHeaderCondition
LBHttpRequestCookieCondition
LBHttpRequestBodyCondition
LBTcpHeaderCondition
LBIpHeaderCondition
LBVariableCondition
LBHttpSslCondition
Supported match condition in TRANSPORT phase is:
LBSslSniCondition
This is an abstract type. Concrete child types:
LBHttpRequestBodyCondition
LBHttpRequestCookieCondition
LBHttpRequestHeaderCondition
LBHttpRequestMethodCondition
LBHttpRequestUriArgumentsCondition
LBHttpRequestUriCondition
LBHttpRequestVersionCondition
LBHttpResponseHeaderCondition
LBHttpSslCondition
LBIpHeaderCondition
LBSslSniCondition
LBTcpHeaderCondition
LBVariableCondition
| Name | Description | Type | Notes |
|---|---|---|---|
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| type | Type of load balancer rule condition | LBRuleConditionType | Required |
LBRuleConditionType (schema) (Deprecated)
Type of load balancer rule match condition
Type of load balancer rule match condition.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBRuleConditionType | Type of load balancer rule match condition Type of load balancer rule match condition. |
string | Deprecated Enum: LBHttpRequestUriCondition, LBHttpRequestHeaderCondition, LBHttpRequestMethodCondition, LBHttpRequestUriArgumentsCondition, LBHttpRequestVersionCondition, LBHttpRequestCookieCondition, LBHttpRequestBodyCondition, LBHttpResponseHeaderCondition, LBTcpHeaderCondition, LBIpHeaderCondition, LBVariableCondition, LBHttpSslCondition, LBSslSniCondition |
LBSelectPoolAction (schema) (Deprecated)
Action to select a pool for HTTP request messages
This action is used to select a pool for matched HTTP request messages. The
pool is specified by path. The matched HTTP request messages are forwarded
to the specified pool.
| Name | Description | Type | Notes |
|---|---|---|---|
| pool_id | Path of load balancer pool Path of load balancer pool. |
string | Required |
| type | Must be set to the value LBSelectPoolAction | LBRuleActionType | Required |
LBServerAuthType (schema) (Deprecated)
server authentication mode
Server authentication could be AUTO_APPLY, REQUIRED or IGNORE, it is used to
specify if the server certificate presented to the load balancer during
handshake should be actually validated or not.
Validation is automatic by default when server_auth_ca_certificate_paths are
configured and IGNORED when they are not configured.
If validation is REQUIRED, then to be accepted, server certificate must be
signed by one of the trusted CAs whose self signed certificates are
specified in the same server-side SSL profile binding.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBServerAuthType | server authentication mode Server authentication could be AUTO_APPLY, REQUIRED or IGNORE, it is used to specify if the server certificate presented to the load balancer during handshake should be actually validated or not. Validation is automatic by default when server_auth_ca_certificate_paths are configured and IGNORED when they are not configured. If validation is REQUIRED, then to be accepted, server certificate must be signed by one of the trusted CAs whose self signed certificates are specified in the same server-side SSL profile binding. |
string | Deprecated Enum: REQUIRED, IGNORE, AUTO_APPLY |
LBServerSslProfile (schema) (Deprecated)
Server SSL profile
Server SSL profile.
LBServerSslProfile is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| cipher_group_label | Label of cipher group It is a label of cipher group which is mostly consumed by GUI. |
SslCipherGroup | |
| ciphers | Supported SSL cipher list to client side Supported SSL cipher list to client side. |
array of SslCipher | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| is_fips | FIPS compliance of ciphers and protocols This flag is set to true when all the ciphers and protocols are FIPS compliant. It is set to false when one of the ciphers or protocols are not FIPS compliant. |
boolean | Readonly |
| is_secure | Secure/Insecure SSL profile flag This flag is set to true when all the ciphers and protocols are secure. It is set to false when one of the ciphers or protocols is insecure. |
boolean | Readonly |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| protocols | Supported SSL protocol list to client side SSL versions TLS1.1 and TLS1.2 are supported and enabled by default. SSLv2, SSLv3, and TLS1.0 are supported, but disabled by default. |
array of SslProtocol | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBServerSslProfile | string | |
| session_cache_enabled | Session cache enable/disable falg SSL session caching allows SSL client and server to reuse previously negotiated security parameters avoiding the expensive public key operation during handshake. |
boolean | Default: "True" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBServerSslProfileBinding (schema) (Deprecated)
Server SSL profile binding
Server SSL profile binding.
LBServerSslProfileBinding is deprecated as NSX-T Load Balancer is
deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| certificate_chain_depth | The maximum traversal depth of server certificate chain Authentication depth is used to set the verification depth in the server certificates chain. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| client_certificate_path | Client certificate path To support client authentication (load balancer acting as a client authenticating to the backend server), client certificate can be specified in the server-side SSL profile binding |
string | |
| server_auth | Server authentication mode Server authentication mode. |
LBServerAuthType | Default: "AUTO_APPLY" |
| server_auth_ca_paths | CA path list to verify server certificate If server auth type is REQUIRED, server certificate must be signed by one of the trusted Certificate Authorities (CAs), also referred to as root CAs, whose self signed certificates are specified. |
array of string | |
| server_auth_crl_paths | CRL path list to verify server certificate A Certificate Revocation List (CRL) can be specified in the server-side SSL profile binding to disallow compromised server certificates. |
array of string | |
| ssl_profile_path | Server SSL profile path Server SSL profile defines reusable, application-independent server side SSL properties. |
string |
LBService (schema)
Loadbalancer Service
Loadbalancer Service.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| access_log_enabled | Flag to enable access log | boolean | Deprecated |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| connectivity_path | The connectivity target used to instantiate the LBService LBS could be instantiated (or created) on the Tier-1, etc. For now, only the Tier-1 object is supported. |
string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | Flag to enable the load balancer service Flag to enable the load balancer service. |
boolean | Default: "True" |
| error_log_level | Error log level of load balancer service Load balancer engine writes information about encountered issues of different severity levels to the error log. This setting is used to define the severity level of the error log. |
LbLogLevel | Default: "INFO" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| relax_scale_validation | Whether scale validation is relaxed If relax_scale_validation is true, the scale validations for virtual servers/pools/pool members/rules are relaxed for load balancer service. When load balancer service is deployed on edge nodes, the scale of virtual servers/pools/pool members for the load balancer service should not exceed the scale number of the largest load balancer size which could be configured on a certain edge form factor. For example, the largest load balancer size supported on a MEDIUM edge node is MEDIUM. So one SMALL load balancer deployed on MEDIUM edge nodes can support the scale number of MEDIUM load balancer. It is not recommended to enable active monitors if relax_scale_validation is true due to performance consideration. If relax_scale_validation is false, scale numbers should be validated for load balancer service. The property is deprecated as NSX-T Load Balancer is deprecated. |
boolean | Deprecated Default: "False" |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBService | string | |
| size | Load balancer service size Load balancer service size. The load balancer service sizes, SMALL, MEDIUM, LARGE and XLARGE are all deprecated. Customers who are using this set of features are advised to migrate to NSX Advanced Load Balancer (Avi) which provides a superset of the NSX-T load balancing functionality. |
LbServiceSize | Default: "SMALL" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBSessionCookieTime (schema) (Deprecated)
Session cookie time
Session cookie time.
| Name | Description | Type | Notes |
|---|---|---|---|
| cookie_max_idle | Session cookie max idle time in seconds Instead of using HTTP Cookie max-age and relying on client to expire the cookie, max idle time and/or max lifetime of the cookie can be used. Max idle time, if configured, specifies the maximum interval the cookie is valid for from the last time it was seen in a request. It is available for insert mode. |
integer | Minimum: 1 Maximum: 2147483647 |
| cookie_max_life | Session cookie max lifetime in seconds Max life time, if configured, specifies the maximum interval the cookie is valid for from the first time the cookie was seen in a request. It is available for insert mode. |
integer | Minimum: 1 Maximum: 2147483647 |
| type | Must be set to the value LBSessionCookieTime | LBCookieTimeType | Required |
LBSnatAutoMap (schema) (Deprecated)
Snat auto map
Snat auto map.
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Must be set to the value LBSnatAutoMap | LBSnatTranslationType | Required |
LBSnatDisabled (schema)
Snat disabled
Snat disabled.
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Must be set to the value LBSnatDisabled | LBSnatTranslationType | Required |
LBSnatIpElement (schema) (Deprecated)
Snat Ip element
Snat Ip element.
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_address | Ip address or ip range Ip address or ip range such as 1.1.1.1 or 1.1.1.101-1.1.1.160. |
IPElement | Required |
| prefix_length | Subnet prefix length Subnet prefix length should be not specified if there is only one single IP address or IP range. |
integer |
LBSnatIpPool (schema) (Deprecated)
Snat Ip pool
Snat Ip pool.
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_addresses | List of Ip address or ip range If an IP range is specified, the range may contain no more than 64 IP addresses. |
array of LBSnatIpElement | Required Maximum items: 64 |
| type | Must be set to the value LBSnatIpPool | LBSnatTranslationType | Required |
LBSnatTranslation (schema)
Snat Translation
Snat Translation.
This is an abstract type. Concrete child types:
LBSnatAutoMap
LBSnatDisabled
LBSnatIpPool
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Snat translation type Snat translation type. |
LBSnatTranslationType | Required |
LBSnatTranslationType (schema)
Snat translation type
Load balancers may need to perform SNAT to ensure reverse traffic from
the server can be received and processed by them.
There are three modes:
LBSnatAutoMap uses the load balancer interface IP and an
ephemeral port as the source IP and port of the server side connection.
LBSnatIpPool allows user to specify one or more IP addresses
along with their subnet masks that should be used for SNAT while
connecting to any of the servers in the pool.
LBSnatDisabled disables Source NAT. This is referred to as no-SNAT
or TRANSPARENT mode.
LBSnatAutoMap and LBSnatIpPool are deprecated as NSX-T Load Balancer is
deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBSnatTranslationType | Snat translation type Load balancers may need to perform SNAT to ensure reverse traffic from the server can be received and processed by them. There are three modes: LBSnatAutoMap uses the load balancer interface IP and an ephemeral port as the source IP and port of the server side connection. LBSnatIpPool allows user to specify one or more IP addresses along with their subnet masks that should be used for SNAT while connecting to any of the servers in the pool. LBSnatDisabled disables Source NAT. This is referred to as no-SNAT or TRANSPARENT mode. LBSnatAutoMap and LBSnatIpPool are deprecated as NSX-T Load Balancer is deprecated. |
string | Enum: LBSnatAutoMap, LBSnatIpPool, LBSnatDisabled |
LBSourceIpPersistenceProfile (schema)
LBPersistenceProflie using SourceIP
Some applications maintain state and require all relevant connections
to be sent to the same server as the application state is not
synchronized among servers. Persistence is enabled on a
LBVirtualServer by binding a persistence profile to it.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| ha_persistence_mirroring_enabled | Mirroring enabled flag to synchronize persistence entries Persistence entries are not synchronized to the HA peer by default. The property is deprecated as NSX-T Load Balancer is deprecated. |
boolean | Deprecated Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| persistence_shared | Persistence shared across LBVirtualServers Persistence shared setting indicates that all LBVirtualServers that consume this LBPersistenceProfile should share the same persistence mechanism when enabled. Meaning, persistence entries of a client accessing one virtual server will also affect the same client's connections to a different virtual server. For example, say there are two virtual servers vip-ip1:80 and vip-ip1:8080 bound to the same Group g1 consisting of two servers (s11:80 and s12:80). By default, each virtual server will have its own persistence table or cookie. So, in the earlier example, there will be two tables (vip-ip1:80, p1) and (vip-ip1:8080, p1) or cookies. So, if a client connects to vip1:80 and later connects to vip1:8080, the second connection may be sent to a different server than the first. When persistence_shared is enabled, then the second connection will always connect to the same server as the original connection. For COOKIE persistence type, the same cookie will be shared by multiple virtual servers. For SOURCE_IP persistence type, the persistence table will be shared across virtual servers. For GENERIC persistence type, the persistence table will be shared across virtual servers which consume the same persistence profile in LBRule actions. |
boolean | Default: "False" |
| purge | Persistence purge setting Persistence purge setting. |
SourceIpPersistencePurge | Default: "FULL" |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBSourceIpPersistenceProfile | string | Required Enum: LBSourceIpPersistenceProfile, LBCookiePersistenceProfile, LBGenericPersistenceProfile |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | Persistence entry expiration time in seconds When all connections complete (reference count reaches 0), persistence entry timer is started with the expiration time. |
integer | Minimum: 1 Maximum: 2147483647 Default: "300" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBSslModeSelectionAction (schema) (Deprecated)
Action to select SSL mode
This action is used to select SSL mode. Three types of SSL mode actions can
be specified in Transport phase, ssl passthrough, ssl offloading and ssl
end-to-end.
| Name | Description | Type | Notes |
|---|---|---|---|
| ssl_mode | Type of SSL mode SSL Passthrough: LB establishes a TCP connection with client and another connection with selected backend server. LB won't inspect the stream data between client and backend server, but just pass it through. Backend server exchanges SSL connection with client. SSL Offloading: LB terminiates the connections from client, and establishes SSL connection with it. After receiving the HTTP request, LB connects the selected backend server and talk with it via HTTP without SSL. LB estalishes new connection to selected backend server for each HTTP request, in case server_keep_alive or multiplexing are NOT configured. SSL End-to-End: LB terminiates the connections from client, and establishes SSL connection with it. After receiving the HTTP request, LB connects the selected backend server and talk with it via HTTPS. LB estalishes new SSL connection to selected backend server for each HTTP request, in case server_keep_alive or multiplexing are NOT configured. |
string | Required Enum: SSL_PASSTHROUGH, SSL_END_TO_END, SSL_OFFLOAD |
| type | Must be set to the value LBSslModeSelectionAction | LBRuleActionType | Required |
LBSslProfile (schema) (Deprecated)
Load balancer abstract SSL profile
Load balancer abstract SSL profile.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBSslProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBSslSniCondition (schema) (Deprecated)
Condition to match SSL SNI in client hello
This condition is used to match SSL SNI in client hello. This condition is
only supported in TRANSPORT phase and HTTP_FORWARDING.
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for SNI comparing If true, case is significant when comparing SNI value. |
boolean | Default: "True" |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| match_type | Match type of SNI | LbRuleMatchType | Default: "REGEX" |
| sni | The server name indication The SNI(Server Name indication) in client hello message. |
string | Required |
| type | Must be set to the value LBSslSniCondition | LBRuleConditionType | Required |
LBTcpHeaderCondition (schema) (Deprecated)
Condition to match TCP header fields
This condition is used to match TCP header fields of HTTP messages.
Currently, only the TCP source port is supported. Ports can be expressed as
a single port number like 80, or a port range like 1024-1030.
| Name | Description | Type | Notes |
|---|---|---|---|
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| source_port | TCP source port of HTTP message | PortElement | Required |
| type | Must be set to the value LBTcpHeaderCondition | LBRuleConditionType | Required |
LBTcpMonitorProfile (schema) (Deprecated)
LBMonitorProfile for active health checks over TCP
Active healthchecks are disabled by default and can be enabled for a
server pool by binding a health monitor to the Group through the
LBRule object. This represents active health monitoring over TCP.
Active healthchecks are initiated periodically, at a configurable
interval, to each member of the Group. Only if a healthcheck fails
consecutively for a specified number of times (fall_count) to a member
will the member status be marked DOWN. Once a member is DOWN, a specified
number of consecutive successful healthchecks (rise_count) will bring
the member back to UP state. After a healthcheck is initiated, if it
does not complete within a certain period, then also
the healthcheck is considered to be unsuccessful. Completing a
healthcheck within timeout means establishing a connection (TCP or SSL),
if applicable, sending the request and receiving the response, all within
the configured timeout.
LBTcpMonitorProfile is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| fall_count | Monitor fall count for active healthchecks Only if a healthcheck fails consecutively for a specified number of times, given with fall_count, to a member will the member status be marked DOWN. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| id | Unique identifier of this resource | string | Sortable |
| interval | Monitor interval in seconds for active healthchecks Active healthchecks are initiated periodically, at a configurable interval (in seconds), to each member of the Group. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| monitor_port | Monitor port for active healthchecks Typically, monitors perform healthchecks to Group members using the member IP address and pool_port. However, in some cases, customers prefer to run healthchecks against a different port than the pool member port which handles actual application traffic. In such cases, the port to run healthchecks against can be specified in the monitor_port value. For ICMP monitor, monitor_port is not required. |
int | Minimum: 0 Maximum: 65535 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| receive | Expected data received from server Expected data, if specified, can be anywhere in the response and it has to be a string, regular expressions are not supported. |
string | |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBTcpMonitorProfile | LBMonitorProfileType | Required |
| rise_count | Monitor rise count for active healthchecks Once a member is DOWN, a specified number of consecutive successful healthchecks specified by rise_count will bring the member back to UP state. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| send | Data to send If both send and receive are not specified, then just a TCP connection is established (3-way handshake) to validate server is healthy, no data is sent. |
string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | Monitor timeout in seconds for active healthchecks Timeout specified in seconds. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBUdpMonitorProfile (schema) (Deprecated)
LBMonitorProfile for active health checks over UDP
Active healthchecks are disabled by default and can be enabled for a
server pool by binding a health monitor to the Group through the LBRule
object. This represents active health monitoring over UDP. Active
healthchecks are initiated periodically, at a configurable interval, to
each member of the Group. Only if a healthcheck fails consecutively for a
specified number of times (fall_count) to a member will the member status
be marked DOWN. Once a member is DOWN, a specified number of consecutive
successful healthchecks (rise_count) will bring the member back to UP
state. After a healthcheck is initiated, if it does not complete within a
certain period, then also the healthcheck is considered to be
unsuccessful. Completing a healthcheck within timeout means establishing
a connection (TCP or SSL), if applicable, sending the request and
receiving the response, all within the configured timeout.
LBUdpMonitorProfile is deprecated as NSX-T Load Balancer is deprecated.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| fall_count | Monitor fall count for active healthchecks Only if a healthcheck fails consecutively for a specified number of times, given with fall_count, to a member will the member status be marked DOWN. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| id | Unique identifier of this resource | string | Sortable |
| interval | Monitor interval in seconds for active healthchecks Active healthchecks are initiated periodically, at a configurable interval (in seconds), to each member of the Group. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| monitor_port | Monitor port for active healthchecks Typically, monitors perform healthchecks to Group members using the member IP address and pool_port. However, in some cases, customers prefer to run healthchecks against a different port than the pool member port which handles actual application traffic. In such cases, the port to run healthchecks against can be specified in the monitor_port value. For ICMP monitor, monitor_port is not required. |
int | Minimum: 0 Maximum: 65535 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| receive | Expected data received from server Expected data, can be anywhere in the response and it has to be a string, regular expressions are not supported. UDP healthcheck is considered failed if there is no server response within the timeout period. |
string | Required |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBUdpMonitorProfile | LBMonitorProfileType | Required |
| rise_count | Monitor rise count for active healthchecks Once a member is DOWN, a specified number of consecutive successful healthchecks specified by rise_count will bring the member back to UP state. |
integer | Minimum: 1 Maximum: 2147483647 Default: "3" |
| send | Data to send The data to be sent to the monitored server. |
string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | Monitor timeout in seconds for active healthchecks Timeout specified in seconds. After a healthcheck is initiated, if it does not complete within a certain period, then also the healthcheck is considered to be unsuccessful. Completing a healthcheck within timeout means establishing a connection (TCP or SSL), if applicable, sending the request and receiving the response, all within the configured timeout. |
integer | Minimum: 1 Maximum: 2147483647 Default: "5" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBVariableAssignmentAction (schema) (Deprecated)
Action to create variable and assign value to it
This action is used to create a new variable and assign value to it.
One action can be used to create one variable. To create multiple
variables, multiple actions must be defined.
The variables can be used by LBVariableCondition, etc.
| Name | Description | Type | Notes |
|---|---|---|---|
| type | Must be set to the value LBVariableAssignmentAction | LBRuleActionType | Required |
| variable_name | Name of the variable to be assigned Name of the variable to be assigned. |
string | Required |
| variable_value | Value of variable Value of variable. |
string | Required |
LBVariableCondition (schema) (Deprecated)
Condition to match IP header fields
This condition is used to match variable's name and value at all
phases. The variables could be captured from REGEX or assigned by
LBVariableAssignmentAction or system embedded variable. Varialbe_name
and variable_value should be matched at the same time.
| Name | Description | Type | Notes |
|---|---|---|---|
| case_sensitive | A case sensitive flag for variable value comparing If true, case is significant when comparing variable value. |
boolean | Default: "True" |
| inverse | A flag to indicate whether reverse the match result of this condition | boolean | Default: "False" |
| match_type | Match type of variable value | LbRuleMatchType | Default: "REGEX" |
| type | Must be set to the value LBVariableCondition | LBRuleConditionType | Required |
| variable_name | Name of the variable to be matched | string | Required |
| variable_value | Value of variable to be matched | string | Required |
LBVariablePersistenceLearnAction (schema) (Deprecated)
Action to learn the variable value
This action is performed in HTTP response rewrite phase. It is used to
learn the value of variable from the HTTP response, and insert an entry
into the persistence table if the entry doesn't exist.
| Name | Description | Type | Notes |
|---|---|---|---|
| persistence_profile_path | Path to LBPersistenceProfile If the persistence profile path is not specified, a default persistence table is created per virtual server. Currently, only LBGenericPersistenceProfile is supported. |
string | |
| type | Must be set to the value LBVariablePersistenceLearnAction | LBRuleActionType | Required |
| variable_hash_enabled | Whether to enable a hash operation for variable value The property is used to enable a hash operation for variable value when composing the persistence key. |
boolean | Default: "False" |
| variable_name | Variable name The property is the name of variable to be learnt. It is used to identify which variable's value is learnt from HTTP response. The variable can be a built-in variable such as "_cookie_JSESSIONID", a customized variable defined in LBVariableAssignmentAction or a captured variable in regular expression such as "article". For the full list of built-in variables, please reference the NSX-T Administrator's Guide. |
string | Required |
LBVariablePersistenceOnAction (schema) (Deprecated)
Action to persist the variable value
This action is performed in HTTP forwarding phase. It is used to inspect
the variable of HTTP request, and look up the persistence entry with its
value and pool uuid as key.
If the persistence entry is found, the HTTP request is forwarded to the
recorded backend server according to the persistence entry.
If the persistence entry is not found, a new entry is created in the
table after backend server is selected.
| Name | Description | Type | Notes |
|---|---|---|---|
| persistence_profile_path | Path to LBPersistenceProfile If the persistence profile path is not specified, a default persistence table is created per virtual server. Currently, only LBGenericPersistenceProfile is supported. |
string | |
| type | Must be set to the value LBVariablePersistenceOnAction | LBRuleActionType | Required |
| variable_hash_enabled | Whether to enable a hash operation for variable value The property is used to enable a hash operation for variable value when composing the persistence key. |
boolean | Default: "False" |
| variable_name | Variable name The property is the name of variable to be used. It specifies which variable's value of a HTTP Request will be used in the key of persistence entry. The variable can be a built-in variable such as "_cookie_JSESSIONID", a customized variable defined in LBVariableAssignmentAction or a captured variable in regular expression such as "article". For the full list of built-in variables, please reference the NSX-T Administrator's Guide. |
string | Required |
LBVirtualServer (schema)
Base class for each type of LBVirtualServer
All the types of LBVirtualServer extend from this abstract class. This
is present for extensibility.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| access_list_control | IP access list control to filter the connections Specifies the access list control to define how to filter the connections from clients. |
LBAccessListControl | |
| access_log_enabled | Access log enabled setting If access log is enabled, all HTTP requests sent to L7 virtual server are logged to the access log file. Both successful returns information responses(1xx), successful responses(2xx), redirection messages(3xx) and unsuccessful requests, backend server returns 4xx or 5xx, are logged to access log, if enabled. All L4 virtual server connections are also logged to the access log if enabled. The non-significant events such as successful requests are not logged if log_significant_event_only is set to true. |
boolean | Default: "False" |
| application_profile_path | Application profile path The application profile defines the application protocol characteristics. It is used to influence how load balancing is performed. Currently, LBFastTCPProfile, LBFastUDPProfile and LBHttpProfile, etc are supported. |
string | Required |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| client_ssl_profile_binding | Virtual server side SSL binding setting The setting is used when load balancer acts as an SSL server and terminating the client SSL connection. The property is deprecated as NSX-T Load Balancer is deprecated. |
LBClientSslProfileBinding | Deprecated |
| default_pool_member_ports | Default pool member ports when member port is not defined. Default pool member ports when member port is not defined. |
array of PortElement | Maximum items: 14 |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | whether the virtual server is enabled Flag to enable the load balancer virtual server. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| ip_address | IP address of the LBVirtualServer Configures the IP address of the LBVirtualServer where it receives all client connections and distributes them among the backend servers. |
IPAddress | Required |
| lb_persistence_profile_path | Persistence Profile used by LBVirtualServer Path to optional object that enables persistence on a virtual server allowing related client connections to be sent to the same backend server. Persistence is disabled by default. |
string | |
| lb_service_path | Path to LBService object for LBVirtualServer virtual servers can be associated to LBService(which is similar to physical/virtual load balancer), LB virtual servers, pools and other entities could be defined independently, the LBService identifier list here would be used to maintain the relationship of LBService and other LB entities. |
string | |
| log_significant_event_only | Log only significant event in access log The property log_significant_event_only can take effect only when access_log_enabled is true. If log_significant_event_only is true, significant events are logged in access log. For L4 virtual server, significant event means unsuccessful(error or dropped) TCP/UDP connections. For L7 virtual server, significant event means unsuccessful connections or HTTP/HTTPS requests which have error response code(e.g. 4xx, 5xx). |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| max_concurrent_connections | Maximum concurrent connection number To ensure one virtual server does not over consume resources, affecting other applications hosted on the same LBS, connections to a virtual server can be capped. If it is not specified, it means that connections are unlimited. The property is deprecated as NSX-T Load Balancer is deprecated. |
integer | Deprecated Minimum: 1 Maximum: 2147483647 |
| max_new_connection_rate | Maximum new connection rate in connections per second To ensure one virtual server does not over consume resources, connections to a member can be rate limited. If it is not specified, it means that connection rate is unlimited. The property is deprecated as NSX-T Load Balancer is deprecated. |
integer | Deprecated Minimum: 1 Maximum: 2147483647 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| pool_path | Default server pool path The server pool(LBPool) contains backend servers. Server pool consists of one or more servers, also referred to as pool members, that are similarly configured and are running the same application. |
string | |
| ports | Virtual server port number(s) or port range(s) Ports contains a list of at least one port or port range such as "80", "1234-1236". Each port element in the list should be a single port or a single port range. |
array of PortElement | Required |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LBVirtualServer | string | |
| rules | List of load balancer rules Load balancer rules allow customization of load balancing behavior using match/action rules. Currently, load balancer rules are supported for only layer 7 virtual servers with LBHttpProfile. The property is deprecated as NSX-T Load Balancer is deprecated. |
array of LBRule | Deprecated Maximum items: 4000 |
| server_ssl_profile_binding | Pool side SSL binding setting The setting is used when load balancer acts as an SSL client and establishing a connection to the backend server. The property is deprecated as NSX-T Load Balancer is deprecated. |
LBServerSslProfileBinding | Deprecated |
| sorry_pool_path | Sorry server pool path When load balancer can not select a backend server to serve the request in default pool or pool in rules, the request would be served by sorry server pool. The property is deprecated as NSX-T Load Balancer is deprecated. |
string | Deprecated |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LBXForwardedForType (schema) (Deprecated)
X-forwarded-for type
X-forwarded-for type.
| Name | Description | Type | Notes |
|---|---|---|---|
| LBXForwardedForType | X-forwarded-for type X-forwarded-for type. |
string | Deprecated Enum: INSERT, REPLACE |
Label (schema)
Label
Label that will be displayed for a UI element.
| Name | Description | Type | Notes |
|---|---|---|---|
| condition | Expression for evaluating condition If the condition is met then the label will be applied. Examples of expression syntax are provided under example_request section of CreateWidgetConfiguration API. |
string | Maximum length: 1024 |
| hover | Show label only on hover If true, displays the label only on hover |
boolean | Default: "False" |
| icons | Icons Icons to be applied at dashboard for the label |
array of Icon | Minimum items: 0 |
| navigation | Navigation to a specified UI page Hyperlink of the specified UI page that provides details. |
string | Maximum length: 1024 |
| text | Label text Text to be displayed at the label. |
string | Required Maximum length: 255 |
LabelValueConfiguration (schema)
Label Value Dashboard Widget Configuration
Represents a Label-Value widget configuration
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| condition | Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally. |
string | Maximum length: 1024 |
| datasources | Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API. |
array of Datasource | Minimum items: 0 |
| default_filter_value | Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values. |
array of DefaultFilterValue | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title. |
string | Maximum length: 255 |
| drilldown_id | Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget. |
string | Maximum length: 255 |
| feature_set | Features required to view the widget Features required to view the widget. |
FeatureSet | |
| filter | Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property. |
string | Deprecated |
| filter_value_required | Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory. |
boolean | Default: "True" |
| filters | A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget. |
array of string | |
| footer | Footer | ||
| icons | Icons Icons to be applied at dashboard for widgets and UI elements. |
array of Icon | |
| id | Unique identifier of this resource | string | Sortable |
| is_drilldown | Set as a drilldown widget Set to true if this widget should be used as a drilldown. |
boolean | Default: "False" |
| layout | Layout of properties inside widget Layout of properties can be vertical or grid. If layout is not specified a default vertical layout is applied. |
Layout | |
| legend | Legend for the widget Legend to be displayed. If legend is not needed, do not include it. |
Legend | |
| navigation | Navigation to a specified UI page Hyperlink of the specified UI page that provides details. |
string | Maximum length: 1024 |
| plot_configs | List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here. |
array of WidgetPlotConfiguration | |
| properties | Rows An array of label-value properties. |
array of PropertyItem | Required |
| resource_type | Must be set to the value LabelValueConfiguration | string | Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255 |
| rowspan | Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px. |
int | Minimum: 1 |
| shared | Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users. |
boolean | Deprecated |
| show_header | This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header. |
boolean | |
| span | Horizontal span Represents the horizontal span of the widget / container. |
int | Minimum: 1 Maximum: 12 |
| sub_type | Sub-type of the LabelValueConfiguration A sub-type of LabelValueConfiguration. If sub-type is not specified the parent type is rendered. For VERTICALLY_ALIGNED sub_type, the value is placed below the label. For HORIZONTALLY_ALIGNED sub_type, the value is placed right hand side of the label. |
string | Enum: VERTICALLY_ALIGNED, HORIZONTALLY_ALIGNED |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| weight | Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details. |
int | Deprecated |
Layout (schema)
Layout of a container or widget
Represents layout of a container or widget
| Name | Description | Type | Notes |
|---|---|---|---|
| properties | LayoutProperties | ||
| type | Type of layout of a container or widget Describes layout of a container or widget. Layout describes how individual widgets are placed inside the container. For example, if HORIZONTAL is chosen widgets are placed side by side inside the container. If VERTICAL is chosen then widgets are placed one below the other. If GRID is chosen then the container or widget display area is divided into a grid of m rows and n columns, as specified in the properties, and the widgets are placed inside the grid. If AUTO is chosen then container or widgets display area will be automatically calculated depending upon the required width. |
string | Enum: HORIZONTAL, VERTICAL, GRID, AUTO Default: "HORIZONTAL" |
LayoutProperties (schema)
Layout properties of a container or widget
Properties of the layout of a container or widget
| Name | Description | Type | Notes |
|---|---|---|---|
| num_columns | Number of columns of grid Describes the number of columns of grid layout of a container or widget. This property is applicable for grid layout only. |
int | |
| num_rows | Number of rows of grid Describes the number of rows of grid layout of a container or widget. This property is applicable for grid layout only. |
int |
LbHttpRequestHeader (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| header_name | Name of HTTP request header | string | Required |
| header_value | Value of HTTP request header | string | Required |
LbLogLevel (schema)
the log level of load balancer service
| Name | Description | Type | Notes |
|---|---|---|---|
| LbLogLevel | the log level of load balancer service | string | Enum: DEBUG, INFO, WARNING, ERROR, CRITICAL, ALERT, EMERGENCY |
LbRuleMatchType (schema) (Deprecated)
Match type for LbRule conditions
LbRuleMatchType is used to determine how a specified string value is used
to match a specified LbRuleCondition field.
STARTS_WITH: If the LbRuleCondition field starts with specified string, the
condition matches. The fields with this match type are specified as
strings, not regular expressions.
ENDS_WITH: If the LbRuleCondition field ends with specified string, the
condition matches. The fields with this match type are specified as
strings, not regular expressions.
EQUALS: If the LbRuleCondition field is same as the specified string, the
condition matches. The fields with this match type are specified as
strings, not regular expressions.
CONTAINS: If the LbRuleCondition field contains the specified string, the
condition matches. The fields with this match type are specified as
strings, not regular expressions.
REGEX: If the LbRuleCondition field matches specified regular expression,
the condition matches. The regular expressions in load balancer rules use
the features common to both Java regular expressions and Perl Compatible
Regular Expressions (PCREs) with some restrictions. Reference
http://www.pcre.org for PCRE and the NSX-T Administrator's Guide for the
restrictions.
If named capturing groups are used in the regular expression, when a
match succeeds, the substrings of the subject string that match named
capturing groups are stored (captured) in variables with specific names
which can be used in the fields of LbRuleAction which support variables.
Named capturing group are defined in the format (?<name>subpattern),
such as (?<year>\d{4}).
For example, in the regular expression:
"/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)", for
subject string "/news/2017/06/xyz.html", the substring "2017" is captured
in variable year, "06" is captured in variable month, and "xyz.html" is
captured in variable article. These variables can be used in LbRuleAction
fields which support variables in form of $name, such as $year, $month,
$article.
Please note, when regular expressions are used in JSON(JavaScript Object
Notation) string, every backslash character (\) needs to be escaped by one
additional backslash character.
| Name | Description | Type | Notes |
|---|---|---|---|
| LbRuleMatchType | Match type for LbRule conditions LbRuleMatchType is used to determine how a specified string value is used to match a specified LbRuleCondition field. STARTS_WITH: If the LbRuleCondition field starts with specified string, the condition matches. The fields with this match type are specified as strings, not regular expressions. ENDS_WITH: If the LbRuleCondition field ends with specified string, the condition matches. The fields with this match type are specified as strings, not regular expressions. EQUALS: If the LbRuleCondition field is same as the specified string, the condition matches. The fields with this match type are specified as strings, not regular expressions. CONTAINS: If the LbRuleCondition field contains the specified string, the condition matches. The fields with this match type are specified as strings, not regular expressions. REGEX: If the LbRuleCondition field matches specified regular expression, the condition matches. The regular expressions in load balancer rules use the features common to both Java regular expressions and Perl Compatible Regular Expressions (PCREs) with some restrictions. Reference http://www.pcre.org for PCRE and the NSX-T Administrator's Guide for the restrictions. If named capturing groups are used in the regular expression, when a match succeeds, the substrings of the subject string that match named capturing groups are stored (captured) in variables with specific names which can be used in the fields of LbRuleAction which support variables. Named capturing group are defined in the format (?<name>subpattern), such as (?<year>\d{4}). For example, in the regular expression: "/news/(?<year>\d+)/(?<month>\d+)/(?<article>.*)", for subject string "/news/2017/06/xyz.html", the substring "2017" is captured in variable year, "06" is captured in variable month, and "xyz.html" is captured in variable article. These variables can be used in LbRuleAction fields which support variables in form of $name, such as $year, $month, $article. Please note, when regular expressions are used in JSON(JavaScript Object Notation) string, every backslash character (\) needs to be escaped by one additional backslash character. |
string | Deprecated Enum: STARTS_WITH, ENDS_WITH, EQUALS, CONTAINS, REGEX |
LbServiceSize (schema)
the size of load balancer service
The size of load balancer service can be, SMALL, MEDIUM, LARGE, XLARGE, or
DLB. The first four sizes are realized on Edge node as a centralized load
balancer. DLB is realized on each ESXi hypervisor as a distributed load
balancer. DLB is supported for k8s cluster IPs managed by vSphere with
Kubernetes. DLB is NOT supported for any other workload types.
The load balancer service sizes, SMALL, MEDIUM, LARGE and XLARGE are all
deprecated. Customers who are using this set of features are advised to
migrate to NSX Advanced Load Balancer (Avi) which provides a superset of
the NSX-T load balancing functionality.
| Name | Description | Type | Notes |
|---|---|---|---|
| LbServiceSize | the size of load balancer service The size of load balancer service can be, SMALL, MEDIUM, LARGE, XLARGE, or DLB. The first four sizes are realized on Edge node as a centralized load balancer. DLB is realized on each ESXi hypervisor as a distributed load balancer. DLB is supported for k8s cluster IPs managed by vSphere with Kubernetes. DLB is NOT supported for any other workload types. The load balancer service sizes, SMALL, MEDIUM, LARGE and XLARGE are all deprecated. Customers who are using this set of features are advised to migrate to NSX Advanced Load Balancer (Avi) which provides a superset of the NSX-T load balancing functionality. |
string | Enum: SMALL, MEDIUM, LARGE, XLARGE, DLB |
LbSslSessionReusedType (schema) (Deprecated)
Type of SSL session reused
| Name | Description | Type | Notes |
|---|---|---|---|
| LbSslSessionReusedType | Type of SSL session reused | string | Deprecated Enum: IGNORE, REUSED, NEW |
LdapIdentitySource (schema)
An LDAP identity source
This is the base type for all identity sources that use LDAP for authentication and group membership.
This is an abstract type. Concrete child types:
ActiveDirectoryIdentitySource
OpenLdapIdentitySource
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| alternative_domain_names | Additional domains to be directed to this identity source After parsing the "user@domain", the domain portion is used to select the LDAP identity source to use. Additional domains listed here will also be directed to this LDAP identity source. In Active Directory these are sometimes referred to as Alternative UPN Suffixes. |
array of string | |
| base_dn | DN of subtree for user and group searches The subtree of the LDAP identity source to search when locating users and groups. |
string | Required |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| domain_name | Authentication domain name The name of the authentication domain. When users log into NSX using an identity of the form "user@domain", NSX uses the domain portion to determine which LDAP identity source to use. |
string | Required |
| id | Unique identifier of this resource | string | Sortable |
| ldap_servers | LDAP servers for this identity source The list of LDAP servers that provide LDAP service for this identity source. Currently, only one LDAP server is supported. |
array of IdentitySourceLdapServer | Maximum items: 3 |
| resource_type | Must be set to the value LdapIdentitySource | string | Required Enum: ActiveDirectoryIdentitySource, OpenLdapIdentitySource |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
LdapIdentitySourceListResult (schema)
List results containing LDAP identity sources
The results of listing LDAP identity sources.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | array of LdapIdentitySource (Abstract type: pass one of the following concrete types) ActiveDirectoryIdentitySource OpenLdapIdentitySource |
||
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
LdapIdentitySourceProbeResults (schema)
Results from probing all LDAP servers
Results from probing all LDAP servers in an LDAP identity source configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| results | Probe results Probe results for all probed LDAP servers. |
array of IdentitySourceLdapServerProbeResult |
LdapIdentitySourceSearchRequestParameters (schema)
Arguments for searching users and groups
To search for a user or group in an LDAP identity source,
provide a filter_value. The directory will be searched for
users and groups that match the search string.
User searches:
For Active Directory sources, the directory will be searched
for users whose commonName (CN) property contains the given
string and for users whose samAccountName property contains
the given string. For OpenLDAP sources, the directory will
be searched for users whose commonName (CN) property contains
the given string and for users whose uid property contains
the given string.
Group searches:
For both Active Directory and OpenLDAP sources, the directory
will be searched for groups whose commonName (CN) property
contains the the given string.
The LDAP server may impose a limit on the number of returned
entries.
| Name | Description | Type | Notes |
|---|---|---|---|
| filter_value | Search filter value A string to use when searching for users and groups in the LDAP identity source. |
string | Required |
LdapIdentitySourceSearchResultItem (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| common_name | Common Name (CN) of entry The Common Name (CN) of the entry, if available. |
string | |
| dn | DN of the entry Distinguished name (DN) of the entry. |
string | |
| principal_name | The principal name of the user or group, if available For Active Directory (AD) users, this will be the user principal name (UPN), in the format user@domain. For non-AD users, this will be the user's uid property, followed by "@" and the domain of the directory. For groups, this will be the group's common name, followed by "@" and the domain of the directory. |
string | |
| type | Type of the entry Describes the type of the entry |
string | Enum: USER, GROUP |
LdapIdentitySourceSearchResultList (schema)
A list of LDAP search results
A list of LDAP entries returned from a search of an LDAP identity source.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| results | array of LdapIdentitySourceSearchResultItem |
LdapProbeError (schema)
Error detail from probe
Detail about one error encountered during a probe.
| Name | Description | Type | Notes |
|---|---|---|---|
| error_type | Error type The cause of the error. BASE_DN_NOT_FOUND: The configured base DN does not exist on the LDAP server or is not readable. BIND_DN_AND_PASSWORD_REQUIRED: This server is configured to require a bind DN and password. Please add these to your LDAP server configuration. BIND_DN_INVALID: The bind DN or username provided is not valid on the LDAP server. Check that the bind DN is correct. This error may also indicate that the base DN in your configuration is incorrect. CERTIFICATE_HOSTNAME_MISMATCH_ERROR: The hostname configured for the LDAP server does not match the hostname in the server's certificate subject or alternative subject names. Be sure that the hostname you configure in NSX Manager matches one of those names. CERTIFICATE_MISMATCH_ERROR: The certificate presented by the LDAP server did not match the certificate in the configuration on the NSX Manager. CONNECTION_REFUSED: The connection was refused when contacting the LDAP server. Ensure that the LDAP server is running and that you are using the correct ip/hostname. CONNECTION_TIMEOUT: The connection timed out when contacting the LDAP server. Check the hostname/ip and any firewalls between the NSX Manager and the LDAP server. GENERAL_ERROR: An undetermined error occurred. INVALID_CONFIGURED_CERTIFICATE: The certificate configured for this LDAP server is invalid and could not be decoded. Check that the PEM-formatted certificate you provided is correct. INVALID_CREDENTIALS: The username and/or password are incorrect. SSL_HANDSHAKE_ERROR: An error occurred while establishing a secure connection with the LDAP server. Check that the LDAP server's certificate is correct, and that it is using an SSL/TLS cipher suite that is compatible with the NSX Manager. This error can also occur if the hostname you have configured for the LDAP server does not match any of the hostnames in the Subject Alternative Name records in the server certificate. STARTTLS_FAILED: Unable to use StartTLS to upgrade the connection to use TLS. Ensure that the LDAP server supports TLS and if not, use LDAP or LDAPS as the protocol. UNKNOWN_HOST: The hostname of the LDAP server could not be resolved. NO_ROUTE_TO_HOST: There is no network route to the host. BIND_EXCEPTION: A socket to the remote host could not be opened. PORT_UNREACHABLE: The LDAP port is not open on the remote host. BASE_DN_NOT_WITHIN_DOMAIN: For Active Directory, the base DN is not a subtree of the Domain Component tree corresponding to the LDAP domain. For example, if the domain is "example.com", the baseDN should be "dc=example, dc=com" or a subtree like "ou=Users,dc=example,dc=com". LDAP_SERVER_DISABLED: The LDAP server is marked as disabled in the NSX configuration and will not be used. |
string | Enum: BASE_DN_NOT_FOUND, BIND_DN_AND_PASSWORD_REQUIRED, BIND_DN_INVALID, CERTIFICATE_HOSTNAME_MISMATCH_ERROR, CERTIFICATE_MISMATCH_ERROR, CONNECTION_REFUSED, CONNECTION_TIMEOUT, GENERAL_ERROR, INVALID_CONFIGURED_CERTIFICATE, INVALID_CREDENTIALS, SSL_HANDSHAKE_ERROR, STARTTLS_FAILED, UNKNOWN_HOST, NO_ROUTE_TO_HOST, BIND_EXCEPTION, PORT_UNREACHABLE, BASE_DN_NOT_WITHIN_DOMAIN, LDAP_SERVER_DISABLED |
Legend (schema)
Legend for the widget
Represents legend that describes the entities of the widget.
| Name | Description | Type | Notes |
|---|---|---|---|
| alignment | Alignment of the legend Describes the alignment of legend. Alignment of a legend denotes how individual items of the legend are aligned in a container. For example, if VERTICAL is chosen then the items of the legend will appear one below the other and if HORIZONTAL is chosen then the items will appear side by side. |
string | Enum: HORIZONTAL, VERTICAL Default: "VERTICAL" |
| display_count | Show count of entities in the legend If set to true, it will display the counts in legend. If set to false, counts of entities are not displayed in the legend. |
boolean | Default: "True" |
| display_mode | Display mode for legends. Display mode for legends. |
string | Enum: SHOW_ALL_LEGENDS, SHOW_MIN_NO_OF_LEGENDS, SHOW_OTHER_GROUP_WITH_LEGENDS Default: "SHOW_ALL_LEGENDS" |
| filterable | Show checkbox along with legends if value is set to true Show checkbox along with legends if value is set to true. Widget filtering capability can be enable based on legend checkbox selection. for 'display_mode' SHOW_OTHER_GROUP_WITH_LEGENDS filterable property is not supported. |
boolean | Default: "False" |
| min_legends_display_count | A minimum number of legends to be displayed. A minimum number of legends to be displayed upfront. if 'display_mode' is set to SHOW_MIN_NO_OF_LEGENDS then this property value will be used to display number of legends upfront in the UI. |
int | Minimum: 1 Maximum: 12 Default: "3" |
| other_group_legend_label | A label for showing other category in legends. A translated label for showing other category label in legends. |
string | Default: "WIDGET_LABEL_OTHER_LEGEND_LABEL" |
| position | Placement of legend Describes the relative placement of legend. The legend of a widget can be placed either to the TOP or BOTTOM or LEFT or RIGHT relative to the widget. For example, if RIGHT is chosen then legend is placed to the right of the widget. |
string | Enum: TOP, BOTTOM, LEFT, RIGHT, TOP_RIGHT Default: "RIGHT" |
| type | Type of the legend Describes the render type for the legend. The legend for an entity describes the entity in the widget. The supported legend type is a circle against which the entity's details such as display_name are shown. The color of the circle denotes the color of the entity shown inside the widget. |
string | Enum: CIRCLE Default: "CIRCLE" |
| unit | Show unit of entities in the legend Show unit of entities in the legend. |
string |
LegendWidgetConfiguration (schema)
Legend widget Configuration
Represents configuration for Legend widget. For this widget the data source is not applicable. This widget can be use to add the Legend inside the dashboard container.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| condition | Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally. |
string | Maximum length: 1024 |
| datasources | Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API. |
array of Datasource | Minimum items: 0 |
| default_filter_value | Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values. |
array of DefaultFilterValue | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title. |
string | Maximum length: 255 |
| drilldown_id | Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget. |
string | Maximum length: 255 |
| feature_set | Features required to view the widget Features required to view the widget. |
FeatureSet | |
| filter | Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property. |
string | Deprecated |
| filter_value_required | Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory. |
boolean | Default: "True" |
| filters | A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget. |
array of string | |
| footer | Footer | ||
| icons | Icons Icons to be applied at dashboard for widgets and UI elements. |
array of Icon | |
| id | Unique identifier of this resource | string | Sortable |
| is_drilldown | Set as a drilldown widget Set to true if this widget should be used as a drilldown. |
boolean | Default: "False" |
| layout | A layout for legend widget. Defines the layout for the legend widget |
Legend | Required |
| legend | Legend for the widget Legend to be displayed. If legend is not needed, do not include it. |
Legend | |
| plot_configs | List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here. |
array of WidgetPlotConfiguration | |
| resource_type | Must be set to the value LegendWidgetConfiguration | string | Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255 |
| rowspan | Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px. |
int | Minimum: 1 |
| shared | Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users. |
boolean | Deprecated |
| show_header | This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header. |
boolean | |
| source_widget_id | Id of source widget for this legend widget Id of source widget, if any. Id should be a valid id of an existing widget. This property can be used to identify the source of the data for this legend widget. |
string | Required Maximum length: 255 |
| span | Horizontal span Represents the horizontal span of the widget / container. |
int | Minimum: 1 Maximum: 12 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| weight | Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details. |
int | Deprecated |
LineChartPlotConfiguration (schema)
A line chart plotting configuration
A line chart plotting configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| allow_maximize | Allow maximize capability for this widget Allow maximize capability for this widget |
boolean | |
| condition | Expression for evaluating condition for this chart config If the condition is met then the given chart config is applied to the widget configuration. |
string | Maximum length: 1024 |
| fill_gradient_area | Fill the line chart area with a gradient series color. Fill the line chart area with a gradient series color. |
boolean | |
| num_of_series_to_display | A number of series to be displayed upfront. Specifies the number of series to be displayed in a line chart. If no value is provided all the series will be displayed. |
int | Minimum: 1 Maximum: 16 |
| show_curved_lines | Show curved lines for series Used for displaying the curved lines for a series in a line chart. By default, straight line is used to for a series in a line chart. |
boolean | Default: "True" |
| show_data_in_tooltip | Show data in tooltip. Show the data in tooltip. |
boolean | Default: "False" |
| show_data_points | Show the Data point highlighting in line chart Controls the visiblity of the data points on the line chart. If value is set to false data points wont be high- lighted on the lines. |
boolean | Default: "True" |
| show_grid_lines | Show grid lines Controls the visiblity of the grid lines in line chart. |
boolean | Default: "True" |
| show_grouped_tooltip | Derives to show the grouped tooltip Controls the visiblity of the grouped tooltip in a line chart across all series. |
boolean | Default: "False" |
| show_min_max_on_series | Show min and max value on line series Controls the visiblity of the min and max value across line series in line chart. |
boolean | Default: "False" |
| show_unit_in_tooltip | Show data unit in tooltip. Show the data unit in tooltip. |
boolean | Default: "False" |
| sort_data_in_grouped_tooltip | Sort the data in grouped tooltip Sort the data in grouped tooltip. |
boolean | Default: "False" |
| sort_series | Perform sorting on series using the latest data point Specifies whether the series should be sorted by the latest data point. |
boolean | Default: "False" |
ListByNodeIdParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string | |
| source | The data source, either realtime or cached. If not provided, cached data is returned. | DataSourceType | |
| transport_node_id | TransportNode Id | string |
ListByOptionalTransportNodeParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| edge_path | Transport node | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
ListCertParameter (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| details | whether to expand the pem data and show all its details | boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| node_id | Node ID of certificate to return Provide this parameter to limit the list of returned certificates to those matching a particular node ID. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string | |
| type | Type of certificate to return Provide this parameter to limit the list of returned certificates to those matching a particular usage. Passing cluster_certificate will return the certificate used for the cluster wide API service. |
string | Enum: cluster_api_certificate, api_certificate |
ListRequestParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
ListResult (schema)
Base class for list results from collections
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ListResultQueryParameters (schema)
Parameters that affect how list results are processed
| Name | Description | Type | Notes |
|---|---|---|---|
| fields | Fields to include in query results Comma-separated field names to include in query result |
string |
ListWithDataSourceParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string | |
| source | The data source, either realtime or cached. If not provided, cached data is returned. | DataSourceType |
LiveTraceConfig (schema)
Livetrace configuration
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| actions | Livetrace actions Configuration of actions on the filtered packets. |
PolicyLiveTraceActionConfig | Required |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| filter | Packet filter Filter for flows of interest. |
LiveTraceFilterData (Abstract type: pass one of the following concrete types) FieldsFilterData PlainFilterData |
|
| id | Unique identifier of this resource | string | Sortable |
| ipsec_vpn_config | IPSec VPN configuration for starting livetrace on IPSec tunnel interface IPSec VPN configuration for starting livetrace on IPSec tunnel interface |
PolicyLiveTraceIpsecVpnConfig | |
| is_transient | Marker to indicate if the intent is transient This field indicates whether the intent is transient. If it is set to true, intent will be cleaned up after 1 hour of inactivity. |
boolean | Default: "True" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LiveTraceConfig | string | |
| src_port_path | Policy path of logical port Policy path of logical port to start a livetrace session. |
string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | Timeout in seconds for livetrace session The duration for observing live traffic on the specified source logical port. |
integer | Minimum: 5 Maximum: 600 Default: "10" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LiveTraceFilterData (schema)
This is an abstract type. Concrete child types:
FieldsFilterData
PlainFilterData
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_type | Filter type | string | Required Enum: FieldsFilterData, PlainFilterData Default: "FieldsFilterData" |
LiveTracePacketGranularActionConfig (schema)
Configuration of livetrace packet granular action
| Name | Description | Type | Notes |
|---|---|---|---|
| dest_ipsec_vpn_config | IPSec VPN configuration for the reverse direction of a livetrace session. It is required only when the trace type is bidirectional. Multiple bi-directional actions in a livetrace session should have the same IPSec VPN config specified for the reverse direction. |
PolicyLiveTraceIpsecVpnConfig | |
| dest_port_path | Policy path of logical port Policy path of logical port for the reverse direction of a livetrace session. It is required only when the trace type is bidirectional. Multiple bi-directional actions in a livetrace session should have the same port specified for the reverse direction. |
string | |
| reverse_filter | Packet filter Filter for flows of interest at the reverse direction. It takes effect only when the trace type is bidirectional. Multiple bi-directional actions in a livetrace session should have the same filter specified for the reverse direction. |
LiveTraceFilterData (Abstract type: pass one of the following concrete types) FieldsFilterData PlainFilterData |
|
| sampling | Sampling parameter for the action Sampling parameter for the action. Trace action, packet capture action, and datapath statistics action only support first-N sampling. |
LiveTraceSamplingConfig | |
| trace_type | Type of trace | string | Required Enum: UNI_DIRECTIONAL, BI_DIRECTIONAL |
LiveTraceSamplingConfig (schema)
Sampling parameter for a livetrace action
| Name | Description | Type | Notes |
|---|---|---|---|
| match_number | Parameter for first-N sampling. First N packets are sampled. The upper limits of sampling number for livetrace actions are listed as below: - trace action: 50 - packet capture action: 500 - datapath statistics action: 65535 |
integer | Minimum: 1 Maximum: 65535 |
| sampling_interval | Parameter for interval based sampling A packet is sampled for every given time interval in ms. |
integer | Minimum: 1 Maximum: 30000 |
| sampling_rate | Parameter for packet number based sampling 1 out of N packets is sampled on average. |
integer | Minimum: 1 Maximum: 65535 |
LocalEgress (schema)
Local Egress
Local Egress is used on both server and client sites so that the gateway
is used for N-S traffic and overhead on L2VPN tunnel is reduced.
| Name | Description | Type | Notes |
|---|---|---|---|
| optimized_ips | Gateway IP for Local Egress Gateway IP for Local Egress. Local egress is enabled only when this list is not empty. |
array of IPAddress | Minimum items: 1 Maximum items: 1 |
LocalEgressRoutingEntry (schema)
Local egress routing policy
| Name | Description | Type | Notes |
|---|---|---|---|
| nexthop_address | Next hop address Next hop address for proximity routing. |
string | Required |
| prefix_list_paths | Policy path to prefix lists The destination address of traffic matching a prefix-list is forwarded to the nexthop_address. Traffic matching a prefix list with Action DENY will be dropped. Individual prefix-lists specified could have different actions. |
array of string | Required Maximum items: 1 |
LocalSiteConfiguration (schema)
Local site information
Local site with federation id and epoch.
| Name | Description | Type | Notes |
|---|---|---|---|
| epoch | Epoch | integer | Required |
| id | Federation id | string | Required |
| site | Site | FederationSite | Required |
LocaleServices (schema)
Locale-services configuration
Site specific configuration of Tier0 in multi-site scenario
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| bfd_profile_path | Policy path of BFD profile This profile is applied to all static route peers in this locale. BFD profile configured on static route peers takes precedence over global configuration. If this field is empty, a default profile is applied to all peers. |
string | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildTier1Interface |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| edge_cluster_path | Edge cluster path The reference to the edge cluster using the policy path of the edge cluster. Auto assigned on Tier0 if the associated enforcement point has only one edge cluster. For Tier1 ACTIVE-ACTIVE, edge cluster can not be removed and Edge Cluster will be defaulted to edge cluster from connected Tier0. |
string | |
| ha_vip_configs | Array of HA VIP Config. This configuration can be defined only for Active-Standby Tier0 gateway to provide redundancy. For mulitple external interfaces, multiple HA VIP configs must be defined and each config will pair exactly two external interfaces. The VIP will move and will always be owned by the Active node. When this property is configured, configuration of dynamic-routing is not allowed. |
array of Tier0HaVipConfig | |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| preferred_edge_paths | Edge node path Policy paths to edge nodes. For Tier1 gateway, the field is used to statically assign the ordered list of up to two edge nodes for stateful services. To enable auto allocation of nodes from the specified edge cluster the field must be left unset. The auto allocation of nodes is supported only for the Tier1 gateway. For Tier0 gateway specified edge is used as a preferred edge node when failover mode is set to PREEMPTIVE, not applicable otherwise. |
array of string | Maximum items: 2 |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value LocaleServices | string | |
| route_redistribution_config | Route Redistribution configuration Configure all route redistribution properties like enable/disable redistributon, redistribution rule and so on. |
Tier0RouteRedistributionConfig | |
| route_redistribution_types | Enable redistribution of different types of routes on Tier-0 Enable redistribution of different types of routes on Tier-0. This property is only valid for locale-service under Tier-0. This property is deprecated, please use "route_redistribution_config" property to configure redistribution rules. |
array of Tier0RouteRedistributionTypes | Deprecated |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
LocaleServicesListResult (schema)
Paged collection of LocaleServices
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | LocaleServices results | array of LocaleServices | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
LoggingServiceProperties (schema)
Service properties
| Name | Description | Type | Notes |
|---|---|---|---|
| logging_level | Service logging level | string | Required Enum: OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE |
| modified_package_logging_levels | Modified package logging levels | string | |
| package_logging_level | Package logging levels | array of PackageLoggingLevels |
LogicalPortOperationalStatus (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| last_update_timestamp | Timestamp when the data was last updated; unset if data source has never updated the data. | EpochMsTimestamp | Readonly |
| logical_port_id | The id of the logical port | string | Required Readonly |
| status | The Operational status of the logical port | string | Required Enum: UP, DOWN, UNKNOWN |
LogicalPortStatistics (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| dropped_by_security_packets | PacketsDroppedBySecurity | Readonly | |
| last_update_timestamp | Timestamp when the data was last updated; unset if data source has never updated the data. | EpochMsTimestamp | Readonly |
| logical_port_id | The id of the logical port | string | Required Readonly |
| mac_learning | MacLearningCounters | Readonly | |
| rx_bytes | DataCounter | Readonly | |
| rx_packets | DataCounter | Readonly | |
| tx_bytes | DataCounter | Readonly | |
| tx_packets | DataCounter | Readonly |
LogicalRouterPortCounters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| blocked_packets | The number of blocked packets The total number of packets blocked. |
integer | |
| dad_dropped_packets | The number of duplicate address detected packets dropped Number of duplicate address detected packets dropped. |
integer | |
| destination_unsupported_dropped_packets | The number of destination unsupported packets dropped Number of packtes dropped as destination is not supported. |
integer | |
| dropped_packets | The number of dropped packets The total number of packets dropped. |
integer | |
| firewall_dropped_packets | The number of firewall packets dropped Number of firewall packets dropped. |
integer | |
| frag_needed_dropped_packets | The number of fragmentation needed packets dropped Number of fragmentation needed packets dropped. |
integer | |
| ipsec_dropped_packets | The number of IPSec packets dropped Number of IPSec packets dropped |
integer | |
| ipsec_no_sa_dropped_packets | The number of IPSec no security association packets dropped Number of IPSec no security association packets dropped. |
integer | |
| ipsec_no_vti_dropped_packets | The number of IPSec no VTI packets dropped Number of IPSec packets dropped as no VTI is present. |
integer | |
| ipsec_pol_block_dropped_packets | The number of IPSec policy block packets dropped Number of IPSec policy block packets dropped. |
integer | |
| ipsec_pol_err_dropped_packets | The number of IPSec policy error packets dropped Number of IPSec policy error packets dropped. |
integer | |
| ipv6_dropped_packets | The number of IPV6 packets dropped Number of IPV6 packets dropped. |
integer | |
| kni_dropped_packets | The number of kernal NIC interface packets dropped Number of DPDK kernal NIC interface packets dropped. |
integer | |
| l4port_unsupported_dropped_packets | The number of L4 port unsupported packets dropped Number of packets dropped due to unsupported L4 port. |
integer | |
| malformed_dropped_packets | The number of malformed packets dropped Number of packtes dropped as they are malformed. |
integer | |
| no_arp_dropped_packets | The number of no ARP packets dropped Number of no ARP packets dropped. |
integer | |
| no_linked_dropped_packets | The number of no linked packets dropped Number of packets dropped as no linked ports are present. |
integer | |
| no_mem_dropped_packets | The number of no memory packets dropped Number of packets dropped due to insufficient memory. |
integer | |
| no_receiver_dropped_packets | The number of no receiver packets dropped Number of packets dropped due to absence of receiver. |
integer | |
| no_route_dropped_packets | The number of no route packets dropped | integer | |
| non_ip_dropped_packets | The number of non IP packets dropped Number of non IP packets dropped. |
integer | |
| proto_unsupported_dropped_packets | The number of protocol unsupported packets dropped Number of packets dropped as protocol is unsupported. |
integer | |
| redirect_dropped_packets | The number of redirect packets dropped Number of redirect packets dropped. |
integer | |
| rpf_check_dropped_packets | The number of reverse-path forwarding check packets dropped Number of reverse-path forwarding check packets dropped. |
integer | |
| service_insert_dropped_packets | The number of service insert packets dropped Number of service insert packets dropped. |
integer | |
| total_bytes | The total number of bytes The total number of bytes transferred. |
integer | |
| total_packets | The total number of packets The total number of packets transferred. |
integer | |
| ttl_exceeded_dropped_packets | The number of time to live exceeded packets dropped Number of time to live exceeded packets dropped. |
integer |
LogicalRouterPortStatistics (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| logical_router_port_id | The ID of the logical router port | string | Required |
| per_node_statistics | Per Node Statistics | array of LogicalRouterPortStatisticsPerNode | Readonly |
LogicalRouterPortStatisticsPerNode (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| last_update_timestamp | Timestamp when the data was last updated; unset if data source has never updated the data. | EpochMsTimestamp | Readonly |
| rx | LogicalRouterPortCounters | Readonly | |
| sub_cluster_id | The ID of the Pairwise subcluster in Active-Active service router cluster The subcluster ID of logical router port. Active-Active service router cluster forms pariwise sub cluster of nodes and syncs states among them. |
string | Readonly |
| transport_node_id | The ID of the TransportNode | string | Required Readonly |
| tx | LogicalRouterPortCounters | Readonly |
LogicalRouterPortStatisticsSummary (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| last_update_timestamp | Timestamp when the data was last updated; unset if data source has never updated the data. | EpochMsTimestamp | Readonly |
| logical_router_port_id | The ID of the logical router port | string | Required |
| rx | LogicalRouterPortCounters | Readonly | |
| tx | LogicalRouterPortCounters | Readonly |
LogicalRouterState (schema)
Realization State of Logical Router.
This holds the state of Logical Router. If there are errors in realizing LR outside of MP, it gives details of the components and specific errors.
| Name | Description | Type | Notes |
|---|---|---|---|
| details | Array of configuration state of various sub systems | array of ConfigurationStateElement | Readonly |
| failure_code | Error code | integer | Readonly |
| failure_message | Error message in case of failure | string | Readonly |
| pending_change_list | List of pending changes Request identifier of the API which modified the entity. |
array of string | Readonly |
| state | Overall state of desired configuration Gives details of state of desired configuration. Additional enums with more details on progress/success/error states are sent for edge node. The success states are NODE_READY and TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values indicate failures. "in_sync" state indicates that the desired configuration has been received by the host to which it applies, but is not yet in effect. When the configuration is actually in effect, the state will change to "success". Please note, failed state is deprecated. |
string | Required Readonly Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown, error, in_sync, NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, EDGE_CONFIG_ERROR, VM_DEPLOYMENT_RESTARTED, REGISTRATION_FAILED, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, TRANSPORT_NODE_READY, VM_NETWORK_EDIT_PENDING, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, REGISTRATION_TIMEDOUT, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, VM_RESOURCE_RESERVATION_FAILED, DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER, DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, EDGE_NODE_SETTINGS_MISMATCH_RESOLVE, EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE, EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE, EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE, COMPUTE_MANAGER_NOT_FOUND, DELETE_IN_PROGRESS, ADVANCED_CONFIG_EDIT_FAILED, UPT_MODE_REALIZATION_POLL_TIMED_OUT, DATAPATH_CONFIGURATION_EDIT_FAILED, MAINTENANCE_MODE_ENABLED, ERROR_IN_ENABLE_MAINTENANCE_MODE, ERROR_IN_DISABLE_MAINTENANCE_MODE, CONFIGURE_UPT_ON_VM_FAILED, VM_VERSION_IS_UPT_INCOMPATIBLE, DELETE_FAILED_FOR_DIFFERENT_MOREF_ID, DELETE_FAILED_ON_VM_NOT_FOUND, DELETE_FAILED_FOR_NON_LCM_EDGE |
LogicalRouterStatus (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| last_update_timestamp | Timestamp when the data was last updated; unset if data source has never updated the data. | EpochMsTimestamp | Readonly |
| locale_operation_mode | Location mode for logical router Egress mode for the logical router at given mode |
string | Readonly Enum: PRIMARY_LOCATION, SECONDARY_LOCATION |
| logical_router_id | The id of the logical router | string | Required |
| per_node_status | Per Node Status | array of LogicalRouterStatusPerNode | Readonly |
LogicalRouterStatusPerNode (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| edge_path | edge transport node path. Only populated by Policy APIs |
string | |
| high_availability_status | A service router's HA status on an edge node | string | Required Enum: ACTIVE, STANDBY, DOWN, SYNC, UNKNOWN, ADMIN_DOWN |
| is_default_sub_cluster | Is edge transport node in default sub cluster. True if edge transport node is a member of default sub cluster |
boolean | Default: "False" |
| service_group_ha_status | Service High Availability status Service High availability status of service group linked with sub cluster. |
string | Enum: UNKNOWN, ACTIVE, STANDBY |
| service_router_id | id of the service router where the router status is retrieved. | string | |
| sub_cluster_id | Sub cluster id for the node. This field is populated for sateful active-active mode. Runtime state is only synced among nodes in the same sub cluster. |
string | |
| traffic_group_id | Traffic Group ID of the edge node This field is populated only for VMC on AWS. It is the ID of the traffic group associated with the edge node. |
string | |
| transport_node_id | id of the transport node where the router status is retrieved. | string | Required |
LogicalSwitchStatistics (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| dropped_by_security_packets | PacketsDroppedBySecurity | Readonly | |
| last_update_timestamp | Timestamp when the data was last updated; unset if data source has never updated the data. | EpochMsTimestamp | Readonly |
| logical_switch_id | The id of the logical Switch | string | Required Readonly |
| mac_learning | MacLearningCounters | Readonly | |
| rx_bytes | DataCounter | Readonly | |
| rx_packets | DataCounter | Readonly | |
| tx_bytes | DataCounter | Readonly | |
| tx_packets | DataCounter | Readonly |
MACAddress (schema)
MAC Address
A MAC address. Must be 6 pairs of hexadecimal digits, upper or lower case,
separated by colons or dashes. Examples: 01:23:45:67:89:ab, 01-23-45-67-89-AB.
| Name | Description | Type | Notes |
|---|---|---|---|
| MACAddress | MAC Address A MAC address. Must be 6 pairs of hexadecimal digits, upper or lower case, separated by colons or dashes. Examples: 01:23:45:67:89:ab, 01-23-45-67-89-AB. |
string | Format: mac-address |
MACAddressExpression (schema)
MAC address expression node
Represents MAC address expressions in the form of an array, to support addition of MAC addresses in a group. Avoid creating groups with multiple MACAddressExpression. In future releases, group will be restricted to contain a single MACAddressExpression. To group MAC addresses, use nested groups instead of multiple MACAddressExpression.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mac_addresses | Array of MAC addresses This array can consist of one or more MAC addresses. |
array of MACAddress | Required Minimum items: 1 Maximum items: 4000 |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value MACAddressExpression | string | Required Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
MACAddressList (schema)
MAC Address members.
List of MAC Addresses.
| Name | Description | Type | Notes |
|---|---|---|---|
| mac_addresses | Array of MAC addresses The array contains MAC addresses. |
array of MACAddress | Required Minimum items: 1 Maximum items: 4000 |
MacAddressCsvListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| file_name | File name File name set by HTTP server if API returns CSV result as a file. |
string | |
| last_update_timestamp | Timestamp when the data was last updated; unset if data source has never updated the data. | EpochMsTimestamp | Readonly |
| results | array of MacTableCsvRecord |
MacAddressType (schema)
The type of the MAC address
| Name | Description | Type | Notes |
|---|---|---|---|
| MacAddressType | The type of the MAC address | string | Enum: STATIC, LEARNED |
MacDiscoveryProfile (schema)
Mac Discovery Profile
Mac Discovery Profile
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| mac_change_enabled | Is rule enabled or not Allowing source MAC address change |
boolean | Default: "False" |
| mac_learning_aging_time | Aging time in seconds for learned MAC address Indicates how long learned MAC address remain. |
int | Readonly Default: "600" |
| mac_learning_enabled | Is MAC learning enabled or not Allowing source MAC address learning |
boolean | Required |
| mac_limit | Maximum number of MAC addresses learnt The maximum number of mac addresses that can be learnt on this port when mac learning is enabled. |
int | Minimum: 0 Maximum: 4096 Default: "4096" |
| mac_limit_policy | Mac Limit Policy The policy after MAC Limit is exceeded |
string | Enum: ALLOW, DROP Default: "ALLOW" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_overlay_mac_limit | The maximum number of MAC addresses learned on an overlay Logical Switch The maximum number of mac addresses learnt on an overlay logical switch, irrespective of whether mac learning is enabled on the segment ports. When this limit is reached, traffic for mac addresses that are not learnt will be flooded. |
int | Minimum: 2048 Maximum: 8192 Default: "2048" |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value MacDiscoveryProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| unknown_unicast_flooding_enabled | Is unknown unicast flooding rule enabled or not Allowing flooding for unlearned MAC for ingress traffic |
boolean | Default: "True" |
MacDiscoveryProfileListRequestParameters (schema)
Mac Discovery Profile request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
MacDiscoveryProfileListResult (schema)
Paged collection of Mac Discovery Profiles
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Mac Discovery profile list results | array of MacDiscoveryProfile | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
MacLearningCounters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| mac_not_learned_packets_allowed | Number of dispatched packets with unknown source MAC address. The number of packets with unknown source MAC address that are dispatched without learning the source MAC address. Applicable only when the MAC limit is reached and MAC Limit policy is MAC_LEARNING_LIMIT_POLICY_ALLOW. |
integer | |
| mac_not_learned_packets_dropped | Number of dropped packets with unknown source MAC address. The number of packets with unknown source MAC address that are dropped without learning the source MAC address. Applicable only when the MAC limit is reached and MAC Limit policy is MAC_LEARNING_LIMIT_POLICY_DROP. |
integer | |
| macs_learned | Number of MACs learned | integer |
MacTableCsvRecord (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| mac_address | The MAC address | string | Required |
| rtep_group_id | Remote tunnel endpoint(RTEP) group id RTEP group id is applicable when the logical switch is stretched across multiple sites. When rtep_group_id is set, mac_address represents remote mac_address. |
integer | |
| vtep_group_id | Virtual tunnel endpoint(VTEP) group id VTEP group id is applicable when the logical switch is stretched across multiple sites. When vtep_group_id is set, mac_address represents remote mac_address. |
integer | |
| vtep_ip | The virtual tunnel endpoint IPv4 address | IPAddress | |
| vtep_ipv6 | The virtual tunnel endpoint IPv6 address | IPv6Address | |
| vtep_mac_address | The virtual tunnel endpoint MAC address | string |
MacTableEntry (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| mac_address | The MAC address | string | Required |
| rtep_group_id | Remote tunnel endpoint(RTEP) group id RTEP group id is applicable when the logical switch is stretched across multiple sites. When rtep_group_id is set, mac_address represents remote mac_address. |
integer | |
| vtep_group_id | Virtual tunnel endpoint(VTEP) group id VTEP group id is applicable when the logical switch is stretched across multiple sites. When vtep_group_id is set, mac_address represents remote mac_address. |
integer | |
| vtep_ip | The virtual tunnel endpoint IPv4 address | IPAddress | |
| vtep_ipv6 | The virtual tunnel endpoint IPv6 address | IPv6Address | |
| vtep_mac_address | The virtual tunnel endpoint MAC address | string |
MalwarePreventionProfile (schema)
Malware Prevention Profile
MalwarePrevention Profile which contains the criteria to include Malware Prevention signatures.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| detection_type | Detection Types Represents how the Malware Prevention detection works. |
string | Required Enum: SIGNATURE_BASED, SIGNATURE_AND_SANDBOXING_BASED |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| file_type | File Type Represents different type of files extensions supported in Malware Prevention. |
array of FileType | Required |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value MalwarePreventionProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
MalwarePreventionSignature (schema)
Malware Prevention Signature
Malware Prevention Signature .
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| file_type | File Type File type of Signature. |
string | |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value MalwarePreventionSignature | string | |
| signature_id | Signature ID Represents the Signature's id. |
string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ManagedResource (schema)
Base type for resources that are managed by API clients
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| resource_type | The type of this resource. | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ManagementConfig (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| publish_fqdns | True if Management nodes publish their fqdns(instead of default IP addresses) across NSX for its reachability. | boolean | Required |
MandatoryAccessControlProperties (schema)
Information about mandatory access control
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| enabled | Enabled can be True/False | boolean | |
| status | current status of Mandatory Access Control | string | Readonly Enum: ENABLED, DISABLED, ENABLED_PENDING_REBOOT |
MetadataProxyConfig (schema)
Metadata Proxy Configuration
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| crypto_protocols | Metadata proxy supported cryptographic protocols The cryptographic protocols listed here are supported by the metadata proxy. TLSv1.1 and TLSv1.2 are supported by default |
array of MetadataProxyCryptoProtocols | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| edge_cluster_path | Poilcy path to Edge Cluster Edge clusters configured on MP are auto-discovered by Policy and create corresponding read-only intent objects. |
string | Required |
| enable_standby_relocation | Flag to enable standby relocation Only auto-placed metadata proxies are considered for relocation. Must be FALSE, when the preferred_edge_paths property is configured. |
boolean | Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| preferred_edge_paths | Preferred Edge Paths Edge nodes should be members of edge cluster configured in edge_cluster_path. |
array of string | Maximum items: 2 |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value MetadataProxyConfig | string | |
| secret | Secret Secret word or phrase to access metadata server. |
secure_string | Required |
| server_address | Server Address This field is a URL. Example formats - http://1.2.3.4:3888/path, http://text-md-proxy:5001/. Port number should be between 3000-9000. |
string | Required |
| server_certificates | Policy paths to Certificate Authority (CA) certificates Valid certificates should be configured. The validity of certificates is not checked. Certificates are managed through /infra/certificates API on Policy. |
array of string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
MetadataProxyCryptoProtocols (schema)
Metadata proxy supported cryptographic protocol
| Name | Description | Type | Notes |
|---|---|---|---|
| MetadataProxyCryptoProtocols | Metadata proxy supported cryptographic protocol | string | Enum: TLS_V1, TLS_V1_1, TLS_V1_2 Default: "TLS_V1_2" |
MetadataProxyRuntimeRequestParameters (schema)
Request Parameters for Metadata Proxy Runtime Information
Request parameters that represents a segment path and enforcement_point_path.
| Name | Description | Type | Notes |
|---|---|---|---|
| enforcement_point_path | String Path of the enforcement point enforcement point path, forward slashes must be escaped using %2F. |
string | |
| segment_path | String Path of the segment which is associated with this metadata proxy | string | |
| source | The data source, either realtime or cached. If not provided, cached data is returned. | DataSourceType |
MetadataProxyStatisticsPerSegment (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| error_responses_from_nova_server | error responses from nova server | integer | Required |
| requests_from_clients | requests from clients | integer | Required |
| requests_to_nova_server | requests to nova server | integer | Required |
| responses_to_clients | responses to clients | integer | Required |
| segment_path | Policy path of the attached segment | string | Required |
| succeeded_responses_from_nova_server | succeeded responses from nova server | integer | Required |
MitreAttack (schema)
Mitre Attack
Contain Mitre attack details like tacticName, tacticUrl, techniqueName and techniqueUrl.
| Name | Description | Type | Notes |
|---|---|---|---|
| tactic_name | Tactic Name Represents tactic name of attack. |
string | |
| tactic_url | Tactic Url Represents tactic url of attack. |
string | |
| technique_name | Technique Name Represents technique name of attack. |
string | |
| technique_url | Technique Url Represents technique url of attack. |
string |
MonitoringError (schema)
Represents an error that occurred while gathering information
Monitoring information is gathered from multiple sub-systems/components, using
REST or RPC calls internally. It is quite possible for a component or sub-system
fail, in which case it is captured as an error and reported.
| Name | Description | Type | Notes |
|---|---|---|---|
| error_code | NSX error code if available | integer | |
| error_message | Error mesage | string | |
| params | Parameters for construcing error details | array of object |
MonitoringInfo (schema)
Provides details of all flows in federation
Provides monitoring information for all flows in federation from the
given site where the API is invoked. For example - monitoring information
from Global Manager doesn't provide details of Local Manager to Local Manager
flows. Similary, LocalManager will not provide Global Manager ACTIVE to
Global Manager STANDBY flow details.
| Name | Description | Type | Notes |
|---|---|---|---|
| errors | All errors occurred while gathering monitoring info | array of MonitoringError | |
| flow_info | Monitoring information of flows in federation | array of FlowInfo |
MonitoringProfileBindingMap (schema)
Base Monitoring Profile Binding Map
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value MonitoringProfileBindingMap | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
MultiWidgetConfiguration (schema)
Multi-Widget
Combines two or more widgetconfigurations into a multi-widget
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| condition | Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally. |
string | Maximum length: 1024 |
| datasources | Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API. |
array of Datasource | Minimum items: 0 |
| default_filter_value | Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values. |
array of DefaultFilterValue | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title. |
string | Maximum length: 255 |
| drilldown_id | Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget. |
string | Maximum length: 255 |
| feature_set | Features required to view the widget Features required to view the widget. |
FeatureSet | |
| filter | Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property. |
string | Deprecated |
| filter_value_required | Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory. |
boolean | Default: "True" |
| filters | A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget. |
array of string | |
| footer | Footer | ||
| icons | Icons Icons to be applied at dashboard for widgets and UI elements. |
array of Icon | |
| id | Unique identifier of this resource | string | Sortable |
| is_drilldown | Set as a drilldown widget Set to true if this widget should be used as a drilldown. |
boolean | Default: "False" |
| legend | Legend for the widget Legend to be displayed. If legend is not needed, do not include it. |
Legend | |
| navigation | Navigation to a specified UI page Hyperlink of the specified UI page that provides details. |
string | Maximum length: 1024 |
| plot_configs | List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here. |
array of WidgetPlotConfiguration | |
| resource_type | Must be set to the value MultiWidgetConfiguration | string | Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255 |
| rowspan | Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px. |
int | Minimum: 1 |
| shared | Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users. |
boolean | Deprecated |
| show_header | This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header. |
boolean | |
| span | Horizontal span Represents the horizontal span of the widget / container. |
int | Minimum: 1 Maximum: 12 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| weight | Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details. |
int | Deprecated |
| widgets | Widgets Array of widgets that are part of the multi-widget. |
array of WidgetItem | Required Minimum items: 1 Maximum items: 2 |
NAPILogLevelValue (schema)
Log Level Value
| Name | Description | Type | Notes |
|---|---|---|---|
| log_level | Log Level | string | Required Enum: critical, error, warn, info, debug, off |
NDRAAdvertisedRoute (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| route_lifetime | Lifetime of advertised route Lifetime of advertised route in seconds. |
integer | Minimum: 0 Maximum: 65520 Default: "1800" |
| route_preference | Route preference NDRA Route preference. Indicates preference of the router associated with a prefix over others, when multiple identical prefixes (for different routers) have been received. |
NDRAPreference | Default: "MEDIUM" |
| subnet | Advertised route subnet Advertised route subnet |
IPv6CIDRBlock | Required |
NDRAPreference (schema)
NDRA Router and route preference
For an NDRA router, indicates preference of this router over other default routers.
For an NDRA route, indicates preference of the router associated with this prefix
over others, when multiple identical prefixes (for different routers) have
been received.
Preference values are LOW, MEDIUM (default) and HIGH. RESERVED value is not
to be used and is treated as MEDIUM.
| Name | Description | Type | Notes |
|---|---|---|---|
| NDRAPreference | NDRA Router and route preference For an NDRA router, indicates preference of this router over other default routers. For an NDRA route, indicates preference of the router associated with this prefix over others, when multiple identical prefixes (for different routers) have been received. Preference values are LOW, MEDIUM (default) and HIGH. RESERVED value is not to be used and is treated as MEDIUM. |
string | Enum: LOW, MEDIUM, HIGH, RESERVED |
NSXRelease (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| downloaded | Hint whether this bundle is downloaded or not. | boolean | Readonly |
| readiness_checked | Hint whether readiness is checked for the current system for this version | boolean | Readonly |
| release_date | Release date Release date |
string | Readonly |
| release_notes | Release notes. Release notes of the release. |
string | Readonly |
| type | Version type The purpose of the release. |
string | Readonly Enum: PATCH_UPDATE, MAINTENANCE_UPDATE, SECURITY_PATCH, HOT_PATCH |
| version | Version available on VMware download site. Version available on VMware download site. |
string | Readonly |
NSXReleaseRequest (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| source | Source where notification is generated Source where notification is generated |
string | Readonly |
NSXReleases (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | List of NSX Releases available. | array of NSXRelease | Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
NSXTConnectionInfo (schema)
NSX-T Connection Info
Credential info to connect to an NSX-T type of enforcement point.
| Name | Description | Type | Notes |
|---|---|---|---|
| edge_cluster_ids | Edge Cluster IDs Edge Cluster UUIDs on enforcement point. Edge cluster information is required for creating logical L2, L3 constructs on enforcement point. Max 1 edge cluster ID. This is a deprecated property. The edge cluster id is now auto populated from enforcement point and its value can be read using APIs GET /infra/sites/site-id/enforcement-points/enforcementpoint-id/edge-clusters and GET /infra/sites/site-id/enforcement-points/enforcementpoint-1/edge-clusters/edge-cluster-id. The value passed through this property will be ignored. |
array of string | Deprecated Maximum items: 1 |
| enforcement_point_address | Enforcement Point Address Value of this property could be Hostname or IP. For instance: - On an NSX-T MP running on default port, the value could be "10.192.1.1" - On an NSX-T MP running on custom port, the value could be "192.168.1.1:32789" - On an NSX-T MP in VMC deployments, the value could be "192.168.1.1:5480/nsxapi" |
string | Required |
| password | Password Password. |
secure_string | |
| resource_type | Must be set to the value NSXTConnectionInfo | string | Required Enum: NSXTConnectionInfo, NSXVConnectionInfo, CvxConnectionInfo, AviConnectionInfo |
| thumbprint | Thumbprint of Enforcement Point Thumbprint of EnforcementPoint in the form of a SHA-256 hash represented in lower case HEX. |
string | |
| transport_zone_ids | Transport Zone IDs Transport Zone UUIDs on enforcement point. Transport zone information is required for creating logical L2, L3 constructs on enforcement point. Max 1 transport zone ID. This is a deprecated property. The transport zone id is now auto populated from enforcement point and its value can be read using APIs GET /infra/sites/site-id/enforcement-points/enforcementpoint-id/transport-zones and GET /infra/sites/site-id/enforcement-points/enforcementpoint-id/transport-zones/transport-zone-id. The value passed through this property will be ignored. |
array of string | Deprecated Maximum items: 1 |
| username | Username Username. |
string |
NSXVConnectionInfo (schema)
NSX-V Connection Info
Credential info to connect to an NSX-V type of enforcement point.
| Name | Description | Type | Notes |
|---|---|---|---|
| enforcement_point_address | Enforcement Point Address Value of this property could be Hostname or IP. For instance: - On an NSX-T MP running on default port, the value could be "10.192.1.1" - On an NSX-T MP running on custom port, the value could be "192.168.1.1:32789" - On an NSX-T MP in VMC deployments, the value could be "192.168.1.1:5480/nsxapi" |
string | Required |
| password | Password Password. |
secure_string | Required |
| resource_type | Must be set to the value NSXVConnectionInfo | string | Required Enum: NSXTConnectionInfo, NSXVConnectionInfo, CvxConnectionInfo, AviConnectionInfo |
| thumbprint | Thumbprint of Enforcement Point Thumbprint of EnforcementPoint in the form of a SHA-256 hash represented in lower case HEX. |
string | Required |
| username | Username Username. |
secure_string | Required |
NamespaceMemberDetails (schema)
Group member details
Details of the member belonging to a Group
| Name | Description | Type | Notes |
|---|---|---|---|
| display_name | The display name of the member on the enforcement point | string | Required Readonly |
| id | The ID of the member on the enforcement point | string | Required Readonly |
| pods | array of PolicyGroupMemberDetails | Required |
NdSnoopingConfig (schema)
ND Snooping Configuration
Contains Neighbor Discovery Protocol (ND) snooping related configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| nd_snooping_enabled | Is ND snooping enabled or not Enable this method will snoop the NS (Neighbor Solicitation) and NA (Neighbor Advertisement) messages in the ND (Neighbor Discovery Protocol) family of messages which are transmitted by a VM. From the NS messages, we will learn about the source which sent this NS message. From the NA message, we will learn the resolved address in the message which the VM is a recipient of. Addresses snooped by this method are subject to TOFU (Trust on First Use) policies as enforced by the system. |
boolean | Default: "False" |
| nd_snooping_limit | Maximum number of ND (Neighbor Discovery Protocol) bindings Maximum number of ND (Neighbor Discovery Protocol) snooped IPv6 addresses |
int | Minimum: 2 Maximum: 15 Default: "3" |
NdpHeader (schema)
Neighbor discovery protocol header
| Name | Description | Type | Notes |
|---|---|---|---|
| dst_ip | The destination IP address The IP address of the destination of the solicitation. It MUST NOT be a multicast address. |
IPv6Address | |
| msg_type | NDP message type This field specifies the type of the Neighbor discover message being sent. NEIGHBOR_SOLICITATION - Neighbor Solicitation message to discover the link-layer address of an on-link IPv6 node or to confirm a previously determined link-layer address. NEIGHBOR_ADVERTISEMENT - Neighbor Advertisement message in response to a Neighbor Solicitation message. |
string | Enum: NEIGHBOR_SOLICITATION, NEIGHBOR_ADVERTISEMENT Default: "NEIGHBOR_SOLICITATION" |
NestedExpression (schema)
NestedExpression
Nested expressions is a list of condition expressions that must follow the
below criteria:
0. Only allowed expressions in a NestedExpression are Condition and
ConjunctionOperator.
1. A non-empty expression list, must be of odd size. In a list, with
indices starting from 0, all condition expressions must be at even indices,
separated by the conjunction expressions AND at odd indices.
2. There may be at most 5 condition expressions inside a list.
3. NestedExpressions are homogeneous in nature, i.e, all expressions inside
a nested expression must have the same member type.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| expressions | Expression Expression. |
array of Expression (Abstract type: pass one of the following concrete types) Condition ConjunctionOperator ExternalIDExpression GroupScopeExpression IPAddressExpression IdentityGroupExpression MACAddressExpression NestedExpression PathExpression |
Required Minimum items: 1 |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value NestedExpression | string | Required Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
NestedServiceServiceEntry (schema)
A ServiceEntry that represents nesting service
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| nested_service_path | path of nested service | string | Required |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value NestedServiceServiceEntry | string | Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
NetworkInfo (schema)
Only support IP address or subnet. Its type can be of
IPv4 or IPv6. It will be converted to subnet when netmask
is specified(e.g., 192.168.1.3/24 => 192.168.1.0/24,
2008:12:12:12::2/64 => 2008:12:12:12::/64).
| Name | Description | Type | Notes |
|---|---|---|---|
| dst_ip | The destination IP address or subnet The destination IP can be an IP address or a subnet. |
IPElement | |
| src_ip | The source IP address or subnet The source IP can be an IP address or a subnet. |
IPElement |
NetworkInterfaceRequestParameters (schema)
Node network interface request parameters
Request parameters to filter REST API for list network interface.
| Name | Description | Type | Notes |
|---|---|---|---|
| admin_status | Admin status of the interface Defines admin status of the interface. |
string | Enum: UP, DOWN |
| source | The data source, either realtime or cached. If not provided, cached data is returned. | DataSourceType |
NewRole (schema)
New Role
| Name | Description | Type | Notes |
|---|---|---|---|
| new_role_description | New role description | string | |
| new_role_id | New role id | string | Required Pattern: "^[_a-z0-9-]+$" |
| new_role_name | New role name | string | Required |
NoRestRequestParameters (schema)
Parameter definition for requests that do not allow parameters.
| Name | Description | Type | Notes |
|---|---|---|---|
| NoRestRequestParameters | Parameter definition for requests that do not allow parameters. | object |
NodeAsyncReplicatorServiceProperties (schema)
Node service properties
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| service_name | Service name | string | Required |
| service_properties | Service properties | LoggingServiceProperties |
NodeAuthProviderVidmProperties (schema)
Node AAA provider vIDM properties
| Name | Description | Type | Notes |
|---|---|---|---|
| client_id | vIDM client id | string | Required |
| client_secret | vIDM client secret | string | |
| host_name | Fully Qualified Domain Name(FQDN) of vIDM | string | Required |
| lb_enable | Load Balancer enable flag | boolean | |
| node_host_name | host name of the node redirected to host name to use when creating the redirect URL for clients to follow after authenticating to vIDM |
string | Required |
| thumbprint | vIDM certificate thumbprint Hexadecimal SHA256 hash of the vIDM server's X.509 certificate |
string | Required |
| vidm_enable | vIDM enable flag | boolean |
NodeAuthProviderVidmStatus (schema)
Node AAA provider vIDM status
| Name | Description | Type | Notes |
|---|---|---|---|
| runtime_state | AAA provider vIDM status | string | Required |
| vidm_enable | vIDM enable flag | boolean | Required |
NodeAuthServiceProperties (schema)
Node AUTH service properties
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| service_name | Service name | string | Required |
| service_properties | AUTH Service properties | AuthServiceProperties |
NodeFileSystemProperties (schema)
File system properties
| Name | Description | Type | Notes |
|---|---|---|---|
| file_system | File system id | string | Readonly |
| mount | File system mount | string | Readonly |
| total | File system size in kilobytes | integer | Readonly |
| type | File system type | string | Readonly |
| used | Amount of file system used in kilobytes | integer | Readonly |
NodeGlobalManagerServiceProperties (schema)
Node service properties
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| service_name | Service name | string | Required |
| service_properties | Service properties | LoggingServiceProperties |
NodeGrubProperties (schema)
Node GRUB properties
| Name | Description | Type | Notes |
|---|---|---|---|
| timeout | GRUB menu timeout value in seconds | integer | Minimum: 0 Maximum: 2147483647 |
| users | List of node GRUB user properties | array of NodeGrubUserProperties |
NodeGrubUserProperties (schema)
Node GRUB user properties
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| password | Password for the GRUB user | string | |
| username | Username of the GRUB user | string |
NodeHttpServiceProperties (schema)
Node HTTP service properties
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| service_name | Service name | string | Required |
| service_properties | HTTP Service properties | HttpServiceProperties |
NodeIdServicesMap (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| node_id | NodeId | string | Required Maximum length: 255 |
| service_types | List of ServiceTypes. | array of ServiceType | Required |
NodeInfo (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| component_version | Component version of the node | string | Required Readonly |
| display_name | Name of the node | string | Required Readonly |
| id | UUID of node Identifier of the node |
string | Required Readonly |
| type | Node type | string | Required Readonly |
NodeInfoListRequestParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| component_type | Component type based on which nodes will be filtered | string | |
| component_version | Component version based on which nodes will be filtered | string | |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
NodeInfoListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paged Collection of Nodes | array of NodeInfo | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
NodeInstallUpgradeServiceProperties (schema)
Node install-upgrade service properties
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| service_name | Service name | string | Required |
| service_properties | install-upgrade Service properties | InstallUpgradeServiceProperties |
NodeInterfaceAlias (schema)
Node network interface alias
| Name | Description | Type | Notes |
|---|---|---|---|
| broadcast_address | Interface broadcast address | IPAddress | Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$" |
| ip6_address | Interface IPv6 CIDR addresses | array of IPv6CIDRBlock | |
| ip_address | Interface IP address | IPAddress | Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$" |
| ip_configuration | Interface configuration | string | Enum: dhcp, static, not configured |
| netmask | Interface netmask | string | Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$" |
| physical_address | Interface MAC address | MACAddress |
NodeInterfaceProperties (schema)
Node network interface properties
| Name | Description | Type | Notes |
|---|---|---|---|
| admin_status | Interface administration status | string | Enum: UP, DOWN |
| backing_nsx_managed | Indicates whether backing of VIRTUAL network interface is managed by NSX | boolean | |
| connected_switch | Connected switch | string | |
| connected_switch_type | Type of switch Type of switch associated with the interface. |
string | Readonly Enum: VSS, DVS, N-VDS |
| device | Device name Device name. |
string | Readonly |
| dpu_backed | Flag to indicate DPU backed interface If interface is backed by data processing unit (DPU) and state of DPU is MANAGED, then this property is true. |
boolean | Readonly |
| dpu_id | Data processing unit ID Data processing unit ID if the interface is backed by a DPU. |
string | Readonly |
| driver | Driver name Driver name. |
string | Readonly |
| ens_capable | Interface capability for Enhanced Networking Stack | boolean | |
| ens_enabled | Indicates whether interface is enabled for Enhanced Networking Stack | boolean | |
| ens_interrupt_capable | Interface capability for Enhanced Networking Stack interrupt This boolean property describes if network interface is capable for Enhanced Networking Stack interrupt |
boolean | |
| ens_interrupt_enabled | Indicates whether interface is enabled for Enhanced Networking Stack interrupt This boolean property describes if network interface is enabled for Enhanced Networking Stack interrupt |
boolean | |
| host_managed | Indicates whether interface is managed by the host | boolean | |
| interface_alias | IP Alias | array of NodeInterfaceAlias | |
| interface_id | Interface ID | string | |
| interface_type | Interface Type | string | Enum: PHYSICAL, VIRTUAL, BOND, TEAMING |
| interface_uuid | UUID of the interface | string | Readonly |
| key | Device key Device key. |
string | Readonly |
| link_status | Interface administration status | string | Enum: UP, DOWN |
| lport_attachment_id | LPort Attachment Id assigned to VIRTUAL network interface of a node | string | |
| mtu | Interface MTU | integer | |
| pci | PCI device PCI device. |
string | Readonly |
| source | Source of status data | DataSourceType | |
| speed | Speed Interface speed in Mbps. |
number | Readonly |
| state | Virtual tunnel end point state This property shows the current state of virtual tunnel end point (VTEP). If not in NORMAL state, then overlay workloads using this TEP will face network outage. In those cases, check if TEP has valid IP or any other underlay connectivity issues, and enable TEP HA to failover workloads to other healthy TEPs. Note that MAINTENANCE state is triggered by user and TEP will be disabled. |
string | Enum: INVALID_STATE, INIT, NORMAL, IP_WAITING, BFD_DOWN, MAINTENANCE |
NodeInterfacePropertiesListResult (schema)
Node network interface properties list results
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Node interface property results | array of NodeInterfaceProperties | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
NodeInterfaceStatisticsProperties (schema)
Node network interface statistic properties
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| interface_id | Interface ID | string | |
| rx_bytes | Number of bytes received | integer | |
| rx_dropped | Number of packets dropped | integer | |
| rx_errors | Number of receive errors | integer | |
| rx_frame | Number of framing errors | integer | |
| rx_packets | Number of packets received | integer | |
| source | Source of status data. | DataSourceType | |
| tx_bytes | Number of bytes transmitted | integer | |
| tx_carrier | Number of carrier losses detected | integer | |
| tx_colls | Number of collisions detected | integer | |
| tx_dropped | Number of packets dropped | integer | |
| tx_errors | Number of transmit errors | integer | |
| tx_packets | Number of packets transmitted | integer |
NodeLogProperties (schema)
Node log properties
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| last_modified_time | Last modified time expressed in milliseconds since epoch | EpochMsTimestamp | Readonly |
| log_name | Name of log file | string | Readonly |
| log_size | Size of log file in bytes | integer | Readonly |
NodeLogPropertiesListResult (schema)
Node log property query results
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Node log property results | array of NodeLogProperties | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
NodeNameServersProperties (schema)
Node network name servers properties
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| name_servers | Name servers | array of string | Required Maximum items: 3 |
NodeNetworkInterfaceProperties (schema)
Node network interface properties
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| admin_status | Interface administration status | string | Readonly Enum: up, down |
| bond_cur_active_slave | Bond's currently active slave device | string | Readonly |
| bond_lacp_rate | Bond's rate at which we'll ask our link partner to transmit LACPDU packets in 802.3ad mode | string | Readonly |
| bond_mode | Bond mode | string | Enum: ACTIVE_BACKUP, 802_3AD, ROUND_ROBIN, BROADCAST, XOR, TLB, ALB |
| bond_primary | Bond's primary device name in active-backup bond mode | string | |
| bond_primary_slave | Bond's primary device name in active-backup bond mode | string | Readonly |
| bond_slaves | Bond's slave devices | array of string | |
| bond_xmit_hash_policy | Bond's transmit hash policy for balance-xor and 802.3ad modes | string | Readonly Enum: layer2, layer2+3, layer3+4, encap2+3, encap3+4 |
| broadcast_address | Interface broadcast address | string | Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$" |
| default_gateway | Interface's default gateway | string | Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$" |
| interface_id | Interface ID | string | Required Readonly |
| ip6_addresses | Interface IPv6 addresses | array of IPv6AddressProperties | |
| ip_addresses | Interface IP addresses | array of IPv4AddressProperties | Maximum items: 1 |
| ip_configuration | Interface configuration | string | Required Enum: dhcp, static, not configured |
| is_kni | Interface is a KNI | boolean | Readonly |
| link_status | Interface administration status | string | Readonly Enum: up, down |
| mtu | Interface MTU | integer | |
| physical_address | Interface MAC address | string | Readonly Pattern: "^[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}:[0-9A-Fa-f]{2}$" |
| plane | Interface plane | string | Enum: mgmt, debug, none |
| vlan | VLAN Id | integer | Readonly Minimum: 1 Maximum: 4094 |
NodeNetworkInterfacePropertiesListResult (schema)
Node network interface properties list results
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Node network interface property results | array of NodeNetworkInterfaceProperties | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
NodeNetworkProperties (schema)
Network configuration properties
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
NodeNtpServiceProperties (schema)
Node NTP service properties
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| service_name | Service name | string | Required |
| service_properties | NTP Service properties | NtpServiceProperties |
NodePhonehomeCoordinatorServiceProperties (schema)
Node Phonehome Coordinator service properties
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| service_name | Service name | string | Required |
| service_properties | Phonehome Coordinator Service properties | PhonehomeCoordinatorServiceProperties |
NodeProcessProperties (schema)
Node process properties
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cpu_time | CPU time (user and system) consumed by process in milliseconds | integer | Readonly |
| mem_resident | Resident set size of process in bytes | integer | Readonly |
| mem_used | Virtual memory used by process in bytes | integer | Readonly |
| pid | Process id | integer | Readonly |
| ppid | Parent process id | integer | Readonly |
| process_name | Process name | string | Readonly |
| start_time | Process start time expressed in milliseconds since epoch | EpochMsTimestamp | Readonly |
| uptime | Milliseconds since process started | integer | Readonly |
NodeProcessPropertiesListResult (schema)
Node process property query results
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Node process property results | array of NodeProcessProperties | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
NodeProperties (schema)
Node properties
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cli_coredump_config | NSX CLI core dump files config | CoreDumpConfig | Readonly |
| cli_history_size | NSX CLI command history limit, set to 0 to configure no history size limit | integer | Minimum: 0 |
| cli_output_datetime | NSX CLI display datetime stamp in command output | boolean | |
| cli_timeout | NSX CLI inactivity timeout, set to 0 to configure no timeout | integer | Minimum: 0 |
| export_type | Export restrictions in effect, if any | string | Readonly Enum: RESTRICTED, UNRESTRICTED |
| fully_qualified_domain_name | Fully qualified domain name | string | Readonly |
| hostname | Host name or fully qualified domain name of node | SystemHostname | |
| kernel_version | Kernel version | string | Readonly |
| motd | Message of the day to display when users login to node using the NSX CLI | string or null | |
| node_type | Node type | string | Readonly Enum: NSX Manager, NSX Global Manager, NSX Edge, NSX Autonomous Edge, NSX Cloud Service Manager, NSX Public Cloud Gateway |
| node_uuid | Node Unique Identifier | string | Readonly Maximum length: 36 |
| node_version | Node version | string | Readonly |
| product_version | Product version | string | Readonly |
| system_datetime | System date time in UTC | DatetimeUTC | |
| system_time | Current time expressed in milliseconds since epoch | EpochMsTimestamp | Readonly |
| timezone | Timezone | string |
NodeProtonServiceProperties (schema)
Node service properties
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| service_name | Service name | string | Required |
| service_properties | Service properties | LoggingServiceProperties |
NodeRouteProperties (schema)
Node network route properties
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| destination | Destination covered by route | string | Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$|^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$" |
| from_address | From address | string | Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$|^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$" |
| gateway | Address of next hop | string | Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$|^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$" |
| interface_id | Network interface id of route | string | |
| ipv6 | IPv6 flag | boolean | |
| metric | Metric value of route Default metric value for IPv4 is 0, whereas for IPv6 default value is 1024 |
string | |
| netmask | Netmask or prefix length of destination covered by route For IPv4 this field expects valid IPv4 netmask address, whereas in case of IPv6 it expects valid prefix length |
string | Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$|^[\d]{1,3}$" |
| proto | Routing protocol identifier of route | string | Enum: unspec, redirect, kernel, boot, static, gated, ra, mrt, zebra, bird, dnrouted, xorp, ntk, dhcp Default: "boot" |
| route_id | Unique identifier for the route | string | Readonly |
| route_type | Route type | string | Required Enum: default, static, blackhole, prohibit, throw, unreachable |
| scope | Scope of destinations covered by route | string | |
| src | Source address to prefer when sending to destinations of route | string | Pattern: "^[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}\.[\d]{1,3}$|^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$" |
NodeRoutePropertiesListResult (schema)
Node network route properties list results
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Node route property results | array of NodeRouteProperties | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
NodeSearchDomainsProperties (schema)
Node network search domains properties
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| search_domains | Search domains | array of string | Required |
NodeServiceProperties (schema)
Node service properties
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| service_name | Service name | string | Required |
NodeServicePropertiesListResult (schema)
Node service property query results
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Node service property results | array of NodeServiceProperties | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
NodeServiceStatusProperties (schema)
Node service status properties
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| health | Service health in addition to runtime_state | string | Readonly Enum: STABLE, DEGRADED |
| monitor_pid | Service monitor process id | integer | Readonly |
| monitor_runtime_state | Service monitor runtime state | string | Readonly Enum: running, stopped |
| pids | Service process ids | array of integer | Readonly |
| reason | Reason for service degradation | string | Readonly |
| runtime_state | Service runtime state | string | Readonly Enum: running, stopped |
NodeSnmpServiceProperties (schema)
Node SNMP service properties
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| service_name | Service name | string | Required |
| service_properties | SNMP Service properties | SnmpServiceProperties | Required |
NodeSnmpV3EngineID (schema)
SNMP V3 Engine Id
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| service_name | Service name | string | Required |
| v3_engine_id | SNMP v3 engine id | string | Required |
NodeSshServiceProperties (schema)
Node SSH service properties
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| service_name | Service name | string | Required |
| service_properties | SSH Service properties | SshServiceProperties |
NodeStatusProperties (schema)
Node status properties
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cpu_cores | Number of CPU cores on the system | integer | Readonly |
| cpu_usage | CPU usage of DPDK and non-DPDK core groups Highest and average usage of DPDK and non-DPDK core of Edge Node. |
CpuUsage | Readonly |
| disk_space_total | Amount of disk space available on the system, in kilobytes Amount of disk space available on the system, in kilobytes. |
integer | Readonly |
| disk_space_used | Amount of disk space in use on the system, in kilobytes | integer | Readonly |
| dpdk_cpu_cores | Number of DPDK CPU cores on the system Number of DPDK cores on Edge Node which are used for packet IO processing. |
integer | Readonly |
| dpus | Data processing units on the system | array of DpuStatusProperties | Readonly |
| edge_mem_usage | Memory usage of edge node Point in time usage of system, datapath, swap and cache memory in edge node. Valid only for Edge transport node. |
EdgeTransportNodeMemoryUsage | Readonly |
| file_systems | File systems configured on the system | array of NodeFileSystemProperties | Readonly |
| hostname | Host name of the system | string | Readonly |
| load_average | One, five, and fifteen minute load averages for the system | array of number | Readonly |
| mem_cache | Amount of RAM on the system that can be flushed out to disk, in kilobytes | integer | Readonly |
| mem_total | Amount of RAM allocated to the system, in kilobytes | integer | Readonly |
| mem_used | Amount of RAM in use on the system, in kilobytes | integer | Readonly |
| non_dpdk_cpu_cores | Number of non-DPDK CPU cores on the system Number of non-DPDK cores on Edge Node. |
integer | Readonly |
| source | Source of status data. | DataSourceType | Readonly |
| swap_total | Amount of disk available for swap, in kilobytes | integer | Readonly |
| swap_used | Amount of swap disk in use, in kilobytes | integer | Readonly |
| system_time | Current time expressed in milliseconds since epoch | EpochMsTimestamp | Readonly |
| uptime | Milliseconds since system start | integer | Readonly |
NodeSummary (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| component_version | Component version | string | Required Readonly |
| node_count | Count of nodes Number of nodes of the type and at the component version |
int | Required Readonly |
| type | Node type | string | Required Readonly |
| upgrade_unit_subtype | UpgradeUnit sub type | string | Readonly Enum: RESOURCE, ACTION |
NodeSummaryList (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| results | List of Node Summary | array of NodeSummary | Required |
NodeSyslogExporterProperties (schema)
Node syslog exporter properties
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| exporter_name | Syslog exporter name | string | Required |
| facilities | Facilities to export | array of SyslogFacility | |
| level | Logging level to export | string | Required Enum: EMERG, ALERT, CRIT, ERR, WARNING, NOTICE, INFO, DEBUG |
| msgids | MSGIDs to export | array of string | |
| port | Port to export to, defaults to 514 for TCP, TLS, UDP protocols or 9000 for LI, LI-TLS protocols | integer | Minimum: 1 Maximum: 65535 |
| protocol | Export protocol | string | Required Enum: TCP, TLS, UDP, LI, LI-TLS |
| server | IP address or hostname of server to export to | HostnameOrIPv46Address | Required |
| structured_data | Structured data to export | array of string | |
| tls_ca_pem | CA certificate PEM of TLS server to export to | string | |
| tls_cert_pem | Certificate PEM of the rsyslog client | string | |
| tls_client_ca_pem | CA certificate PEM of the rsyslog client | string | |
| tls_key_pem | Private key PEM of the rsyslog client | string |
NodeSyslogExporterPropertiesListResult (schema)
Node syslog exporter list results
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Node syslog exporter results | array of NodeSyslogExporterProperties | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
NodeTime (schema)
Node system time in UTC
Node system time in UTC
| Name | Description | Type | Notes |
|---|---|---|---|
| system_datetime | Datetime string in UTC | DatetimeUTC | Required |
NodeType (schema)
Node Type
| Name | Description | Type | Notes |
|---|---|---|---|
| NodeType | Node Type | string |
NodeUserPasswordProperty (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| password | The new password for user | string | Required |
NodeUserProperties (schema)
Node user properties
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| full_name | Full name for the user | string | |
| last_password_change | Number of days since password was last changed | integer | Readonly Minimum: 0 Maximum: 2147483647 |
| old_password | Old password for the user (required on PUT if password specified) | string | |
| password | Password for the user (optionally specified on PUT, unspecified on GET) | string | |
| password_change_frequency | Number of days password is valid before it must be changed Number of days password is valid before it must be changed. This can be set to 0 to indicate no password change is required or a positive integer up to 9999. By default local user passwords must be changed every 90 days. |
integer | Minimum: 0 Maximum: 9999 Default: "90" |
| password_change_warning | Number of days before user receives warning message of password expiration | integer | Minimum: 0 Maximum: 9999 Default: "7" |
| password_reset_required | Boolean value that states if a password reset is required | boolean | |
| status | User status Status of the user. This value can be ACTIVE indicating authentication attempts will be successful if the correct credentials are specified. The value can also be PASSWORD_EXPIRED indicating authentication attempts will fail because the user's password has expired and must be changed. Or, this value can be NOT_ACTIVATED indicating the user's password has not yet been set and must be set before the user can authenticate. |
string | Readonly Enum: ACTIVE, PASSWORD_EXPIRED, NOT_ACTIVATED |
| userid | Numeric id for the user | integer | Readonly Minimum: 0 Maximum: 2147483647 |
| username | User login name (must be "root" if userid is 0) | string | Minimum length: 1 Maximum length: 32 Pattern: "^[a-zA-Z][a-zA-Z0-9@-_.\-]*$" |
NodeUserPropertiesListResult (schema)
Node users list results
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | List of node users | array of NodeUserProperties | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
NodeUserSettings (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| audit_password | Node audit user password Password for the node audit user. For deployment, this property is required. After deployment, this property is ignored, and the node cli must be used to change the password. The password specified must be at least 12 characters in length and must contain at least one lowercase, one uppercase, one numeric character and one special character (except quotes). Passwords based on dictionary words and palindromes are invalid. |
secure_string | |
| audit_username | CLI "audit" username The default username is "audit". To configure username, you must provide this property together with audit_password. Username must contain ASCII characters only. |
string | Pattern: "^[\x00-\x7F]+$" |
| cli_password | Node cli password Password for the node cli user. For deployment, this property is required. After deployment, this property is ignored, and the node cli must be used to change the password. The password specified must be at least 12 characters in length and must contain at least one lowercase, one uppercase, one numeric character and one special character (except quotes). Passwords based on dictionary words and palindromes are invalid. |
secure_string | |
| cli_username | CLI "admin" username To configure username, you must provide this property together with cli_password. Username must contain ASCII characters only. |
string | Pattern: "^[\x00-\x7F]+$" Default: "admin" |
| root_password | Node root user password Password for the node root user. For deployment, this property is required. After deployment, this property is ignored, and the node cli must be used to change the password. The password specified must be at least 12 characters in length and must contain at least one lowercase, one uppercase, one numeric character and one special character (except quotes). Passwords based on dictionary words and palindromes are invalid. |
secure_string |
NodeVersion (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| node_version | Node version | string | Readonly |
| product_version | Product version | string | Readonly |
NsxRole (schema)
Role
| Name | Description | Type | Notes |
|---|---|---|---|
| permissions | Permissions Please use the /user-info/permissions api to get the permission that the user has on each feature. |
array of string | Deprecated Enum: read-api, read-write-api, crud, read, execute, none |
| role | Role ID This field represents the identifier of the role. With the introduction of custom roles, this field is no longer an enum. |
string | Required |
NsxTDNSForwarderStatistics (schema)
Statistics counters of the DNS forwarder
The current statistics counters of the DNS forwarder including cache usages
and query numbers per forwarders, on an NSX-T type of enforcement point.
| Name | Description | Type | Notes |
|---|---|---|---|
| cached_entries | The total number of cached entries | integer | Readonly |
| conditional_forwarder_statistics | The statistics of conditional forwarder zones | array of NsxTDNSForwarderZoneStatistics | Readonly Minimum items: 0 Maximum items: 5 |
| configured_cache_size | The configured cache size, in kb | integer | Readonly |
| default_forwarder_statistics | The statistics of default forwarder zone | NsxTDNSForwarderZoneStatistics | Readonly |
| enforcement_point_path | Enforcement point path Policy path referencing the enforcement point from where the statistics are fetched. |
string | Readonly |
| queries_answered_locally | The total number of queries answered from local cache | integer | Readonly |
| queries_forwarded | The total number of forwarded DNS queries | integer | Readonly |
| resource_type | Must be set to the value NsxTDNSForwarderStatistics | string | Required Enum: NsxTDNSForwarderStatistics |
| timestamp | Time stamp of the current statistics, in ms | EpochMsTimestamp | Readonly |
| total_queries | The total number of received DNS queries | integer | Readonly |
| used_cache_statistics | The statistics of used cache | array of NsxTPerNodeUsedCacheStatistics | Readonly Minimum items: 0 Maximum items: 2 |
NsxTDNSForwarderStatus (schema)
The current runtime status of DNS forwarder
The current runtime status of the DNS forwarder.
| Name | Description | Type | Notes |
|---|---|---|---|
| enforcement_point_path | Enforcement point path Policy path referencing the enforcement point from where the status is fetched. |
string | Readonly |
| extra_message | Extra message, if available | string | Readonly |
| resource_type | Must be set to the value NsxTDNSForwarderStatus | string | Required Enum: NsxTDNSForwarderStatus |
| status | UP means the DNS forwarder is working correctly on the active transport
node and the stand-by transport node (if present). Failover will occur if either node goes down. DOWN means the DNS forwarder is down on both active transport node and standby node (if present). The DNS forwarder does not function in this situation. Error means there is some error on one or both transport node, or no status was reported from one or both transport nodes. The DNS forwarder may be working (or not working). NO_BACKUP means DNS forwarder is working in only one transport node, either because it is down on the standby node, or no standby is configured. An forwarder outage will occur if the active node goes down. |
string | Readonly Enum: UP, DOWN, ERROR, NO_BACKUP, UNKNOWN |
| timestamp | Time stamp of the current status, in ms | EpochMsTimestamp | Readonly |
NsxTDNSForwarderZoneStatistics (schema)
Statistics counters of the DNS forwarder zone
Statistics counters of the DNS forwarder zone.
| Name | Description | Type | Notes |
|---|---|---|---|
| domain_names | Domain names configured for the forwarder Domain names configured for the forwarder. Empty if this is the default forwarder. |
array of string | Readonly Minimum items: 0 Maximum items: 100 |
| upstream_statistics | Statistics per upstream server. | array of NsxTUpstreamServerStatistics | Readonly Minimum items: 0 Maximum items: 3 |
NsxTDnsAnswer (schema)
Answer of dns nslookup
| Name | Description | Type | Notes |
|---|---|---|---|
| authoritative_answers | Authoritative answers | array of NsxTDnsQueryAnswer | Minimum items: 1 Maximum items: 256 |
| dns_server | Dns server information Dns server ip address and port, format is "ip address#port". |
string | Required |
| edge_node_id | Edge node id ID of the edge node that performed the query. |
string | Required |
| enforcement_point_path | Enforcement point path Policy path referencing the enforcement point from where the DNS forwarder nslookup answer is fetched. |
string | Readonly |
| non_authoritative_answers | Non authoritative answers | array of NsxTDnsQueryAnswer | Minimum items: 1 Maximum items: 256 |
| raw_answer | Raw message returned from the dns forwarder It can be NXDOMAIN or error message which is not consisted of authoritative_answer or non_authoritative_answer. |
string | |
| resource_type | Must be set to the value NsxTDnsAnswer | string | Required Enum: NsxTDnsAnswer |
NsxTDnsQueryAnswer (schema)
Answer of nslookup
| Name | Description | Type | Notes |
|---|---|---|---|
| address | Matched ip address Resolved IP address matched with the nslookup address provided as a request parameter. |
string | |
| name | Matched name Matched name of the given address. |
string |
NsxTPerNodeUsedCacheStatistics (schema)
Per node used cache query statistics counters
Query statistics counters of used cache from node
| Name | Description | Type | Notes |
|---|---|---|---|
| cached_entries | The total number of cached entries | integer | Readonly |
| node_id | UUID of active/standby transport node | string | Readonly |
| used_cache_size | The memory size used in cache, in kb | integer | Readonly |
NsxTUpstreamServerStatistics (schema)
Upstream server query statistics counters
Query statistics counters to an upstream server including successfully
forwarded queries and failed queries.
| Name | Description | Type | Notes |
|---|---|---|---|
| queries_failed | Queries failed to forward. | integer | Readonly |
| queries_succeeded | Queries forwarded successfully | integer | Readonly |
| upstream_server | Upstream server ip | IPAddress | Readonly |
NsxtNodeType (schema)
Valid NSX node type
| Name | Description | Type | Notes |
|---|---|---|---|
| NsxtNodeType | Valid NSX node type | string | Enum: NSX_ESX, NSX_KVM, NSX_BAREMETAL_SERVER, NSX_EDGE, NSX_PUBLIC_CLOUD_GATEWAY, NSX_MANAGER, NSX_POLICY_MANAGER, NSX_CONTROLLER, GLOBAL_MANAGER |
NtpServiceProperties (schema)
NTP Service properties
| Name | Description | Type | Notes |
|---|---|---|---|
| servers | NTP servers | array of HostnameOrIPv46Address | Required |
| start_on_boot | Start NTP service when system boots | boolean | Default: "True" |
ObjectRolePermissionGroup (schema)
RBAC Objects qualifier
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| inheritance_disabled | Does children of this object inherit this rule | boolean | Default: "False" |
| operation | Allowed operation | string | Enum: crud, read, execute, none |
| path_prefix | Path prefix | string | Required |
| resource_type | Must be set to the value ObjectRolePermissionGroup | string | |
| role_name | Role name | string | Required |
| rule_disabled | Is rule disabled or not | boolean | Default: "False" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ObjectRolePermissionGroupListRequestParameters (schema)
RBAC Objects qualifier
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| inheritance_disabled | Does children of this object inherit this rule | boolean | Default: "False" |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| path_prefix | Path prefix | string | |
| role_name | Role name | string | |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
ObjectRolePermissionGroupListResult (schema)
Paged collection of RBAC Objects
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | ObjectRolePermissionGroup list results | array of ObjectRolePermissionGroup | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
OdsRunbookInvocation (schema)
Runbook invocation
Policy entity for the invocation of an Online Diagnostic System runbook.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| arguments | Arguments for runbook invocation List of key value pairs as the arguments for an execution of an Online Diagnostic System runbook. |
array of UnboundedKeyValuePair | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value OdsRunbookInvocation | string | |
| runbook_name | Name of runbook object The property is read-only, used for querying result. |
string | Readonly |
| runbook_path | Path of runbook object The policy path of runbook object. |
string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| target_node | Identifier of an appliance node or transport node Identifier of an appliance node or transport node where the execution of an Online Diagnostic System runbook happens. If unspecified, the runbook execution will happen at a random appliance node. |
string | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
OdsRunbookInvocationArtifactBatchRequest (schema)
Batched request for collecting artifacts of runbook invocations.
Batched request for collecting artifacts of Online Diagnostic System invocations.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| invocation_paths | List of invocation path for artifact collection This array can consist of one or more policy paths. Only policy paths of Ods invocations are allowed. |
array of string | Required Minimum items: 1 Maximum items: 500 |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value OdsRunbookInvocationArtifactBatchRequest | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
OidcEndPoint (schema)
OpenID Connect end-point
OpenID Connect end-point specifying where to fetch the JWKS document used to
validate JWT tokens for TokenBasedPrincipalIdentities.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| authorization_endpoint | Authorization endpoint The URL of the OpenID provider's authorization endpoint. |
string | Readonly |
| claim_map | Map from ID token claims to NSX roles Configuration for mapping claims in OIDC ID tokens to NSX roles. |
array of ClaimMap | |
| claims_supported | Claims supported The list of claims that the OpenID provider supports. |
array of string | Readonly |
| client_id | OIDC Client ID The client ID for NSX to use when authenticating via this OIDC provider. This is required when oidc_type is "ws_one" or "csp". |
string | |
| client_secret | OIDC Client Secret The client secret for NSX to use when authenticating via this OIDC provider. This is required when oidc_type is "ws_one". |
secure_string | |
| csp_config | CSP-specific configuration Extra configuration specific to CSP endpoints. This property is ignored unless the oidc_type is "csp". |
CspConfig | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| end_session_endpoint_uri | OpenID session logout URI URI of the OpenID session logout end-point. |
string | Readonly Maximum length: 255 |
| id | Unique identifier of this resource | string | Sortable |
| issuer | JWT token issuer Issuer of the JWT tokens for the given type. This field is fetched from the meta-data located at the oidc_uri. |
string | Readonly |
| jwks_uri | URI of JWKS document The URI where the JWKS document is located that has the key used to validate the JWT signature. |
string | Readonly |
| name | Unique name for this OpenID Connect end-point A short, unique name for this OpenID Connect end-point. OIDC endpoint names may not contain spaces. If not provided, defaults to the ID of the OidcEndPoint. |
string | |
| oidc_type | OIDC Type Type used to distinguish the OIDC end-points by IDP. |
string | Enum: vcenter, ws_one, csp Maximum length: 255 Default: "vcenter" |
| oidc_uri | OpenID Connect URI URI of the OpenID Connect end-point. |
string | Required Maximum length: 255 |
| override_roles | Roles used instead of token roles When specified this role or roles are used instead of the nsx-role in the JWT |
array of string | Readonly |
| resource_type | Must be set to the value OidcEndPoint | string | |
| restrict_scim_search | SCIM search restriction indicator If set to true, then it is only possible to perform a SCIM search against the OIDC provider used to authenticate. If OIDC was not used to authenticate (for example, if authenticated as a local user), then this restriction does not apply. |
boolean | Default: "False" |
| scim_endpoints | SCIM endpoints The SCIM (System for Cross-domain Identity Management) endpoint URLs to use when enumerating users and groups. All endpoints will be queried to obtain user and group information. |
array of string | Readonly |
| serviced_domains | List of domains serviced by this OIDC provider When a login to NSX using a principal name of the form user@domain is attempted, the list of OIDC providers will be scanned to find one with a matching domain. If a match is found, that OIDC provider is used to authenticate the user. Each domain must be unique across all OIDC providers. If a duplicate domain is provided when adding or updating and OIDC provider, the request will be rejected. |
array of string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| thumbprint | Thumbprint Thumbprint in SHA-256 format used to verify the server certificate at the URI. |
string | Maximum length: 255 |
| token_endpoint | Token endpoint The URL of the OpenID provider's token endpoint. |
string | Readonly |
| userinfo_endpoint | Userinfo endpoint The URL of the OpenID provider's userinfo endpoint. |
string | Readonly |
OidcEndPointHealthStatus (schema)
OIDC End Point Health Status
The health status of the OIDC End Point
| Name | Description | Type | Notes |
|---|---|---|---|
| errors | Problems with OIDC endpoint health Details about errors encountered while checking the health of the OIDC endpoint. |
array of OidcHealthCheckError | |
| result | Overall result Overall result of the health check. If the check was completely successful, the status will be SUCCESS. If one or more problems were found, the status will be FAILURE and the errors property will contain more information about the failure(s). |
string | Readonly Enum: SUCCESS, FAILURE |
OidcEndPointListRequestParameters (schema)
OIDC endpoint list request parameters
Parameters for filtering lists of OIDC endpoints
| Name | Description | Type | Notes |
|---|---|---|---|
| oidc_type | Type of OIDC endpoint to return Selects the type of OIDC endpoint to return in list results. |
string | Enum: vcenter, ws_one, csp |
OidcEndPointListResult (schema)
OidcEndPoint query result
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | OidcEndPoint list. | array of OidcEndPoint | Required Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
OidcHealthCheckError (schema)
Error detail about OIDC health issue
Details about an error encountered while checking OIDC End Point health status.
| Name | Description | Type | Notes |
|---|---|---|---|
| error_detail | Additional error details Additional details about the cause of the error, if any could be determined. |
string | |
| error_type | The type of error encountered A problem discovered when checking the health of the OIDC End Point. DISCOVERY_URI_FETCH_FAIL: The OIDC discovery endpoint could not be retrieved. TOKEN_RETRIEVE_FAIL: NSX was unable to retrieve a token from the OIDC End Point. Authentication to NSX using OIDC will not be possible. SCIM_SEARCH_FAIL: NSX was unable to perform a user/group search of the SCIM (System for Cross-domain Identity Management) endpoint. User and group searches will not function correctly. GENERAL_ERROR: Some general error occurred while verifying the OIDC endpoint. |
string | Enum: JWKS_URI_FETCH_FAIL, TOKEN_RETRIEVE_FAIL, SCIM_SEARCH_FAIL |
OidcRefreshParameter (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| refresh | Refresh meta-data Whether to fetch and update the OIDC meta-data. |
boolean | Default: "False" |
OnboardingAttribute (schema)
Config Onboarding Attributes
Generic config onboarding attributes in form attribute name and its
corresponding values.
| Name | Description | Type | Notes |
|---|---|---|---|
| name | Attribute name | string | Required Readonly |
| value | Attribute value | string | Readonly |
| value_type | Attribute Type | string | Readonly Enum: STRING, INTEGER, BOOLEAN Default: "STRING" |
OnboardingCompatibilityStatus (schema)
Onboarding Compatibility Status
| Name | Description | Type | Notes |
|---|---|---|---|
| OnboardingCompatibilityStatus | Onboarding Compatibility Status | string | Enum: COMPATIBLE, INCOMPATIBLE |
OnboardingConflictStatus (schema)
Onboarding Conflict Status
| Name | Description | Type | Notes |
|---|---|---|---|
| OnboardingConflictStatus | Onboarding Conflict Status | string | Enum: NO_CONFLICTS, CONFLICT_DETECTED |
OnboardingFeatureInfo (schema)
Onboarding Feature Information
Feature information currently under process or refered to.
| Name | Description | Type | Notes |
|---|---|---|---|
| name | Feature Name | string | Readonly |
| path | Resource Path | string | Readonly |
| resource_type | Resource Type | string | Readonly |
OnboardingStage (schema)
Config onboarding stage
Represents intermediate on-boarding stages on global manager or
corresponding site manager.
| Name | Description | Type | Notes |
|---|---|---|---|
| OnboardingStage | Config onboarding stage Represents intermediate on-boarding stages on global manager or corresponding site manager. |
string | Enum: LM_MIGRATION, LM_SYNCHRONIZATION, GM_PERSISTENCE, GM_TRANSFORMATION, GM_PROCESSING_DONE, GM_ROLLBACK, GM_ROLLBACK_DONE |
OnboardingStatus (schema)
Onboarding Status
| Name | Description | Type | Notes |
|---|---|---|---|
| OnboardingStatus | Onboarding Status | string | Enum: ALLOWED, BLOCKED_FEATURE_CHECK, BLOCKED_CONFIG_CONFLICT_CHECK, BLOCKED_SITE_RESTORE_PENDING, BLOCKED_FULLSYNC_PENDING, BLOCKED_USER_REJECT, BLOCKED_SITE_NOT_REACHABLE, CONTINUE_RESOLUTION_NEEDED, IN_PROGRESS, FAILED_GM_ROLLBACK_IN_PROGRESS, SUCCESS |
OpenLdapIdentitySource (schema)
An OpenLDAP identity source service
An identity source service that runs OpenLDAP. The service allows selected user accounts defined in OpenLDAP to log into and access NSX-T.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| alternative_domain_names | Additional domains to be directed to this identity source After parsing the "user@domain", the domain portion is used to select the LDAP identity source to use. Additional domains listed here will also be directed to this LDAP identity source. In Active Directory these are sometimes referred to as Alternative UPN Suffixes. |
array of string | |
| base_dn | DN of subtree for user and group searches The subtree of the LDAP identity source to search when locating users and groups. |
string | Required |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| domain_name | Authentication domain name The name of the authentication domain. When users log into NSX using an identity of the form "user@domain", NSX uses the domain portion to determine which LDAP identity source to use. |
string | Required |
| id | Unique identifier of this resource | string | Sortable |
| ldap_servers | LDAP servers for this identity source The list of LDAP servers that provide LDAP service for this identity source. Currently, only one LDAP server is supported. |
array of IdentitySourceLdapServer | Maximum items: 3 |
| resource_type | Must be set to the value OpenLdapIdentitySource | string | Required Enum: ActiveDirectoryIdentitySource, OpenLdapIdentitySource |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
OperationVerticalConfig (schema)
Operation Vertical Config
The details of disabled operation verticals
| Name | Description | Type | Notes |
|---|---|---|---|
| latency_stat_disabled | A flag to indicate whether the latency stat feature is disabled. When this flag is set to true, the latency stat feature is disabled. It is due to the SmartNIC backed DVS existing in Policy Manager. The latency has special GENEVE option to carry Latency information. But the hardware doesn't support it. |
boolean | Readonly |
| live_trace_disabled | A flag to indicate whether the live trace feature is disabled. When this flag is set to true, the live trace feature is disabled. It is due to the SmartNIC backed DVS existing in Policy Manager. The live trace has a special Geneve option in the header. But the hardware doesn't support it. |
boolean | Readonly |
OpsGlobalConfig (schema)
Global Operations configuration
Global Operations configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| in_band_network_telementry | The details of INT global configurations Specify the In-band network telemetry (INT) configuration config in a NSX domain. Set(resp. Unset) this configuration to enable(resp. disable) traceflow on VLAN logical network. |
DscpIndicator (Abstract type: pass one of the following concrete types) DscpBit DscpValue |
|
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| operation_collectors | Operation global collector config The operation collector is defined to receive stats from hosts. The VRNI and WAVE_FRONT collector type can be defined to collect the metric data. The WAVE_FRONT collector type can only be used in VMC mode. |
array of GlobalCollectorConfig (Abstract type: pass one of the following concrete types) VrniGlobalCollector WaveFrontGlobalCollector |
|
| operation_feature_disabled | The details of disabled operation verticals Specify the disabled operation verticals. The True status indicates the certain operation vertical is not supported. And the detail reason is exposed on the corresponding API side. |
OperationVerticalConfig | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value OpsGlobalConfig | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
Org (schema)
Policy Org
Org is created by infra provider.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value Org | string | |
| short_id | Identifier to use when displaying org context in logs Defaults to id if id is less than equal to 8 characters or defaults to random generated id if not set. |
string | Maximum length: 8 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
OrgRoot (schema)
OrgRoot
OrgRoot space related policy multi tenancy.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| connectivity_strategy | Connectivity strategy used by this tenant The connectivity strategy is deprecated. Use default layer3 rule, /infra/domains/default/security-policies/default-layer3-security-policy/rules/default-layer3-rule. This field indicates the default connectivity policy for the infra or tenant space WHITELIST - Adds a default drop rule. Administrator can then use "allow" rules (aka whitelist) to allow traffic between groups BLACKLIST - Adds a default allow rule. Admin can then use "drop" rules (aka blacklist) to block traffic between groups WHITELIST_ENABLE_LOGGING - Whitelising with logging enabled BLACKLIST_ENABLE_LOGGING - Blacklisting with logging enabled NONE - No default rules are added. |
string | Deprecated Enum: WHITELIST, BLACKLIST, WHITELIST_ENABLE_LOGGING, BLACKLIST_ENABLE_LOGGING, NONE |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value OrgRoot | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
OspfAreaConfig (schema)
OSPF Area config
Contains OSPF Area configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| area_id | OSPF area id OSPF area-id either in decimal or dotted format. |
string | Required |
| area_type | OSPF area type Configures OSPF area with defined area type. If area_type field not specified, default is NSSA. |
string | Enum: NORMAL, NSSA Default: "NORMAL" |
| authentication | OSPF area authentication configuration Enables/Disables authentication for an OSPF area. |
OspfAuthenticationConfig | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value OspfAreaConfig | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
OspfAuthenticationConfig (schema)
OSPF Authentication Configuration
Enables OSPF authentication with specified mode and password.
| Name | Description | Type | Notes |
|---|---|---|---|
| key_id | Authentication secret key id Authentication secret key id is mandatory for type md5 with min value of 1 and max value 255. |
integer | Minimum: 1 Maximum: 255 |
| mode | Authentication mode If mode is MD5 or PASSWORD, Authentication secret key is mandatory if mode is NONE, then authentication is disabled. |
string | Enum: NONE, PASSWORD, MD5 Default: "NONE" |
| secret_key | Authentication secret key Authentication secret is mandatory for type password and md5 with min length of 1 and max length 8. |
secure_string |
OspfRoutingConfig (schema)
OSPF routing config
Contains OSPF routing configurations.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| default_originate | Flag to enable/disable advertisement of default route Flag to enable/disable advertisement of default route into OSPF domain. The default route should be present in the edge only then it redistributes the same into OSPF domain only if this flag is set to TRUE. |
boolean | Default: "False" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| ecmp | Flag to enable ECMP Flag to enable ECMP. |
boolean | Default: "True" |
| enabled | Flag to enable OSPF routing protocol Flag to enable OSPF routing protocol. Disabling will stop feature and OSPF peering. |
boolean | Default: "False" |
| graceful_restart_mode | OSPF Graceful Restart Mode Configuration Configuration field to hold OSPF Restart mode . |
string | Enum: DISABLE, HELPER_ONLY Default: "HELPER_ONLY" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value OspfRoutingConfig | string | |
| summary_addresses | List of OSPF summary address configuration to summarize external routes List of summary address configruation to summarize or filter external routes based on the setting of advertise flag in each OspfSummaryAddressConfig |
array of OspfSummaryAddressConfig | Maximum items: 1000 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
OspfSummaryAddressConfig (schema)
OSPF Summary Address Configuration
OSPF summary address configuration to summarize external routes
| Name | Description | Type | Notes |
|---|---|---|---|
| advertise | Flag to enable/disable summarization of external routes Used to filter the advertisement of external routes into the OSPF domain. Setting this field to "TRUE" will enable the summarization of external routes that are covered by ip_prefix configuration. Setting this field to "FALSE" will filter the advertisement of external routes that are covered by ip_prefix configuration. |
boolean | Default: "True" |
| prefix | OSPF Summary address in CIDR format | string | Required Format: ip-cidr-block |
OverriddenResource (schema)
Represents overridden resource information for federated entity.
Represents which federated global resources have been overrriden on
a specific Site.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| intent_path | Policy resource path of the overridden resource Policy resource path of the overridden resource. |
string | Readonly |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value OverriddenResource | string | |
| site_path | Site path Site path to the specific site that has overridden the global resource. |
string | Readonly |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
OverriddenResourceListResult (schema)
Paged Collection of OverriddenResource
Paged Collection of OverriddenResource.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | OverriddenResource list results OverriddenResource list results. |
array of OverriddenResource | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
OverrideDeleteRequestParameters (schema)
Override delete request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| force | Force delete the resource even if it is being used somewhere
If true, deleting the resource succeeds even if it is being referred as a resource reference. |
boolean | Default: "False" |
| override | Delete the locally overriden global object If true, the overridden object can be deleted locally. This will restore the global resource as the intended configuration for this site. |
boolean | Default: "False" |
OverrideListRequestParameters (schema)
Override list request parameters
Parameter to filter overridden resource list by intent path or site path or both.
| Name | Description | Type | Notes |
|---|---|---|---|
| intent_path | Global resource path | string | |
| site_path | Site path | string |
OverrideRequestParameters (schema)
Override request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| override | Locally override the global object If true, the global resource can be over written locally. This means that there will be a local only resource in place of the global resource that can reflect local specific settings and values. The global object will continue to exist but will not be used for any configuration until this local object is removed. When the object is overridden the Global resource continues to exist unmodified, while the overridden object is created with all of the user specified values. The Global resource may be updated in the background, however, the overridden object may only be updated by the user. Once the user removes the overridden copy, the Global resource will then resume being used in the configuration. |
boolean | Default: "False" |
Oversubscription (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| Oversubscription | string | Enum: BYPASSED, DROPPED, INHERIT_GLOBAL |
PIServiceType (schema)
Service type supported for Principal Identities
| Name | Description | Type | Notes |
|---|---|---|---|
| PIServiceType | Service type supported for Principal Identities | string | Enum: LOCAL_MANAGER, GLOBAL_MANAGER |
PackageLoggingLevels (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| logging_level | Logging levels per package | string | Enum: OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE |
| package_name | Package name | string |
PacketAddressClassifier (schema) (Deprecated)
Address classifications for a packet
A packet is classified to have an address binding, if its address
configuration matches with all user specified properties.
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_address | A single IP address or a subnet, e.g. x.x.x.x or x.x.x.x/y | IPElement | |
| mac_address | A single MAC address | MACAddress | |
| vlan | VlanID |
PacketData (schema)
This is an abstract type. Concrete child types:
BinaryPacketData
FieldsPacketData
| Name | Description | Type | Notes |
|---|---|---|---|
| frame_size | Requested total size of the (logical) packet in bytes If the requested frame_size is too small (given the payload and traceflow metadata requirement of 16 bytes), the traceflow request will fail with an appropriate message. The frame will be zero padded to the requested size. |
integer | Minimum: 60 Maximum: 1000 Default: "128" |
| resource_type | Packet configuration | string | Required Enum: BinaryPacketData, FieldsPacketData Default: "FieldsPacketData" |
| routed | Awareness of logical routing When this flag is set, traceflow packet will have its destination overwritten as the gateway address of the logical router to which the source logical switch is connected. More specifically: - For ARP request, the target IP will be overwritten as gateway IP if the target IP is not in the same subnet of gateway. - For ARP response, the target IP and destination MAC will be overwritten as gateway IP/MAC respectively, if the target IP is not in the same subnet of gateway. - For IP packet, the destination MAC will be overwritten as gateway MAC. |
boolean | |
| transport_type | Transport type of the traceflow packet This type takes effect only for IP packet. |
string | Enum: BROADCAST, UNICAST, MULTICAST, UNKNOWN Default: "UNICAST" |
PacketTypeAndCounter (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| counter | The number of packets. | integer | Required |
| packet_type | The type of the packets | string | Required |
PacketsDroppedBySecurity (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| bpdu_filter_dropped | The number of packets dropped by "BPDU filter". | integer | |
| dhcp_client_dropped_ipv4 | The number of IPv4 packets dropped by "DHCP client block". | integer | |
| dhcp_client_dropped_ipv6 | The number of IPv6 packets dropped by "DHCP client block". | integer | |
| dhcp_server_dropped_ipv4 | The number of IPv4 packets dropped by "DHCP server block". | integer | |
| dhcp_server_dropped_ipv6 | The number of IPv6 packets dropped by "DHCP server block". | integer | |
| spoof_guard_dropped | The packets dropped by "Spoof Guard"; supported packet types are IPv4, IPv6, ARP, ND, non-IP. | array of PacketTypeAndCounter |
PartialPatchConfig (schema)
Contains configuration for Partial patch.
This object allows enabling or disabling of partial patch functionality.
Enabling partial patch allows patching of a subset of the fields of any object.
After enabling partial patching, any object payload provided will be merged with the existing object payload.
Note that while all mandatory fields are expected to be provided during the creation of any object,
enabling partial patch will allow patching of existing objects with a subset of mandatory fields.
| Name | Description | Type | Notes |
|---|---|---|---|
| enable_partial_patch | This object will contain the partial patch configuration. boolean value used to enable/disable partial patch |
boolean | Required |
PasswordAuthenticationScheme (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| identity_file | SSH private key file name | string | |
| password | Password to authenticate with | string | |
| scheme_name | Authentication scheme name | string | Required Enum: password, key |
| username | User name to authenticate with | string | Required Pattern: "^.+$" |
PasswordComplexityProperties (schema)
Configurable properties of password complexity requirement for the NSX node
Configurable properties of password complexity requirement for the NSX node.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _retry_prompt | Prompt user at most N times before returning with error. | integer | Readonly Default: "3" |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| digits | Number of digits in password Number of digits (0..9) expected in user password. N < 0, to set minimum credit for having digits in the new password, i.e.
N > 0, to set maximum credit for having digits in the new password, i.e.
N = 0, policy will be not applicable. By default minimum 1 digit is required for a new password. |
integer | Minimum: -128 Maximum: 128 Default: "-1" |
| hash_algorithm | Hash algorithm Sets hash/cryptographic algorithm type for new passwords. |
string | Enum: sha512, sha256 Default: "sha512" |
| lower_chars | Number of lower-case characters in password Number of lower case characters (a..z) expected in user password. N < 0, to set minimum credit for having lower case characters in the new password, i.e.
N > 0, to set maximum credit for having lower case characters in the new password, i.e.
N = 0, policy will be not applicable. By default minimum 1 lower case character is required for a new password. |
integer | Minimum: -128 Maximum: 128 Default: "-1" |
| max_repeats | Number of same consecutive characters Reject passwords which contain more than N same consecutive characters, like aaa or 7777. To disable the check, value should be set to 0. |
integer | Minimum: 0 Maximum: 128 Default: "0" |
| max_sequence | Length of permissible monotonic sequence in password substring Reject passwords which contain more than N monotonic character sequences. Monotonic sequences can be '12345' or 'fedcb'. To disable the check, value should be set to 0. |
integer | Minimum: 0 Maximum: 128 Default: "0" |
| maximum_password_length | Maximum password length Maximum number of characters allowed in password; user can not set their password of length greater than this parameter. By default maximum length of password is 128 characters. |
integer | Minimum: 8 Maximum: 128 Default: "128" |
| minimum_password_length | Minimum password length Minimum number of characters expected in password; user can not set their password of length less than this parameter. NOTE, for existing users upgrading to NSX-T datacenter version 4.0 or above - if existing appliance is configured with VMware recommends to set strong passwords for systems and appliances, further
If any existing user passwords are set with length of less than newly configured
If existing By default minimum length of password is 12 characters and passwords less than 8 characters are never allowed. |
integer | Minimum: 8 Maximum: 128 Default: "12" |
| minimum_unique_chars | Number of unique characters from old password Number of character changes in the new password that differentiate it from the old password. To disable the check, value should be set to 0. |
integer | Minimum: 0 Maximum: 128 Default: "0" |
| password_remembrance | Password remembrance from previous generations Limit using a password that was used in past; users can not set the same password within the N generations. To disable the check, value should be set to 0. |
integer | Minimum: 0 Default: "0" |
| special_chars | Number of special characters in password Number of special characters (!@#$&*..) expected in user password. N < 0, to set minimum credit for having special characters in the new password, i.e.
N > 0, to set maximum credit for having special characters in the new password, i.e.
N = 0, policy will be not applicable. By default minimum 1 special character is required for a new password. |
integer | Minimum: -128 Maximum: 128 Default: "-1" |
| upper_chars | Number of upper-case characters in password Number of upper case characters (A..Z) expected in user password. N < 0, to set minimum credit for having upper case characters in the new password, i.e.
N > 0, to set maximum credit for having upper case characters in the new password, i.e.
N = 0, policy will be not applicable. By default minimum 1 upper case character is required for a new password. |
integer | Minimum: -128 Maximum: 128 Default: "-1" |
PatchResources (schema)
Patch Resources
Patch Resources is an action to create/patch resources in response to an event.
| Name | Description | Type | Notes |
|---|---|---|---|
| body | Body Patch body representing a Hierarchical Patch payload. The resources included in the body are patched replacing the injections' keys with their actual values. |
object | Required |
| injections | Injections Injections holding keys (variables) and their corresponding values. |
array of Injection | Minimum items: 1 |
| resource_type | Must be set to the value PatchResources | string | Required Enum: PatchResources, SetFields |
PathExpression (schema)
Path expression node
Represents policy path expressions in the form of an array, to support addition of objects like groups, segments and policy logical ports in a group.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| paths | Array of policy paths This array can consist of one or more policy paths. Only policy paths of groups, segments and policy logical ports are allowed. |
array of string | Required Minimum items: 1 |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PathExpression | string | Required Enum: Condition, ConjunctionOperator, NestedExpression, IPAddressExpression, MACAddressExpression, ExternalIDExpression, PathExpression, IdentityGroupExpression |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PathPermissionGroup (schema)
RBAC Objects qualifier
| Name | Description | Type | Notes |
|---|---|---|---|
| object_path | Full Object Path | string | Required |
| operation | Allowed operation | string | Required Enum: crud, read, execute, none |
PeerCertificateChain (schema)
A peer's certificate chain
The certificate chain presented by a remote TLS service.
| Name | Description | Type | Notes |
|---|---|---|---|
| details | List of X509Certificates. | array of X509Certificate | Readonly |
| pem_encoded | PEM encoded certificate data. | string | Required |
PemFile (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| file | file data | multipart_file | Required |
PendingChangesInfoNsxT (schema)
NSX-T Pending Change Info
Information about recent changes, if any, that are not reflected in the Enforced Realized Status.
| Name | Description | Type | Notes |
|---|---|---|---|
| pending_changes_flag | Pending Changes Flag Flag describing whether there are any pending changes that are not reflected in the status. |
boolean | Readonly |
PerStepRestoreStatus (schema)
Restore step status
| Name | Description | Type | Notes |
|---|---|---|---|
| description | A description of the restore status | string | Required Readonly |
| value | Per step restore status value | string | Required Readonly Enum: INITIAL, RUNNING, SUSPENDED_BY_USER, SUSPENDED_FOR_USER_ACTION, FAILED, SUCCESS |
PhonehomeCoordinatorServiceProperties (schema)
Phonehome Coordinator service properties
| Name | Description | Type | Notes |
|---|---|---|---|
| logging_level | Service logging level | string | Enum: OFF, FATAL, ERROR, WARN, INFO, DEBUG, TRACE Default: "INFO" |
PlainFilterData (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| basic_filter | Basic RCF rule for packet filter | string | |
| extend_filter | Extended RCF rule for packet filter | string | |
| resource_type | Must be set to the value PlainFilterData | string | Required Enum: FieldsFilterData, PlainFilterData Default: "FieldsFilterData" |
PointDefinition (schema)
Definition of a point of graph
Defines the point of a graph.
| Name | Description | Type | Notes |
|---|---|---|---|
| drilldown_id | Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget. |
string | |
| field | Expression for points of the graph An expression that represents the points of the graph |
string | Required |
| navigation | Navigation to a specified UI page Hyperlink of the specified UI page that provides details. |
string | Maximum length: 1024 |
| tooltip | Multi-line tooltip Multi-line text to be shown on tooltip while hovering over the point of a graph. |
array of Tooltip | Minimum items: 0 |
| x_value | Variable chosen for X value of the point of the graph Represents the variable for the X value of points that are plotted on the graph. |
string | Required |
| y_value | Variable chosen for Y value of the point of the graph Represents the variable for the Y value of points that are plotted on the graph. |
string | Required |
Policy (schema)
Contains ordered list of Rules
Ordered list of Rules. This object is created by default along with the Domain.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| category | A way to classify a security policy, if needed. - Distributed Firewall - Policy framework provides five pre-defined categories for classifying a security policy. They are "Ethernet","Emergency", "Infrastructure" "Environment" and "Application". There is a pre-determined order in which the policy framework manages the priority of these security policies. Ethernet category is for supporting layer 2 firewall rules. The other four categories are applicable for layer 3 rules. Amongst them, the Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a security policy into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four categories. - Edge Firewall - Policy Framework for Edge Firewall provides six pre-defined categories "Emergency", "SystemRules", "SharedPreRules", "LocalGatewayRules", "AutoServiceRules" and "Default", in order of priority of rules. All categories are allowed for Gatetway Policies that belong to 'default' Domain. However, for user created domains, category is restricted to "SharedPreRules" or "LocalGatewayRules" only. Also, the users can add/modify/delete rules from only the "SharedPreRules" and "LocalGatewayRules" categories. If user doesn't specify the category then defaulted to "Rules". System generated category is used by NSX created rules, for example BFD rules. Autoplumbed category used by NSX verticals to autoplumb data path rules. Finally, "Default" category is the placeholder default rules with lowest in the order of priority. |
string | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| comments | SecurityPolicy lock/unlock comments Comments for security policy lock/unlock. |
string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| internal_sequence_number | Internal sequence number This field is to indicate the internal sequence number of a policy with respect to the policies across categories. |
int | Readonly |
| is_default | Default policy flag A flag to indicate whether policy is a default policy. |
boolean | Readonly |
| lock_modified_by | User who locked the security policy ID of the user who last modified the lock for the secruity policy. |
string | Readonly |
| lock_modified_time | SecuirtyPolicy locked/unlocked time SecurityPolicy locked/unlocked time in epoch milliseconds. |
EpochMsTimestamp | Readonly |
| locked | Lock a security policy Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy. Once the user releases the lock, other users can update this security policy. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value Policy | string | |
| rule_count | Rule count The count of rules in the policy. |
int | Readonly |
| scheduler_path | Path to the scheduler for time based scheduling Provides a mechanism to apply the rules in this policy for a specified time duration. |
string | |
| scope | The list of group paths where the rules in this policy will get
applied. This scope will take precedence over rule level scope. Supported only for security and redirection policies. In case of RedirectionPolicy, it is expected only when the policy is NS and redirecting to service chain. |
array of string | Maximum items: 128 |
| sequence_number | Sequence number to resolve conflicts across Domains This field is used to resolve conflicts between security policies across domains. In order to change the sequence number of a policy one can fire a POST request on the policy entity with a query parameter action=revise The sequence number field will reflect the value of the computed sequence number upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several security policies, the only way to set the sequence number is to explicitly specify the sequence number for each security policy. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple policies with the same sequence number then their order is not deterministic. If a specific order of policies is desired, then one has to specify unique sequence numbers or use the POST request on the policy entity with a query parameter action=revise to let the framework assign a sequence number. The value of sequence number must be between 0 and 999,999. |
int | Minimum: 0 |
| stateful | Stateful nature of the entries within this security policy. Stateful or Stateless nature of security policy is enforced on all rules in this security policy. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Layer3 security policies can be stateful or stateless. By default, they are stateful. Layer2 security policies can only be stateless. |
boolean | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_strict | Enforce strict tcp handshake before allowing data packets Ensures that a 3 way TCP handshake is done before the data packets are sent. tcp_strict=true is supported only for stateful security policies. If the tcp_strict flag is not specified and the security policy is stateful, then tcp_strict will be set to true. |
boolean | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PolicyAdvertisedNetwork (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| network | Advertised Network Advertised network address. |
string | Required Readonly |
| rule_filter_type | Advertised rule filter type Advertised rule filter type |
string | Readonly |
| status | Advertisement status of network advertisement status of network to connected gateway SUCCESS - network route successfully plumbed on target gateway DENIED_BY_TARGET_GATEWAY - network denied by target gateway because of in filter rules or missing inter vrf config |
string | Readonly |
PolicyAdvertisedNetworkInCsvFormat (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| file_name | File name File name set by HTTP server if API returns CSV result as a file. |
string | |
| results | array of AdvertisedNetworkCsvRecord | Readonly |
PolicyAdvertisedNetworksListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | List of advertised networks List of networks which advertised to connected gateway |
array of PolicyAdvertisedNetwork | Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
PolicyAlarmResource (schema)
Alarm base class of realized policy object
Alarm base class of realized policy object
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| error_details | Detailed information about errors from an API call made to the enforcement point, if any. | PolicyApiError | |
| id | Unique identifier of this resource | string | Sortable |
| message | error message to describe the issue | string | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicyAlarmResource | string | |
| source_reference | path of the object on which alarm is created | string | |
| source_site_id | source site(LM) id. This field will refer to the source site on which the alarm is generated. This field is populated by GM, when it receives corresponding notification from LM. |
string | Readonly |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PolicyAlarmResourceListRequestParameters (schema)
PolicyAlarmResource list request parameters
PolicyAlarmResource list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
PolicyAlarmResourceListResult (schema)
PolicyAlarmResource list result
PolicyAlarmResource list result
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paged Collection of PolicyAlarmResources List of alarm resources |
array of PolicyAlarmResource | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
PolicyApiError (schema)
Detailed information about an API Error
| Name | Description | Type | Notes |
|---|---|---|---|
| details | Further details about the error | string | |
| error_code | A numeric error code | integer | |
| error_data | Additional data about the error | object | |
| error_message | A description of the error | string | |
| module_name | The module name where the error occurred | string | |
| related_errors | Other errors related to this error | array of PolicyRelatedApiError |
PolicyArpProxyEntry (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| arp_proxy_ip | Array of ARP proxy service address ARP proxy information for a service with ip. |
array of IPAddress | Readonly |
| service_id | Service type id Identifier of connected service on port. |
string | Readonly |
PolicyArpProxyTableCsvListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| file_name | File name File name set by HTTP server if API returns CSV result as a file. |
string | |
| results | array of InterfaceArpProxyCsvEntry |
PolicyArpProxyTableListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paginated list of Gateway interface ARP proxy tables | array of InterfaceArpProxy | Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
PolicyAttributes (schema)
Policy Attributes data holder
| Name | Description | Type | Notes |
|---|---|---|---|
| attribute_source | Source of attribute value i.e whether system defined or custom value | string | Enum: SYSTEM, CUSTOM Default: "SYSTEM" |
| custom_url_partial_match | true value would be treated as a partial match for custom url True value for this flag will be treated as a partial match for custom url |
boolean | Default: "True" |
| datatype | Datatype for attribute | string | Required Enum: STRING |
| description | Description for attribute value | string | |
| isALGType | Is the value ALG type Describes whether the APP_ID value is ALG type or not. |
boolean | |
| key | Key for attribute URL_Reputation is currently not available. Please do not use it in Attribute Key while creating context profile |
string | Required Enum: APP_ID, DOMAIN_NAME, URL_CATEGORY, URL_REPUTATION, CUSTOM_URL |
| metadata | Provide additional meta information about key/values This is optional part that can hold additional data about the attribute key/values. Example - For URL CATEGORY key , it specified super category for url category value. This is generic array and can hold multiple meta information about key/values in future |
array of ContextProfileAttributesMetadata | |
| sub_attributes | Reference to sub attributes for the attribute | array of PolicySubAttributes | |
| value | Value for attribute key Multiple attribute values can be specified as elements of array. |
array of string | Required Minimum items: 1 |
PolicyBasedIPSecVpnSession (schema)
Policy based VPN session
A Policy Based VPN requires to define protect rules that match local and peer subnets. IPSec security associations is negotiated for each pair of local and peer subnet.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| authentication_mode | Authentication Mode Peer authentication mode. PSK - In this mode a secret key shared between local and peer sites is to be used for authentication. The secret key can be a string with a maximum length of 128 characters. CERTIFICATE - In this mode a certificate defined at the global level is to be used for authentication. |
string | Enum: PSK, CERTIFICATE Default: "PSK" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| compliance_suite | Compliance suite Compliance suite. |
string | Enum: CNSA, SUITE_B_GCM_128, SUITE_B_GCM_256, PRIME, FOUNDATION, FIPS, NONE |
| connection_initiation_mode | Connection initiation mode Connection initiation mode used by local endpoint to establish ike connection with peer site. INITIATOR - In this mode local endpoint initiates tunnel setup and will also respond to incoming tunnel setup requests from peer gateway. RESPOND_ONLY - In this mode, local endpoint shall only respond to incoming tunnel setup requests. It shall not initiate the tunnel setup. ON_DEMAND - In this mode local endpoint will initiate tunnel creation once first packet matching the policy rule is received and will also respond to incoming initiation request. |
string | Enum: INITIATOR, RESPOND_ONLY, ON_DEMAND Default: "INITIATOR" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| dpd_profile_path | Dead peer detection (DPD) profile path Policy path referencing Dead Peer Detection (DPD) profile. Default is set to system default profile. |
string | |
| enabled | Enable/Disable IPSec VPN session Enable/Disable IPSec VPN session. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| ike_profile_path | Internet key exchange (IKE) profile path Policy path referencing IKE profile to be used. Default is set according to system default profile. |
string | |
| local_endpoint_path | Local endpoint path Policy path referencing Local endpoint. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided. |
string | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| peer_address | IPV4 or IPV6 address of peer endpoint on remote site Public IPV4 or IPV6 address of the remote device terminating the VPN connection. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided. Please note that configuring peer_address as IPv6 address is not supported in the deprecated IPSecVpnSession Patch/PUT APIs. |
IPAddress | |
| peer_id | Peer id Peer ID to uniquely identify the peer site. The peer ID is the public IP address of the remote device terminating the VPN tunnel. When NAT is configured for the peer, enter the private IP address of the peer. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided. |
string | |
| psk | Pre-shared key IPSec Pre-shared key. Maximum length of this field is 128 characters. |
secure_string | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicyBasedIPSecVpnSession | IPSecVpnSessionResourceType | Required |
| rules | Rules | array of IPSecVpnRule | Required Minimum items: 1 |
| site_overrides | SiteOverride list A collection of site specific attributes specificed only on GM |
array of SiteOverride | Maximum items: 128 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_mss_clamping | TCP MSS Clamping TCP Maximum Segment Size Clamping Direction and Value. |
TcpMaximumSegmentSizeClamping | |
| tunnel_profile_path | IPSec tunnel profile path Policy path referencing Tunnel profile to be used. Default is set to system default profile. |
string | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PolicyBasedL3VpnSession (schema) (Deprecated)
Policy based L3Vpn Session
A Policy-based L3Vpn session is a configuration in which a specific vpn tunnel is
referenced in a policy whose action is set as tunnel.
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_type | Must be set to the value PolicyBasedL3VpnSession | L3VpnSessionResourceType | Required |
| rules | L3Vpn Rules L3Vpn rules that are specific to the L3Vpn. Only L3Vpn rules with PROTECT action are supported. |
array of L3VpnRule |
PolicyBgpNeighborStatus (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| address_families | Address families of BGP neighbor Address families of BGP neighbor |
array of BgpAddressFamily | Readonly |
| announced_capabilities | BGP capabilities sent to BGP neighbor. | array of string | Readonly |
| connection_drop_count | Count of connection drop | integer | Readonly |
| connection_state | Current state of the BGP session. | string | Readonly Enum: INVALID, IDLE, CONNECT, ACTIVE, OPEN_SENT, OPEN_CONFIRM, ESTABLISHED, UNKNOWN |
| edge_path | Transport node policy path | string | |
| established_connection_count | Count of connections established | integer | Readonly |
| graceful_restart_mode | Graceful restart mode Current state of graceful restart of BGP neighbor. Possible values are - 1. GR_AND_HELPER - Graceful restart with Helper 2. HELPER_ONLY - Helper only 3. DISABLE - Disabled |
string | Readonly |
| hold_time | Time in ms to wait for HELLO from BGP peer. If a HELLO packet is not seen from BGP Peer withing hold_time then BGP neighbor will be marked as down. |
integer | Readonly |
| keep_alive_interval | Time in ms to wait for HELLO packet from BGP peer | integer | Readonly |
| last_update_timestamp | Timestamp indicating last update time of data Timestamp when the data was last updated, unset if data source has never updated the data. |
EpochMsTimestamp | Readonly |
| local_port | TCP port number of Local BGP connection | integer | Readonly Minimum: 1 Maximum: 65535 |
| messages_received | Count of messages received from the neighbor | integer | Readonly |
| messages_sent | Count of messages sent to the neighbor | integer | Readonly |
| negotiated_capability | BGP capabilities negotiated with BGP neighbor. | array of string | Readonly |
| neighbor_address | The IP of the BGP neighbor | IPAddress | Readonly |
| neighbor_router_id | Router ID of the BGP neighbor. | string | Readonly |
| remote_as_number | AS number of the BGP neighbor | string | Readonly |
| remote_port | TCP port number of remote BGP Connection | integer | Readonly Minimum: 1 Maximum: 65535 |
| remote_site | Remote site Remote site details. |
ResourceReference | Readonly |
| source_address | The Ip address of logical port | IPAddress | Readonly |
| tier0_path | Policy path to Tier0 | string | Required Readonly |
| time_since_established | Time(in seconds) since connection was established. | integer | Readonly |
| total_in_prefix_count | Count of in prefixes Sum of in prefixes counts across all address families. |
integer | Readonly |
| total_out_prefix_count | Count of out prefixes Sum of out prefixes counts across all address families. |
integer | Readonly |
| type | BGP neighbor type BGP neighbor type |
string | Readonly Enum: INTER_SR, USER |
PolicyBgpNeighborsStatusListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Status of BGP neighbors of the Tier0 | array of PolicyBgpNeighborStatus | Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
PolicyComplianceStatus (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| last_updated_time | Timestamp of last update | EpochMsTimestamp | Readonly |
| non_compliant_configs | List of non compliant configuration and impacted services | array of PolicyNonCompliantConfig | Readonly |
PolicyConfigResource (schema)
Represents an object on the desired state
Represents an object on the desired state.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicyConfigResource | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PolicyContainerGroupMemberDetails (schema)
Group member details
Details of the member belonging to a Group
| Name | Description | Type | Notes |
|---|---|---|---|
| cluster | array of ClusterMemberDetails | Required |
PolicyContainerGroupMembersListResult (schema)
Group members list result
Paginated collection of pods belonging to a Group.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paged Collection of pods that belong to the given Group | array of PolicyContainerGroupMemberDetails | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
PolicyContextProfile (schema)
Policy Context Profile entity
An entity that encapsulates attributes and sub-attributes of various
network services (eg. L7 services, domain name, encryption algorithm)
The entity will be consumed in firewall rules and can be added in new
tuple called profile in firewall rules. To get a list of supported
attributes and sub-attributes fire the following REST API
GET https://<policy-mgr>/policy/api/v1/infra/context-profiles/attributes
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| attributes | Array of Policy Context Profile attributes Property containing attributes/sub-attributes for Policy Context Profile. |
array of PolicyAttributes | Required |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicyContextProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PolicyContextProfileListRequestParameters (schema)
Policy Context Profile list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
PolicyContextProfileListResult (schema)
List result of PolicyContextProfiles
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paged collection of PolicyContextProfiles | array of PolicyContextProfile | Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
PolicyCustomAttributes (schema)
Policy Custom Attributes data holder
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| attribute_source | Source of attribute value i.e whether system defined or custom value | string | Enum: CUSTOM, SYSTEM Default: "CUSTOM" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| datatype | Datatype for attribute | string | Required Enum: STRING |
| description | Description for attribute value | string | |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| key | Key for attribute Policy Custom Attribute Key |
string | Required Enum: DOMAIN_NAME, CUSTOM_URL |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| metadata | Provide additional meta information about key/values This is optional part that can hold additional data about the attribute key/values. Example - For Custom URL key , it specified url type for url value. This is generic array and can hold multiple meta information about key/values in future |
array of ContextProfileAttributesMetadata | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicyCustomAttributes | string | |
| sub_attributes | Reference to sub attributes for the attribute | array of PolicySubAttributes | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| value | Value for attribute key Multiple attribute values can be specified as elements of array. |
array of string | Required Minimum items: 1 |
PolicyDHGroup (schema) (Deprecated)
Diffie-Hellman groups
Diffie-Hellman groups represent algorithm used to derive shared keys between
IPSec VPN initiator and responder over an unsecured network.
GROUP2 uses 1024-bit Modular Exponentiation (MODP) group.
GROUP5 uses 1536-bit MODP group.
GROUP14 uses 2048-bit MODP group.
GROUP15 uses 3072-bit MODP group.
GROUP16 uses 4096-bit MODP group.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyDHGroup | Diffie-Hellman groups Diffie-Hellman groups represent algorithm used to derive shared keys between IPSec VPN initiator and responder over an unsecured network. GROUP2 uses 1024-bit Modular Exponentiation (MODP) group. GROUP5 uses 1536-bit MODP group. GROUP14 uses 2048-bit MODP group. GROUP15 uses 3072-bit MODP group. GROUP16 uses 4096-bit MODP group. |
string | Deprecated Enum: GROUP2, GROUP5, GROUP14, GROUP15, GROUP16 |
PolicyDnsAnswerPerEnforcementPoint (schema)
NSLookup answer per enforcement point
DNS forwarder nslookup answer per enforcement point.
| Name | Description | Type | Notes |
|---|---|---|---|
| enforcement_point_path | Enforcement point path Policy path referencing the enforcement point from where the DNS forwarder nslookup answer is fetched. |
string | Readonly |
| resource_type | Resource type Resource type of the DNS forwarder nslookup answer. |
string | Required Enum: NsxTDnsAnswer |
PolicyDnsForwarder (schema)
DNS Forwarder
Used to configure DNS Forwarder
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| cache_size | Cache size in KB Cache size in KB. |
int | Minimum: 0 Maximum: 16777216 Default: "1024" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| conditional_forwarder_zone_paths | Path of conditional DNS zones Max of 5 DNS servers can be configured |
array of string | Maximum items: 5 |
| default_forwarder_zone_path | Path of the default DNS zone. This is the zone to which DNS requests are forwarded by default |
string | Required |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | DNS forwarder enabled flag The flag, which suggests whether the DNS forwarder is enabled or disabled. The default is True. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| listener_ip | IP on which the DNS Forwarder listens. This is the IP on which the DNS Forwarder listens. |
IPv4Address | Required |
| log_level | Log level of the dns forwarder Set log_level to DISABLED will stop dumping fowarder log. |
string | Enum: DEBUG, INFO, WARNING, ERROR, FATAL Default: "INFO" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicyDnsForwarder | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PolicyDnsForwarderZone (schema)
DNS Forwarder Zone
Used to configure zones on DNS Forwarder
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| dns_domain_names | List of domain names List of domain names on which conditional forwarding is based. This field is required if the DNS Zone is being used for a conditional forwarder. This field will also be used for conditional reverse lookup. Example 1, if for one of the zones, one of the entries in the fqdn is example.com, all the DNS requests under the domain example.com will be served by the corresponding upstream DNS server. Example 2, if for one of the zones, one of the entries in the fqdn list is "13.12.30.in-addr.arpa", reverse lookup for 30.12.13.0/24 will go to the corresponding DNS server. |
array of string | |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicyDnsForwarderZone | string | |
| source_ip | Source IP used by DNS Forwarder zone The source IP used by the DNS Forwarder zone. |
IPv4Address | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| upstream_servers | DNS servers to which the DNS request needs to be forwarded Max of 3 DNS servers can be configured |
array of IPv4Address | Required Maximum items: 3 |
PolicyDnsForwarderZoneListRequestParameters (schema)
DNS Forwarder Zone list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
PolicyDnsForwarderZoneListResult (schema)
Paged Collection of DNS Forwarder Zones
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Dns Forwarder Zone list results | array of PolicyDnsForwarderZone | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
PolicyDraft (schema)
Policy draft
A draft which stores the system generated as well as user intended changes
in a hierarchical body format.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildInfra |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| is_auto_draft | Auto draft flag Flag to indicate whether draft is auto created. True indicates that the draft is an auto draft. False indicates that the draft is a manual draft. |
boolean | Readonly Default: "False" |
| lock_comments | Policy draft lock/unlock comments Comments for a policy draft lock/unlock. |
string | |
| lock_modified_by | User who locked a policy draft ID of the user who last modified the lock for a policy draft. |
string | Readonly |
| lock_modified_time | Policy draft locked/unlocked time Policy draft locked/unlocked time in epoch milliseconds. |
EpochMsTimestamp | Readonly |
| locked | Lock a policy draft Indicates whether a draft should be locked. If the draft is locked by an user, then no other user would be able to modify or publish this draft. Once the user releases the lock, other users can then modify or publish this draft. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| ref_draft_path | Path of an existing draft for reference When specified, a manual draft will be created w.r.t. the specified draft. If not specified, manual draft will be created w.r.t. the current published configuration. For an auto draft, this will always be null. |
string | |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicyDraft | string | |
| system_area | Configuration changes tracked by the system Configuration changes against the current configuration, tracked by the system. The value is stored in a hierarchical body format. |
Infra | Readonly |
| system_area_store_id | ID of the data store where system_area has stored In case of a large draft, wherein the size of system_area is so big that it can not be stored into one draft object, the data is then gets stored into multiple chunks in a draft data store. This value represents the ID of that data store. |
string | Readonly |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| user_area | User defined configuration changes These are user defined configuration changes, which are applicable only in case of manual drafts. During the publish of a draft, system_area changes gets applied first, and then these changes. The value must be in a hierarchical body format. |
Infra | |
| user_area_store_id | ID of the data store where user_area has stored In case of a large draft, wherein the size of user_area is so big that it can not be stored into one draft object, the data is then gets stored into multiple chunks in a draft data store. This value represents the ID of that data store. |
string | Readonly |
PolicyDraftListRequestParameters (schema)
Policy draft list request parameters
Request parameters to be passed while listing policy drafts.
| Name | Description | Type | Notes |
|---|---|---|---|
| auto_drafts | Fetch list of draft based on is_auto_draft flag If set to true, then only auto drafts will be get fetched. If set to false, then only manual drafts will be get fetched. If not set, then all drafts will be get fetched. |
boolean | |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
PolicyDraftListResult (schema)
Paged collection of policy drafts
This holds the list of policy drafts.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Policy drafts list results Paginated list of policy drafts. |
array of PolicyDraft | Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
PolicyDraftPaginatedAggregatedConfigurationRequestParameters (schema)
Parameters to get the paginated aggregated configuration for a draft
Parameters to get the paginated aggregated configuration for a draft.
| Name | Description | Type | Notes |
|---|---|---|---|
| request_id | Request identifier to track subsequent API calls If the initial call to get paginated aggregated configuration for a draft, returns a paginated response, then the response will contain a request_id. This identifier needs to be passed with subsequent API calls to get detailed aggregated configuration for the draft. |
string | |
| root_path | Path of the root object of subtree Policy path of the security policy. If specified with the subsequent API calls after initial call to get paginated aggregated configuration for a draft, the response will return the subtree of this security policy having all its children. If not specified, then the subsequent API calls will return all the security policies without their children, from pre-calculated aggregated configuration of a draft. This is not required for an initial call to get paginated aggregated configuration for a draft. |
string |
PolicyDraftPaginatedAggregatedConfigurationResult (schema)
Paginated result of aggregated configuration of a policy draft
Paginated result of aggregated configuration of a policy draft
| Name | Description | Type | Notes |
|---|---|---|---|
| request_id | Request identifier to keep track of result Request identifier to keep track of calculated aggregated configuration a draft during subsequent API calls after initial API call. This identifier can be use to fetch the detailed aggregated configuration at security policy level. Absence of request_id suggests that whole aggregated configuration has been returned as a response to initial API call, as the size of aggregated configuration is not big enough to need pagination. |
string | Readonly |
| result | Aggregated configuration of a draft Paginated aggregated configuration of a given draft. For an initial API call, if request_id is present in response, then this is a paginated aggregated configuration of a given draft. To get more granular aggregated configuration, request_id need to be passed to subsequent API calls. Absence of request_id suggests that whole aggregated configuration has been returned as a response to initial API call, as the size of aggregated configuration is not big enough to need pagination. |
Infra | Readonly |
PolicyEdgeCluster (schema)
Edge Cluster
Edge Cluster.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildPolicyEdgeNode |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| inter_site_forwarding_enabled | Inter site forwarding is enabled if true Flag to indicate status of inter site l2 and l3 forwarding in federation. |
boolean | Readonly |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| member_node_type | Node type of the cluster members Edge cluster is homogenous collection of transport nodes. Hence all transport nodes of the cluster must be of same type. This readonly field shows the type of transport nodes. |
EdgeClusterNodeType | Readonly |
| nsx_id | Edge Cluster UUID on NSX-T Enforcement Point UUID of Edge Cluster on NSX-T enforcement point. |
string | Readonly |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicyEdgeCluster | string | |
| rtep_ips | Remote tunnel endpoint IP addresses. List of remote tunnel endpoint ipaddress configured on edge cluster. |
array of IPAddress | Readonly |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PolicyEdgeClusterInterSiteBgpSummary (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| edge_cluster_path | Edge node path Edge cluster path whose status is being reported. |
string | Required Readonly |
| edge_nodes | Individual edge nodes status Status of all edge nodes within cluster. |
array of PolicyEdgeNodeInterSiteBgpSummary | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
PolicyEdgeClusterInterSiteStatus (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| edge_cluster_name | Edge cluster name Name of the edge cluster whose status is being reported. |
string | Readonly |
| edge_cluster_path | Edge cluster path Policy path of the edge cluster whose status is being reported. |
string | Required Readonly |
| last_update_timestamp | Last updated timestamp Timestamp when the edge cluster inter-site status was last updated. |
EpochMsTimestamp | Required Readonly |
| member_status | Per edge node inter-site status Per edge node inter-site status. |
array of PolicyEdgeClusterMemberInterSiteStatus | Readonly |
| overall_status | Overall IBGP status in the edge cluster Overall status of all edge nodes IBGP status in the edge cluster. |
string | Readonly Enum: UP, DOWN, DEGRADED, UNKNOWN |
PolicyEdgeClusterListRequestParameters (schema)
Policy Edge Cluster List Request Parameters
Policy Edge Cluster list request parameters.
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
PolicyEdgeClusterListResult (schema)
Paged Collection of Edge Cluster
Paged Collection of Edge Cluster
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Edge Cluster List Result Edge Cluster list result. |
array of PolicyEdgeCluster | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
PolicyEdgeClusterMemberInterSiteStatus (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| edge_node_path | Edge node path Edge node details from where the status is being retrived. |
ResourceReference | Required Readonly |
| established_bgp_sessions | Established inter-site IBGP sessions Total number of current established inter-site IBGP sessions. |
integer | Readonly |
| neighbor_status | BGP neighbor status Inter-site BGP neighbor status. |
array of PolicyBgpNeighborStatus | Readonly |
| status | Edge node IBGP status Edge node IBGP status |
string | Readonly Enum: UP, DOWN, DEGRADED, UNKNOWN |
| total_bgp_sessions | Total inter-site IBGP sessions Total number of inter-site IBGP sessions. |
integer | Readonly |
PolicyEdgeNode (schema)
Policy Edge Node
This object serves as a representation of the edge cluster
index to which the edge node connects. It should not be
mistaken for the edge / transport node itself. Consuming services
can refer to the nsx_id property to fetch the UUID of the
edge / transport node that is attached to this index.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| member_index | Member Index The numerical value of the member index in the edge cluster that this object represents and to which the edge node connects. |
integer | Readonly |
| nsx_id | Edge Node UUID on NSX-T Enforcement Point UUID of edge node on NSX-T enforcement point. |
string | Readonly |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicyEdgeNode | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PolicyEdgeNodeInterSiteBgpSummary (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| edge_node_path | Edge node path Edge node path whose status is being reported. |
string | Required Readonly |
| last_update_timestamp | Last updated timestamp Timestamp when the inter-site IBGP neighbors status was last updated. |
EpochMsTimestamp | Required Readonly |
| neighbor_status | Inter-site IBGP neighbors status Status of all inter-site IBGP neighbors. |
array of PolicyBgpNeighborStatus | Readonly |
PolicyEdgeNodeListRequestParameters (schema)
Edge Node List Request Parameters
Edge Node list request parameters.
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
PolicyEdgeNodeListResult (schema)
Paged Collection of Edge Node
Paged Collection of Edge Node
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Edge Node List Result Edge Node list result. |
array of PolicyEdgeNode | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
PolicyExcludeList (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| members | ExcludeList member list List of the members in the exclude list |
array of string | Required Maximum items: 100 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicyExcludeList | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PolicyExcludeListFilterRequestParams (schema)
Parameters for filtering the exclude list
Parameters for filtering the exclude list.
| Name | Description | Type | Notes |
|---|---|---|---|
| deep_check | Check all parents Deep check all parents of requested intent object, if any of them is in exclude list. If found, makes requested object as excluded. |
boolean | Default: "False" |
| enforcement_point_path | Path of the enforcement point Path of the enforcement point from where the result need to be fetched. If not provided, available enforcement point will be considered. |
string | |
| intent_path | Path of the intent object to be searched in the exclude list Path of the intent object to be searched in the exclude list. |
string | Required |
PolicyFineTuningResourceInfo (schema)
Contains the detail of resources with name and fields
It represent the resource with details of name and fields it owns.
| Name | Description | Type | Notes |
|---|---|---|---|
| fields | List of all field of any resource | array of PolicyFineTuningResourceInfoDetail | Required |
| resource_name | Resource name It will represent resource with name and fields. |
string | Required |
PolicyFineTuningResourceInfoDetail (schema)
Contains the details resources with field type and name
Contains the details of resource field
| Name | Description | Type | Notes |
|---|---|---|---|
| field_name | Resource name It will represent resource with name and fields. |
string | Required |
| sub_type | List of all field of any resource | PolicyFineTuningResourceInfo | Required |
PolicyFirewallCPUMemThresholdsProfileBindingMap (schema)
Policy DFW CPU Memory Thresholds Profile binding map
This entity will be used to establish association between CPU Memory
Thresholds Profile and Transport Node. Using this entity, user can specify
intent for applying Firewall CPU Memory Thresholds Profile to particular
transport nodes.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| applied_to | The list of targets where the profile is intended to get applied. The list of targets where the profile is intended to get applied. Valid targets are group paths. |
array of string | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| profile_path | Profile Path PolicyPath of associated Profile |
string | Required |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicyFirewallCPUMemThresholdsProfileBindingMap | string | |
| sequence_number | Sequence number of this profile binding map Sequence number is used to resolve conflicts when two profiles get applied to a single node. Lower value gets higher precedence. Two binding maps having the same profile path should have the same sequence number. |
integer | Required Minimum: 0 Maximum: 4294967295 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| transport_nodes | References of transport nodes References of transport nodes on which the profile intended to be applied. |
array of PolicyResourceReference | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PolicyFirewallCPUMemThresholdsProfileBindingMapListRequestParameters (schema)
Policy Firewall CPU Memory Thresholds Profile Binding Map list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
PolicyFirewallCPUMemThresholdsProfileBindingMapListResult (schema)
Paged collection of Firewall CPU Memory Thresholds Profile Binding Maps
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Firewall CPU Memory Thresholds Profile Binding Map list results | array of PolicyFirewallCPUMemThresholdsProfileBindingMap | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
PolicyFirewallCpuMemThresholdsProfile (schema)
Firewall CPU and memory thresholds profile
A profile holding CPU and memory thresholds configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| cpu_threshold_percentage | CPU utilization thresholds percentage CPU utilization thresholds percentage to monitor and report for distributed firewall. |
integer | Required Minimum: 10 Maximum: 100 Default: "90" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| mem_threshold_percentage | Heap memory thresholds utilization percentage Heap memory thresholds percentage to monitor and report for distributed firewall. |
integer | Required Minimum: 10 Maximum: 100 Default: "90" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicyFirewallCpuMemThresholdsProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PolicyFirewallCpuMemThresholdsProfileListResult (schema)
Paged Collection of PolicyFirewallCpuMemThresholdsProfile
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | PolicyFirewallCpuMemThresholdsProfile list results | array of PolicyFirewallCpuMemThresholdsProfile | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
PolicyFirewallFloodProtectionProfileBindingMap (schema)
Policy DFW Flood Protection Profile binding map
This entity will be used to establish association between Firewall Flood
Protection profile and Group. Using this entity, user can specify intent
for applying Firewall Flood Protection profile to particular Group.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| profile_path | Profile Path PolicyPath of associated Profile |
string | Required |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicyFirewallFloodProtectionProfileBindingMap | string | |
| sequence_number | Sequence number of this profile binding map. Sequence number is used to resolve conflicts when two profiles get applied to a single port. Lower value gets higher precedence. Two binding maps having the same profile path should have the same sequence number. |
integer | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PolicyFirewallFloodProtectionProfileBindingMapListRequestParameters (schema)
Policy Firewall Flood Protection Profile Binding Map list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
PolicyFirewallFloodProtectionProfileBindingMapListResult (schema)
Paged collection of Firewall Flood Protection Profile Binding Maps
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Firewall Flood Protection Profile Binding Map list results | array of PolicyFirewallFloodProtectionProfileBindingMap | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
PolicyFirewallIpReputationConfig (schema)
IP Reputation entity
The type used to enable/disable IP reputation feed download.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| download_frequency_in_mins | IP Reputation feed update frequency The frequency at which IP Reputation feed will be downloaded. This is a readonly field showing the current time interval in minutes. The current value is set 720 mins (12 hrs). |
int | Readonly |
| download_status | Feed download status Indicates the download status of IP reputation feed. |
string | Readonly Enum: IN_PROGRESS, COMPLETE, FAILED |
| enable_auto_download | IP reputation feed auto-download flag Property which indicates whether auto-download of IP Reputation feed is enabled or disabled. |
boolean | Required |
| id | Unique identifier of this resource | string | Sortable |
| last_feed_download | Feed download time Timestamp of the most recent successful feed download. |
EpochMsTimestamp | Readonly Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicyFirewallIpReputationConfig | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PolicyFirewallScheduler (schema)
Policy Firewall Scheduler entity
An entity that encapsulates attributes to schedule firewall rules to
be active to allow or block traffic for a specific period of time.
Note that at least one property out of "days", "start_time",
"end_time", "start_date", "end_date" is required.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| days | Days of the week Days of week on which rules will be enforced. If property is omitted, then days of the week will not considered while calculating the firewall schedule. It should not be present when the recurring flag is false. |
array of PolicyFirewallSchedulerDays | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| end_date | End date in MM/DD/YYYY End date on which schedule to end. Example, 12/22/2019. |
string | Required |
| end_time | End time If recurring field is set false, then this field must be present. The schedule will be enforced till the end time of the specified end date. If recurring field is set true, then this field should not be present. |
string | |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| recurring | Firewall schedule recurring flag Flag to indicate whether firewall schedule recurs or not. The default value is true and it should be set to false when the firewall schedule does not recur and is a one time time interval. |
boolean | Required Default: "True" |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicyFirewallScheduler | string | |
| start_date | Start date in MM/DD/YYYY Start date on which schedule to start. Example, 02/22/2019. |
string | Required |
| start_time | Start time Time in 24 hour and minutes in multiple of 30. Example, 9:00. If recurring field is set false, then this field must be present. The schedule will start getting enforced from the start time of the specified start date. If recurring field is set true, then this field should not be present. |
string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| time_interval | Recurring time interval The recurring time interval in a day during which the schedule will be applicable. It should not be present when the recurring flag is false. |
array of PolicyTimeIntervalValue | Maximum items: 1 |
| timezone | Host timezone Host Timezone to be used to enforce firewall rules. |
string | Required Enum: UTC, LOCAL |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PolicyFirewallSchedulerDays (schema)
Day on which scheduled firewall rule will be enforced
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyFirewallSchedulerDays | Day on which scheduled firewall rule will be enforced | string | Enum: SUNDAY, MONDAY, TUESDAY, WEDNESDAY, THURSDAY, FRIDAY, SATURDAY |
PolicyFirewallSchedulerDeleteRequestParameters (schema)
Policy Firewall Scheduler delete request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| force | Force delete the resource even if it is being used somewhere
If true, deleting the resource succeeds even if it is being referred as a resource reference. |
boolean | Default: "False" |
PolicyFirewallSchedulerListRequestParameters (schema)
Policy Firewall Scheduler list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
PolicyFirewallSchedulerListResult (schema)
List result of PolicyFirewallSchedulers
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paged collection of PolicyFirewallSchedulers | array of PolicyFirewallScheduler | Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
PolicyFirewallSessionTimerProfile (schema)
Policy Firewall Session timeout profile
A profile holding TCP, UDP and ICMP session timeout configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| icmp_error_reply | Timeout after ICMP error The timeout value for the connection after an ICMP error came back in response to an ICMP packet. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts. |
integer | Required Minimum: 10 Maximum: 4320000 Default: "10" |
| icmp_first_packet | First packet connection timeout The timeout value of connection in seconds after the first packet. This will be the initial timeout for the new ICMP flow. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts. |
integer | Required Minimum: 10 Maximum: 4320000 Default: "20" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicyFirewallSessionTimerProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_closed | Timeout after RST The timeout value of connection in seconds after one endpoint sends an RST. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts. |
integer | Required Minimum: 10 Maximum: 4320000 Default: "20" |
| tcp_closing | Timeout after first TN The timeout value of connection in seconds after the first FIN has been sent. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts. |
integer | Required Minimum: 10 Maximum: 4320000 Default: "120" |
| tcp_established | Connection timeout The timeout value of connection in seconds once the connection has become fully established. The default value for Edges (i.e, Gateway,or Logical Router) may be different than Distributed Firewall hosts. |
integer | Required Minimum: 120 Maximum: 4320000 Default: "43200" |
| tcp_finwait | Timeout after FINs exchanged The timeout value of connection in seconds after both FINs have been exchanged and connection is closed. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts. |
integer | Required Minimum: 10 Maximum: 4320000 Default: "45" |
| tcp_first_packet | Connection timout after first packet The timeout value of connection in seconds after the first packet has been sent. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts. |
integer | Required Minimum: 10 Maximum: 4320000 Default: "120" |
| tcp_opening | Connection timout after second packet The timeout value of connection in seconds after a second packet has been transferred. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts. |
integer | Required Minimum: 10 Maximum: 4320000 Default: "30" |
| udp_first_packet | Connection timout after first packet The timeout value of connection in seconds after the first packet. This will be the initial timeout for the new UDP flow. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts. |
integer | Required Minimum: 10 Maximum: 4320000 Default: "60" |
| udp_multiple | Timeout after hosts sent packet The timeout value of connection in seconds if both hosts have sent packets. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts. |
integer | Required Minimum: 10 Maximum: 4320000 Default: "60" |
| udp_single | Connection timeout for destination The timeout value of connection in seconds if the source host sends more than one packet but the destination host has never sent one back. The default value for Edges (i.e, Gateway, or Logical Router) may be different than Distributed Firewall hosts. |
integer | Required Minimum: 10 Maximum: 4320000 Default: "30" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PolicyFirewallSessionTimerProfileBindingMap (schema)
Policy DFW Timer Session Profile binding map
This entity will be used to establish association between Firewall Timer session
profile and Group. Using this entity, user can specify intent for applying
Firewall Timer session profile to particular Group.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| firewall_session_timer_profile_path | Firewall Session Timer Profile Path PolicyPath of associated Firewall Timer Session Profile |
string | Required |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicyFirewallSessionTimerProfileBindingMap | string | |
| sequence_number | Sequence number of this profile binding map. Sequence number is used to resolve conflicts when two profiles get applied to a single port. Lower value gets higher precedence. Two binding maps having the same profile path should have the same sequence number. |
integer | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PolicyFirewallSessionTimerProfileBindingMapListRequestParameters (schema)
Policy Firewall Session Timer Profile Binding Map list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
PolicyFirewallSessionTimerProfileBindingMapListResult (schema)
Paged collection of Firewall Session Timer Profile Binding Maps
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Firewall Session Timer Profile Binding Map list results | array of PolicyFirewallSessionTimerProfileBindingMap | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
PolicyFirewallSessionTimerProfileListRequestParameters (schema)
Policy Firewall Session timeout profile list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
PolicyFirewallSessionTimerProfileListResult (schema)
Paged Collection of Policy Firewall Session timeout profiles
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Policy Firewall Session timeout profile list results | array of PolicyFirewallSessionTimerProfile | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
PolicyGroupIPMembersListResult (schema)
Group IP members list result
Paginated collection of IP members belonging to a Group.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paged Collection of IP addresses that belong to the given Group | array of IPElement | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
PolicyGroupMemberDetails (schema)
Group member details
Details of the member belonging to a Group
| Name | Description | Type | Notes |
|---|---|---|---|
| display_name | The display name of the member on the enforcement point | string | Required Readonly |
| id | The ID of the member on the enforcement point | string | Required Readonly |
| path | The path of the member, if relevant | string | Required Readonly |
PolicyGroupMembersListResult (schema)
Group members list result
Paginated collection of members belonging to a Group.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paged Collection of members that belong to the given Group | array of PolicyGroupMemberDetails | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
PolicyGroupServiceAssociationsRequestParameters (schema)
Associations list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| intent_path | Path of the entity Path of the entity for which associated services are to be fetched. |
string | Required |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
PolicyIKEDigestAlgorithm (schema) (Deprecated)
Digest Algorithms used in IKE negotiations
The IKEDigestAlgorithms are used to verify message integrity during IKE negotiation.
SHA1 produces 160 bits hash and SHA2_XXX produces XXX bit hash.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyIKEDigestAlgorithm | Digest Algorithms used in IKE negotiations The IKEDigestAlgorithms are used to verify message integrity during IKE negotiation. SHA1 produces 160 bits hash and SHA2_XXX produces XXX bit hash. |
string | Deprecated Enum: SHA1, SHA2_256, SHA2_384, SHA2_512 |
PolicyIKEEncryptionAlgorithm (schema) (Deprecated)
Encryption algorithms used in IKE
IKEEncryption algorithms are used to ensure confidentiality of the messages
exchanged during IKE negotiations. AES stands for Advanced Encryption Standards.
AES_128 uses 128-bit keys whereas AES_256 uses 256-bit keys for encryption and
decryption. AES_128 and AES_256 use CBC mode of encryption. AES_GCM stands for
Advanced Encryption Standard(AES) in Galois/Counter Mode(GCM) and is used to
provide both confidentiality and data origin authentication. AES_GCM composed
of two separate functions one for encryption(AES) and one for authentication(GMAC).
AES_GCM algorithms will be available with IKE_V2 version only.
AES_GMAC_128 uses 128-bit keys.
AES_GMAC_192 uses 192-bit keys.
AES_GMAC_256 uses 256-bit keys.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyIKEEncryptionAlgorithm | Encryption algorithms used in IKE IKEEncryption algorithms are used to ensure confidentiality of the messages exchanged during IKE negotiations. AES stands for Advanced Encryption Standards. AES_128 uses 128-bit keys whereas AES_256 uses 256-bit keys for encryption and decryption. AES_128 and AES_256 use CBC mode of encryption. AES_GCM stands for Advanced Encryption Standard(AES) in Galois/Counter Mode(GCM) and is used to provide both confidentiality and data origin authentication. AES_GCM composed of two separate functions one for encryption(AES) and one for authentication(GMAC). AES_GCM algorithms will be available with IKE_V2 version only. AES_GMAC_128 uses 128-bit keys. AES_GMAC_192 uses 192-bit keys. AES_GMAC_256 uses 256-bit keys. |
string | Deprecated Enum: AES_128, AES_256, AES_GCM_128, AES_GCM_192, AES_GCM_256 |
PolicyIKEVersion (schema) (Deprecated)
IKE version
IKE protocol version to be used. IKE-Flex will initiate IKE-V2 and responds
to both IKE-V1 and IKE-V2.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyIKEVersion | IKE version IKE protocol version to be used. IKE-Flex will initiate IKE-V2 and responds to both IKE-V1 and IKE-V2. |
string | Deprecated Enum: IKE_V1, IKE_V2, IKE_FLEX |
PolicyIPAddressInfo (schema) (Deprecated)
IP address information
Used to specify the display name and value of the IPv4Address.
| Name | Description | Type | Notes |
|---|---|---|---|
| address_value | Value of the IPv4Address Value of the IPv4Address. |
IPv4Address | Required |
| display_name | Display name of the IPv4Address Display name used to help identify the IPv4Address. |
string | |
| next_hop | Next Hop of the IPv4Address Next hop used in auto-plumbing of static route. If a value is not provided, static route will not be auto-plumbed. |
IPv4Address |
PolicyIgmpProfile (schema)
IGMP Profile
IGMP profile.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| last_member_query_interval | Max Response Time Max Response Time inserted into Group-Specific Queries sent in response to Leave Group messages, and is also the amount of time between Group-Specific Query messages. This value may be tuned to modify the "leave latency" of the network. A reduced value results in reduced time to detect the loss of the last member of a group. |
int | Minimum: 1 Maximum: 25 Default: "1" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| query_interval | Interval between general IGMP host-query messages Interval(seconds) between general IGMP host-query messages. |
int | Minimum: 1 Maximum: 1800 Default: "30" |
| query_max_response_time | The maximum elapsed time between response The query response interval(seconds) is the maximum amount of time that can elapse between when the querier router sends a host-query message and when it receives a response from a host. Configuring this interval allows admins to adjust the burstiness of IGMP messages on the subnet; larger values make the traffic less bursty, as host responses are spread out over a larger interval. The number of seconds represented by the query_max_response_time must be less than the query_interval. |
int | Minimum: 1 Maximum: 25 Default: "10" |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicyIgmpProfile | string | |
| robustness_variable | The Robustness Variable The Robustness Variable allows tuning for the expected packet loss on a subnet. If a subnet is expected to be lossy, the Robustness Variable may be increased. IGMP is robust to (Robustness Variable-1) packet losses. The Robustness Variable must not be zero, and SHOULD NOT be one. |
int | Minimum: 1 Maximum: 7 Default: "2" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PolicyInsertParameters (schema)
Parameters to tell where security policy/rule needs to be placed
Parameters to let the admin specify a relative position of a security
policy or rule w.r.t to another one.
| Name | Description | Type | Notes |
|---|---|---|---|
| anchor_path | The security policy/rule path if operation is 'insert_after' or 'insert_before' | string | |
| operation | Operation | string | Enum: insert_top, insert_bottom, insert_after, insert_before Default: "insert_top" |
PolicyInterVrfRoutingConfig (schema)
policy inter-vrf routing config
policy inter-vrf routing config.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| bgp_route_leaking | Import / export BGP routes Import / export BGP routes. |
array of BgpRouteLeaking | Maximum items: 2 |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicyInterVrfRoutingConfig | string | |
| static_route_advertisement | Advertise subnet to target peers as static routes Advertise subnet to target peers as static routes. It cannot be enabled on parent tier0 in first release. |
PolicyStaticRouteAdvertisement | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| target_path | Policy path to tier0/vrf belongs to the same parent tier0 Policy path to tier0/vrf belongs to the same parent tier0. |
string | Required |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PolicyInterfaceGroupStatistics (schema)
Gateway Interface group statistics
Tier0 or Tier1 interface group statistics on specific Enforcement Point.
| Name | Description | Type | Notes |
|---|---|---|---|
| members | Gateway Interface statistics Tier0 or Tier1 interface statistics on specific Enforcement Point. |
array of LogicalRouterPortStatistics | Readonly |
| summary | Aggregated interface group statistics Aggregated interface group statistics on specific Enforcement Point. |
AggregatedLogicalRouterPortCounters | Readonly |
PolicyInterfaceOspfConfig (schema)
OSPF Interface configuration
OSPF Interface configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| bfd_path | Policy path of BFD profile This filed is valid only if enable_bfd is set to TRUE. If enable_bfd flag is set to TRUE, this profile will be applied to all OSPF peers in this interface. If this field is empty, bfd_path will refer to Tier-0 global BFD profile. |
string | |
| dead_interval | OSPF dead interval in seconds Specifies the number of seconds that router must wait before it declares a OSPF neighbor router down because it has not received OSPF hello packet. OSPF dead interval should be minimum 3 times greater than the hello interval |
int | Minimum: 3 Maximum: 65535 Default: "40" |
| enable_bfd | enable BFD for OSPF Enable/Disable OSPF to register for BFD event. Use FALSE to disable BFD. |
boolean | |
| enabled | enable/disable OSPF enable/disable OSPF on the interface. If enabled flag not specified, defailt is enable OSPF. |
boolean | Default: "True" |
| hello_interval | OSPF hello interval in seconds Specifies the interval between the hello packets that OSPF sends on this interface. OSPF hello interval should be less than the dead interval |
int | Minimum: 1 Maximum: 21845 Default: "10" |
| network_type | Configure OSPF networkt type Configure OSPF networkt type, default is BROADCAST network type |
string | Enum: BROADCAST, P2P Default: "BROADCAST" |
| ospf_area | Attach Tier0 Interface to specified OSPF Area Attache Tier0 Interface to specified OSPF Area. all peers. |
string | Required |
PolicyInterfaceStatistics (schema)
Tier0 or Tier1 interface statistics on specific Enforcement Point
Tier0 or Tier1 interface statistics on specific Enforcement Point.
| Name | Description | Type | Notes |
|---|---|---|---|
| logical_router_port_id | The ID of the logical router port | string | Required |
| per_node_statistics | Per Node Statistics | array of LogicalRouterPortStatisticsPerNode | Readonly |
PolicyInterfaceStatisticsSummary (schema)
Tier0 or Tier1 interface statistics on specific Enforcement Point
Tier0 or Tier1 interface statistics on specific Enforcement Point.
| Name | Description | Type | Notes |
|---|---|---|---|
| interface_policy_path | Policy path for the interface Policy path for the interface |
string | |
| last_update_timestamp | Timestamp when the data was last updated; unset if data source has never updated the data. | EpochMsTimestamp | Readonly |
| logical_router_port_id | The ID of the logical router port | string | Required |
| rx | LogicalRouterPortCounters | Readonly | |
| tx | LogicalRouterPortCounters | Readonly |
PolicyL2TablesParameters (schema)
Layer-2 table request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| enforcement_point_path | String Path of the enforcement point Enforcement point path. |
string | |
| source | The data source, either realtime or cached. If not provided, cached data is returned. | DataSourceType | |
| transport_node_id | TransportNode Id | string |
PolicyLabel (schema)
Label to reference group of policy entities of same type.
Label to reference group of policy entities of same type.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| refs | Policy entity paths referred by the label instance Policy entity paths referred by the label instance |
array of string | |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicyLabel | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| type | Policy intent entity type from PolicyResourceType Policy intent entity type from PolicyResourceType |
string | Required |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PolicyLabelListRequestParameters (schema)
PolicyLabel list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
PolicyLabelListResult (schema)
Paged Collection of Domains
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Policy label list results | array of PolicyLabel | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
PolicyLatencyStatProfile (schema)
Latency Stat Profile
Latency stat service profile
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| applied_to_group_path | Binding Policy group path The Policy group path to apply the latency profile. |
string | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| pnic_latency_enabled | Pnic latency enablement flag Enable or Disable pnic latency. |
boolean | Default: "False" |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicyLatencyStatProfile | string | |
| sampling_interval | Latency sampling interval Event nth milliseconds packet is sampled. When a value less than 1000 is given, the realized sampling interval will be 1000 milliseconds. |
integer | Minimum: 1 Maximum: 1000000 |
| sampling_rate | Latency sampling rate Event nth packet is sampled. |
integer | Minimum: 100 Maximum: 1000000 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PolicyLatencyStatProfileListRequestParameters (schema)
Latency profile request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
PolicyLatencyStatProfileListResult (schema)
List of latency profile
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Latency Stat Profile List Latency stat profile list. |
array of PolicyLatencyStatProfile | Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
PolicyListL2TablesParameters (schema)
Layer-2 table list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| enforcement_point_path | String Path of the enforcement point Enforcement point path. |
string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string | |
| source | The data source, either realtime or cached. If not provided, cached data is returned. | DataSourceType | |
| transport_node_id | TransportNode Id | string |
PolicyListRequestParameters (schema)
Policy list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
PolicyListResult (schema)
Paged Collection of security policies
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
PolicyLiveTraceActionConfig (schema)
Livetrace action configuration
| Name | Description | Type | Notes |
|---|---|---|---|
| datapath_stats_config | Configuration of datapath statistics action Configuration of datapath statistics action, which can be enabled only when other actions are disabled. |
LiveTracePacketGranularActionConfig | |
| pktcap_config | Configuration of packet capture action | LiveTracePacketGranularActionConfig | |
| trace_config | Configuration of trace action | LiveTracePacketGranularActionConfig |
PolicyLiveTraceIpsecVpnConfig (schema)
IPSec VPN configuration for starting livetrace on IPSec tunnel interface
Information for deriving virtual tunnel interface (VTI) of Route-based IPSec VPN session.
| Name | Description | Type | Notes |
|---|---|---|---|
| session_path | Policy path of VPN session Policy path of VPN session. |
string | Required |
PolicyMetadataProxyStatistics (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| metadata_proxy_path | Policy path of metadata proxy configuration | string | Required |
| statistics | Metadata Proxy statistics per segment | array of MetadataProxyStatisticsPerSegment | |
| timestamp | timestamp of the statistics | EpochMsTimestamp | Required |
PolicyMetadataProxyStatus (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| error_message | Error message, if available | string | |
| proxy_status | UP means the metadata proxy is working fine on both transport-nodes(if configured);
DOWN means the metadata proxy is is down on both transport-nodes(if configured), hence the metadata proxy will not repsond to any metadata request; Error means there is an error on transport-node(s) or no status is reported from transport-node(s). The metadata proxy may be working (or not working); NO_BACK means metadata proxy is working on one of the transport node while not in the other transport-node (if configured). If the metadata proxy on the working transport-node goes down, the metadata proxy will go down. |
string | Required Enum: UP, DOWN, ERROR, NO_BACKUP |
| transport_nodes | ids of transport nodes where this metadata proxy is running Order of the transport nodes is insensitive because Metadata Proxy is running in Active-Active mode among target transport nodes. |
array of string | Required |
PolicyMonitoringConfig (schema)
PolicyMonitoringConfig.
This object refers to config on policy like product-version and properties.
| Name | Description | Type | Notes |
|---|---|---|---|
| product_version | Product Version. Version and build number of NSX. |
string | Required |
| properties | Properties. This field refers to all the properties defined for NSX. |
object | Required |
PolicyMulticastConfig (schema)
Multicast routing configuration
Multicast routing configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | Enable/disable Multicast Configuration Enable/disable Multicast Configuration. |
boolean | Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| igmp_profile_path | Policy path to IGMP profile Updates to IGMP profile applied on all Tier0 gateways consuming the configuration. |
string | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| pim_profile_path | Policy path to PIM profile Updates to PIM profile applied on all Tier0 gateways consuming the configuration. |
string | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| replication_multicast_range | Replication multicast range Replication multicast range. Required when enabled. |
string | Format: ipv4-cidr-block |
| resource_type | Must be set to the value PolicyMulticastConfig | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PolicyNATRuleCounters (schema)
Statistics count
Gives the statistics count of a NAT rule.
| Name | Description | Type | Notes |
|---|---|---|---|
| active_sessions | Active sessions Gives the total number of active sessions. |
integer | Readonly |
| total_bytes | Total bytes Gives the total number of bytes. |
integer | Readonly |
| total_packets | Total packets Gives the total number of packets. |
integer | Readonly |
PolicyNat (schema)
Contains list of NAT Rules
Represents NAT section. This object is created by default when corresponding
tier-0/tier-1 is created. Under tier-0/tier-1 there will be 4 different NATs(sections).
(INTERNAL, USER, DEFAULT and NAT64).
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| nat_type | NAT section under tier-0/tier-1 Represents a NAT section under tier-0/tier-1. |
string | Enum: INTERNAL, USER, DEFAULT, NAT64 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicyNat | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PolicyNatListRequestParameters (schema)
NAT list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
PolicyNatListResult (schema)
Paged Collection of NAT Types
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | NAT list results | array of PolicyNat | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
PolicyNatRule (schema)
Represents a NAT rule between source and destination at T0/T1 router
Represents a NAT rule between source and destination at T0/T1 router.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| action | Represents action of NAT Rule SNAT, DNAT, REFLEXIVE Source NAT(SNAT) - translates a source IP address in an outbound packet so that the packet appears to originate from a different network. SNAT is only supported when the logical router is running in active-standby mode. Destination NAT(DNAT) - translates the destination IP address of inbound packets so that packets are delivered to a target address into another network. DNAT is only supported when the logical router is running in active-standby mode. Reflexive NAT(REFLEXIVE) - IP-Range and CIDR are supported to define the "n". The number of original networks should be exactly the same as that of translated networks. The address translation is deterministic. Reflexive is supported on both Active/Standby and Active/Active LR. NO_SNAT and NO_DNAT - These do not have support for translated_fields, only source_network and destination_network fields are supported. NAT64 - translates an external IPv6 address to a internal IPv4 address. |
string | Required Enum: SNAT, DNAT, REFLEXIVE, NO_SNAT, NO_DNAT, NAT64 |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| destination_network | Represents the destination network This supports single IP address or comma separated list of single IP addresses or CIDR. This does not support IP range or IP sets. For DNAT and NO_DNAT rules, this is a mandatory field, and represents the destination network for the incoming packets. For other type of rules, optionally it can contain destination network of outgoing packets. NULL value for this field represents ANY network. |
IPElementList | |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | Policy NAT Rule enabled flag The flag, which suggests whether the NAT rule is enabled or disabled. The default is True. |
boolean | Default: "True" |
| firewall_match | Represents the firewall match flag It indicates how the firewall matches the address after NATing if firewall stage is not skipped. MATCH_EXTERNAL_ADDRESS indicates the firewall will be applied to external address of a NAT rule. For SNAT, the external address is the translated source address after NAT is done. For DNAT, the external address is the original destination address before NAT is done. For REFLEXIVE, to egress traffic, the firewall will be applied to the translated source address after NAT is done; To ingress traffic, the firewall will be applied to the original destination address before NAT is done. MATCH_INTERNAL_ADDRESS indicates the firewall will be applied to internal address of a NAT rule. For SNAT, the internal address is the original source address before NAT is done. For DNAT, the internal address is the translated destination address after NAT is done. For REFLEXIVE, to egress traffic, the firewall will be applied to the original source address before NAT is done; To ingress traffic, the firewall will be applied to the translated destination address after NAT is done. BYPASS indicates the firewall stage will be skipped. For NO_SNAT or NO_DNAT, it must be BYPASS or leave it unassigned |
string | Enum: MATCH_EXTERNAL_ADDRESS, MATCH_INTERNAL_ADDRESS, BYPASS Default: "MATCH_INTERNAL_ADDRESS" |
| id | Unique identifier of this resource | string | Sortable |
| logging | Policy NAT Rule logging flag The flag, which suggests whether the logging of NAT rule is enabled or disabled. The default is False. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| policy_based_vpn_mode | Indicates NSX edge Nat behaviour for inbound VPN tra It indicates how the NSX edge applies Nat Policy for VPN traffic. It is supported only for Nat Rule action type DNAT and NO_DNAT. For all other NAT action, leave it unassigned. BYPASS - Default vpn mode. It indicates that Nat policy will be applied to the inbound traffic on Routed Based VPN tunnel, if the policy based VTI is in the "scope" for this rule. Default value will be set to BYPASS if MATCH - It indicates that this NAT rule will only match the Policy Based VPN traffic. |
string | Enum: BYPASS, MATCH |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicyNatRule | string | |
| scope | Array of policy paths of labels, ProviderInterface, NetworkInterface Represents the array of policy paths of ProviderInterface or NetworkInterface or labels of type ProviderInterface or NetworkInterface or IPSecVpnSession on which the NAT rule should get enforced. The interfaces must belong to the same router for which the NAT Rule is created. |
array of string | |
| sequence_number | Sequence number of the Nat Rule The sequence_number decides the rule_priority of a NAT rule. Sequence_number and rule_priority have 1:1 mapping.For each NAT section, there will be reserved rule_priority numbers.The valid range of rule_priority number is from 0 to 2147483647(MAX_INT). 1. INTERNAL section rule_priority reserved from 0 - 1023 (1024 rules) valid sequence_number range 0 - 1023 2. USER section rule_priority reserved from 1024 - 2147482623 (2147481600 rules) valid sequence_number range 0 - 2147481599 3. DEFAULT section rule_priority reserved from 2147482624 - 2147483647 (1024 rules) valid sequence_number range 0 - 1023 |
int | Default: "0" |
| service | Represents the service on which the NAT rule will be applied It represents the path of Service on which the NAT rule will be applied. If not provided or if it is blank then Policy manager will consider it as ANY. Please note, if this is a DNAT, the destination_port of the service will be realized on NSX Manager as the translated_port. And if this is a SNAT, the destination_port will be ignored. |
string | |
| source_network | Represents the source network address This supports single IP address or comma separated list of single IP addresses or CIDR. This does not support IP range or IP sets. For SNAT, NO_SNAT, NAT64 and REFLEXIVE rules, this is a mandatory field and represents the source network of the packets leaving the network. For DNAT and NO_DNAT rules, optionally it can contain source network of incoming packets. NULL value for this field represents ANY network. |
IPElementList | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| translated_network | Represents the translated network address This supports single IP address or comma separated list of single IP addresses or CIDR. This does not support IP range or IP sets. For SNAT, DNAT, NAT64 and REFLEXIVE rules, this ia a mandatory field, which represents the translated network address. For NO_SNAT and NO_DNAT this should be empty. |
IPElementList | |
| translated_ports | Port number or port range Please note, if there is service configured in this NAT rule, the translated_port will be realized on NSX Manager as the destination_port. If there is no sevice configured, the port will be ignored. |
PortElement | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PolicyNatRuleListRequestParameters (schema)
NAT Rule list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
PolicyNatRuleListResult (schema)
Paged Collection of NAT Rules
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | NAT Rules list results | array of PolicyNatRule | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
PolicyNatRuleStatistics (schema)
Statistics of NAT Rule
Gives the Statistics of a NAT rule.
| Name | Description | Type | Notes |
|---|---|---|---|
| active_sessions | Active sessions Gives the total number of active sessions. |
integer | Readonly |
| last_update_timestamp | Last update timestamp Timestamp when the data was last updated. |
EpochMsTimestamp | Readonly |
| total_bytes | Total bytes Gives the total number of bytes. |
integer | Readonly |
| total_packets | Total packets Gives the total number of packets. |
integer | Readonly |
| warning_message | Warning Message The warning message about the NAT Rule Statistics. |
string | Readonly |
PolicyNatRuleStatisticsListRequestParameters (schema)
NAT Rule statistics list request parameters
Request parameter to get NAT rule statistics.
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| enforcement_point_path | String Path of the enforcement point Enforcement point path, forward slashes must be escaped using %2F. |
string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
PolicyNatRuleStatisticsListResult (schema)
Collection of NAT Rule statistics
Gives the collection of NAT rule statistics per enforcement point.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | NAT rules statistics per enforcement point | array of PolicyNatRuleStatisticsPerEnforcementPoint | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
PolicyNatRuleStatisticsPerEnforcementPoint (schema)
Statistics of NAT Rule per enforcement point
Gives the statistics of a NAT rule per enforcement point.
| Name | Description | Type | Notes |
|---|---|---|---|
| enforcement_point_path | Enforcement point Path Policy Path referencing the enforcement point from where the statistics are fetched. |
string | |
| rule_path | Path of NAT Rule Path of NAT Rule. |
string | |
| rule_statistics | Rule statistics per enforcement point Gives NAT rule stats on an enforcement point. |
array of PolicyNatRuleStatistics | Readonly |
PolicyNatRuleStatisticsPerLogicalRouter (schema)
Statistics of NAT Rule per logical router
Gives the statistics of a NAT rule per logical router on specified enforcement point.
| Name | Description | Type | Notes |
|---|---|---|---|
| enforcement_point_path | Enforcement point Path Policy Path referencing the enforcement point from where the statistics are fetched. |
string | |
| last_update_timestamp | Last update timestamp Timestamp when the data was last updated. |
EpochMsTimestamp | Readonly |
| per_node_statistics | Detailed Rule statistics Detailed Rule statistics per logical router. |
array of PolicyNatRuleStatisticsPerTransportNode | Readonly |
| router_path | Router path Path of the router. |
string | |
| statistics | Rolled up statistics Rolled up statistics for all rules on the logical router. |
PolicyNATRuleCounters | Readonly |
PolicyNatRuleStatisticsPerLogicalRouterListResult (schema)
Collection of NAT rule statistics per logical router
Gives the collection of NAT rule statistics per logical router on
specified enforcement point.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | NAT rules statistics per logical router | array of PolicyNatRuleStatisticsPerLogicalRouter | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
PolicyNatRuleStatisticsPerTransportNode (schema)
Statistics of NAT Rule
Gives the Statistics of a NAT rule.
| Name | Description | Type | Notes |
|---|---|---|---|
| active_sessions | Active sessions Gives the total number of active sessions. |
integer | Readonly |
| last_update_timestamp | Last update timestamp Timestamp when the data was last updated. |
EpochMsTimestamp | Readonly |
| total_bytes | Total bytes Gives the total number of bytes. |
integer | Readonly |
| total_packets | Total packets Gives the total number of packets. |
integer | Readonly |
| transport_node_path | Node path Policy path of the Edge Node. |
string | Readonly |
PolicyNonCompliantConfig (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| affected_resources | Resources/Services impacted by non compliant configuration Resources/Services impacted by non compliant configuration |
array of PolicyResourceReference | Readonly |
| compliance_names | Names of compliance programs Names of the compliance programs according to which the affected resources are non-compliant. |
array of string | Readonly |
| description | Detail description of non compliant configuration with suggestive action | string | Readonly |
| non_compliance_code | Code for non compliant configuration | integer | Readonly |
| reported_by | Id and name of non compliant resource/service | PolicyResourceReference | Readonly |
PolicyNsLookupParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| address | IP address or FQDN for nslookup | string | |
| enforcement_point_path | String Path of the enforcement point enforcement point path, forward slashes must be escaped using %2F. |
string |
PolicyPimProfile (schema)
PIM profile
PIM profile.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| bsm_enabled | Enable/disable bootstrap messaging Configuration Enable/disable bootstrap messaging Configuration. |
boolean | Default: "True" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicyPimProfile | string | |
| rp_address | Static IPv4 multicast address configuration Static IPv4 multicast address configuration. |
IPAddress | |
| rp_address_multicast_ranges | Static IPv4 multicast address and assciated multicast groups configuration Static IPv4 multicast address and assciated multicast groups configuration. |
array of RpAddressMulticastRanges | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PolicyPoolUsage (schema)
IP usage statistics in a IpAddressPool.
| Name | Description | Type | Notes |
|---|---|---|---|
| allocated_ip_allocations | Total number of allocated IPs in a IpAddressPool Total number of allocated IPs shown are from NSX manager. NSX manager uses default release delay of 2 mins. Till this delay passes, IPs will be shown as allocated (and counted in allocated ips). In this period of time there could be mismatch in requested_ip_allocations and allocated_ip_allocations. |
integer | Readonly |
| available_ips | Total number of available IPs in a IpAddressPool | integer | Readonly |
| requested_ip_allocations | Total number of requested IP allocations in a IpAddressPool | integer | Readonly |
| total_ips | Total number of IPs in a IpAddressPool | integer | Readonly |
PolicyRealizedResource (schema)
Abstract base class for all the realized policy objects
Abstract base class for all the realized policy objects
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| alarms | Alarm info detail | array of PolicyAlarmResource | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| intent_reference | Desire state paths of this object | array of string | |
| operational_status | String representation of operational status Possible values could be UP, DOWN, UNKNOWN, FAILURE This list is not exhaustive. |
string | |
| operational_status_error | String representation of operational status error It defines the root cause for operational status error. |
string | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| publish_status | String representation of publish status Possible values could be UP, DOWN, UNKNOWN, SUCCESS This list is not exhaustive. |
string | |
| publish_status_error | String representation of publish status error It defines the root cause for publish status error. |
string | |
| publish_status_error_code | Represents error code for publish status. It defines error code for publish status error. |
int | |
| publish_status_error_details | Details for publich status error. Error details for publish status. |
array of ConfigurationStateElement | |
| realization_api | Realization API of this object on enforcement point | string | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| realization_specific_identifier | Realization id of this object | string | |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicyRealizedResource | string | |
| runtime_error | String representation of runtime error It define the root cause for runtime error. |
string | |
| runtime_status | String representation of runtime status Possible values could be UP, DOWN, UNKNOWN, DEGRADED This list is not exhaustive. |
string | Deprecated |
| state | Realization state of this object | string | Required Enum: UNAVAILABLE, UNREALIZED, REALIZED, ERROR |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PolicyRelatedApiError (schema)
Detailed information about errors from API call to an enforcement point
| Name | Description | Type | Notes |
|---|---|---|---|
| details | Further details about the error | string | |
| error_code | A numeric error code | integer | |
| error_data | Additional data about the error | object | |
| error_message | A description of the error | string | |
| module_name | The module name where the error occurred | string |
PolicyRequestParameter (schema)
Represents optional API request parameter to be used in HAPI
Optional API Request Parameter to be used in HAPI.
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_type | The type of this request parameter. | string | Required |
PolicyResource (schema)
Abstract base class for all the policy objects
Abstract base class for all the policy objects.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicyResource | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PolicyResourceReference (schema)
Policy resource reference
Policy resource reference.
| Name | Description | Type | Notes |
|---|---|---|---|
| is_valid | Target validity Will be set to false if the referenced NSX resource has been deleted. |
boolean | Readonly |
| path | Absolute path of this object Absolute path of this object. |
string | Readonly |
| target_display_name | Target display name Display name of the NSX resource. |
string | Readonly Maximum length: 255 |
| target_id | Target ID Identifier of the NSX resource. |
string | Maximum length: 64 |
| target_type | Target type Type of the NSX resource. |
string | Maximum length: 255 |
PolicyResourceReferenceForEP (schema)
Policy resource reference for enforcement point
Policy resource reference for enforcement point
| Name | Description | Type | Notes |
|---|---|---|---|
| is_valid | Target validity Will be set to false if the referenced NSX resource has been deleted. |
boolean | Readonly |
| path | Absolute path of this object Absolute path of this object. |
string | Readonly |
| target_display_name | Target display name Display name of the NSX resource. |
string | Readonly Maximum length: 255 |
| target_id | Target ID Identifier of the NSX resource. |
string | Maximum length: 64 |
| target_type | Target type Type of the NSX resource. |
string | Maximum length: 255 |
PolicyResourceReferenceForEPListResult (schema)
Policy resource reference list for enforcement point
Paginated collection of policy resource references for enforcement point
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paged Collection of policy resource references for enforcement point | array of PolicyResourceReferenceForEP | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
PolicyResourceReferenceListResult (schema)
Paged Collection of PolicyResourceReference
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Policy resource references list results | array of PolicyResourceReference | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
PolicyRouteAdvertisementRule (schema)
policy route advertisement rule
policy route advertisement rule.
| Name | Description | Type | Notes |
|---|---|---|---|
| action | Action to advertise routes Action to advertise filtered routes to the connected Tier0 gateway. PERMIT: Enables the advertisment DENY: Disables the advertisement |
string | Required Enum: PERMIT, DENY Default: "PERMIT" |
| name | Display name for rule Display name for rule. |
string | |
| prefix_operator | Prefix operator to match subnets Prefix operator to filter subnets. GE prefix operator filters all the routes with prefix length greater than or equal to the subnets configured. EQ prefix operator filter all the routes with prefix length equal to the subnets configured. |
string | Enum: GE, EQ Default: "GE" |
| route_advertisement_types | Enable different types of route advertisements Enable different types of route advertisements. |
array of InterVrfRouteAdvertisementTypes | |
| subnets | Network CIDRs Network CIDRs to be routed. |
array of string |
PolicyRuntimeAlarm (schema)
Alarm of PolicyRuntimeInfoPerEP
Alarm associated with the PolicyRuntimeInfoPerEP that exposes
potential errors when retrieving runtime information from the
enforcement point.
| Name | Description | Type | Notes |
|---|---|---|---|
| error_details | Error Detailed Information Detailed information about errors from an API call made to the enforcement point, if any. |
PolicyApiError | Readonly |
| error_id | Alarm Error Id Alarm error id. |
string | Readonly |
| message | Error Message to Describe the Issue Error message describing the issue. |
string | Readonly |
PolicyRuntimeInfoPerEP (schema)
PolicyRuntimeInfoPerEP
Runtime Info Per Enforcement Point.
| Name | Description | Type | Notes |
|---|---|---|---|
| alarm | Alarm Information Details Alarm information details. |
PolicyRuntimeAlarm | Readonly |
| enforcement_point_path | Enforcement point Path Policy Path referencing the enforcement point where the info is fetched. |
string | Readonly |
PolicyRuntimeOnEpRequestParameters (schema)
Request Parameters for Policy Runtime on enforcement point
Request parameters that represents an enforcement point path.
A request on runtime information can be parameterized with this path and will be
evaluated as follows:
- no enforcement point path specified: the request is evaluated on all enforcement
points.
- an enforcement point path is specified: the request is evaluated only on the given
enforcement point.
| Name | Description | Type | Notes |
|---|---|---|---|
| enforcement_point_path | String Path of the enforcement point enforcement point path, forward slashes must be escaped using %2F. |
string |
PolicyRuntimeRequestParameters (schema)
Request Parameters for Policy Runtime Information
Request parameters that represents an enforcement point path and data source.
A request on runtime information can be parameterized with this pair and will be
evaluted as follows:
- no enforcement point path specified: the request is evaluated on all enforcement
points.
- an enforcement point path is specified: the request is evaluated only on the given
enforcement point.
| Name | Description | Type | Notes |
|---|---|---|---|
| enforcement_point_path | String Path of the enforcement point enforcement point path, forward slashes must be escaped using %2F. |
string | |
| source | The data source, either realtime or cached. If not provided, cached data is returned. | DataSourceType |
PolicySIExcludeList (schema)
Service Insertion Exclusion List
List of entities where Service Insertion will not be enforced. Exclusion List can contain PolicyGroup(s) or SegmentPort(s) or Segment(s).
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| members | ExcludeList member list List of the members in the exclude list |
array of string | Required Maximum items: 100 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicySIExcludeList | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PolicySIStatusConfiguration (schema)
Service Insertion Status
It represents status of Service Insertion for North-South and East-West context types.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| east_west_enabled | East-West status flag If set to true, service insertion for east-west traffic is enabled. |
boolean | Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| north_south_enabled | North-South status flag If set to true, service insertion for north-south traffic is enabled. |
boolean | Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicySIStatusConfiguration | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PolicyServiceChain (schema)
Policy Service Chain
Service chain is a set of network Services. A Service chain is made up of ordered list of service profiles belonging to any same or different services.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| failure_policy | Failure Policy Failure policy for the service defines the action to be taken i.e to allow or to block the traffic during failure scenarios. |
string | Enum: ALLOW, BLOCK Default: "ALLOW" |
| forward_path_service_profiles | Forward path service profiles Forward path service profiles are applied to ingress traffic. |
array of string | Required Maximum items: 4 |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| path_selection_policy | Path Selection Policy Path selection policy can be - ANY - Service Insertion is free to redirect to any service path regardless of any load balancing considerations or flow pinning. LOCAL - Preference to be given to local service insances. REMOTE - Preference to be given to the SVM co-located on the same host. ROUND_ROBIN - All active service paths are hit with equal probability. |
string | Enum: ANY, LOCAL, REMOTE, ROUND_ROBIN Default: "LOCAL" |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicyServiceChain | string | |
| reverse_path_service_profiles | Reverse path service profiles Reverse path service profiles are applied to egress traffic and is optional. 2 different set of profiles can be defined for forward and reverse path. If not defined, the reverse of the forward path service profile is applied. |
array of string | Maximum items: 4 |
| service_segment_path | Path to service segment Path to service segment using which the traffic needs to be redirected. |
array of string | Required Minimum items: 1 Maximum items: 1 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PolicyServiceInstance (schema)
Represents an instance of partner Service and its configuration
Represents an instance of partner Service and its configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| attributes | Deployment Template attributes List of attributes specific to a partner for which the service is created. There attributes are passed on to the partner appliance. |
array of Attribute | Required Maximum items: 128 |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| compute_id | Id of the compute resource. Id of the compute(ResourcePool) to which this service needs to be deployed. |
string | Required |
| context_id | Id of the compute manager UUID of VCenter/Compute Manager as seen on NSX Manager, to which this service needs to be deployed. |
string | |
| deployment_mode | Deployment Mode Deployment mode specifies how the partner appliance will be deployed i.e. in HA or standalone mode. |
string | Enum: STAND_ALONE, ACTIVE_STANDBY Default: "ACTIVE_STANDBY" |
| deployment_spec_name | Name of the Deployment Specification Form factor for the deployment of partner service. |
string | Required |
| deployment_template_name | Name of the Deployment Template Template for the deployment of partnet service. |
string | Required |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| failure_policy | Failure policy for the Service VM Failure policy for the Service VM. If this values is not provided, it will be defaulted to FAIL_CLOSE. |
string | Enum: ALLOW, BLOCK Default: "BLOCK" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| partner_service_name | Name of Partner Service Unique name of Partner Service in the Marketplace |
string | Required |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| primary_gateway_address | Gateway for primary management console Gateway address for primary management console. If the provided segment already has gateway, this field can be omitted. But if it is provided, it takes precedence always. However, if provided segment does not have gateway, this field must be provided. |
IPElement | |
| primary_interface_mgmt_ip | Management IP Address of primary interface of the Service Management IP Address of primary interface of the Service |
IPElement | Required |
| primary_interface_network | Path of the segment to which primary interface of the Service VM needs to be connected Path of the segment to which primary interface of the Service VM needs to be connected |
string | |
| primary_portgroup_id | Id of the standard or ditsributed port group for primary management console Id of the standard or ditsributed port group for primary management console. Please note that only 1 of the 2 values from 1. primary_interface_network 2. primary_portgroup_id are allowed to be passed. Both can't be passed in the same request. |
string | |
| primary_subnet_mask | Subnet for primary management console IP Subnet for primary management console IP. If the provided segment already has subnet, this field can be omitted. But if it is provided, it takes precedence always. However, if provided segment does not have subnet, this field must be provided. |
IPElement | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicyServiceInstance | string | |
| secondary_gateway_address | Gateway for secondary management console Gateway address for secondary management console. If the provided segment already has gateway, this field can be omitted. But if it is provided, it takes precedence always. However, if provided segment does not have gateway, this field must be provided. |
IPElement | |
| secondary_interface_mgmt_ip | Management IP Address of secondary interface of the Service Management IP Address of secondary interface of the Service |
IPElement | |
| secondary_interface_network | Path of segment to which secondary interface of the Service VM needs to be connected Path of segment to which secondary interface of the Service VM needs to be connected |
string | |
| secondary_portgroup_id | Id of the standard or ditsributed port group for secondary management console Id of the standard or ditsributed port group for secondary management console. Please note that only 1 of the 2 values from 1. secondary_interface_network 2. secondary_portgroup_id are allowed to be passed. Both can't be passed in the same request. |
string | |
| secondary_subnet_mask | Subnet for secondary management console IP Subnet for secondary management console IP. If the provided segment already has subnet, this field can be omitted. But if it is provided, it takes precedence always. However, if provided segment does not have subnet, this field must be provided. |
IPElement | |
| storage_id | Id of the storage Id of the storage(Datastore). VC moref of Datastore to which this service needs to be deployed. |
string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| transport_type | Transport Type Transport to be used while deploying Service-VM. |
string | Enum: L2_BRIDGE, L3_ROUTED Default: "L2_BRIDGE" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PolicyServiceProfile (schema)
Policy Service Profile for a given Service
Service profile represents specialization of a vendor template. User may provide any of the vendor_template_name or vendor_template_key properties. But in case of multiple vendor templates with the same name, it is recommended to use the vendor_template_key. When both attributes are provided, name is ignored and only key is used to identify the template. If there are multiple templates with same name, and vendor_template_name is provided, realization will fail.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| attributes | Service profile attributes List of attributes specific to a partner for which the service is created. These attributes are passed on to the partner appliance and are opaque to NSX. If a vendor template exposes configurable parameters, then their values are specified here. |
array of Attribute | Maximum items: 128 |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| redirection_action | Redirection action The redirection action represents if the packet is exclusively redirected to the service, or if a copy is forwarded to the service. Redirection action is not applicable to guest introspection service. |
string | Enum: PUNT, COPY |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicyServiceProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| vendor_template_key | Vendor Template Key The vendor template key property of actual vendor template. This should be used when multiple templates with same name exist. |
string | |
| vendor_template_name | Vendor template name Name of the vendor template for which this Service Profile is being created. |
string |
PolicyStaticRouteAdvertisement (schema)
policy static route advertisement
policy static route advertisement.
| Name | Description | Type | Notes |
|---|---|---|---|
| advertisement_rules | Route advertisement rules Route advertisement rules. |
array of PolicyRouteAdvertisementRule | |
| in_filter_prefix_list | Paths of ordered Prefix list Paths of ordered Prefix list, it breaks after first match. |
array of string | Maximum items: 5 |
PolicyStatisticsAggregateParameters (schema)
Request Parameters for Policy Statistics Aggregate
Request Parameter for aggregating Policy statistics on enforcement point.
| Name | Description | Type | Notes |
|---|---|---|---|
| action | Action on statistics Action to take on statistics for an object. |
string | Enum: aggregate |
| container_cluster_path | String Path of the Container Cluster entity Path to the container cluster entity where the request will be executed. |
string | |
| enforcement_point_path | String Path of the enforcement point enforcement point path, forward slashes must be escaped using %2F. |
string |
PolicyStatisticsResetParameters (schema)
Request Parameters for Policy Statistics Reset
Request Parameter for resetting Policy statistics on enforcement point.
| Name | Description | Type | Notes |
|---|---|---|---|
| action | Action on statistics Action to take on statistics for an object. |
string | Required Enum: reset |
| enforcement_point_path | String Path of the enforcement point enforcement point path, forward slashes must be escaped using %2F. |
string |
PolicySubAttributes (schema)
Policy Sub Attributes data holder
| Name | Description | Type | Notes |
|---|---|---|---|
| datatype | Datatype for sub attribute | string | Required Enum: STRING |
| key | Key for sub attribute | string | Required Enum: TLS_CIPHER_SUITE, TLS_VERSION, CIFS_SMB_VERSION |
| value | Value for sub attribute key Multiple sub attribute values can be specified as elements of array. |
array of string | Required Minimum items: 1 |
PolicyTask (schema)
Task information
This object holds the information of the task.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| async_response_available | True if response for asynchronous request is available | boolean | Readonly |
| cancelable | True if this task can be canceled | boolean | Readonly |
| description | Description of the task | string | Readonly |
| end_time | The end time of the task in epoch milliseconds | EpochMsTimestamp | Readonly |
| failure_msg | Reason of the task failure This property holds the reason of the task failure, if any. |
string | Readonly |
| id | Identifier for this task | string | Readonly |
| message | A message describing the disposition of the task | string | Readonly |
| progress | Task progress if known, from 0 to 100 | integer | Readonly Minimum: 0 Maximum: 100 |
| request_method | HTTP request method | string | Readonly |
| request_uri | URI of the method invocation that spawned this task | string | Readonly |
| start_time | The start time of the task in epoch milliseconds | EpochMsTimestamp | Readonly |
| status | Current status of the task | TaskStatus | Readonly |
| user | Name of the user who created this task | string | Readonly |
PolicyTepCsvListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| file_name | File name File name set by HTTP server if API returns CSV result as a file. |
string | |
| last_update_timestamp | Timestamp when the data was last updated; unset if data source has never updated the data. | EpochMsTimestamp | Readonly |
| results | array of PolicyTepTableCsvRecord |
PolicyTepListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| last_update_timestamp | Timestamp when the data was last updated; unset if data source has never updated the data. | EpochMsTimestamp | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | array of PolicyTepTableEntry | ||
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
| transport_node_id | Transport node identifier | string | Readonly |
PolicyTepTableCsvRecord (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| segment_id | TEP segment identifier This is the identifier of the TEP segment. This segment is NOT the same as logical segment or logical switch. |
string | |
| tep_ip | The tunnel endpoint IP address | IPAddress | |
| tep_label | The tunnel endpoint label | integer | Required |
| tep_mac_address | The tunnel endpoint MAC address | string | Required |
PolicyTepTableEntry (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| segment_id | The segment Id | string | |
| tep_ip | The tunnel endpoint IP address | IPAddress | |
| tep_label | The tunnel endpoint label | integer | |
| tep_mac_address | The tunnel endpoint MAC address | string |
PolicyTier1MulticastConfig (schema)
Multicast routing configuration
Multicast routing configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | Enable/disable Multicast Configuration Enable/disable Multicast Configuration. Whenever service router needs to be added/deleted from tier1, user needs to disable multicast first. |
boolean | Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicyTier1MulticastConfig | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PolicyTimeIntervalValue (schema)
Time interval on which firewall schedule will be applicable
| Name | Description | Type | Notes |
|---|---|---|---|
| end_interval | End time of the interval Time in 24 hour and minutes in multiple of 30. Example, 17:30. |
string | Required |
| start_interval | Start time of the interval Time in 24 hour and minutes in multiple of 30. Example, 9:00. |
string | Required |
PolicyTlsConfigProfile (schema)
Policy Tls config profile
A profile holding tls configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| cache | Turn on TLS cache Turn on TLS cache |
boolean | Required Default: "False" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicyTlsConfigProfile | string | |
| ssl_cache_size | TLS SSL cache size TLS SSL cache size |
integer | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PolicyTlsConfigProfileListRequestParameters (schema)
Policy TLS config profile list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
PolicyTlsConfigProfileListResult (schema)
Paged Collection of Policy TLS config profiles
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Policy TLS config profile list results | array of PolicyTlsConfigProfile | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
PolicyTraceflowObservationDelivered (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| component_name | The name of the component that issued the observation. | string | Readonly |
| component_sub_type | The sub type of the component that issued the observation. | TraceflowComponentSubType | Readonly |
| component_type | The type of the component that issued the observation. | TraceflowComponentType | Readonly |
| interface_path | Path of interface | string | Readonly |
| lport_id | The id of the logical port into which the traceflow packet was delivered | string | Readonly |
| lport_name | The name of the logical port into which the traceflow packet was delivered | string | Readonly |
| resolution_type | The resolution type of the delivered message for ARP This field specifies the resolution type of ARP ARP_SUPPRESSION_PORT_CACHE - ARP request is suppressed by IP table. ARP_SUPPRESSION_TABLE - ARP request is suppressed by ARP table. ARP_SUPPRESSION_CP_QUERY - ARP request is suppressed by info derived from CP. ARP_VM - No suppression and the ARP request is resolved by VM. ARP_LRP - No suppression and the ARP request is resolved by logical router. |
string | Readonly Enum: UNKNOWN, ARP_SUPPRESSION_PORT_CACHE, ARP_SUPPRESSION_TABLE, ARP_SUPPRESSION_CP_QUERY, ARP_VM, ARP_LRP |
| resource_type | Must be set to the value PolicyTraceflowObservationDelivered | TraceflowObservationType | Required Default: "TraceflowObservationReceived" |
| segment_port_path | Path of segment port | string | Readonly |
| sequence_no | the sequence number is the traceflow observation hop count the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation. |
integer | Required Readonly |
| site_path | Policy path of the federated site This field contains the site path where this observation was generated. |
string | Readonly |
| target_mac | MAC address of the resolved IP by ARP The source MAC address of form: "^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$". For example: 00:00:00:00:00:00. |
string | Readonly |
| timestamp | Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (milliseconds epoch) |
EpochMsTimestamp | Readonly |
| timestamp_micro | Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (microseconds epoch) |
integer | Readonly |
| transport_node_id | id of the transport node that observed a traceflow packet | string | Readonly |
| transport_node_name | name of the transport node that observed a traceflow packet | string | Readonly |
| transport_node_type | type of the transport node that observed a traceflow packet | TransportNodeType | Readonly |
| vlan_id | VLAN on bridged network | VlanID |
PolicyTraceflowObservationDropped (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| acl_rule_id | The id of the L3 firewall rule that was applied to drop the traceflow packet This field is specified when the traceflow packet matched a L3 firewall rule. |
integer | Readonly |
| acl_rule_path | Access Control List Rule Path The path of the ACL rule that was applied to forward the traceflow packet |
string | Readonly |
| arp_fail_reason | The detailed drop reason of ARP traceflow packet This field specifies the ARP fails reason ARP_TIMEOUT - ARP failure due to query control plane timeout ARP_CPFAIL - ARP failure due post ARP query message to control plane failure ARP_FROMCP - ARP failure due to deleting ARP entry from control plane ARP_PORTDESTROY - ARP failure due to port destruction ARP_TABLEDESTROY - ARP failure due to ARP table destruction ARP_NETDESTROY - ARP failure due to overlay network destruction |
string | Readonly Enum: ARP_UNKNOWN, ARP_TIMEOUT, ARP_CPFAIL, ARP_FROMCP, ARP_PORTDESTROY, ARP_TABLEDESTROY, ARP_NETDESTROY |
| component_name | The name of the component that issued the observation. | string | Readonly |
| component_sub_type | The sub type of the component that issued the observation. | TraceflowComponentSubType | Readonly |
| component_type | The type of the component that issued the observation. | TraceflowComponentType | Readonly |
| interface_path | Path of interface | string | Readonly |
| ipsec_fail_reason | The detailed drop reason of IPSec VPN traceflow packet This field specifies the IPSec VPN fails reason IPSEC_SA_NOT_FOUND - IPSec SA required for processing the packet does not exist IPSEC_UDP_ENC_STATE_MISMATCH - ESP packet is UDP encapsulated but IPsec SA does not expect UDP encapsulation IPSEC_SEQ_ROLLOVER - IPSec SA sequence number has exceeded the maximum value IPSEC_FRAG_NEEDED - Received packet has DF bit set in IP header but requires fragmentation due to ESP encapsulation IPSEC_TUN_IFACE_DOWN - IPSec tunnel interface is down IPSEC_POLICY_NOMATCH - Received packet does not match IPSec policy IPSEC_POLICY_BLOCK - IPSec packet processing failed IPSEC_POLICY_ERROR - IPSec packet processing failed IPSEC_REPLAY_SEQ_NUM_REPEAT - IPSec packet is dropped due to replay IPSEC_REPLAY_RECV_DELAY - IPSec packet is dropped due to replay IPSEC_REPLAY_PROC_DELAY - IPSec packet is dropped due to replay IPSEC_ZERO_SEQ_NUM_RECVD - ESP packet is received with sequence number as zero IPSEC_ENQUEUE_FAIL - Packet processing failed during crypto operation IPSEC_AUTH_DGST_MISMATCH - Packet integrity check failed due to digest mismatch IPSEC_AUTH_DGST_SIZE_MISMATCH - Packet integrity check failed due to invalid digest length IPSEC_AUTH_UNSUPPORTED_ALGO - Packet integrity check failed due to unsupported hash algorithm IPSEC_CRYPTO_FAIL - Packet processing failed during crypto operation IPSEC_CRYPTO_PROC_INCOMPLETE - Packet processing failed during crypto operation IPSEC_CRYPTO_SESSION_INV - Packet processing failed during crypto operation IPSEC_CRYPTO_ARGS_INV - Packet processing failed during crypto operation IPSEC_CRYPTO_PROC_ERROR - Packet processing failed during crypto operation IPSEC_CRYPTO_NO_BUF_SPACE - Packet processing failed during crypto operation IPSEC_CRYPTO_UNSUPPORTED_CIPHER - Packet processing failed during crypto operation IPSEC_MALFORMED - Received ESP packet is malformed IPSEC_MALFORMED_INV_PADDING - Received ESP packet is malformed IPSEC_PADDING_REMOVAL_FAILED - Received ESP packet is malformed IPSEC_INNER_MALFORMED - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_IP - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_UDP - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_TCP - IP packet after ESP decryption is malformed IPSEC_UNKNOWN - IPSec VPN failure reason is unknown |
string | Readonly Enum: IPSEC_SA_NOT_FOUND, IPSEC_UDP_ENC_STATE_MISMATCH, IPSEC_SEQ_ROLLOVER, IPSEC_FRAG_NEEDED, IPSEC_TUN_IFACE_DOWN, IPSEC_POLICY_NOMATCH, IPSEC_POLICY_BLOCK, IPSEC_POLICY_ERROR, IPSEC_REPLAY_SEQ_NUM_REPEAT, IPSEC_REPLAY_RECV_DELAY, IPSEC_REPLAY_PROC_DELAY, IPSEC_ZERO_SEQ_NUM_RECVD, IPSEC_ENQUEUE_FAIL, IPSEC_AUTH_DGST_MISMATCH, IPSEC_AUTH_DGST_SIZE_MISMATCH, IPSEC_AUTH_UNSUPPORTED_ALGO, IPSEC_CRYPTO_FAIL, IPSEC_CRYPTO_PROC_INCOMPLETE, IPSEC_CRYPTO_SESSION_INV, IPSEC_CRYPTO_ARGS_INV, IPSEC_CRYPTO_PROC_ERROR, IPSEC_CRYPTO_NO_BUF_SPACE, IPSEC_CRYPTO_UNSUPPORTED_CIPHER, IPSEC_MALFORMED, IPSEC_MALFORMED_INV_PADDING, IPSEC_PADDING_REMOVAL_FAILED, IPSEC_INNER_MALFORMED, IPSEC_INNER_MALFORMED_IP, IPSEC_INNER_MALFORMED_UDP, IPSEC_INNER_MALFORMED_TCP, IPSEC_UNKNOWN |
| jumpto_rule_id | The ID of the jump-to rule that was applied to the traceflow packet This field is specified when the traceflow packet matched a jump-to rule. |
integer | Readonly |
| l2_rule_id | The ID of the l2 rule that was applied to the traceflow packet This field is specified when the traceflow packet matched a l2 rule. |
integer | Readonly |
| lport_id | The id of the logical port at which the traceflow packet was dropped | string | Readonly |
| lport_name | The name of the logical port at which the traceflow packet was dropped | string | Readonly |
| nat_rule_id | The ID of the NAT rule that was applied to drop the traceflow packet This field is specified when the traceflow packet matched a NAT rule. |
integer | Readonly |
| nat_rule_path | Network Address Translation Rule Path The path of the NAT rule that was applied to forward the traceflow packet |
string | Readonly |
| reason | The reason traceflow packet was dropped This field specifies the drop reason of traceflow packet. ARP_FAIL - ARP request fails for some reasons, please refer arp_fail_reason for detail BFD - BFD packet is dropped because traversed by non-operative interface or encountering internal error (e.g., memory insufficient) BROADCAST - Packet is dropped during traversing the interface (e.g., Edge uplink, Edge centralized service port) which disallow ethernet broadcast DHCP - DHCP packet is malformed DLB - The packet is disallowed by distributed load balancing FW_RULE - The packet matches a drop or reject rule of DFW or Edge firewall GENEVE - GENEVE packet is malformed GRE - GRE packet is malformed or traverses a non-operative interface IFACE - Packet traverses a non-operative interface IP - Packet is dropped because of IP related causes (e.g., ICMPv4/ICMPv6 packet is malformed, or DF flag is set but fragment must be performed for the packet) or corresponding interface is not found or inoperative IP_REASS - Packet is dropped during IP reassembly IPSEC - IPsec protocol related packet is dropped IPSEC_VTI - IPsec required SA is not found or traversing inoperative interface cause packet dropped L2VPN - VLAN id of GRE packet is invalid L4PORT - Layer 4 packet (e.g., BFD, DHCP) is dropped LB - Packet is dropped by load balancing rule LROUTER - Packet is dropped by logical router LSERVICE - Packet is malformed or traverses inoperative logical service interface LSWITCH - Packet is dropped by logical switch MANAGEMENT - Packet is dropped by Edge datapath MANAGEMENT service port MD_PROXY - Packet is dropped by metadata proxy NAT - Packet is dropped by NAT rule RTEP_TUNNEL - Unused drop reason ND_NS_FAIL - Neighbor Discovery packet fails NEIGH - ARP or Neighbor Discovery packet fails NO_EIP_FOUND - Destination IP is not an elastic IP NO_EIP_ASSOCIATION - Elastic IP is not associated with active edge VDR ENI NO_ENI_FOR_IP - There is no ENI found for the destination IP NO_ENI_FOR_LIF - Cannot find an ENI associated with uplink LIF NO_ROUTE - Cannot find route for destination IP NO_ROUTE_TABLE_FOUND - Cannot find associated route table NO_UNDERLAY_ROUTE_FOUND - Cannot find AWS route to destination NOT_VDR_DOWNLINK - Packet is not forwarded to VMC unmanaged VDR downlink NO_VDR_FOUND - VMC unmanaged VDR associated with Edge uplink is not found NO_VDR_ON_HOST - Cannot find VMC unmanaged VDR list on this host NOT_VDR_UPLINK - Packet is not forwarded to VDR uplink SERVICE_INSERT - Packet from guest VM to service VM or from service VM to guest VM is dropped by firewall rule SPOOFGUARD - Packet is blocked by SpoofGuard policy TTL_ZERO - The IPv4 time to live field or the IPv6 hop limit field of packet is zero TUNNEL - Overlay tunnel management packet (VNI value of GENEVE header is 0, e.g., BFD) is dropped VLAN - VLAN id of packet is disallowed by the given port VXLAN - VXLAN packet is malformed or cannot find tunnel port for it VXSTT - Unused drop reason VMC_NO_RESPONSE - Failed to query VMC observations as no response from VMC app WRONG_UPLINK - Packet is not routed to the expected Edge uplink by VMC unmanaged VDR FW_STATE - Packet is dropped by stateful firewall NO_MAC - Drop by vswitch as no destination MAC hit MAC Table. FILTERED_UPLINK - Filtering applied at the corresponding UPLINK having no aggregation. |
string | Readonly Enum: ARP_FAIL, BFD, BROADCAST, DHCP, DLB, FW_RULE, GENEVE, GRE, IFACE, IP, IP_REASS, IPSEC, IPSEC_VTI, L2VPN, L4PORT, LB, LROUTER, LSERVICE, LSWITCH, MANAGEMENT, MD_PROXY, NAT, RTEP_TUNNEL, ND_NS_FAIL, NEIGH, NO_EIP_FOUND, NO_EIP_ASSOCIATION, NO_ENI_FOR_IP, NO_ENI_FOR_LIF, NO_ROUTE, NO_ROUTE_TABLE_FOUND, NO_UNDERLAY_ROUTE_FOUND, NOT_VDR_DOWNLINK, NO_VDR_FOUND, NO_VDR_ON_HOST, NOT_VDR_UPLINK, SERVICE_INSERT, SPOOFGUARD, TTL_ZERO, TUNNEL, VLAN, VXLAN, VXSTT, VMC_NO_RESPONSE, WRONG_UPLINK, FW_STATE, NO_MAC, UNKNOWN, FILTERED_UPLINK |
| resource_type | Must be set to the value PolicyTraceflowObservationDropped | TraceflowObservationType | Required Default: "TraceflowObservationReceived" |
| segment_port_path | Path of segment port | string | Readonly |
| sequence_no | the sequence number is the traceflow observation hop count the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation. |
integer | Required Readonly |
| site_path | Policy path of the federated site This field contains the site path where this observation was generated. |
string | Readonly |
| timestamp | Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (milliseconds epoch) |
EpochMsTimestamp | Readonly |
| timestamp_micro | Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (microseconds epoch) |
integer | Readonly |
| transport_node_id | id of the transport node that observed a traceflow packet | string | Readonly |
| transport_node_name | name of the transport node that observed a traceflow packet | string | Readonly |
| transport_node_type | type of the transport node that observed a traceflow packet | TransportNodeType | Readonly |
PolicyTraceflowObservationDroppedLogical (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| acl_rule_id | The id of the L3 firewall rule that was applied to drop the traceflow packet This field is specified when the traceflow packet matched a L3 firewall rule. |
integer | Readonly |
| acl_rule_path | Access Control List Rule Path The path of the ACL rule that was applied to forward the traceflow packet |
string | Readonly |
| arp_fail_reason | The detailed drop reason of ARP traceflow packet This field specifies the ARP fails reason ARP_TIMEOUT - ARP failure due to query control plane timeout ARP_CPFAIL - ARP failure due post ARP query message to control plane failure ARP_FROMCP - ARP failure due to deleting ARP entry from control plane ARP_PORTDESTROY - ARP failure due to port destruction ARP_TABLEDESTROY - ARP failure due to ARP table destruction ARP_NETDESTROY - ARP failure due to overlay network destruction |
string | Readonly Enum: ARP_UNKNOWN, ARP_TIMEOUT, ARP_CPFAIL, ARP_FROMCP, ARP_PORTDESTROY, ARP_TABLEDESTROY, ARP_NETDESTROY |
| component_id | The id of the component that dropped the traceflow packet. | string | Readonly |
| component_name | The name of the component that issued the observation. | string | Readonly |
| component_path | The path of the component that dropped the traceflow packet | string | Readonly |
| component_sub_type | The sub type of the component that issued the observation. | TraceflowComponentSubType | Readonly |
| component_type | The type of the component that issued the observation. | TraceflowComponentType | Readonly |
| interface_path | Path of interface | string | Readonly |
| ipsec_fail_reason | The detailed drop reason of IPSec VPN traceflow packet This field specifies the IPSec VPN fails reason IPSEC_SA_NOT_FOUND - IPSec SA required for processing the packet does not exist IPSEC_UDP_ENC_STATE_MISMATCH - ESP packet is UDP encapsulated but IPsec SA does not expect UDP encapsulation IPSEC_SEQ_ROLLOVER - IPSec SA sequence number has exceeded the maximum value IPSEC_FRAG_NEEDED - Received packet has DF bit set in IP header but requires fragmentation due to ESP encapsulation IPSEC_TUN_IFACE_DOWN - IPSec tunnel interface is down IPSEC_POLICY_NOMATCH - Received packet does not match IPSec policy IPSEC_POLICY_BLOCK - IPSec packet processing failed IPSEC_POLICY_ERROR - IPSec packet processing failed IPSEC_REPLAY_SEQ_NUM_REPEAT - IPSec packet is dropped due to replay IPSEC_REPLAY_RECV_DELAY - IPSec packet is dropped due to replay IPSEC_REPLAY_PROC_DELAY - IPSec packet is dropped due to replay IPSEC_ZERO_SEQ_NUM_RECVD - ESP packet is received with sequence number as zero IPSEC_ENQUEUE_FAIL - Packet processing failed during crypto operation IPSEC_AUTH_DGST_MISMATCH - Packet integrity check failed due to digest mismatch IPSEC_AUTH_DGST_SIZE_MISMATCH - Packet integrity check failed due to invalid digest length IPSEC_AUTH_UNSUPPORTED_ALGO - Packet integrity check failed due to unsupported hash algorithm IPSEC_CRYPTO_FAIL - Packet processing failed during crypto operation IPSEC_CRYPTO_PROC_INCOMPLETE - Packet processing failed during crypto operation IPSEC_CRYPTO_SESSION_INV - Packet processing failed during crypto operation IPSEC_CRYPTO_ARGS_INV - Packet processing failed during crypto operation IPSEC_CRYPTO_PROC_ERROR - Packet processing failed during crypto operation IPSEC_CRYPTO_NO_BUF_SPACE - Packet processing failed during crypto operation IPSEC_CRYPTO_UNSUPPORTED_CIPHER - Packet processing failed during crypto operation IPSEC_MALFORMED - Received ESP packet is malformed IPSEC_MALFORMED_INV_PADDING - Received ESP packet is malformed IPSEC_PADDING_REMOVAL_FAILED - Received ESP packet is malformed IPSEC_INNER_MALFORMED - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_IP - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_UDP - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_TCP - IP packet after ESP decryption is malformed IPSEC_UNKNOWN - IPSec VPN failure reason is unknown |
string | Readonly Enum: IPSEC_SA_NOT_FOUND, IPSEC_UDP_ENC_STATE_MISMATCH, IPSEC_SEQ_ROLLOVER, IPSEC_FRAG_NEEDED, IPSEC_TUN_IFACE_DOWN, IPSEC_POLICY_NOMATCH, IPSEC_POLICY_BLOCK, IPSEC_POLICY_ERROR, IPSEC_REPLAY_SEQ_NUM_REPEAT, IPSEC_REPLAY_RECV_DELAY, IPSEC_REPLAY_PROC_DELAY, IPSEC_ZERO_SEQ_NUM_RECVD, IPSEC_ENQUEUE_FAIL, IPSEC_AUTH_DGST_MISMATCH, IPSEC_AUTH_DGST_SIZE_MISMATCH, IPSEC_AUTH_UNSUPPORTED_ALGO, IPSEC_CRYPTO_FAIL, IPSEC_CRYPTO_PROC_INCOMPLETE, IPSEC_CRYPTO_SESSION_INV, IPSEC_CRYPTO_ARGS_INV, IPSEC_CRYPTO_PROC_ERROR, IPSEC_CRYPTO_NO_BUF_SPACE, IPSEC_CRYPTO_UNSUPPORTED_CIPHER, IPSEC_MALFORMED, IPSEC_MALFORMED_INV_PADDING, IPSEC_PADDING_REMOVAL_FAILED, IPSEC_INNER_MALFORMED, IPSEC_INNER_MALFORMED_IP, IPSEC_INNER_MALFORMED_UDP, IPSEC_INNER_MALFORMED_TCP, IPSEC_UNKNOWN |
| jumpto_rule_id | The ID of the jump-to rule that was applied to the traceflow packet This field is specified when the traceflow packet matched a jump-to rule. |
integer | Readonly |
| jumpto_rule_path | Jump-to Rule Path The path of the jump-to rule that was applied to the traceflow packet |
string | Readonly |
| l2_rule_id | The ID of the l2 rule that was applied to the traceflow packet This field is specified when the traceflow packet matched a l2 rule. |
integer | Readonly |
| l2_rule_path | L2 Rule Path The path of the l2 rule that was applied to the traceflow packet |
string | Readonly |
| lport_id | The id of the logical port at which the traceflow packet was dropped | string | Readonly |
| lport_name | The name of the logical port at which the traceflow packet was dropped | string | Readonly |
| nat_rule_id | The ID of the NAT rule that was applied to drop the traceflow packet This field is specified when the traceflow packet matched a NAT rule. |
integer | Readonly |
| nat_rule_path | Network Address Translation Rule Path The path of the NAT rule that was applied to forward the traceflow packet |
string | Readonly |
| reason | The reason traceflow packet was dropped This field specifies the drop reason of traceflow packet. ARP_FAIL - ARP request fails for some reasons, please refer arp_fail_reason for detail BFD - BFD packet is dropped because traversed by non-operative interface or encountering internal error (e.g., memory insufficient) BROADCAST - Packet is dropped during traversing the interface (e.g., Edge uplink, Edge centralized service port) which disallow ethernet broadcast DHCP - DHCP packet is malformed DLB - The packet is disallowed by distributed load balancing FW_RULE - The packet matches a drop or reject rule of DFW or Edge firewall GENEVE - GENEVE packet is malformed GRE - GRE packet is malformed or traverses a non-operative interface IFACE - Packet traverses a non-operative interface IP - Packet is dropped because of IP related causes (e.g., ICMPv4/ICMPv6 packet is malformed, or DF flag is set but fragment must be performed for the packet) or corresponding interface is not found or inoperative IP_REASS - Packet is dropped during IP reassembly IPSEC - IPsec protocol related packet is dropped IPSEC_VTI - IPsec required SA is not found or traversing inoperative interface cause packet dropped L2VPN - VLAN id of GRE packet is invalid L4PORT - Layer 4 packet (e.g., BFD, DHCP) is dropped LB - Packet is dropped by load balancing rule LROUTER - Packet is dropped by logical router LSERVICE - Packet is malformed or traverses inoperative logical service interface LSWITCH - Packet is dropped by logical switch MANAGEMENT - Packet is dropped by Edge datapath MANAGEMENT service port MD_PROXY - Packet is dropped by metadata proxy NAT - Packet is dropped by NAT rule RTEP_TUNNEL - Unused drop reason ND_NS_FAIL - Neighbor Discovery packet fails NEIGH - ARP or Neighbor Discovery packet fails NO_EIP_FOUND - Destination IP is not an elastic IP NO_EIP_ASSOCIATION - Elastic IP is not associated with active edge VDR ENI NO_ENI_FOR_IP - There is no ENI found for the destination IP NO_ENI_FOR_LIF - Cannot find an ENI associated with uplink LIF NO_ROUTE - Cannot find route for destination IP NO_ROUTE_TABLE_FOUND - Cannot find associated route table NO_UNDERLAY_ROUTE_FOUND - Cannot find AWS route to destination NOT_VDR_DOWNLINK - Packet is not forwarded to VMC unmanaged VDR downlink NO_VDR_FOUND - VMC unmanaged VDR associated with Edge uplink is not found NO_VDR_ON_HOST - Cannot find VMC unmanaged VDR list on this host NOT_VDR_UPLINK - Packet is not forwarded to VDR uplink SERVICE_INSERT - Packet from guest VM to service VM or from service VM to guest VM is dropped by firewall rule SPOOFGUARD - Packet is blocked by SpoofGuard policy TTL_ZERO - The IPv4 time to live field or the IPv6 hop limit field of packet is zero TUNNEL - Overlay tunnel management packet (VNI value of GENEVE header is 0, e.g., BFD) is dropped VLAN - VLAN id of packet is disallowed by the given port VXLAN - VXLAN packet is malformed or cannot find tunnel port for it VXSTT - Unused drop reason VMC_NO_RESPONSE - Failed to query VMC observations as no response from VMC app WRONG_UPLINK - Packet is not routed to the expected Edge uplink by VMC unmanaged VDR FW_STATE - Packet is dropped by stateful firewall NO_MAC - Drop by vswitch as no destination MAC hit MAC Table. FILTERED_UPLINK - Filtering applied at the corresponding UPLINK having no aggregation. |
string | Readonly Enum: ARP_FAIL, BFD, BROADCAST, DHCP, DLB, FW_RULE, GENEVE, GRE, IFACE, IP, IP_REASS, IPSEC, IPSEC_VTI, L2VPN, L4PORT, LB, LROUTER, LSERVICE, LSWITCH, MANAGEMENT, MD_PROXY, NAT, RTEP_TUNNEL, ND_NS_FAIL, NEIGH, NO_EIP_FOUND, NO_EIP_ASSOCIATION, NO_ENI_FOR_IP, NO_ENI_FOR_LIF, NO_ROUTE, NO_ROUTE_TABLE_FOUND, NO_UNDERLAY_ROUTE_FOUND, NOT_VDR_DOWNLINK, NO_VDR_FOUND, NO_VDR_ON_HOST, NOT_VDR_UPLINK, SERVICE_INSERT, SPOOFGUARD, TTL_ZERO, TUNNEL, VLAN, VXLAN, VXSTT, VMC_NO_RESPONSE, WRONG_UPLINK, FW_STATE, NO_MAC, UNKNOWN, FILTERED_UPLINK |
| resource_type | Must be set to the value PolicyTraceflowObservationDroppedLogical | TraceflowObservationType | Required Default: "TraceflowObservationReceived" |
| segment_port_path | Path of segment port | string | Readonly |
| sequence_no | the sequence number is the traceflow observation hop count the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation. |
integer | Required Readonly |
| service_path_index | The index of service path The index of service path that is a chain of services represents the point where the traceflow packet was dropped. |
integer | Readonly |
| site_path | Policy path of the federated site This field contains the site path where this observation was generated. |
string | Readonly |
| timestamp | Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (milliseconds epoch) |
EpochMsTimestamp | Readonly |
| timestamp_micro | Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (microseconds epoch) |
integer | Readonly |
| transport_node_id | id of the transport node that observed a traceflow packet | string | Readonly |
| transport_node_name | name of the transport node that observed a traceflow packet | string | Readonly |
| transport_node_type | type of the transport node that observed a traceflow packet | TransportNodeType | Readonly |
PolicyTraceflowObservationForwardedLogical (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| acl_rule_id | The id of the L3 firewall rule that was applied to forward the traceflow packet This field is specified when the traceflow packet matched a L3 firewall rule. |
integer | Readonly |
| acl_rule_path | Access Control List Rule Path The path of the ACL rule that was applied to forward the traceflow packet |
string | Readonly |
| component_id | The id of the component that forwarded the traceflow packet. | string | Readonly |
| component_name | The name of the component that issued the observation. | string | Readonly |
| component_path | The path of the component that forwarded the traceflow packet | string | Readonly |
| component_sub_type | The sub type of the component that issued the observation. | TraceflowComponentSubType | Readonly |
| component_type | The type of the component that issued the observation. | TraceflowComponentType | Readonly |
| dst_component_id | The id of the destination component to which the traceflow packet was forwarded. | string | Readonly |
| dst_component_name | The name of the destination component to which the traceflow packet was forwarded. | string | Readonly |
| dst_component_path | The path of the destination component to which the traceflow packet was forwarded | string | Readonly |
| dst_component_type | The type of the destination component to which the traceflow packet was forwarded. | TraceflowComponentType | Readonly |
| interface_path | Path of interface | string | Readonly |
| ipsec_vpn | IPSec VPN on which the traceflow packet was forwarded This field is specified when the traceflow packet was forwarded through IPSec VPN. |
TraceflowObservationIpsecVpn | Readonly |
| ipsec_vpn_path | The related path of IPsec VPN through which the traceflow packet was forwarded | PolicyTraceflowObservationIpsecVpn | Readonly |
| jumpto_rule_id | The ID of the jump-to rule that was applied to the traceflow packet This field is specified when the traceflow packet matched a jump-to rule. |
integer | Readonly |
| jumpto_rule_path | Jump-to Rule Path The path of the jump-to rule that was applied to the traceflow packet |
string | Readonly |
| l2_rule_id | The ID of the l2 rule that was applied to the traceflow packet This field is specified when the traceflow packet matched a l2 rule. |
integer | Readonly |
| l2_rule_path | L2 Rule Path The path of the l2 rule that was applied to the traceflow packet |
string | Readonly |
| lport_id | The id of the logical port through which the traceflow packet was forwarded. | string | Readonly |
| lport_name | The name of the logical port through which the traceflow packet was forwarded. | string | Readonly |
| nat_rule_id | The ID of the NAT rule that was applied to forward the traceflow packet This field is specified when the traceflow packet matched a NAT rule. |
integer | Readonly |
| nat_rule_path | Network Address Translation Rule Path The path of the NAT rule that was applied to forward the traceflow packet |
string | Readonly |
| next_hop | Next hop IP address of matched routing entry This field is specified when the traceflow packet was routed by logical router. |
IPAddress | Readonly |
| resend_type | The type of packet resending ARP_UNKNOWN_FROM_CP - Unknown ARP query result emitted by control plane ND_NS_UNKNOWN_FROM_CP - Unknown neighbor solicitation query result emitted by control plane UNKNOWN - Unknown resend type |
string | Readonly Enum: UNKNOWN, ARP_UNKNOWN_FROM_CP, ND_NS_UNKNWON_FROM_CP |
| resource_type | Must be set to the value PolicyTraceflowObservationForwardedLogical | TraceflowObservationType | Required Default: "TraceflowObservationReceived" |
| route_prefix | Prefix of matched routing entry This field is specified when the traceflow packet was routed by logical router. |
IPCIDRBlock | Readonly |
| segment_port_path | Path of segment port | string | Readonly |
| sequence_no | the sequence number is the traceflow observation hop count the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation. |
integer | Required Readonly |
| service_index | The index of the service insertion component | integer | Readonly |
| service_path_index | The path index of the service insertion component | integer | Readonly |
| service_ttl | The ttl of the service insertion component | integer | Readonly |
| site_path | Policy path of the federated site This field contains the site path where this observation was generated. |
string | Readonly |
| spoofguard_ip | Prefix IP address matched in the whitelist in spoofguard This field specified the prefix IP address a traceflow packet matched in the whitelist in spoofguard. |
IPCIDRBlock | Readonly |
| spoofguard_mac | MAC address matched in the whitelist in spoofguard The source MAC address of form: "^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$". For example: 00:00:00:00:00:00. |
MACAddress | Readonly |
| spoofguard_vlan_id | VLAN id matched in the whitelist in spoofguard This field specified the VLAN id a traceflow packet matched in the whitelist in spoofguard. |
VlanID | Readonly |
| svc_nh_mac | MAC address of nexthop MAC address of nexthop for service insertion(SI) in service VM(SVM) where the traceflow packet was received. |
string | Readonly |
| timestamp | Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (milliseconds epoch) |
EpochMsTimestamp | Readonly |
| timestamp_micro | Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (microseconds epoch) |
integer | Readonly |
| translated_dst_ip | The translated destination IP address of VNP/NAT | IPAddress | Readonly |
| translated_src_ip | The translated source IP address of VPN/NAT | IPAddress | Readonly |
| transport_node_id | id of the transport node that observed a traceflow packet | string | Readonly |
| transport_node_name | name of the transport node that observed a traceflow packet | string | Readonly |
| transport_node_type | type of the transport node that observed a traceflow packet | TransportNodeType | Readonly |
| vlan | VLAN for the logical network on which the traceflow packet was forwarded This field is specified when the traceflow packet was forwarded by a VLAN logical network. |
VlanID | Readonly |
| vni | VNI for the logical network on which the traceflow packet was forwarded. This field is specified when the traceflow packet was forwarded by an overlay logical network. |
int | Readonly |
PolicyTraceflowObservationIpsecVpn (schema)
The related policy path of IPsec VPN traceflow observations
| Name | Description | Type | Notes |
|---|---|---|---|
| session_path | The path of the IPsec VPN session | string | Readonly |
| vti_path | The path of the virtual tunnel interface for Route-Based IPsec VPN | string | Readonly |
PolicyTraceflowObservationReceivedLogical (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| component_id | The id of the component that received the traceflow packet. | string | Readonly |
| component_name | The name of the component that issued the observation. | string | Readonly |
| component_path | The path of the component that received the traceflow packet | string | Readonly |
| component_sub_type | The sub type of the component that issued the observation. | TraceflowComponentSubType | Readonly |
| component_type | The type of the component that issued the observation. | TraceflowComponentType | Readonly |
| interface_path | Path of interface | string | Readonly |
| ipsec_vpn | IPSec VPN on which the traceflow packet was received. This field is specified when the traceflow packet was received on IPSec VPN. |
TraceflowObservationIpsecVpn | Readonly |
| ipsec_vpn_path | The related path of IPsec VPN on which the traceflow packet was received | PolicyTraceflowObservationIpsecVpn | Readonly |
| lport_id | The id of the logical port at which the traceflow packet was received | string | Readonly |
| lport_name | The name of the logical port at which the traceflow packet was received | string | Readonly |
| resource_type | Must be set to the value PolicyTraceflowObservationReceivedLogical | TraceflowObservationType | Required Default: "TraceflowObservationReceived" |
| segment_port_path | Path of segment port | string | Readonly |
| sequence_no | the sequence number is the traceflow observation hop count the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation. |
integer | Required Readonly |
| site_path | Policy path of the federated site This field contains the site path where this observation was generated. |
string | Readonly |
| src_component_id | The id of the source component from which the traceflow packet was received. | string | Readonly |
| src_component_name | The name of source component from which the traceflow packet was received. | string | Readonly |
| src_component_path | The path of the source component from which the traceflow packet was received | string | Readonly |
| src_component_type | The type of the source component from which the traceflow packet was received. | TraceflowComponentType | Readonly |
| svc_mac | MAC address of SAN volume controller MAC address of SAN volume controller for service insertion(SI) in service VM(SVM) where the traceflow packet was received. |
string | Readonly |
| timestamp | Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (milliseconds epoch) |
EpochMsTimestamp | Readonly |
| timestamp_micro | Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (microseconds epoch) |
integer | Readonly |
| transport_node_id | id of the transport node that observed a traceflow packet | string | Readonly |
| transport_node_name | name of the transport node that observed a traceflow packet | string | Readonly |
| transport_node_type | type of the transport node that observed a traceflow packet | TransportNodeType | Readonly |
| vlan | VLAN for the logical network on which the traceflow packet was received. This field is specified when the traceflow packet was received by a VLAN logical network. |
VlanID | Readonly |
| vni | VNI for the logical network on which the traceflow packet was received. This field is specified when the traceflow packet was received by an overlay logical network. |
int | Readonly |
PolicyTraceflowObservationRelayedLogical (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| component_name | The name of the component that issued the observation. | string | Readonly |
| component_sub_type | The sub type of the component that issued the observation. | TraceflowComponentSubType | Readonly |
| component_type | The type of the component that issued the observation. | TraceflowComponentType | Readonly |
| dst_server_address | The IP address of the destination This field specified the IP address of the destination which the packet will be relayed. |
IPAddress | Required Readonly |
| logical_comp_uuid | The id of the component which relay service located This field specified the logical component that relay service located. |
string | Readonly |
| logical_component_path | The path of the component on which relay service located This field specifies the logical component that relay service located on. |
string | Readonly |
| message_type | The type of the relay service This field specified the message type of the relay service REQUEST - The relay service will relay a request message to the destination server REPLY - The relay service will relay a reply message to the client |
string | Required Readonly Enum: REQUEST, REPLY Default: "REQUEST" |
| relay_server_address | The IP address of relay service This field specified the IP address of the relay service. |
IPAddress | Required Readonly |
| resource_type | Must be set to the value PolicyTraceflowObservationRelayedLogical | TraceflowObservationType | Required Default: "TraceflowObservationReceived" |
| sequence_no | the sequence number is the traceflow observation hop count the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation. |
integer | Required Readonly |
| site_path | Policy path of the federated site This field contains the site path where this observation was generated. |
string | Readonly |
| timestamp | Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (milliseconds epoch) |
EpochMsTimestamp | Readonly |
| timestamp_micro | Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (microseconds epoch) |
integer | Readonly |
| transport_node_id | id of the transport node that observed a traceflow packet | string | Readonly |
| transport_node_name | name of the transport node that observed a traceflow packet | string | Readonly |
| transport_node_type | type of the transport node that observed a traceflow packet | TransportNodeType | Readonly |
PolicyTransportZone (schema)
Transport Zone
Transport Zone.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| is_default | Flag to indicate if the transport zone is the default one Flag to indicate if the transport zone is the default one. Only one transport zone can be the default one for a given transport zone type. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| nested_nsx | Flag to indicate if all transport nodes in this transport zone are connected through nested NSX. This flag should be set to true in nested NSX environment. When the "allow_changing_vdr_mac_in_use" property in the global config object RoutingGlobalConfig is false, this flag can not be changed if this transport zone is OVERLAY and the change will make any transport node in this transport zone to change the VDR MAC used in any host switch. When this flag is true and this transport zone is OVERLAY, all host switches in this transport zone will use the VDR MAC in the "vdr_mac_nested" property in the global config object RoutingGlobalConfig. |
boolean | Default: "False" |
| nsx_id | Transport Zone UUID on NSX-T Enforcement Point UUID of transport zone on NSX-T enforcement point. |
string | Readonly |
| origin_id | The host switch id generated by the system. This field is populated only if the transport zone was created by NSX system to support security on vSphere Distributed Switch (vDS). The origin_id will refer to the identifier of corresponding vDS from it's parent vCenter server. |
string | Readonly |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicyTransportZone | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| transport_zone_profile_paths | Policy Transport Zone Profile paths Policy Transport Zone Profile paths |
array of string | |
| tz_type | Transport Zone Type Transport Zone Traffic type, must be one of either VLAN_BACKED or OVERLAY_BACKED. OVERLAY_STANDARD, OVERLAY_ENS and UNKNOWN are DEPRECATED. STANDARD, ENS and ENS_INTERRUPT are hostSwitch modes and same need to be given in HostTransportNode.HostSwitchSpec. |
string | Required Enum: OVERLAY_STANDARD, OVERLAY_ENS, VLAN_BACKED, OVERLAY_BACKED, UNKNOWN |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| uplink_teaming_policy_names | Names of the switching uplink teaming policies that are supported by this transport zone. The names of switching uplink teaming policies that all transport nodes in this transport zone support. Uplinkin teaming policies are only valid for VLAN backed transport zones. |
array of string |
PolicyTransportZoneListRequestParameters (schema)
Policy Transport Zone List Request Parameters
Policy Transport Zone list request parameters.
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
PolicyTransportZoneListResult (schema)
Paged Collection of Transport Zone
Paged Collection of Transport Zone
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Transport Zone List Result Transport Zone list result. |
array of PolicyTransportZone | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
PolicyTransportZoneProfile (schema)
Transport Zone Profile
Transport Zone Profile.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| bfd_config | Bfd Profile Options Bfd Health Monitoring Options |
BfdHealthMonitoringConfig | Required |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicyTransportZoneProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tz_profile_type | Policy Transport Zone Type Policy Transport Zone Type. |
string | Required Enum: BFD |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PolicyTransportZoneProfileListRequestParameters (schema)
Policy Transport Zone Profile request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
PolicyTransportZoneProfileListResult (schema)
Paged collection of Policy Transport Zone Profiles
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Policy Transport Zone profile list results | array of PolicyTransportZoneProfile | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
PolicyTunnelDigestAlgorithm (schema) (Deprecated)
Digest Algorithms used in tunnel establishment
The TunnelDigestAlgorithms are used to verify message integrity during tunnel establishment.
SHA1 produces 160 bits hash and SHA2_XXX produces XXX bit hash.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyTunnelDigestAlgorithm | Digest Algorithms used in tunnel establishment The TunnelDigestAlgorithms are used to verify message integrity during tunnel establishment. SHA1 produces 160 bits hash and SHA2_XXX produces XXX bit hash. |
string | Deprecated Enum: SHA1, SHA2_256, SHA2_384, SHA2_512 |
PolicyTunnelEncryptionAlgorithm (schema) (Deprecated)
Encryption algorithm used in tunnel
TunnelEncryption algorithms are used to ensure confidentiality of the messages exchanged
during Tunnel negotiations. AES stands for Advanced Encryption Standards. AES_128 uses
128-bit keys whereas AES_256 uses 256-bit keys for encryption and decryption. AES_128
and AES_256 use CBC mode of encryption. AES_GCM stands for Advanced Encryption Standard(AES)
in Galois/Counter Mode (GCM) and is used to provide both confidentiality and data origin
authentication.
| Name | Description | Type | Notes |
|---|---|---|---|
| PolicyTunnelEncryptionAlgorithm | Encryption algorithm used in tunnel TunnelEncryption algorithms are used to ensure confidentiality of the messages exchanged during Tunnel negotiations. AES stands for Advanced Encryption Standards. AES_128 uses 128-bit keys whereas AES_256 uses 256-bit keys for encryption and decryption. AES_128 and AES_256 use CBC mode of encryption. AES_GCM stands for Advanced Encryption Standard(AES) in Galois/Counter Mode (GCM) and is used to provide both confidentiality and data origin authentication. |
string | Deprecated Enum: AES_128, AES_256, AES_GCM_128, AES_GCM_192, AES_GCM_256 |
PolicyUrlCategorizationConfig (schema)
URL categorization entity
The type contains information about the configuration of the feature for a
specific node. It contains information like the whether the feature is
enabled/disabled, the context profiles defining the category list to
detect.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| context_profiles | Context profiles The ids of the context profiles that provides the list of categories to be detected. This field is deprecated. URL Categorization will not be supported in association with context profiles. |
array of string | Deprecated |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | Enabled Property which specifies the enabling/disabling of the feature. |
boolean | Required |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PolicyUrlCategorizationConfig | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| update_frequency | Policy URL Categorization Update Frequency The frequency in minutes at which the updates are downloaded from the URL categorization cloud service. The minimum allowed value is 5 minutes. |
int | Minimum: 5 Default: "30" |
PoolMemberAdminStateType (schema)
pool member admin state
User can set the admin state of a member to ENABLED or DISABLED or
GRACEFUL_DISABLED. By default, when a member is added, it is ENABLED.
If a member is set to DISABLED, it is not selected for any new
connections. Active connections, however, will continue to be processed
by it. New connections with matching persistence entries pointing to
DISABLED members are not sent to those DISABLED members. Those connections
are assigned to other members of the pool and the corresponding persistence
entries are updated to point to the newly selected server.
To allow for a more graceful way of taking down servers for maintenance, a
routine task, another admin state GRACEFUL_DISABLED is supported. Existing
connections to a member in GRACEFUL_DISABLED state continue to be processed.
| Name | Description | Type | Notes |
|---|---|---|---|
| PoolMemberAdminStateType | pool member admin state User can set the admin state of a member to ENABLED or DISABLED or GRACEFUL_DISABLED. By default, when a member is added, it is ENABLED. If a member is set to DISABLED, it is not selected for any new connections. Active connections, however, will continue to be processed by it. New connections with matching persistence entries pointing to DISABLED members are not sent to those DISABLED members. Those connections are assigned to other members of the pool and the corresponding persistence entries are updated to point to the newly selected server. To allow for a more graceful way of taking down servers for maintenance, a routine task, another admin state GRACEFUL_DISABLED is supported. Existing connections to a member in GRACEFUL_DISABLED state continue to be processed. |
string | Enum: ENABLED, DISABLED, GRACEFUL_DISABLED |
PoolMemberSetting (schema)
Pool member setting
The setting is used to add, update or remove pool members from pool.
For static pool members, admin_state, display_name and weight can be
updated.
For dynamic pool members, only admin_state can be updated.
| Name | Description | Type | Notes |
|---|---|---|---|
| admin_state | Member admin state | PoolMemberAdminStateType | Default: "ENABLED" |
| display_name | Pool member display name Only applicable to static pool members. If supplied for a pool defined by a grouping object, update API would fail. |
string | |
| ip_address | Pool member IP address | IPAddress | Required |
| port | Pool member port number | PortElement | |
| weight | Pool member weight Only applicable to static pool members. If supplied for a pool defined by a grouping object, update API would fail. |
integer | Minimum: 1 Maximum: 255 |
PortAddressBindingEntry (schema)
Address binding information
Detailed information about static address for the port.
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_address | IP address IP Address for port binding |
string | |
| mac_address | MAC address Mac address for port binding |
MACAddress | |
| vlan_id | VLAN ID VLAN ID for port binding |
VlanID |
PortAttacher (schema) (Deprecated)
VM or vmknic entity attached to LogicalPort
| Name | Description | Type | Notes |
|---|---|---|---|
| entity | Reference to the attached entity This is a vmknic name if the attacher is vmknic. Otherwise, it is full path of the attached VM's config file |
string | Required |
| host | TransportNode on which the attacher resides | string | Required |
PortAttachment (schema)
Attachment information on the port
Detail information about port attachment
| Name | Description | Type | Notes |
|---|---|---|---|
| allocate_addresses | Allocate addresses Indicate how IP will be allocated for the port |
string | Enum: IP_POOL, MAC_POOL, BOTH, NONE, DHCP, DHCPV6, SLAAC |
| app_id | App Id ID used to identify/look up a child attachment behind a parent attachment |
string | |
| bms_interface_config | Application interface configuration for Bare metal server Indicate application interface configuration for Bare Metal Server. |
AttachedInterfaceEntry | |
| context_id | Context ID based on the type If type is CHILD and the parent port is on the same segment as the child port, then this field should be VIF ID of the parent port. If type is CHILD and the parent port is on a different segment, then this field should be policy path of the parent port. If type is INDEPENDENT/STATIC, then this field should be transport node ID. |
string | |
| context_type | Context Type Set to PARENT when type field is CHILD. Read only field. |
string | Readonly Enum: PARENT |
| evpn_vlans | Evpn tenant VLAN IDs the Parent logical-port serves. List of Evpn tenant VLAN IDs the Parent logical-port serves in Evpn Route-Server mode. Only effective when attachment type is PARENT and the logical-port is attached to vRouter VM. |
array of string | Minimum items: 0 Maximum items: 1000 |
| hyperbus_mode | Hyperbus mode Flag to indicate if hyperbus configuration is required. |
string | Enum: ENABLE, DISABLE Default: "DISABLE" |
| id | Port attachment ID VIF UUID on NSX Manager. If the attachement type is PARENT, this property is required. |
string | |
| traffic_tag | VLAN ID Not valid when type field is INDEPENDENT, mainly used to identify traffic from different ports in container use case. |
VlanID | |
| type | Attachement type Type of port attachment. STATIC is added to replace INDEPENDENT. INDEPENDENT type and PARENT type are deprecated. |
string | Enum: PARENT, CHILD, INDEPENDENT, STATIC |
PortDiscoveryProfileBindingMap (schema)
Port Discovery Profile binding map
This entity will be used to establish association between discovery
profile and Port. Using this entity, user can specify intent for applying
discovery profile to particular Port. Port here is Logical Port.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ip_discovery_profile_path | IP Discovery Profile Path PolicyPath of associated IP Discovery Profile |
string | |
| mac_discovery_profile_path | Mac Discovery Profile Path PolicyPath of associated Mac Discovery Profile |
string | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PortDiscoveryProfileBindingMap | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PortDiscoveryProfileBindingMapListRequestParameters (schema)
Port Discovery Profile Binding Map list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
PortDiscoveryProfileBindingMapListResult (schema)
Paged collection of Port Discovery Profile Binding Maps
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Port Discovery Profile Binding Map list results | array of PortDiscoveryProfileBindingMap | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
PortElement (schema)
A port or a port range
Examples- Single port "8080", Range of ports "8090-8095"
| Name | Description | Type | Notes |
|---|---|---|---|
| PortElement | A port or a port range Examples- Single port "8080", Range of ports "8090-8095" |
string | Format: port-or-range |
PortMirrorFilter (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| destination_ips | Destination IP used to filter packets Destination IP in the form of IPAddresses, used to match the destination IP of a packet. If not provided, no filtering by destination IPs is performed. |
IPAddresses | |
| destination_ports | Destination port or port range used to filter packets Destination port in the form of a port or port range, used to match the destination port of a packet. If not provided, no filtering by destination port is performed. |
PortElement | |
| protocol | The protocol used to filter packets. The transport protocols of TCP or UDP, used to match the transport protocol of a packet. If not provided, no filtering by IP protocols is performed. |
string | Enum: TCP, UDP |
| source_ips | Source IP used to filter packets Source IP in the form of IPAddresses, used to match the source IP of a packet. If not provided, no filtering by source IPs is performed. |
IPAddresses | |
| source_ports | Source port or port range used to filter packets Source port in the form of a port or port range, used to match the source port of a packet. If not provided, no filtering by source port is performed. |
PortElement |
PortMirroringProfile (schema)
Mirrors Data from source to destination
Mirrors Data from source to destination
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| destination_group | Destination group path Data from source group will be copied to members of destination group. Only IPSET group and group with membership criteria VM is supported. IPSET group allows only three ip's. |
string | Required |
| direction | Direction Port mirroring profile direction |
string | Enum: INGRESS, EGRESS, BIDIRECTIONAL Default: "BIDIRECTIONAL" |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| encapsulation_type | Mirror Destination encapsulation type User can provide Mirror Destination type e.g GRE, ERSPAN_TWO or ERSPAN_THREE.If profile type is REMOTE_L3_SPAN, encapsulation type is used else ignored. |
string | Enum: GRE, ERSPAN_TWO, ERSPAN_THREE Default: "GRE" |
| erspan_id | ERSPAN session id Used by physical switch for the mirror traffic forwarding. Must be provided and only effective when encapsulation type is ERSPAN type II or type III. |
int | Minimum: 0 Maximum: 1023 Default: "0" |
| filter_action | Action to include or exclude traffic for all filter in port_mirroring_filters If set to INCLUDE, packets matching all filters will be mirrored. If set to EXCLUDE, packets NOT matching any filters will be mirrored. |
string | Enum: INCLUDE, EXCLUDE Default: "INCLUDE" |
| gre_key | GRE encapsulation key User-configurable 32-bit key only for GRE |
int | Minimum: 0 Default: "0" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| port_mirroring_filters | Port mirroring filter An array of 5-tuples used to filter packets for the mirror session. If not provided, all the packets will be mirrored. This field is with filter_action which defines whether packets matching the filter will be included or excluded |
array of PortMirrorFilter | Minimum items: 0 Maximum items: 1 |
| profile_type | Allows user to select type of port mirroring session. | string | Enum: REMOTE_L3_SPAN, LOGICAL_SPAN Default: "REMOTE_L3_SPAN" |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PortMirroringProfile | string | |
| snap_length | Maximum packet length for packet truncation If this property is set, the packet will be truncated to the provided length. If this property is unset, entire packet will be mirrored. |
int | Minimum: 60 Maximum: 65535 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_ip_stack | Mirror Destination encapsulation type User can provide Mirror stack or Default stack to send mirror traffic. If profile type is REMOTE_L3_SPAN, tcp_ip_stack type is used else ignored. |
string | Enum: Default, Mirror Default: "Default" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PortMonitoringProfileBindingMap (schema)
Port Monitoring Profile binding map
This entity will be used to establish association between monitoring
profile and Port. Using this entity, user can specify intent for applying
monitoring profile to particular Port. Port here is Segment Port.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ipfix_l2_profile_path | IPFIX L2 Profile Path PolicyPath of associated IPFIX L2 Profile |
string | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| port_mirroring_profile_path | Port Mirroring Profile Path PolicyPath of associated Port Mirroring Profile |
string | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PortMonitoringProfileBindingMap | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PortQoSProfileBindingMap (schema)
Port QoS Profile binding map
This entity will be used to establish association between qos
profile and Port. Using this entity, you can specify intent for applying
qos profile to particular Port. Port here is Segment Port.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| qos_profile_path | QoS Profile Path PolicyPath of associated QoS Profile |
string | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PortQoSProfileBindingMap | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PortQoSProfileBindingMapListRequestParameters (schema)
Port QoS Profile Binding Map list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
PortQoSProfileBindingMapListResult (schema)
Paged collection of Port QoS Profile Binding Maps
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Port QoS Profile Binding Map list results | array of PortQoSProfileBindingMap | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
PortSecurityProfileBindingMap (schema)
Security profile binding map for port
Contains the binding relationship between port and security profile.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PortSecurityProfileBindingMap | string | |
| segment_security_profile_path | Segment Security Profile Path The policy path of the asscociated Segment Security profile |
string | |
| spoofguard_profile_path | SpoofGuard Profile Path The policy path of the asscociated SpoofGuard profile |
string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PortSecurityProfileBindingMapListRequestParameters (schema)
Port security profile binding map request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
PortSecurityProfileBindingMapListResult (schema)
Paged collection of port security profile binding maps
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Port security profile binding map list results | array of PortSecurityProfileBindingMap | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
PreReqCondition (schema)
Valid pre-req condition
| Name | Description | Type | Notes |
|---|---|---|---|
| PreReqCondition | Valid pre-req condition | string | Enum: WAVE_FRONT, TSDB, TRACE |
PrefixEntry (schema)
Network prefix entry
| Name | Description | Type | Notes |
|---|---|---|---|
| action | Action for the prefix list Action for the prefix list. |
string | Enum: PERMIT, DENY Default: "PERMIT" |
| ge | Prefix length greater than or equal to Prefix length greater than or equal to. |
int | Minimum: 1 Maximum: 128 |
| le | Prefix length less than or equal to Prefix length less than or equal to. |
int | Minimum: 1 Maximum: 128 |
| network | Network prefix in CIDR format Network prefix in CIDR format. "ANY" matches all networks. |
string | Required |
PrefixList (schema)
A named list of prefixes for routing purposes
A named list of prefixes for routing purposes.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| prefixes | Ordered list of network prefixes Specify ordered list of network prefixes. |
array of PrefixEntry | Required Minimum items: 1 |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value PrefixList | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PrefixListRequestParameters (schema)
PrefixList request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
PrefixListResult (schema)
Paged collection of PrefixLists
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | PrefixList results | array of PrefixList | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
Principal (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| attributes | Attribute list. | array of KeyValue | Required |
PrincipalIdentity (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| certificate_id | Id of the stored certificate Id of the stored certificate. When used with the deprecated POST /trust-management/principal-identities API this field is required. |
string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| is_protected | Protection indicator Indicator whether the entities created by this principal should be protected. |
boolean | |
| name | Name Name of the principal. |
string | Required Maximum length: 255 Pattern: "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$" |
| node_id | Unique node-id Unique node-id of a principal. This is used primarily in the case where a cluster of nodes is used to make calls to the NSX Manager and the same 'name' is used so that the nodes can access and modify the same data while still accessing NSX through their individual secret (certificate or JWT). In all other cases this can be any string. |
string | Required Maximum length: 255 Pattern: "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$" |
| resource_type | Must be set to the value PrincipalIdentity | string | |
| role | Role The roles that are associated with this PI. |
string | Deprecated Pattern: "^[_a-z0-9-]+$" |
| roles_for_paths | Roles for Paths The roles that are associated with this PI, limiting them to a policy path like '/infra'. In case the path is '/', the roles apply everywhere. |
array of RolesForPath | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
PrincipalIdentityList (schema)
PrincipalIdentity query result
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | PrincipalIdentity list. | array of PrincipalIdentity | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
PrincipalIdentityWithCertificate (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| certificate_id | Id of the stored certificate Id of the stored certificate. When used with the deprecated POST /trust-management/principal-identities API this field is required. |
string | |
| certificate_pem | PEM encoding of the new certificate PEM encoding of the new certificate. |
string | Required |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| is_protected | Protection indicator Indicator whether the entities created by this principal should be protected. |
boolean | |
| name | Name Name of the principal. |
string | Required Maximum length: 255 Pattern: "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$" |
| node_id | Unique node-id Unique node-id of a principal. This is used primarily in the case where a cluster of nodes is used to make calls to the NSX Manager and the same 'name' is used so that the nodes can access and modify the same data while still accessing NSX through their individual secret (certificate or JWT). In all other cases this can be any string. |
string | Required Maximum length: 255 Pattern: "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$" |
| resource_type | Must be set to the value PrincipalIdentityWithCertificate | string | |
| role | Role The roles that are associated with this PI. |
string | Deprecated Pattern: "^[_a-z0-9-]+$" |
| roles_for_paths | Roles for Paths The roles that are associated with this PI, limiting them to a policy path like '/infra'. In case the path is '/', the roles apply everywhere. |
array of RolesForPath | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
ProfileBindingListRequestParameters (schema)
Profile binding map list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
ProfileBindingMap (schema)
Policy base profile binding map
This entity will be used to establish association between profile
and policy entities.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| profile_path | Profile Path PolicyPath of associated Profile |
string | Required |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ProfileBindingMap | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ProfileSeverity (schema)
Intrusion Detection System Profile severity
| Name | Description | Type | Notes |
|---|---|---|---|
| ProfileSeverity | Intrusion Detection System Profile severity | string | Enum: CRITICAL, HIGH, MEDIUM, LOW, SUSPICIOUS |
ProfileSupportedAttributesListRequestParameters (schema)
Profile Attributes list request parameters.
| Name | Description | Type | Notes |
|---|---|---|---|
| attribute_key | Fetch attributes and sub-attributes for the given attribute key It fetches attributes and subattributes for the given attribute key supported in the system which can be used for Policy Context Profile creation. |
string | |
| attribute_source | Source of the attribute, System Defined or custom It fetches attributes and sub attributes for the given attribute key based on the source of attribute which can be used for Policy Context Profile creation. |
string | Enum: ALL, CUSTOM, SYSTEM Default: "SYSTEM" |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
ProgressItem (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| description | Item description | string | Required |
| name | Name of the item | string | Required |
| parts | Finer details, usually there is only one part | array of ProgressItemPart |
ProgressItemPart (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| description | Description of the process | string | Required |
| error | Error message, if ran into error | string | |
| name | Name of the process | string | Required |
| percentage | 0 - 100 of the task being completed | integer | Required |
| status | Status of this process | string | Required Enum: RUNNING, ERROR, COMPLETE |
Project (schema)
Policy Project
Project is a construct that provides network isolation for all
its contents out of the box, where the compute and networking elements
within are isolated from other Projects. The Project will also be used to provide
hybridity across on-prem datacenters and the cloud, thus providing a means
of building private clouds with elements both on-prem and in the cloud.
The project can be created by users with Org Admin role and read access to Tier0s and Edge clusters.
Read access to Tier0s and Edge clusters can be achieved by either associating the user with another role with the required permissions (say Auditor),
or by sharing the Tier0s and Edge clusters with the Org before creating the project. The project can also be created by users with Enterprise Admin role
without explicit sharing of Tier0s and Edge clusters.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| default | Flag to indicate that the project is a default project true - the project is a default project. Default projects are non-editable, system create ones. |
boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value Project | string | |
| short_id | Identifier to use when displaying project context in logs Defaults to id if id is less than equal to 8 characters or defaults to random generated id if not set. |
string | Maximum length: 8 |
| site_infos | Collection of Site information Information related to sites applicable for given Project. For on-prem deployment, only 1 is allowed. |
array of SiteInfo | Maximum items: 16 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tier_0s | Array of Tier 0s path associated with this Project. The tier 0 has to be pre-created before Project is created. The tier 0 typically provides connectivity to external world. List of sites for Project has to be subset of sites where the tier 0 spans. |
array of string | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
PropertyItem (schema)
LabelValue Property
Represents a label-value pair.
| Name | Description | Type | Notes |
|---|---|---|---|
| condition | Expression for evaluating condition If the condition is met then the property will be displayed. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API. |
string | Maximum length: 1024 |
| drilldown_id | Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget. |
string | |
| field | Field of the Property Represents field value of the property. |
string | Required Maximum length: 1024 |
| heading | If true, represents the field as a heading Set to true if the field is a heading. Default is false. |
boolean | Default: "False" |
| label | Label of the property If a field represents a heading, then label is not needed |
Label | |
| label_value_separator | Labale value separator used between label and value Label value separator used between label and value. It can be any separator like ":" or "-". |
string | |
| navigation | Navigation to a specified UI page Hyperlink of the specified UI page that provides details. This will be linked with value of the property. |
string | Maximum length: 1024 |
| render_configuration | Render Configuration Render configuration to be applied, if any. |
array of RenderConfiguration | |
| rowspan | Vertical span Represent the vertical span of the widget / container |
int | Minimum: 1 |
| separator | A separator after this property If true, separates this property in a widget. |
boolean | Default: "False" |
| span | Horizontal span Represent the horizontal span of the widget / container. |
int | Minimum: 1 Maximum: 12 |
| style | A Style object applicable for the Property Item A style object applicable for the property item. It could be the any padding, margin style sheet applicable to the property item. A 'style' property is supported in case of layout 'AUTO' only. |
object | |
| type | field data type Data type of the field. |
string | Required Enum: String, Number, Date, Url Maximum length: 255 Default: "String" |
Protocol (schema)
This is an abstract type. Concrete child types:
HttpProtocol
HttpsProtocol
ScpProtocol
SftpProtocol
| Name | Description | Type | Notes |
|---|---|---|---|
| name | Protocol name | string | Required Enum: http, https, scp, sftp |
ProtocolVersion (schema)
HTTP protocol version
| Name | Description | Type | Notes |
|---|---|---|---|
| enabled | Enable status for this protocol version | boolean | Required |
| name | Name of the TLS protocol version | string | Required |
QoSBaseRateLimiter (schema)
A Limiter configuration entry that specifies type and metrics
This is an abstract type. Concrete child types:
EgressRateLimiter
IngressBroadcastRateLimiter
IngressRateLimiter
| Name | Description | Type | Notes |
|---|---|---|---|
| enabled | boolean | Required | |
| resource_type | Type rate limiter
|
string | Required Enum: IngressRateLimiter, IngressBroadcastRateLimiter, EgressRateLimiter Default: "IngressRateLimiter" |
QoSDscp (schema)
One of QoS or Encapsulated-Remote-Switched-Port-Analyzer
Dscp value is ignored in case of 'TRUSTED' DscpTrustMode.
| Name | Description | Type | Notes |
|---|---|---|---|
| mode | DscpTrustMode | ||
| priority | Internal Forwarding Priority | int | Minimum: 0 Maximum: 63 Default: "0" |
QoSProfile (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| class_of_service | Class of service Class of service groups similar types of traffic in the network and each type of traffic is treated as a class with its own level of service priority. The lower priority traffic is slowed down or in some cases dropped to provide better throughput for higher priority traffic. |
int | Minimum: 0 Maximum: 7 Default: "0" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| dscp | QoSDscp | ||
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value QoSProfile | string | |
| shaper_configurations | Array of Rate limiter configurations to applied on Segment or Port. | array of QoSBaseRateLimiter (Abstract type: pass one of the following concrete types) EgressRateLimiter IngressBroadcastRateLimiter IngressRateLimiter |
Minimum items: 0 Maximum items: 3 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
QoSProfileBindingMap (schema)
Base QoS Profile Binding Map
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value QoSProfileBindingMap | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
QoSProfileListRequestParameters (schema)
QoS Profile request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
QoSProfileListResult (schema)
Paged collection of QoS profiles
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | QoS profiles list results | array of QoSProfile | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
RAConfig (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| hop_limit | Hop limit The maximum number of hops through which packets can pass before being discarded. |
integer | Minimum: 0 Maximum: 255 Default: "64" |
| prefix_lifetime | Lifetime of prefix The time interval in seconds, in which the prefix is advertised as valid. |
integer | Minimum: 0 Maximum: 4294967295 Default: "2592000" |
| prefix_preferred_time | Prefix preferred time The time interval in seconds, in which the prefix is advertised as preferred. |
integer | Minimum: 0 Maximum: 4294967295 Default: "604800" |
| ra_interval | RA interval Interval between 2 Router advertisement in seconds. |
integer | Minimum: 4 Maximum: 1800 Default: "600" |
| router_lifetime | Lifetime of router Router lifetime value in seconds. A value of 0 indicates the router is not a default router for the receiving end. Any other value in this field specifies the lifetime, in seconds, associated with this router as a default router. |
integer | Minimum: 0 Maximum: 65520 Default: "1800" |
| router_preference | Router preference NDRA Router preference value with MEDIUM as default. If the router_lifetime is 0, the preference must be set to MEDIUM. |
NDRAPreference | Default: "MEDIUM" |
RAMode (schema)
Router Advertisement Mode
Router Advertisement Modes.
DISABLED - RA is disabled
SLAAC_DNS_THROUGH_RA - Stateless address auto-configuration RA for address and configuration
SLAAC_DNS_THROUGH_DHCP - SLAAC RA for address and DHCPv6 for configuration
DHCP_ADDRESS_AND_DNS_THROUGH_DHCP - DHCPv6 for address and configurations
SLAAC_AND_ADDRESS_DNS_THROUGH_DHCP - SLAAC RA and DHCPv6 for address and configurations
| Name | Description | Type | Notes |
|---|---|---|---|
| RAMode | Router Advertisement Mode Router Advertisement Modes. DISABLED - RA is disabled SLAAC_DNS_THROUGH_RA - Stateless address auto-configuration RA for address and configuration SLAAC_DNS_THROUGH_DHCP - SLAAC RA for address and DHCPv6 for configuration DHCP_ADDRESS_AND_DNS_THROUGH_DHCP - DHCPv6 for address and configurations SLAAC_AND_ADDRESS_DNS_THROUGH_DHCP - SLAAC RA and DHCPv6 for address and configurations |
string | Enum: DISABLED, SLAAC_DNS_THROUGH_RA, SLAAC_DNS_THROUGH_DHCP, DHCP_ADDRESS_AND_DNS_THROUGH_DHCP, SLAAC_AND_ADDRESS_DNS_THROUGH_DHCP |
RaDNSConfig (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| dns_server | DNS server DNS server. |
array of IPv6Address | Maximum items: 8 |
| dns_server_lifetime | Lifetime of DNS server in milliseconds | integer | Minimum: 0 Maximum: 4294967295 Default: "1800000" |
| domain_name | Domain name Domain name in RA message. |
array of string | Maximum items: 8 |
| domain_name_lifetime | Lifetime of Domain names in milliseconds | integer | Minimum: 0 Maximum: 4294967295 Default: "1800000" |
Reaction (schema)
Reaction
Reaction represents a programmable entity which encapsulates the events
and the actions in response to the events, or simply "If This Then That".
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| actions | Reaction Actions Actions that need to be taken when the events occur. These actions must appear in the order that they need to be taken in. This field can be interpreted as the HOW of the Reaction, or simply as "Then That". |
array of Action (Abstract type: pass one of the following concrete types) PatchResources SetFields |
Required Minimum items: 1 Maximum items: 1 |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| events | Reaction Events Events that provide contextual variables about what the reaction should react to. This field can be interpreted as the WHAT of the Reaction, or simply as "If This" Clause. |
array of Event | Required Minimum items: 1 Maximum items: 1 |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value Reaction | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
RealizationListRequestParameters (schema)
Realization list request params
List request params for the pass through type api that get data from the
Enforcement point. The basic requirement for these kind of APIs is
filtering by Enforcement point.
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| enforcement_point_path | String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F. |
string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
RealizedStateRequestParameter (schema)
Binding between Intent and Enforcement Point Paths
Request parameter that represents a binding between an intent path and
enforcement point path. A request on the realized state can be parameterized
with this pair and will be evaluted as follows:
- {intent_path}: the request is evaluated on all enforcement points for
the given intent.
- {intent_path, enforcement_point_path}: the request is evaluated only on
the given enforcement point for the given intent.
| Name | Description | Type | Notes |
|---|---|---|---|
| enforcement_point_path | String Path of the enforcement point enforcement point path, forward slashes must be escaped using %2F |
string | |
| intent_path | String Path of the intent object Intent path of object, forward slashes must be escaped using %2F |
string | Required |
RealizedVirtualMachine (schema) (Experimental)
Realized Virtual Machine
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| alarms | Alarm info detail | array of PolicyAlarmResource | |
| compute_ids | List of external compute ids of the virtual machine in the format 'id-type-key:value' , list of external compute ids ['uuid:xxxx-xxxx-xxxx-xxxx', 'moIdOnHost:moref-11', 'instanceUuid:xxxx-xxxx-xxxx-xxxx'] | array of string | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| host_id | Id of the host on which the vm exists. | string | Readonly |
| id | Unique identifier of this resource | string | Sortable |
| intent_reference | Desire state paths of this object | array of string | |
| local_id_on_host | Id of the vm unique within the host. | string | Readonly |
| operational_status | String representation of operational status Possible values could be UP, DOWN, UNKNOWN, FAILURE This list is not exhaustive. |
string | |
| operational_status_error | String representation of operational status error It defines the root cause for operational status error. |
string | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| power_state | Current power state of this virtual machine in the system. | string | Readonly Enum: VM_RUNNING, VM_STOPPED, VM_SUSPENDED, UNKNOWN |
| publish_status | String representation of publish status Possible values could be UP, DOWN, UNKNOWN, SUCCESS This list is not exhaustive. |
string | |
| publish_status_error | String representation of publish status error It defines the root cause for publish status error. |
string | |
| publish_status_error_code | Represents error code for publish status. It defines error code for publish status error. |
int | |
| publish_status_error_details | Details for publich status error. Error details for publish status. |
array of ConfigurationStateElement | |
| realization_api | Realization API of this object on enforcement point | string | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| realization_specific_identifier | Realization id of this object | string | |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value RealizedVirtualMachine | string | |
| runtime_error | String representation of runtime error It define the root cause for runtime error. |
string | |
| runtime_status | String representation of runtime status Possible values could be UP, DOWN, UNKNOWN, DEGRADED This list is not exhaustive. |
string | Deprecated |
| state | Realization state of this object | string | Required Enum: UNAVAILABLE, UNREALIZED, REALIZED, ERROR |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
RealizedVirtualMachineListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paged Collection of VMs | array of RealizedVirtualMachine | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
RecommendedFeaturePermission (schema)
Recommended Feature Permission
| Name | Description | Type | Notes |
|---|---|---|---|
| recommended_permissions | Permission | array of string | Required |
| src_features | List of source features | array of string | Required |
| target_feature | Feature | string | Required |
RecommendedFeaturePermissionListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | List results | array of RecommendedFeaturePermission | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
RedirectionPolicy (schema)
Contains ordered list of rules and path to PolicyServiceInstance
Ordered list of rules long with the path of PolicyServiceInstance
to which the traffic needs to be redirected. |
Please note that the scope property must be provided for NS redirection |
policy if redirect to is a service chain. For NS, when redirect to is not |
to the service chain, and scope is specified on RedirectionPolicy, it |
will be ignored. The scope will be determined from redirect to path |
instead. For EW policy, scope must not be supplied in the request. |
Path to either Tier0 or Tier1 is allowed as the scope. Only 1 path |
can be specified as a scope. |
Also, note that, if stateful flag is not sent, it will be treated as true.
If statelessness is intended, false must be sent explicitly as the value |
for stateful field.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| category | A way to classify a security policy, if needed. - Distributed Firewall - Policy framework provides five pre-defined categories for classifying a security policy. They are "Ethernet","Emergency", "Infrastructure" "Environment" and "Application". There is a pre-determined order in which the policy framework manages the priority of these security policies. Ethernet category is for supporting layer 2 firewall rules. The other four categories are applicable for layer 3 rules. Amongst them, the Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a security policy into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four categories. - Edge Firewall - Policy Framework for Edge Firewall provides six pre-defined categories "Emergency", "SystemRules", "SharedPreRules", "LocalGatewayRules", "AutoServiceRules" and "Default", in order of priority of rules. All categories are allowed for Gatetway Policies that belong to 'default' Domain. However, for user created domains, category is restricted to "SharedPreRules" or "LocalGatewayRules" only. Also, the users can add/modify/delete rules from only the "SharedPreRules" and "LocalGatewayRules" categories. If user doesn't specify the category then defaulted to "Rules". System generated category is used by NSX created rules, for example BFD rules. Autoplumbed category used by NSX verticals to autoplumb data path rules. Finally, "Default" category is the placeholder default rules with lowest in the order of priority. |
string | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| comments | SecurityPolicy lock/unlock comments Comments for security policy lock/unlock. |
string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| internal_sequence_number | Internal sequence number This field is to indicate the internal sequence number of a policy with respect to the policies across categories. |
int | Readonly |
| is_default | Default policy flag A flag to indicate whether policy is a default policy. |
boolean | Readonly |
| lock_modified_by | User who locked the security policy ID of the user who last modified the lock for the secruity policy. |
string | Readonly |
| lock_modified_time | SecuirtyPolicy locked/unlocked time SecurityPolicy locked/unlocked time in epoch milliseconds. |
EpochMsTimestamp | Readonly |
| locked | Lock a security policy Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy. Once the user releases the lock, other users can update this security policy. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| north_south | Flag to denote whether it is north south policy This is the read only flag which will state the direction of this | redirection policy. True denotes that it is NORTH-SOUTH and false | value means it is an EAST-WEST redirection policy. |
boolean | Readonly |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| redirect_to | List of redirect to target paths Paths to which traffic will be redirected to. As of now, only 1 is | supported. Paths allowed are | 1. Policy Service Instance | 2. Service Instance Endpoint | 3. Virtual Endpoint | 4. Policy Service Chain |
array of string | Maximum items: 1 |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value RedirectionPolicy | string | |
| rule_count | Rule count The count of rules in the policy. |
int | Readonly |
| rules | Redirection rules that are a part of this RedirectionPolicy Redirection rules that are a part of this RedirectionPolicy. At max, there can be 1000 rules in a given RedirectPolicy. |
array of RedirectionRule | Maximum items: 1000 |
| scheduler_path | Path to the scheduler for time based scheduling Provides a mechanism to apply the rules in this policy for a specified time duration. |
string | |
| scope | The list of group paths where the rules in this policy will get
applied. This scope will take precedence over rule level scope. Supported only for security and redirection policies. In case of RedirectionPolicy, it is expected only when the policy is NS and redirecting to service chain. |
array of string | Maximum items: 128 |
| sequence_number | Sequence number to resolve conflicts across Domains This field is used to resolve conflicts between security policies across domains. In order to change the sequence number of a policy one can fire a POST request on the policy entity with a query parameter action=revise The sequence number field will reflect the value of the computed sequence number upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several security policies, the only way to set the sequence number is to explicitly specify the sequence number for each security policy. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple policies with the same sequence number then their order is not deterministic. If a specific order of policies is desired, then one has to specify unique sequence numbers or use the POST request on the policy entity with a query parameter action=revise to let the framework assign a sequence number. The value of sequence number must be between 0 and 999,999. |
int | Minimum: 0 |
| stateful | Stateful nature of the entries within this security policy. Stateful or Stateless nature of security policy is enforced on all rules in this security policy. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Layer3 security policies can be stateful or stateless. By default, they are stateful. Layer2 security policies can only be stateless. |
boolean | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_strict | Enforce strict tcp handshake before allowing data packets Ensures that a 3 way TCP handshake is done before the data packets are sent. tcp_strict=true is supported only for stateful security policies. If the tcp_strict flag is not specified and the security policy is stateful, then tcp_strict will be set to true. |
boolean | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
RedirectionRule (schema)
It define redirection rule for service insertion
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| action | Action The action to be applied to all the services |
string | Enum: REDIRECT, DO_NOT_REDIRECT |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| destination_groups | Destination group paths We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| destinations_excluded | Negation of destination groups If set to true, the rule gets applied on all the groups that are NOT part of the destination groups. If false, the rule applies to the destination groups |
boolean | Default: "False" |
| direction | Direction Define direction of traffic. |
string | Enum: IN, OUT, IN_OUT Default: "IN_OUT" |
| disabled | Flag to disable the rule Flag to disable the rule. Default is enabled. |
boolean | Default: "False" |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ip_protocol | IPv4 vs IPv6 packet type Type of IP packet that should be matched while enforcing the rule. The value is set to IPV4_IPV6 for Layer3 rule if not specified. For Layer2/Ether rule the value must be null. |
string | Enum: IPV4, IPV6, IPV4_IPV6 |
| is_default | Default rule flag A flag to indicate whether rule is a default rule. |
boolean | Readonly |
| logged | Enable logging flag Flag to enable packet logging. Default is disabled. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| notes | Text for additional notes on changes Text for additional notes on changes. |
string | Maximum length: 2048 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| profiles | Layer 7 service profiles or TLS action profile Holds the list of layer 7 service profile paths. These profiles accept attributes and sub-attributes of various network services (e.g. L4 AppId, encryption algorithm, domain name, etc) as key value pairs. Instead of Layer 7 service profiles you can use a L7 access profile. One of either Layer 7 service profiles or L7 Access Profile can be used in firewall rule. In case of L7 access profile only one is allowed. |
array of string | Maximum items: 128 |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value RedirectionRule | string | |
| rule_id | Unique rule ID This is a unique 4 byte positive number that is assigned by the system. This rule id is passed all the way down to the data path. The first 1GB (1000 to 2^30) will be shared by GM and LM with zebra style striped number space. For E.g 1000 to (1Million -1) by LM, (1M - 2M-1) by GM and so on. |
integer | Readonly |
| scope | The list of policy paths where the rule is applied
LR/Edge/T0/T1/LRP etc. Note that a given rule can be applied on multiple LRs/LRPs. |
array of string | Maximum items: 128 |
| sequence_number | Sequence number of the this Rule This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple rules with the same sequence number then their order is not deterministic. If a specific order of rules is desired, then one has to specify unique sequence numbers or use the POST request on the rule entity with a query parameter action=revise to let the framework assign a sequence number |
int | Minimum: 0 |
| service_entries | Raw services In order to specify raw services this can be used, along with services which contains path to services. This can be empty or null. |
array of ServiceEntry (Abstract type: pass one of the following concrete types) ALGTypeServiceEntry EtherTypeServiceEntry ICMPTypeServiceEntry IGMPTypeServiceEntry IPProtocolServiceEntry L4PortSetServiceEntry NestedServiceServiceEntry |
Maximum items: 128 |
| services | Names of services In order to specify all services, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the services array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| source_groups | Source group paths We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| sources_excluded | Negation of source groups If set to true, the rule gets applied on all the groups that are NOT part of the source groups. If false, the rule applies to the source groups |
boolean | Default: "False" |
| tag | Tag applied on the rule User level field which will be printed in CLI and packet logs. Even though there is no limitation on length of a tag, internally tag will get truncated after 32 characters. |
string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
RegTokenQuery (schema)
Registration token
| Name | Description | Type | Notes |
|---|---|---|---|
| token | Registration token Get roles from registration token |
string | Required |
RegistrationToken (schema)
Appliance registration access token
| Name | Description | Type | Notes |
|---|---|---|---|
| roles | List results | array of string | Required |
| token | Access token | string | Required |
| user | User delegated by token | string |
RelatedApiError (schema)
Detailed information about a related API error
| Name | Description | Type | Notes |
|---|---|---|---|
| details | Further details about the error | string | |
| error_code | A numeric error code | integer | |
| error_data | Additional data about the error | object | |
| error_message | A description of the error | string | |
| module_name | The module name where the error occurred | string |
RelatedAttribute (schema)
Related attribute details.
Related attribute on the target resource for conditional constraints based
on related attribute value.
Example - destinationGroups/service/action is related attribute of
sourceGroups in communcation entry.
| Name | Description | Type | Notes |
|---|---|---|---|
| attribute | Related attribute name on the target entity. | string | Required |
RelatedAttributeConditionalExpression (schema)
Represents the leaf level type expression to express constraint as
value of realted attribute to the target. Uses
ConditionalValueConstraintExpression to constrain the target value
based on the related attribute value on the same resource.
Represents the leaf level type expression to express constraint as
value of realted attribute to the target.
Example - Constraint traget attribute 'X' (example in Constraint),
if destinationGroups contains 'vCeneter' then allow only values
"HTTPS", "HTTP" for attribute X.
{
"target":{
"target_resource_type":"CommunicationEntry",
"attribute":"services",
"path_prefix": "/infra/domains/{{DOMAIN}}/edge-communication-maps/default/communication-entries/"
},
"constraint_expression": {
"resource_type": "RelatedAttributeConditionalExpression",
"related_attribute":{
"attribute":"destinationGroups"
},
"condition" : {
"operator":"INCLUDES",
"rhs_value": ["/infra/domains/mgw/groups/VCENTER"],
"value_constraint": {
"resource_type": "ValueConstraintExpression",
"operator":"INCLUDES",
"values":["/infra/services/HTTP", "/infra/services/HTTPS"]
}
}
}
}
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| condition | Conditiona value constraint expression. Conditional value expression for target based on realted attribute value. |
ConditionalValueConstraintExpression | Required |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| related_attribute | Related attribute. | RelatedAttribute | Required |
| resource_type | Must be set to the value RelatedAttributeConditionalExpression | string | Required Enum: ValueConstraintExpression, RelatedAttributeConditionalExpression, EntityInstanceCountConstraintExpression, FieldSanityConstraintExpression |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
RemainingSupportBundleNode (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| node_display_name | Display name of node | string | Required Readonly |
| node_id | UUID of node | string | Required Readonly |
| node_ip | IPv4 address of node | string | Required Readonly |
| node_ipv6 | IPv6 address of node | string | Required Readonly |
| status | Status of node | string | Required Readonly Enum: PENDING, PROCESSING |
RemoteFileServer (schema)
Remote file server
| Name | Description | Type | Notes |
|---|---|---|---|
| directory_path | Remote server directory to copy bundle files to | string | Required Pattern: "^\/[\w\-.\+~\/]+$" |
| port | Server port | integer | Minimum: 1 Maximum: 65535 Default: "22" |
| protocol | Protocol to use to copy file | FileTransferProtocol | Required |
| server | Remote server hostname or IP address | string | Required Format: hostname-or-ip |
RemoteServerFingerprint (schema)
Remote server
| Name | Description | Type | Notes |
|---|---|---|---|
| port | Server port | integer | Minimum: 1 Maximum: 65535 Default: "22" |
| server | Remote server hostname or IP address | string | Required Format: hostname-or-ip |
| ssh_fingerprint | SSH fingerprint of server | string | Required |
RemoteServerFingerprintRequest (schema)
Remote server
| Name | Description | Type | Notes |
|---|---|---|---|
| port | Server port | integer | Minimum: 1 Maximum: 65535 Default: "22" |
| server | Remote server hostname or IP address | string | Required Format: hostname-or-ip |
RemoteSiteCompatibilityInfo (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| is_compatible | are the 2 sites compatible | boolean | |
| local_site | local site compatibility | SiteCompatibilityInfo | |
| remote_site | remote site compatibility | SiteCompatibilityInfo |
RemoteSiteCredential (schema)
Credential of remote site
Contains the information needed to communicate with another site.
| Name | Description | Type | Notes |
|---|---|---|---|
| address | Address of the site (IPv4:port) | string | Required |
| password | Password of the site | string | Required |
| thumbprint | Sha256 thumbprint of API certificate of the remote site | string | Required |
| username | Username of the site | string | Required |
RenderConfiguration (schema)
Render Configuration
Render configuration to be applied to the widget.
| Name | Description | Type | Notes |
|---|---|---|---|
| color | Color of the entity The color to use when rendering an entity. For example, set color as 'RED' to render a portion of donut in red. |
string | |
| condition | Expression for evaluating condition If the condition is met then the rendering specified for the condition will be applied. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API. |
string | Maximum length: 1024 |
| display_value | Overridden value to display, if any If specified, overrides the field value. This can be used to display a meaningful value in situations where field value is not available or not configured. |
string | Maximum length: 255 |
| icons | Icons Icons to be applied at dashboard for widgets and UI elements. |
array of Icon | Minimum items: 0 |
| tooltip | Multi-line tooltip Multi-line text to be shown on tooltip while hovering over the UI element if the condition is met. |
array of Tooltip | Minimum items: 0 |
ReorderRequest (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| id | id of the upgrade unit group/upgrade unit before/after which the upgrade unit group/upgrade unit is to be placed | string | Required |
| is_before | flag indicating whether the upgrade unit group/upgrade unit is to be placed before or after the specified upgrade unit group/upgrade unit | boolean | Default: "True" |
RepoSyncStatusReport (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| failure_code | Error code for failure In case of repo sync related failure, the code for the error will be stored here. |
integer | |
| failure_message | Error message for failure In case if repo sync fails due to some issue, an error message will be stored here. |
string | |
| status | Repository Synchronization Status Status of the repo sync operation on the single nsx-manager |
string | Required Enum: NOT_STARTED, IN_PROGRESS, FAILED, SUCCESS |
| status_message | Status message Describes the steps which repo sync operation is performing currently. |
string |
ResetNodeUserOwnPasswordProperties (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| old_password | The old password of the user If the old_password is not given, a 400 BAD REQUEST is returned with an error message. |
string | Required |
| password | The new password for user | string | Required |
ResetStatsRequestParameters (schema)
Reset Statistics Request Parameters
Request parameters that represents an enforcement point path and category.
A request on statistics can be parameterized with this enforcement point
path and will be evaluated as follows:
- no enforcement point path specified: the request is evaluated on all enforcement
points.
- {enforcement_point_path}: the request is evaluated only on the given enforcement
point.
| Name | Description | Type | Notes |
|---|---|---|---|
| category | Aggregation statistic category Aggregation statistic category to perform reset operation. |
string | Required Enum: DFW, EDGE |
| container_cluster_path | String Path of the Container Cluster entity Path to the container cluster entity where the request will be executed. |
string | |
| enforcement_point_path | String Path of the enforcement point enforcement point path, forward slashes must be escaped using %2F. |
string |
Resource (schema)
Base class for resources
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
ResourceFieldPointer (schema)
Resource Field Pointer
Resource Field Pointer representing the exact value within a policy object.
| Name | Description | Type | Notes |
|---|---|---|---|
| field_pointer | Field Pointer Field Pointer referencing the exact field within the policy object. |
string | Required |
| path | Resource Path Policy Path referencing a policy object. If not supplied, the field pointer will be applied to the event source. |
string |
ResourceInfo (schema)
Represents resources information
It represents the resource information which could identify resource.
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_ids | Resource identifiers It will represent resource identifiers. For example, policy objects will be represented with paths and virtual machine will be represented with external ids. |
array of string | Required |
| resource_type | Resource type It will represent resource type on which tag bulk operation to be performed. Supported resource type is VirtualMachine. |
string | Required |
ResourceInfoListResult (schema)
Collection of resource info objects
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Resource info list results | array of PolicyFineTuningResourceInfo | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ResourceInfoSearchParameters (schema) (Experimental)
Represents search object that provides additional search capabilities
This object presents additional search capabilities over any API through free text query string. e.g. type="FirewallRuleDto".
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string | |
| type | Type query | string |
ResourceLink (schema)
A link to a related resource
| Name | Description | Type | Notes |
|---|---|---|---|
| action | Optional action | string | Readonly |
| href | Link to resource | string | Required Readonly |
| rel | Link relation type Custom relation type (follows RFC 5988 where appropriate definitions exist) |
string | Required Readonly |
ResourceObject (schema)
Policy resource object for sharing
A ResourceObject contains the path and properties of the resource that needs to be shared.
| Name | Description | Type | Notes |
|---|---|---|---|
| include_children | Denotes if the children of the shared path are also shared Whether the children of the shared resource_path are shared (true) or just the entity represented by the path is shared (false). The default value is false. |
boolean | Default: "False" |
| resource_path | Path of the resource to be shared Represents the path of the resource to be shared. The entity represented by this shared resources is shared with all the Orgs or Projects contexts that the Share container references. |
string | Required |
ResourceOperation (schema)
Resource Operation
Resource Operation is an Event Source that represents a resource that
is being changed at very specific points of time, with regard to
its interaction with dao layer.
| Name | Description | Type | Notes |
|---|---|---|---|
| operation_types | Operation Types Operation types. |
array of ResourceOperationType | Required Minimum items: 1 |
| resource_pointer | Resource Pointer Regex path representing a regex expression on resources. This regex is used to identify the object(s) that is/are the source of the Event. For instance: specifying "Lb* | /infra/tier-0s/vmc/ipsec-vpn-services/default" as a source means that ANY resource starting with Lb or ANY resource with "/infra/tier-0s/vmc/ipsec-vpn-services/default" as path would be the source of the event in question. |
string | Required |
| resource_type | Must be set to the value ResourceOperation | string | Required Enum: ResourceOperation, ApiRequestBody |
ResourceOperationType (schema)
Resource Operation Type
Resource Operation Type represents a change in state of a resource with
regard to the interaction with DAO layer:
POST_CREATE: post-create change event.
POST_UPDATE: post-update change event.
PRE_DELETE: pre-delete change event.
| Name | Description | Type | Notes |
|---|---|---|---|
| ResourceOperationType | Resource Operation Type Resource Operation Type represents a change in state of a resource with regard to the interaction with DAO layer: POST_CREATE: post-create change event. POST_UPDATE: post-update change event. PRE_DELETE: pre-delete change event. |
string | Enum: POST_CREATE, POST_UPDATE, PRE_DELETE |
ResourceReference (schema)
A weak reference to an NSX resource.
| Name | Description | Type | Notes |
|---|---|---|---|
| is_valid | Target validity Will be set to false if the referenced NSX resource has been deleted. |
boolean | Readonly |
| target_display_name | Target display name Display name of the NSX resource. |
string | Readonly Maximum length: 255 |
| target_id | Target ID Identifier of the NSX resource. |
string | Maximum length: 64 |
| target_type | Target type Type of the NSX resource. |
string | Maximum length: 255 |
ResourceSummaryDetail (schema)
Resource Summary Detail
Resource summary details represents list of resources for given resource
type with its total count.
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_count | Resource count Total resource count |
integer | Required Readonly |
| resource_list | Resource List List of homogenous resources of resource type. |
array of OnboardingAttribute | Readonly Maximum items: 100 |
| resource_type | Policy Resource Type Policy resource entity type, for example: CommunicationMap, Group etc. |
string | Required Readonly |
ResourceTagStatus (schema)
Tag operation status for a resource
It represents tag operation status for a resource and details of the failure if any.
| Name | Description | Type | Notes |
|---|---|---|---|
| details | Details about the error if any | string | |
| resource_display_name | Resource display name | string | |
| resource_id | Resource id | string | Required |
| tag_status | Status of tag apply or remove operation | string | Required Enum: Success, Error |
ResourceTypeTagStatus (schema)
Tag operation status for particular resource type and resource ids.
Tag operation status for particular resource type and resource ids.
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_tag_status | List of resources on which tag needs to be applied List of resources on which tag needs to be applied. |
array of ResourceTagStatus | |
| resource_type | Resource type | string | Required |
RestoreStep (schema)
Restore step info
| Name | Description | Type | Notes |
|---|---|---|---|
| description | Restore step description | string | Required Readonly |
| status | PerStepRestoreStatus | ||
| step_number | Restore step number | integer | Required Readonly |
| value | Restore step value | string | Required Readonly |
RevisionedResource (schema)
A base class for types that track revisions
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
Role (schema)
Role
| Name | Description | Type | Notes |
|---|---|---|---|
| role | Role identifier Short identifier for the role. Must be all lower case with no spaces. |
string | Required Pattern: "^[_a-z0-9-]+$" |
| role_display_name | Display name for role A short, human-friendly display name of the role. |
string |
RoleAssignmentPermissionConfig (schema)
Role Assignment Permission config.
Configuration that controls whether project admins and VPC admins can do role assignment to other users.
| Name | Description | Type | Notes |
|---|---|---|---|
| allow_role_assignment | Specifies whether user with this role is allowed to assign roles to other users. | boolean |
RoleBinding (schema)
User/Group's role binding
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| identity_source_id | ID of the external identity source The ID of the external identity source that holds the referenced external entity. Currently, only external LDAP and OIDC servers are allowed. |
string | |
| identity_source_type | Identity source type | string | Enum: VIDM, LDAP, OIDC, CSP Default: "VIDM" |
| name | User/Group's name | string | Required Readonly |
| read_roles_for_paths | Read from roles_for_paths instead of roles Set this property to true to cause the user's role definition to be read from the roles_for_paths property. Set it to false to cause the user's role definition to be read from the roles property. |
boolean | |
| resource_type | Must be set to the value RoleBinding | string | |
| roles | Roles | array of Role | Deprecated Readonly |
| roles_for_paths | Roles for Paths The roles that are associated with the user, limiting them to a path. In case the path is '/', the roles apply everywhere i.e. it is same as the deprecated property roles. |
array of RolesForPath | |
| stale | Stale in vIDM Property 'stale' can be considered to have these values - absent - This type of rolebinding does not support stale property TRUE - Rolebinding is stale in vIDM meaning the user is no longer present in vIDM FALSE - Rolebinding is available in vIDM UNKNOWN - Rolebinding's state of staleness in unknown Once rolebindings become stale, they can be deleted using the API POST /aaa/role-bindings?action=delete_stale_bindings |
string | Readonly Enum: TRUE, FALSE, UNKNOWN |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| type | Type | string | Required Readonly Enum: remote_user, remote_group, local_user, principal_identity |
| user_id | Local user's numeric id Local user's numeric id on the system. |
string | Readonly |
RoleBindingListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | List results | array of RoleBinding | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
RoleBindingRequestParameters (schema)
Parameters to filter list of role bindings.
Pagination and Filtering parameters to get only a subset of users/groups.
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| identity_source_id | Identity source ID If provided, only return role bindings for the given identity source. Currently only supported for LDAP and OIDC identity source types. |
string | |
| identity_source_type | Identity source type | string | Enum: VIDM, LDAP, OIDC |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| name | User/Group name | string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| path | Exact path of the context | string | |
| role | Role ID | string | |
| root_path | Prefix path of the context | string | |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string | |
| type | Type | string | Enum: remote_user, remote_group, local_user, principal_identity |
RoleListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | List results | array of Role | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
RoleWithFeatures (schema)
Role
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| features | Features | array of FeaturePermission | Required |
| id | Unique identifier of this resource | string | Sortable |
| resource_type | Must be set to the value RoleWithFeatures | string | |
| role | Role identifier Short identifier for the role. Must be all lower case with no spaces. |
string | Required Readonly Pattern: "^[_a-z0-9-]+$" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
RoleWithFeaturesListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | List results | array of RoleWithFeatures | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
RolesForPath (schema)
Roles for path
The roles that are limited only to the path specified. In case the path is null, the roles apply everywhere.
| Name | Description | Type | Notes |
|---|---|---|---|
| delete_path | Flag to delete the path in role-binding update operation. Flag to delete the path in role-binding update operation. If false then path will not be deleted while updating the role-binding. If true then path will be deleted while updating the role-binding. Please note: This flag will be used only in role-binding PUT api. |
boolean | Default: "False" |
| path | Path Path of the entity in parent hierarchy. |
string | Required |
| roles | Roles Applicable roles. |
array of Role | Required |
RolesListRequestParameters (schema)
Roles list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| scope | List only the roles which are applicable for this scope. | string | Enum: ROOT, ORG, PROJECT, VPC |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
RouteAdvertisementRule (schema)
Route advertisement rules and filtering
| Name | Description | Type | Notes |
|---|---|---|---|
| action | Action to advertise routes Action to advertise filtered routes to the connected Tier0 gateway. PERMIT: Enables the advertisment DENY: Disables the advertisement |
string | Required Enum: PERMIT, DENY Default: "PERMIT" |
| name | Display name for rule Display name should be unique. |
string | Required |
| prefix_operator | Prefix operator to match subnets Prefix operator to filter subnets. GE prefix operator filters all the routes with prefix length greater than or equal to the subnets configured. EQ prefix operator filter all the routes with prefix length equal to the subnets configured. |
string | Enum: GE, EQ Default: "GE" |
| route_advertisement_types | Enable different types of route advertisements Enable different types of route advertisements. When not specified, routes to IPSec VPN local-endpoint subnets (TIER1_IPSEC_LOCAL_ENDPOINT) are automatically advertised. |
array of Tier1RouteAdvertisentTypes | |
| subnets | Network CIDRs Network CIDRs to be routed. |
array of string |
RouteAggregationEntry (schema)
List of routes to be aggregated
| Name | Description | Type | Notes |
|---|---|---|---|
| prefix | CIDR of aggregate address CIDR of aggregate address |
string | Required Format: ip-cidr-block |
| summary_only | Send only summarized route Send only summarized route. Summarization reduces number of routes advertised by representing multiple related routes with prefix property. |
boolean | Default: "True" |
RouteBasedIPSecVpnSession (schema)
Route based VPN session
A Route Based VPN is more flexible, more powerful and recommended over policy based VPN. IP Tunnel port is created and all traffic routed via tunnel port is protected. Routes can be configured statically or can be learned through BGP. A route based VPN is must for establishing redundant VPN session to remote site.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| authentication_mode | Authentication Mode Peer authentication mode. PSK - In this mode a secret key shared between local and peer sites is to be used for authentication. The secret key can be a string with a maximum length of 128 characters. CERTIFICATE - In this mode a certificate defined at the global level is to be used for authentication. |
string | Enum: PSK, CERTIFICATE Default: "PSK" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| compliance_suite | Compliance suite Compliance suite. |
string | Enum: CNSA, SUITE_B_GCM_128, SUITE_B_GCM_256, PRIME, FOUNDATION, FIPS, NONE |
| connection_initiation_mode | Connection initiation mode Connection initiation mode used by local endpoint to establish ike connection with peer site. INITIATOR - In this mode local endpoint initiates tunnel setup and will also respond to incoming tunnel setup requests from peer gateway. RESPOND_ONLY - In this mode, local endpoint shall only respond to incoming tunnel setup requests. It shall not initiate the tunnel setup. ON_DEMAND - In this mode local endpoint will initiate tunnel creation once first packet matching the policy rule is received and will also respond to incoming initiation request. |
string | Enum: INITIATOR, RESPOND_ONLY, ON_DEMAND Default: "INITIATOR" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| dpd_profile_path | Dead peer detection (DPD) profile path Policy path referencing Dead Peer Detection (DPD) profile. Default is set to system default profile. |
string | |
| enabled | Enable/Disable IPSec VPN session Enable/Disable IPSec VPN session. |
boolean | Default: "True" |
| force_whitelisting | Flag to add default whitelisting Gateway Policy rule for the VTI interface. If true the default firewall rule Action is set to DROP, otherwise set to ALLOW. This field is deprecated and recommended to change Rule action field. Note that this field is not synchornied with default rule field. |
boolean | Deprecated Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| ike_profile_path | Internet key exchange (IKE) profile path Policy path referencing IKE profile to be used. Default is set according to system default profile. |
string | |
| local_endpoint_path | Local endpoint path Policy path referencing Local endpoint. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided. |
string | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| peer_address | IPV4 or IPV6 address of peer endpoint on remote site Public IPV4 or IPV6 address of the remote device terminating the VPN connection. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided. Please note that configuring peer_address as IPv6 address is not supported in the deprecated IPSecVpnSession Patch/PUT APIs. |
IPAddress | |
| peer_id | Peer id Peer ID to uniquely identify the peer site. The peer ID is the public IP address of the remote device terminating the VPN tunnel. When NAT is configured for the peer, enter the private IP address of the peer. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided. |
string | |
| psk | Pre-shared key IPSec Pre-shared key. Maximum length of this field is 128 characters. |
secure_string | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value RouteBasedIPSecVpnSession | IPSecVpnSessionResourceType | Required |
| site_overrides | SiteOverride list A collection of site specific attributes specificed only on GM |
array of SiteOverride | Maximum items: 128 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_mss_clamping | TCP MSS Clamping TCP Maximum Segment Size Clamping Direction and Value. |
TcpMaximumSegmentSizeClamping | |
| tunnel_interfaces | IP Tunnel interfaces IP Tunnel interfaces. This property is mandatory on LM. It is required on GM only in case of site_overrides property not provided. |
array of IPSecVpnTunnelInterface | Minimum items: 1 Maximum items: 1 |
| tunnel_profile_path | IPSec tunnel profile path Policy path referencing Tunnel profile to be used. Default is set to system default profile. |
string | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
RouteBasedL3VpnSession (schema) (Deprecated)
Route based L3Vpn Session
A Route Based L3Vpn is more flexible, more powerful and recommended over policy based.
IP Tunnel subnet is created and all traffic routed through tunnel subnet is sent over
tunnel. Routes can be learned through BGP. A route based L3Vpn is required when using
redundant L3Vpn.
| Name | Description | Type | Notes |
|---|---|---|---|
| default_rule_logging | Enable logging for whitelisted rule for the VTI interface Indicates if logging should be enabled for the default whitelisting rule for the VTI interface. |
boolean | Default: "False" |
| force_whitelisting | Flag to add default whitelisting FW rule for the VTI interface. The default firewall rule Action is set to DROP if true otherwise set to ALLOW. |
boolean | Default: "False" |
| resource_type | Must be set to the value RouteBasedL3VpnSession | L3VpnSessionResourceType | Required |
| routing_config_path | Routing configuration policy path This is a deprecated field. Any specified value is not saved and will be ignored. |
string | Deprecated |
| tunnel_subnets | Virtual Tunnel Interface (VTI) IP subnets Virtual tunnel interface (VTI) port IP subnets to be used to configure route-based L3Vpn session. A max of one tunnel subnet is allowed. |
array of TunnelSubnet | Required Minimum items: 1 Maximum items: 1 |
RouteDetails (schema)
BGP route details
BGP route details.
| Name | Description | Type | Notes |
|---|---|---|---|
| as_path | AS path BGP AS path attribute. |
string | Readonly |
| local_pref | Local preference BGP Local Preference attribute. |
integer | Readonly |
| med | Multi Exit Discriminator BGP Multi Exit Discriminator attribute. |
integer | Readonly |
| network | CIDR network address CIDR network address. |
IPCIDRBlock | Required Readonly |
| next_hop | Next hop IP address Next hop IP address. |
IPAddress | Readonly |
| weight | Weight BGP Weight attribute. |
integer | Readonly |
RouteMapEntry (schema)
Route map entry
| Name | Description | Type | Notes |
|---|---|---|---|
| action | Action for the route map entry Action for the route map entry |
string | Required Enum: PERMIT, DENY |
| community_list_matches | Community list match criteria Community list match criteria for route map. Properties community_list_matches and prefix_list_matches are mutually exclusive and cannot be used in the same route map entry. |
array of CommunityMatchCriteria | |
| prefix_list_matches | Prefix list match criteria Prefix list match criteria for route map. Properties community_list_matches and prefix_list_matches are mutually exclusive and cannot be used in the same route map entry. |
array of string | Maximum items: 500 |
| set | Set criteria for route map entry Set criteria for route map entry |
RouteMapEntrySet |
RouteMapEntrySet (schema)
Set criteria for route map entry
| Name | Description | Type | Notes |
|---|---|---|---|
| as_path_prepend | AS path prepend to influence route selection AS path prepend to influence route selection. |
string | |
| community | Set BGP community Set BGP regular or large community for matching routes. A maximum of one value for each community type separated by space. Well-known community name, community value in aa:nn (2byte:2byte) format for regular community and community value in aa:bb:nn (4byte:4byte:4byte) format for large community are supported. |
string | |
| local_preference | Local preference to set for matching BGP routes Local preference indicates the degree of preference for one BGP route over other BGP routes. The path with highest local preference is preferred. |
integer | Maximum: 4294967295 Default: "100" |
| med | Multi exit descriminator Multi exit descriminator (MED) is a hint to BGP neighbors about the preferred path into an autonomous system (AS) that has multiple entry points. A lower MED value is preferred over a higher value. |
int | Minimum: 0 Maximum: 4294967295 |
| prefer_global_v6_next_hop | Prefer global v6 next hop over local next hop For incoming and import route_maps on receiving both v6 global and v6 link-local address for the route, prefer to use the global address as the next hop. By default, it prefers the link-local next hop. |
boolean | |
| weight | Weight used to select certain path Weight is used to select a route when multiple routes are available to the same network. Route with the highest weight is preferred. |
int | Minimum: 0 Maximum: 65535 |
RouterLinkRuntimeRequestParameters (schema)
Router link runtime status request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| edge_path | Policy path of edge node Policy path of edge node. Edge should be member of enforcement point. It is mandantory for router link interface statistics and ARP-table APIs. |
string | |
| enforcement_point_path | String Path of the enforcement point Enforcement point path. |
string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string | |
| tier1_path | Policy path of tier1 Policy path of tier1. |
string | Required |
RouterNexthop (schema)
Next hop configuration for network
| Name | Description | Type | Notes |
|---|---|---|---|
| admin_distance | Cost associated with next hop route Cost associated with next hop route |
int | Minimum: 1 Maximum: 255 Default: "1" |
| ip_address | Next hop gateway IP address Next hop gateway IP address |
IPAddress | |
| scope | Interface path associated with current route Interface path associated with current route. For example: specify a policy path referencing the IPSec VPN Session. |
array of string | Minimum items: 1 |
RoutesPerTransportNode (schema)
Routes per transport node
BGP routes per transport node.
| Name | Description | Type | Notes |
|---|---|---|---|
| routes | BGP neighbor route details Array of BGP neighbor route details for this transport node. |
array of RouteDetails | Readonly |
| source_address | BGP neighbor source address BGP neighbor source address. |
IPAddress | Readonly |
| transport_node_id | Transport node id | string | Required Readonly |
RoutesRequestParameters (schema)
Routes request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| edge_id | UUID of edge node UUID of edge node. Edge should be member of enforcement point. |
string | |
| edge_path | Policy path of edge node Policy path of edge node. Edge should be member of enforcement point. |
string | |
| enforcement_point_path | Enforcement point path String Path of the enforcement point. When not specified, routes from all enforcement-points are returned. This property is required for retrieving routes in CSV format. |
string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| network_prefix | Network address filter parameter IPAddress or CIDR network address to filter entries in the table. |
IPAddressOrCIDRBlock | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| route_source | Filter routes based on the source from which route is learned Filter routes based on the source from which route is learned. |
string | Enum: BGP, STATIC, CONNECTED, OSPF |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
RoutingEntry (schema)
Routing table entry
Routing table entry.
| Name | Description | Type | Notes |
|---|---|---|---|
| admin_distance | Admin distance Admin distance. |
int | Readonly |
| interface | The policy path of the interface which is used as the next hop | string | |
| lr_component_id | Logical router component(Service Router/Distributed Router) id | string | |
| lr_component_type | Logical router component(Service Router/Distributed Router) type | string | |
| network | Network CIDR Network CIDR. |
string | Readonly |
| next_hop | Next hop address Next hop address. |
IPAddress | Readonly |
| next_hop_gateway | Next hop gateway path | string | |
| route_type | Route type (USER, CONNECTED, NSX_INTERNAL,..) Route type in routing table. t0c - Tier-0 Connected t0s - Tier-0 Static b - BGP t0n - Tier-0 NAT t1s - Tier-1 Static t1c - Tier-1 Connected t1n: Tier-1 NAT t1l: Tier-1 LB VIP t1ls: Tier-1 LB SNAT t1d: Tier-1 DNS FORWARDER t1ipsec: Tier-1 IPSec isr: Inter-SR |
string | Readonly |
RoutingTable (schema)
Routing table
Routing table.
| Name | Description | Type | Notes |
|---|---|---|---|
| count | Entry count Entry count. |
int | Readonly |
| edge_node | Transport node ID Transport node ID. |
string | Readonly |
| error_message | Routing table fetch error. Routing table fetch error message, populated only if status if failure. |
string | Readonly |
| route_entries | Route entries Route entries. |
array of RoutingEntry | Required |
| status | Routing table fetch status. Routing table fetch status from Transport node. |
string | Readonly Enum: SUCCESS, FAILURE, NOT_FOUND |
RoutingTableListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paged Collection of Routes per transport node ID Paged Collection of Routes per transport node ID. |
array of RoutingTable | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
RowListField (schema)
List of fields from which rows are formed
Root of the api result set for forming rows.
| Name | Description | Type | Notes |
|---|---|---|---|
| alias | Alias Name Short name or alias of row list field, if any. If unspecified, the row list field can be referenced by its index in the array of row list fields as $ |
string | Maximum length: 255 |
| path | JSON path JSON path to the root of the api result set for forming rows. |
string | Required Maximum length: 1024 |
RpAddressMulticastRanges (schema)
Static IPv4 multicast address and assciated multicast group ranges
Static IPv4 multicast address and assciated multicast group ranges.
| Name | Description | Type | Notes |
|---|---|---|---|
| multicast_ranges | Assciated multicast group ranges configuration Assciated multicast group ranges configuration. |
array of IPCIDRBlock | |
| rp_address | Static IPv4 multicast address configuration Static IPv4 multicast address configuration. |
IPAddress | Required |
Rule (schema)
A rule specifies the security policy rule between the workload groups
A rule indicates the action to be performed for various types of traffic flowing between workload groups.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| action | Action The action to be applied to all the services The JUMP_TO_APPLICATION action is only supported for rules created in the Environment category. Once a match is hit then the rule processing will jump to the rules present in the Application category, skipping all further rules in the Environment category. If no rules match in the Application category then the default application rule will be hit. This is applicable only for DFW. |
string | Enum: ALLOW, DROP, REJECT, JUMP_TO_APPLICATION |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| destination_groups | Destination group paths We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| destinations_excluded | Negation of destination groups If set to true, the rule gets applied on all the groups that are NOT part of the destination groups. If false, the rule applies to the destination groups |
boolean | Default: "False" |
| direction | Direction Define direction of traffic. |
string | Enum: IN, OUT, IN_OUT Default: "IN_OUT" |
| disabled | Flag to disable the rule Flag to disable the rule. Default is enabled. |
boolean | Default: "False" |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ip_protocol | IPv4 vs IPv6 packet type Type of IP packet that should be matched while enforcing the rule. The value is set to IPV4_IPV6 for Layer3 rule if not specified. For Layer2/Ether rule the value must be null. |
string | Enum: IPV4, IPV6, IPV4_IPV6 |
| is_default | Default rule flag A flag to indicate whether rule is a default rule. |
boolean | Readonly |
| logged | Enable logging flag Flag to enable packet logging. Default is disabled. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| notes | Text for additional notes on changes Text for additional notes on changes. |
string | Maximum length: 2048 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| profiles | Layer 7 service profiles or TLS action profile Holds the list of layer 7 service profile paths. These profiles accept attributes and sub-attributes of various network services (e.g. L4 AppId, encryption algorithm, domain name, etc) as key value pairs. Instead of Layer 7 service profiles you can use a L7 access profile. One of either Layer 7 service profiles or L7 Access Profile can be used in firewall rule. In case of L7 access profile only one is allowed. |
array of string | Maximum items: 128 |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value Rule | string | |
| rule_id | Unique rule ID This is a unique 4 byte positive number that is assigned by the system. This rule id is passed all the way down to the data path. The first 1GB (1000 to 2^30) will be shared by GM and LM with zebra style striped number space. For E.g 1000 to (1Million -1) by LM, (1M - 2M-1) by GM and so on. |
integer | Readonly |
| scope | The list of policy paths where the rule is applied
LR/Edge/T0/T1/LRP etc. Note that a given rule can be applied on multiple LRs/LRPs. |
array of string | Maximum items: 128 |
| sequence_number | Sequence number of the this Rule This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple rules with the same sequence number then their order is not deterministic. If a specific order of rules is desired, then one has to specify unique sequence numbers or use the POST request on the rule entity with a query parameter action=revise to let the framework assign a sequence number |
int | Minimum: 0 |
| service_entries | Raw services In order to specify raw services this can be used, along with services which contains path to services. This can be empty or null. |
array of ServiceEntry (Abstract type: pass one of the following concrete types) ALGTypeServiceEntry EtherTypeServiceEntry ICMPTypeServiceEntry IGMPTypeServiceEntry IPProtocolServiceEntry L4PortSetServiceEntry NestedServiceServiceEntry |
Maximum items: 128 |
| services | Names of services In order to specify all services, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the services array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| source_groups | Source group paths We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| sources_excluded | Negation of source groups If set to true, the rule gets applied on all the groups that are NOT part of the source groups. If false, the rule applies to the source groups |
boolean | Default: "False" |
| tag | Tag applied on the rule User level field which will be printed in CLI and packet logs. Even though there is no limitation on length of a tag, internally tag will get truncated after 32 characters. |
string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
RuleInsertParameters (schema)
Parameters to tell where rule needs to be placed
Parameters to let the admin specify a relative position of a rule w.r.t to
another one in the same security policy. If the rule specified in the
anchor_path belongs to another security policy an error will be thrown.
| Name | Description | Type | Notes |
|---|---|---|---|
| anchor_path | The security policy/rule path if operation is 'insert_after' or 'insert_before' | string | |
| operation | Operation | string | Enum: insert_top, insert_bottom, insert_after, insert_before Default: "insert_top" |
RuleListRequestParameters (schema)
Rule list request parameters
By default, if sort_by is missing, then rules will be sorted based on
sequence_number and then on rule_id as second level sorting criteria.
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
RuleListResult (schema)
Paged Collection of Rules
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Rule list results | array of Rule | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
RuleStatistics (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| byte_count | Bytes count Aggregated number of bytes processed by the rule. |
integer | Readonly |
| hit_count | Hits count Aggregated number of hits received by the rule. |
integer | Readonly |
| internal_rule_id | NSX internal rule id Realized id of the rule on NSX MP. Policy Manager can create more than one rule per policy rule, in which case this identifier helps to distinguish between the multple rules created. |
string | Readonly |
| l7_accept_count | L7 Accept count Aggregated number of L7 Profile Accepted counters received by the rule. |
integer | Readonly |
| l7_reject_count | L7 Reject count Aggregated number of L7 Profile Rejected counters received by the rule. |
integer | Readonly |
| l7_reject_with_response_count | L7 Reject with response count Aggregated number of L7 Profile Rejected with Response counters received by the rule. |
integer | Readonly |
| lr_path | Logical Router (Tier-0/Tier1) path Path of the LR on which the section is applied in case of Edge FW. |
string | Readonly |
| max_popularity_index | The maximum popularity index Maximum value of popularity index of all rules of the type. This is aggregated statistic which are computed with lower frequency compared to individual generic rule statistics. It may have a computation delay up to 15 minutes in response to this API. |
integer | Readonly |
| max_session_count | Maximum Sessions count Maximum value of sessions count of all rules of the type. This is aggregated statistic which are computed with lower frequency compared to generic rule statistics. It may have a computation delay up to 15 minutes in response to this API. |
integer | Readonly |
| packet_count | Packets count Aggregated number of packets processed by the rule. |
integer | Readonly |
| popularity_index | The index of the popularity of rule This is calculated by sessions count divided by age of the rule. |
integer | Readonly |
| rule | Rule path Path of the rule. |
string | Readonly |
| session_count | sessions count Aggregated number of sessions processed by the rule. |
integer | Readonly |
| total_session_count | Total Sessions count Aggregated number of sessions processed by all the rules This is aggregated statistic which are computed with lower frequency compared to individual generic rule statistics. It may have a computation delay up to 15 minutes in response to this API. |
integer | Readonly |
RuleStatisticsForEnforcementPoint (schema)
Rule statistics for an enforcement point
Rule statistics for a specfic enforcement point.
| Name | Description | Type | Notes |
|---|---|---|---|
| container_cluster_path | Cluster container path Rule statistics for a single container cluster |
string | Readonly |
| enforcement_point | Enforcement point path Rule statistics for a single enforcement point |
string | Readonly |
| statistics | Rule Statistics Statistics for the specified enforcement point |
RuleStatistics | Readonly |
RuleStatisticsListResult (schema)
Paged Collection of rule statistics
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | RuleStatistics list results | array of RuleStatisticsForEnforcementPoint | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
RuntimeState (schema)
Runtime State
Runtime State.
| Name | Description | Type | Notes |
|---|---|---|---|
| RuntimeState | Runtime State Runtime State. |
string | Enum: UNINITIALIZED, UNKNOWN, UP, DOWN, DEGRADED, SUCCESS, FAILURE, IN_PROGRESS |
ScimSearchListResult (schema)
SCIM search list result
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Search results | array of ScimSearchResult | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ScimSearchRequestParameters (schema)
SCIM search request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| search_string | Search filter
Search for users and groups whose name or login ID begins with the given string. If the string contains any special characters such as ' ' or '/', they must be escaped by replacing the special character with '%XX', where XX is a two-digit hexadecimal number. |
string | Required |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
ScimSearchResult (schema)
SCIM search result
One user or group entry in a list of SCIM search results
| Name | Description | Type | Notes |
|---|---|---|---|
| display_name | User's Full Name Or User Group's Display Name | string | Required Readonly |
| name | User name or group name The unique name of the user or group. |
string | Required Readonly |
| type | Type | string | Required Readonly Enum: remote_user, remote_group |
ScpProtocol (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| authentication_scheme | Scheme to authenticate if required | PasswordAuthenticationScheme | Required |
| name | Must be set to the value ScpProtocol | string | Required Enum: http, https, scp, sftp |
| ssh_fingerprint | SSH fingerprint of server | string | Required |
SearchQueryRequest (schema)
SearchQueryRequest
Search query request.
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| query | Search query The syntax of query is described in Search API documentation. |
string | Required |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
SearchResponse (schema)
SearchResponse
Search response
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Search results List of records matching the search query. |
array of object | Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
SecurityFeature (schema)
T1 Security feature entity with feature details
| Name | Description | Type | Notes |
|---|---|---|---|
| enable | Flag to enable/disable true - enable the feature, false - disable the feture |
boolean | Required Default: "False" |
| feature | SecurityFeaturesSupported | Required |
SecurityFeatureBase (schema)
Security Feature feature entity
| Name | Description | Type | Notes |
|---|---|---|---|
| enable | Flag to enable/disable true - enable the feature, false - disable the feture |
boolean | Required Default: "False" |
SecurityFeatures (schema)
T1 Security features entity with feature details
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| features | array of SecurityFeature | Required | |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value SecurityFeatures | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
SecurityFeaturesSupported (schema)
Collection of T1 supported security features
Feature to be enabled/disabled.
IDPS - Intrusion Detection System
TLS - Transport Layer Security Inspection
MALWAREPREVENTION - Malware Prevention
Use any one of this to enable/disabe it.
| Name | Description | Type | Notes |
|---|---|---|---|
| SecurityFeaturesSupported | Collection of T1 supported security features Feature to be enabled/disabled. IDPS - Intrusion Detection System TLS - Transport Layer Security Inspection MALWAREPREVENTION - Malware Prevention Use any one of this to enable/disabe it. |
string | Readonly Enum: MALWAREPREVENTION, IDFW, IDPS, TLS |
SecurityPolicy (schema)
Contains ordered list of Rules
Ordered list of Rules.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| application_connectivity_strategy | List of Application Connectivity strategy for this SecurityPolicy This field indicates the application connectivity policy for the security policy. |
array of ApplicationConnectivityStrategy | Maximum items: 3 |
| category | A way to classify a security policy, if needed. - Distributed Firewall - Policy framework provides five pre-defined categories for classifying a security policy. They are "Ethernet","Emergency", "Infrastructure" "Environment" and "Application". There is a pre-determined order in which the policy framework manages the priority of these security policies. Ethernet category is for supporting layer 2 firewall rules. The other four categories are applicable for layer 3 rules. Amongst them, the Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a security policy into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four categories. - Edge Firewall - Policy Framework for Edge Firewall provides six pre-defined categories "Emergency", "SystemRules", "SharedPreRules", "LocalGatewayRules", "AutoServiceRules" and "Default", in order of priority of rules. All categories are allowed for Gatetway Policies that belong to 'default' Domain. However, for user created domains, category is restricted to "SharedPreRules" or "LocalGatewayRules" only. Also, the users can add/modify/delete rules from only the "SharedPreRules" and "LocalGatewayRules" categories. If user doesn't specify the category then defaulted to "Rules". System generated category is used by NSX created rules, for example BFD rules. Autoplumbed category used by NSX verticals to autoplumb data path rules. Finally, "Default" category is the placeholder default rules with lowest in the order of priority. |
string | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildRule |
|
| comments | SecurityPolicy lock/unlock comments Comments for security policy lock/unlock. |
string | |
| connectivity_preference | Connectivity preference applicable for this SecurityPolicy This field indicates the default connectivity policy for the security policy. Based on the connectivitiy preference, a default rule for this security policy will be created. An appropriate action will be set on the rule based on the value of the connectivity preference. If NONE is selected or no connectivity preference is specified, then no default rule for the security policy gets created. The default rule that gets created will be a any-any rule and applied to entities specified in the scope of the security policy. Specifying the connectivity_preference without specifying the scope is not allowed. The scope has to be a Group and one cannot specify IPAddress directly in the group that is used as scope. This default rule is only applicable for the Layer3 security policies. ALLOWLIST - Adds a default drop rule. Administrator can then use "allow" rules to allow traffic between groups DENYLIST - Adds a default allow rule. Admin can then use "drop" rules to block traffic between groups ALLOWLIST_ENABLE_LOGGING - Allowlisting with logging enabled DENYLIST_ENABLE_LOGGING - Denylisting with logging enabled NONE - No default rule is created. |
string | Enum: ALLOWLIST, DENYLIST, ALLOWLIST_ENABLE_LOGGING, DENYLIST_ENABLE_LOGGING, NONE |
| connectivity_strategy | Connectivity strategy applicable for this SecurityPolicy This field indicates the default connectivity policy for the security policy. Based on the connectivity strategy, a default rule for this security policy will be created. An appropriate action will be set on the rule based on the value of the connectivity strategy. If NONE is selected or no connectivity strategy is specified, then no default rule for the security policy gets created. The default rule that gets created will be a any-any rule and applied to entities specified in the scope of the security policy. Specifying the connectivity_strategy without specifying the scope is not allowed. The scope has to be a Group and one cannot specify IPAddress directly in the group that is used as scope. This default rule is only applicable for the Layer3 security policies. This property is deprecated. Use the type connectivity_preference instead. WHITELIST - Adds a default drop rule. Administrator can then use "allow" rules (aka whitelist) to allow traffic between groups BLACKLIST - Adds a default allow rule. Admin can then use "drop" rules (aka blacklist) to block traffic between groups WHITELIST_ENABLE_LOGGING - Whitelising with logging enabled BLACKLIST_ENABLE_LOGGING - Blacklisting with logging enabled NONE - No default rule is created. |
string | Deprecated Enum: WHITELIST, BLACKLIST, WHITELIST_ENABLE_LOGGING, BLACKLIST_ENABLE_LOGGING, NONE |
| default_rule_id | Default rule ID associated with the connectivity_preference Based on the value of the connectivity strategy, a default rule is created for the security policy. The rule id is internally assigned by the system for this default rule. |
integer | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| internal_sequence_number | Internal sequence number This field is to indicate the internal sequence number of a policy with respect to the policies across categories. |
int | Readonly |
| is_default | Default policy flag A flag to indicate whether policy is a default policy. |
boolean | Readonly |
| lock_modified_by | User who locked the security policy ID of the user who last modified the lock for the secruity policy. |
string | Readonly |
| lock_modified_time | SecuirtyPolicy locked/unlocked time SecurityPolicy locked/unlocked time in epoch milliseconds. |
EpochMsTimestamp | Readonly |
| locked | Lock a security policy Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy. Once the user releases the lock, other users can update this security policy. |
boolean | Default: "False" |
| logging_enabled | Enable logging flag This property is deprecated. Flag to enable logging for all the rules in the security policy. If the value is true then logging will be enabled for all the rules in the security policy. If the value is false, then the rule level logging value will be honored. |
boolean | Deprecated Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value SecurityPolicy | string | |
| rule_count | Rule count The count of rules in the policy. |
int | Readonly |
| rules | Rules that are a part of this SecurityPolicy | array of Rule | |
| scheduler_path | Path to the scheduler for time based scheduling Provides a mechanism to apply the rules in this policy for a specified time duration. |
string | |
| scope | The list of group paths where the rules in this policy will get
applied. This scope will take precedence over rule level scope. Supported only for security and redirection policies. In case of RedirectionPolicy, it is expected only when the policy is NS and redirecting to service chain. |
array of string | Maximum items: 128 |
| sequence_number | Sequence number to resolve conflicts across Domains This field is used to resolve conflicts between security policies across domains. In order to change the sequence number of a policy one can fire a POST request on the policy entity with a query parameter action=revise The sequence number field will reflect the value of the computed sequence number upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several security policies, the only way to set the sequence number is to explicitly specify the sequence number for each security policy. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple policies with the same sequence number then their order is not deterministic. If a specific order of policies is desired, then one has to specify unique sequence numbers or use the POST request on the policy entity with a query parameter action=revise to let the framework assign a sequence number. The value of sequence number must be between 0 and 999,999. |
int | Minimum: 0 |
| stateful | Stateful nature of the entries within this security policy. Stateful or Stateless nature of security policy is enforced on all rules in this security policy. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Layer3 security policies can be stateful or stateless. By default, they are stateful. Layer2 security policies can only be stateless. |
boolean | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_strict | Enforce strict tcp handshake before allowing data packets Ensures that a 3 way TCP handshake is done before the data packets are sent. tcp_strict=true is supported only for stateful security policies. If the tcp_strict flag is not specified and the security policy is stateful, then tcp_strict will be set to true. |
boolean | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
SecurityPolicyInsertParameters (schema)
Parameters to tell where security policy needs to be placed
Parameters to let the admin specify a relative position of a security
policy w.r.t to another one.
| Name | Description | Type | Notes |
|---|---|---|---|
| anchor_path | The security policy/rule path if operation is 'insert_after' or 'insert_before' | string | |
| operation | Operation | string | Enum: insert_top, insert_bottom, insert_after, insert_before Default: "insert_top" |
SecurityPolicyListRequestParameters (schema)
SecurityPolicy list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| include_rule_count | Include the count of rules in policy If true, populate the rule_count field with the count of rules in the particular policy. By default, rule_count will not be populated. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
SecurityPolicyListResult (schema)
Paged Collection of security policies
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | SecurityPolicy list results | array of SecurityPolicy | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
SecurityPolicyStatistics (schema)
Security policy statistics
Aggregate statistics of all the rules in a security policy.
| Name | Description | Type | Notes |
|---|---|---|---|
| internal_section_id | NSX internal section id Realized id of the section on NSX MP. Policy Manager can create more than one section per SecurityPolicy, in which case this identifier helps to distinguish between the multiple sections created. |
string | Readonly |
| lr_path | Logical Router (Tier-0/Tier1) path Path of the LR on which the section is applied in case of Gateway Firewall. |
string | Readonly |
| result_count | Rule stats count Total count for rule statistics |
integer | Required Readonly |
| results | Statistics for all rules List of rule statistics. |
array of RuleStatistics | Readonly Maximum items: 1000 |
SecurityPolicyStatisticsForEnforcementPoint (schema)
Security policy statistics for an enforcement point
Aggregate statistics of all the rules in a security policy for a specific
enforcement point.
| Name | Description | Type | Notes |
|---|---|---|---|
| container_cluster_path | Cluster container path Security Policy statistics for a single container cluster |
string | Readonly |
| enforcement_point | Enforcement point path Enforcement point to fetch the statistics from. |
string | Readonly |
| statistics | Security Policy Statistics Statistics for the specified enforcement point |
SecurityPolicyStatistics | Readonly |
SecurityPolicyStatisticsListResult (schema)
Paged Collection of Security Policy statistics
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Security Policy statistics list results | array of SecurityPolicyStatisticsForEnforcementPoint | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
SecurityProfileBindingMap (schema)
Base security profile binding map
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value SecurityProfileBindingMap | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
Segment (schema)
Segment configuration
Segment configuration to attach workloads.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| address_bindings | Address bindings for the Segment Static address binding used for the Segment. This field is deprecated and will be removed in a future release. Please use address_bindings in SegmentPort to configure static bindings. |
array of PortAddressBindingEntry | Deprecated Maximum items: 512 |
| admin_state | Represents Desired state of the Segment Admin state represents desired state of segment. It does not reflect the state of other logical entities connected/attached to the segment. |
string | Enum: UP, DOWN Default: "UP" |
| advanced_config | Advanced configuration for Segment Advanced configuration for Segment. |
SegmentAdvancedConfig | |
| bridge_profiles | Bridge Profile Configuration Multiple distinct L2 bridge profiles can be configured. |
array of BridgeProfileConfig | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildDhcpStaticBindingConfig ChildSegmentDiscoveryProfileBindingMap ChildSegmentPort ChildSegmentQoSProfileBindingMap ChildSegmentSecurityProfileBindingMap ChildStaticARPConfig |
|
| connectivity_path | Policy path to the connecting Tier-0 or Tier-1 Policy path to the connecting Tier-0 or Tier-1. Valid only for segments created under Infra. This field can only be used for overlay segments. VLAN backed segments cannot have connectivity path set. |
string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| dhcp_config_path | Policy path to DHCP configuration Policy path to DHCP server or relay configuration to use for all IPv4 & IPv6 subnets configured on this segment. |
string | |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| domain_name | DNS domain name | string | |
| evpn_segment | Evpn Segment Flag. Flag to indicate if the Segment is a Child-Segment of type EVPN. |
boolean | Readonly |
| evpn_tenant_config_path | Policy path to the EvpnTenantConfig Policy path to the EvpnTenantConfig resource. Supported only for Route-Server Evpn Mode. Supported only for Overlay Segments. This will be populated for both Parent and Child segments participating in Evpn Route-Server Mode. |
string | |
| extra_configs | Extra configs on Segment This property could be used for vendor specific configuration in key value string pairs, the setting in extra_configs will be automatically inheritted by segment ports in the Segment. |
array of SegmentExtraConfig | |
| federation_config | Federation releated config Additional config for federation. |
FederationConnectivityConfig | Readonly |
| id | Unique identifier of this resource | string | Sortable |
| l2_extension | Configuration for extending Segment through L2 VPN | L2Extension | |
| ls_id | Pre-created logical switch id for Segment This property is deprecated. The property will continue to work as expected for existing segments. The segments that are newly created with ls_id will be ignored. Sepcify pre-creted logical switch id for Segment. |
string | Deprecated |
| mac_pool_id | Allocation mac pool associated with the Segment Mac pool id that associated with a Segment. |
string | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| metadata_proxy_paths | Metadata Proxy Configuration Paths Policy path to metadata proxy configuration. Multiple distinct MD proxies can be configured. |
array of string | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overlay_id | Overlay connectivity ID for this Segment Used for overlay connectivity of segments. The overlay_id should be allocated from the pool as definied by enforcement-point. If not provided, it is auto-allocated from the default pool on the enforcement-point. |
int | Minimum: 0 Maximum: 2147483647 |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| replication_mode | Replication mode of the Segment If this field is not set for overlay segment, then the default of MTEP will be used. |
string | Enum: MTEP, SOURCE Default: "MTEP" |
| resource_type | Must be set to the value Segment | string | |
| subnets | Subnet configuration. Max 1 subnet | array of SegmentSubnet | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| transport_zone_path | Policy path to the transport zone Policy path to the transport zone. Supported for VLAN backed segments as well as Overlay Segments. - This field is required for VLAN backed Segments. - For overlay Segments, it is auto assigned if only one transport zone exists in the enforcement point. Default transport zone is auto assigned for overlay segments if none specified. |
string | |
| type | Segment type Segment type based on configuration. |
string | Readonly Enum: ROUTED, EXTENDED, ROUTED_AND_EXTENDED, DISCONNECTED |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| vlan_ids | VLAN ids for VLAN backed Segment VLAN ids for a VLAN backed Segment. Can be a VLAN id or a range of VLAN ids specified with '-' in between. |
array of string |
SegmentAdvancedConfig (schema)
Advanced configuration for Segment
| Name | Description | Type | Notes |
|---|---|---|---|
| address_pool_paths | Policy path to IP address pools Policy path to IP address pools. |
array of string | Maximum items: 1 |
| connectivity | Connectivity configuration Connectivity configuration to manually connect (ON) or disconnect (OFF) Tier-0/Tier1 segment from corresponding gateway. This property does not apply to VLAN backed segments. VLAN backed segments with connectivity OFF does not affect its layer-2 connectivity. |
string | Enum: ON, OFF Default: "ON" |
| hybrid | Flag to identify a hybrid logical switch When set to true, all the ports created on this segment will behave in a hybrid fashion. The hybrid port indicates to NSX that the VM intends to operate in underlay mode, but retains the ability to forward egress traffic to the NSX overlay network. This property is only applicable for segment created with transport zone type OVERLAY_STANDARD. This property cannot be modified after segment is created. |
boolean | Default: "False" |
| inter_router | Flag to indicate if the logical switch will provide inter-router connectivity When set to true, any port attached to this logical switch will not be visible through VC/ESX UI |
boolean | Default: "False" |
| local_egress | Flag to enable local egress This property is used to enable proximity routing with local egress. When set to true, logical router interface (downlink) connecting Segment to Tier0/Tier1 gateway is configured with prefix-length 32. |
boolean | Default: "False" |
| local_egress_routing_policies | Local egress routing policies An ordered list of routing policies to forward traffic to the next hop. |
array of LocalEgressRoutingEntry | Minimum items: 1 |
| multicast | Enable multicast on the downlink Enable multicast on the downlink LRP created to connect the segment to Tier0/Tier1 gateway. |
boolean | |
| ndra_profile_path | Policy path of Neighbor Discovery Router Advertisement profile This profile is applie dto the downlink logical router port created while attaching this semgnet to tier-0 or tier-1. If this field is empty, NDRA profile of the router is applied to the newly created port. |
string | |
| node_local_switch | Prevent BUM (broadcast, unknown-unicast and multicast) traffic from reaching the other spanned edges A behaviour required for Firewall As A Service (FaaS) where the segment BUM traffic is confined within the edge node that this segment belongs to. |
boolean | |
| origin_id | ID of the discovered Segment representing a network managed by non-NSX entity. ID populated by NSX when NSX on DVPG is used to indicate the source DVPG. Currently, only DVPortgroups are identified as Discovered Segments. The origin_id is the identifier of DVPortgroup from the source vCenter server. |
string | |
| origin_type | The DVPortgroup origin type The type of source from where the DVPortgroup is discovered |
string | Enum: VCENTER |
| uplink_teaming_policy_name | Uplink Teaming Policy Name The name of the switching uplink teaming policy for the Segment. This name corresponds to one of the switching uplink teaming policy names listed in TransportZone associated with the Segment. See transport_zone_path property above for more details. When this property is not specified, the segment will not have a teaming policy associated with it and the host switch's default teaming policy will be used by MP. |
string | |
| urpf_mode | Unicast Reverse Path Forwarding mode This URPF mode is applied to the downlink logical router port created while attaching this segment to tier-0 or tier-1. |
string | Enum: NONE, STRICT Default: "STRICT" |
SegmentConfigurationState (schema)
Segment state on specific Enforcement Point
Segment state on specific Enforcement Point. The details section
in SegmentConfigurationState contains the list of out of sync hosts
which are present in the transport zone that is associated with the
segment. Out of Sync hosts are the host transport nodes which are
not fully synced.
| Name | Description | Type | Notes |
|---|---|---|---|
| details | Array of configuration state of various sub systems | array of ConfigurationStateElement | Readonly |
| failure_code | Error code | integer | Readonly |
| failure_message | Error message in case of failure | string | Readonly |
| segment_path | Segment path | string | Readonly |
| state | Overall state of desired configuration Gives details of state of desired configuration. Additional enums with more details on progress/success/error states are sent for edge node. The success states are NODE_READY and TRANSPORT_NODE_READY, pending states are {VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, REGISTRATION_PENDING} and other values indicate failures. "in_sync" state indicates that the desired configuration has been received by the host to which it applies, but is not yet in effect. When the configuration is actually in effect, the state will change to "success". Please note, failed state is deprecated. |
string | Required Readonly Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown, error, in_sync, NOT_AVAILABLE, VM_DEPLOYMENT_QUEUED, VM_DEPLOYMENT_IN_PROGRESS, VM_DEPLOYMENT_FAILED, VM_POWER_ON_IN_PROGRESS, VM_POWER_ON_FAILED, REGISTRATION_PENDING, NODE_NOT_READY, NODE_READY, VM_POWER_OFF_IN_PROGRESS, VM_POWER_OFF_FAILED, VM_UNDEPLOY_IN_PROGRESS, VM_UNDEPLOY_FAILED, VM_UNDEPLOY_SUCCESSFUL, EDGE_CONFIG_ERROR, VM_DEPLOYMENT_RESTARTED, REGISTRATION_FAILED, TRANSPORT_NODE_SYNC_PENDING, TRANSPORT_NODE_CONFIGURATION_MISSING, EDGE_HARDWARE_NOT_SUPPORTED, MULTIPLE_OVERLAY_TZS_NOT_SUPPORTED, TN_OVERLAY_TZ_IN_USE_BY_EDGE_CLUSTER, TZ_ENDPOINTS_NOT_SPECIFIED, NO_PNIC_PREPARED_IN_EDGE, APPLIANCE_INTERNAL_ERROR, VTEP_DHCP_NOT_SUPPORTED, UNSUPPORTED_HOST_SWITCH_PROFILE, UPLINK_HOST_SWITCH_PROFILE_NOT_SPECIFIED, HOSTSWITCH_PROFILE_NOT_FOUND, LLDP_SEND_ENABLED_NOT_SUPPORTED, UNSUPPORTED_NAMED_TEAMING_POLICY, LBSRCID_NOT_SUPPORTED_FOR_EDGE_VM, LACP_NOT_SUPPORTED_FOR_EDGE_VM, STANDBY_UPLINKS_NOT_SUPPORTED_FOR_EDGE_VM, MULTIPLE_ACTIVE_UPLINKS_NOT_SUPPORTED_FOR_EDGE, UNSUPPORTED_LACP_LB_ALGO_FOR_NODE, EDGE_NODE_VERSION_NOT_SUPPORTED, NO_PNIC_SPECIFIED_IN_TN, INVALID_PNIC_DEVICE_NAME, TRANSPORT_NODE_READY, VM_NETWORK_EDIT_PENDING, UNSUPPORTED_DEFAULT_TEAMING_POLICY, MPA_DISCONNECTED, VM_RENAME_PENDING, VM_CONFIG_EDIT_PENDING, VM_NETWORK_EDIT_FAILED, VM_RENAME_FAILED, VM_CONFIG_EDIT_FAILED, VM_CONFIG_DISCREPANCY, VM_NODE_REFRESH_FAILED, VM_PLACEMENT_REFRESH_FAILED, REGISTRATION_TIMEDOUT, REPLACE_FAILED, UPLINK_FROM_TEAMING_POLICY_NOT_MAPPED, LOGICAL_SWITCH_NAMED_TEAMING_HAS_NO_PNIC_BACKING, DELETE_VM_IN_REDEPLOY_FAILED, DEPLOY_VM_IN_REDEPLOY_FAILED, INSUFFICIENT_RESOURCES_IN_EDGE_NODE_FOR_SERVICE, VM_RESOURCE_RESERVATION_FAILED, DUPLICATE_PNICS_IN_TEAMINGS_WITH_MULTIPLE_UPLINKS_AND_FAILOVER_ORDER, DUPLICATE_VLANS_SHARING_SAME_PNICMULTIPLE_UPLINKS_IN_NAMED_TEAMING_NOT_SUPPORTED_IF_UPLINK_IN_DEFAULT_TEAMING, EDGE_NODE_SETTINGS_MISMATCH_RESOLVE, EDGE_VM_VSPHERE_SETTINGS_MISMATCH_RESOLVE, EDGE_NODE_SETTINGS_AND_VSPHERE_SETTINGS_ARE_CHANGED_RESOLVE, EDGE_VSPHERE_LOCATION_MISMATCH_RESOLVE, COMPUTE_MANAGER_NOT_FOUND, DELETE_IN_PROGRESS, ADVANCED_CONFIG_EDIT_FAILED, UPT_MODE_REALIZATION_POLL_TIMED_OUT, DATAPATH_CONFIGURATION_EDIT_FAILED, MAINTENANCE_MODE_ENABLED, ERROR_IN_ENABLE_MAINTENANCE_MODE, ERROR_IN_DISABLE_MAINTENANCE_MODE, CONFIGURE_UPT_ON_VM_FAILED, VM_VERSION_IS_UPT_INCOMPATIBLE, DELETE_FAILED_FOR_DIFFERENT_MOREF_ID, DELETE_FAILED_ON_VM_NOT_FOUND, DELETE_FAILED_FOR_NON_LCM_EDGE |
SegmentConfigurationStateListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paged Collection of Segment State on specific Enforcement Point Paged Collection of Segment State on specific Enforcement Point |
array of SegmentConfigurationState | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
SegmentCrossSiteTrafficStats (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| last_update_timestamp | Last updated timestamp Timestamp when the l2 forwarder statistics was last updated. |
EpochMsTimestamp | Required Readonly |
| rx_stats | Received data counters Total received data counters. |
InterSitePortCounters | Readonly |
| segment_path | Policy path of Segment to attach interface Policy path of Segment to attach interface. |
string | Required Readonly |
| tx_stats | Sent data counters Total sent data counters. |
InterSitePortCounters | Readonly |
SegmentDeleteRequestParameters (schema)
Segment delete request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cascade | Flag to specify whether to delete related segment ports When the flag is true, all segment ports associated with this segment are detached and deleted. |
boolean | Default: "False" |
SegmentDhcpConfig (schema)
DHCP configuration for segment subnet
DHCP IPv4 and IPv6 configurations are extended from this abstract class.
This is an abstract type. Concrete child types:
SegmentDhcpV4Config
SegmentDhcpV6Config
| Name | Description | Type | Notes |
|---|---|---|---|
| dns_servers | DNS servers for subnet IP address of DNS servers for subnet. DNS server IP address must belong to the same address family as segment gateway_address property. |
array of IPAddress | Maximum items: 2 |
| lease_time | DHCP lease time for subnet DHCP lease time in seconds. When specified, this property overwrites lease time configured DHCP server config. |
integer | Minimum: 60 Maximum: 4294967295 Default: "86400" |
| resource_type | string | Required Enum: SegmentDhcpV4Config, SegmentDhcpV6Config |
|
| server_address | IP address of the DHCP server IP address of the DHCP server in CIDR format. The server_address is mandatory in case this segment has provided a dhcp_config_path and it represents a DHCP server config. If this SegmentDhcpConfig is a SegmentDhcpV4Config, the address must be an IPv4 address. If this is a SegmentDhcpV6Config, the address must be an IPv6 address. This address must not overlap the ip-ranges of the subnet, or the gateway address of the subnet, or the DHCP static-binding addresses of this segment. |
IPCIDRBlock |
SegmentDhcpV4Config (schema)
DHCP configuration of IPv4 subnet in a segment
| Name | Description | Type | Notes |
|---|---|---|---|
| dns_servers | DNS servers for subnet IP address of DNS servers for subnet. DNS server IP address must belong to the same address family as segment gateway_address property. |
array of IPAddress | Maximum items: 2 |
| lease_time | DHCP lease time for subnet DHCP lease time in seconds. When specified, this property overwrites lease time configured DHCP server config. |
integer | Minimum: 60 Maximum: 4294967295 Default: "86400" |
| options | DHCP options IPv4 DHCP options for segment subnet. |
DhcpV4Options | |
| resource_type | Must be set to the value SegmentDhcpV4Config | string | Required Enum: SegmentDhcpV4Config, SegmentDhcpV6Config |
| server_address | IP address of the DHCP server IP address of the DHCP server in CIDR format. The server_address is mandatory in case this segment has provided a dhcp_config_path and it represents a DHCP server config. If this SegmentDhcpConfig is a SegmentDhcpV4Config, the address must be an IPv4 address. If this is a SegmentDhcpV6Config, the address must be an IPv6 address. This address must not overlap the ip-ranges of the subnet, or the gateway address of the subnet, or the DHCP static-binding addresses of this segment. |
IPCIDRBlock |
SegmentDhcpV6Config (schema)
DHCP configuration of IPv6 subnet in a segment
| Name | Description | Type | Notes |
|---|---|---|---|
| dns_servers | DNS servers for subnet IP address of DNS servers for subnet. DNS server IP address must belong to the same address family as segment gateway_address property. |
array of IPAddress | Maximum items: 2 |
| domain_names | Domain names for subnet Domain names for subnet. |
array of string | |
| excluded_ranges | Excluded range of IPv6 addresses Excluded addresses to define dynamic ip allocation ranges. |
array of IPElement | Minimum items: 0 Maximum items: 128 |
| lease_time | DHCP lease time for subnet DHCP lease time in seconds. When specified, this property overwrites lease time configured DHCP server config. |
integer | Minimum: 60 Maximum: 4294967295 Default: "86400" |
| preferred_time | Preferred time The length of time that a valid address is preferred. When the preferred lifetime expires, the address becomes deprecated. |
integer | Minimum: 60 Maximum: 4294967295 |
| resource_type | Must be set to the value SegmentDhcpV6Config | string | Required Enum: SegmentDhcpV4Config, SegmentDhcpV6Config |
| server_address | IP address of the DHCP server IP address of the DHCP server in CIDR format. The server_address is mandatory in case this segment has provided a dhcp_config_path and it represents a DHCP server config. If this SegmentDhcpConfig is a SegmentDhcpV4Config, the address must be an IPv4 address. If this is a SegmentDhcpV6Config, the address must be an IPv6 address. This address must not overlap the ip-ranges of the subnet, or the gateway address of the subnet, or the DHCP static-binding addresses of this segment. |
IPCIDRBlock | |
| sntp_servers | SNTP servers for subnet IPv6 address of SNTP servers for subnet. |
array of IPv6Address | Maximum items: 2 |
SegmentDiscoveryProfileBindingMap (schema)
Segment Discovery Profile binding map
This entity will be used to establish association between discovery profile
and Segment. Using this entity, user can specify intent for applying
discovery profile to particular segments.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ip_discovery_profile_path | IP Discovery Profile Path PolicyPath of associated IP Discovery Profile |
string | |
| mac_discovery_profile_path | Mac Discovery Profile Path PolicyPath of associated Mac Discovery Profile |
string | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value SegmentDiscoveryProfileBindingMap | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
SegmentDiscoveryProfileBindingMapListRequestParameters (schema)
Segment Discovery Profile Binding Map list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
SegmentDiscoveryProfileBindingMapListResult (schema)
Paged collection of Segment Discovery Profile Binding Maps
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Segment Discovery Profile Binding Map list results | array of SegmentDiscoveryProfileBindingMap | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
SegmentExtraConfig (schema)
Vendor specific configuration on segment or Segment port
Segment extra config is intended for supporting vendor specific configuration on the
data path, it can be set as key value string pairs on either segment or segment port.
| Name | Description | Type | Notes |
|---|---|---|---|
| config_pair | Key value pair in string for the configuration | UnboundedKeyValuePair | Required |
SegmentL2ForwarderSiteSpanInfo (schema) (Experimental)
| Name | Description | Type | Notes |
|---|---|---|---|
| inter_site_forwarder_status | Inter-site forwarder status per node Inter-site forwarder status per node. |
array of L2ForwarderStatusPerNode | Readonly |
| last_update_timestamp | Last updated timestamp Timestamp when the L2 forwarder remote mac addresses was last updated. |
EpochMsTimestamp | Required Readonly |
| remote_macs_per_site | L2 forwarder remote mac addresses per site L2 forwarder remote mac addresses per site for logical switch. |
array of L2ForwarderRemoteMacsPerSite | Readonly |
| segment_path | Segment path Policy path of a segment. |
string | Required Readonly |
SegmentListRequestParameters (schema)
Segment list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| segment_type | Segment type | string | Enum: DVPortgroup, ALL |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
SegmentListResult (schema)
Paged collection of Segments
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Segment list results | array of Segment | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
SegmentMacAddressListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| last_update_timestamp | Timestamp when the data was last updated; unset if data source has never updated the data. | EpochMsTimestamp | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | array of MacTableEntry | ||
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
| transport_node_id | Transport node identifier | string | Readonly |
SegmentMonitoringProfileBindingMap (schema)
Segment Monitoring Profile binding map
This entity will be used to establish association between monitoring profile
and Segment. Using this entity, you can specify intent for applying
monitoring profile to particular segment.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ipfix_l2_profile_path | IPFIX L2 Profile Path PolicyPath of associated IPFIX L2 Profile |
string | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| port_mirroring_profile_path | Port Mirroring Profile Path PolicyPath of associated Port Mirroring Profile |
string | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value SegmentMonitoringProfileBindingMap | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
SegmentPort (schema)
Policy port object for segment
Policy port will create LogicalPort on LogicalSwitch corresponding to the Segment. Address bindings cannot be removed after realization.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| address_bindings | Address bindings for the port Static address binding used for the port. |
array of PortAddressBindingEntry | Maximum items: 512 |
| admin_state | Represents desired state of the segment port | string | Enum: UP, DOWN Default: "UP" |
| attachment | VIF attachment Only VIF attachment is supported |
PortAttachment | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildPortDiscoveryProfileBindingMap ChildPortQoSProfileBindingMap ChildPortSecurityProfileBindingMap |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| extra_configs | Extra configs on segment port This property could be used for vendor specific configuration in key value string pairs. Segment port setting will override segment setting if the same key was set on both segment and segment port. |
array of SegmentExtraConfig | |
| id | Unique identifier of this resource | string | Sortable |
| ignored_address_bindings | Address bindings to be ignored by IP Discovery module IP Discovery module uses various mechanisms to discover address bindings being used on each segment port. If a user would like to ignore any specific discovered address bindings or prevent the discovery of a particular set of discovered bindings, then those address bindings can be provided here. Currently IP range in CIDR format is not supported. |
array of PortAddressBindingEntry | Minimum items: 0 Maximum items: 16 |
| init_state | Initial state of this logical ports Set initial state when a new logical port is created. 'UNBLOCKED_VLAN' means new port will be unblocked on traffic in creation, also VLAN will be set with corresponding logical switch setting. This port setting can only be configured at port creation, and cannot be modified. 'RESTORE_VIF' fetches and restores VIF attachment from ESX host. |
string | Enum: UNBLOCKED_VLAN, RESTORE_VIF |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_id | ID of the distributed virtual port and the distributed virtual switch in the source vCenter ID populated by NSX when NSX on DVPG is used to indicate the source Distributed Virtual Port and the corresponding Distributed Virtual Switch. This ID is populated only for ports attached to discovered segments. |
string | Readonly |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value SegmentPort | string | |
| source_site_id | source site(LM) id. This field will refer to the source site on which the segment port is discovered. This field is populated by GM, when it receives corresponding notification from LM. |
string | Readonly |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
SegmentPortAttachmentState (schema)
VIF attachment state of a segment port
| Name | Description | Type | Notes |
|---|---|---|---|
| attachers | VM or vmknic entities that are attached to the Segment Port | array of PortAttacher | Readonly |
| id | VIF ID | string | Readonly |
| state | State of the VIF attached to Segment Port A segment port must be in one of following states. FREE - If there are no active attachers. The port may or may not have an attachment ID configured on it. This state is applicable only to port of static type. ATTACHED - Segment port has exactly one active attacher and no further configuration is pending. ATTACHED_PENDING_CONF - Segment port has exactly one attacher, however it may not have been configured completely. Additional configuration will be provided by other nsx components. ATTACHED_IN_MOTION - Segment port has multiple active attachers. This state represents a scenario where VM is moving from one location (host or storage) to another (e.g. vmotion, vSphere HA) DETACHED - A temporary state after all port attachers have been detached. This state is applicable only to a port of ephemeral type and the port will soon be deleted. |
string | Required Readonly Enum: FREE, ATTACHED, ATTACHED_PENDING_CONF, ATTACHED_IN_MOTION, DETACHED |
SegmentPortListRequestParameters (schema)
SegmentPort list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
SegmentPortListResult (schema)
Paged collection of SegmentPort
List SegmentPort objects
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | SegmentPort list results Place holder for the list result |
array of SegmentPort | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
SegmentPortMacAddressCsvListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| file_name | File name File name set by HTTP server if API returns CSV result as a file. |
string | |
| last_update_timestamp | Timestamp when the data was last updated; unset if data source has never updated the data. | EpochMsTimestamp | Readonly |
| results | array of SegmentPortMacTableCsvEntry |
SegmentPortMacAddressListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| last_update_timestamp | Timestamp when the data was last updated; unset if data source has never updated the data. | EpochMsTimestamp | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | array of SegmentPortMacTableEntry | ||
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
| transport_node_id | Transport node identifier | string | Readonly |
SegmentPortMacTableCsvEntry (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| mac_address | The MAC address | string | Required |
| mac_type | The type of the MAC address | MacAddressType | Required |
SegmentPortMacTableEntry (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| mac_address | The MAC address | string | Required |
| mac_type | The type of the MAC address | MacAddressType | Required |
SegmentPortState (schema)
Realized state of the segment port on enforcement point
Contains realized state of the segment port. For example: transport node
on which the port is located, discovered and realized address bindings of
the port.
| Name | Description | Type | Notes |
|---|---|---|---|
| attachment | Segment port attachment state | SegmentPortAttachmentState | Readonly |
| discovered_bindings | Segment port bindings discovered automatically Contains the list of address bindings for a segment port that were automatically dicovered using various snooping methods like ARP, DHCP etc. |
array of AddressBindingEntry | |
| duplicate_bindings | Duplicate segment port address bindings If any address binding discovered on the port is also found on other port on the same segment, then it is included in the duplicate bindings list along with the ID of the port with which it conflicts. |
array of DuplicateAddressBindingEntry | |
| realized_bindings | Realized segment port bindings List of segment port bindings that are realized. This list may be populated from the discovered bindings or manual user specified bindings. This binding configuration can be used by features such as firewall, spoof-guard, traceflow etc. |
array of AddressBindingEntry | |
| transport_node_ids | Identifiers of the transport nodes where the port is located | array of string |
SegmentPortStatistics (schema)
Segment port statistics on specific Enforcement Point
Segment port statistics on specific Enforcement Point.
| Name | Description | Type | Notes |
|---|---|---|---|
| dropped_by_security_packets | PacketsDroppedBySecurity | Readonly | |
| last_update_timestamp | Timestamp when the data was last updated; unset if data source has never updated the data. | EpochMsTimestamp | Readonly |
| logical_port_id | The id of the logical port | string | Required Readonly |
| mac_learning | MacLearningCounters | Readonly | |
| rx_bytes | DataCounter | Readonly | |
| rx_packets | DataCounter | Readonly | |
| tx_bytes | DataCounter | Readonly | |
| tx_packets | DataCounter | Readonly |
SegmentPortStatus (schema)
Segment port status on specific Enforcement Point
Segment port status on specific Enforcement Point.
| Name | Description | Type | Notes |
|---|---|---|---|
| last_update_timestamp | Timestamp when the data was last updated; unset if data source has never updated the data. | EpochMsTimestamp | Readonly |
| logical_port_id | The id of the logical port | string | Required Readonly |
| status | The Operational status of the logical port | string | Required Enum: UP, DOWN, UNKNOWN |
SegmentQoSProfileBindingMap (schema)
Segment QoS Profile binding map
This entity will be used to establish association between qos profile
and Segment. Using this entity, you can specify intent for applying
qos profile to particular segment.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| qos_profile_path | QoS Profile Path PolicyPath of associated QoS Profile |
string | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value SegmentQoSProfileBindingMap | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
SegmentQoSProfileBindingMapListRequestParameters (schema)
Segment QoS Profile Binding Map list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
SegmentQoSProfileBindingMapListResult (schema)
Paged collection of Segment QoS Profile Binding Maps
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Segment QoS Profile Binding Map list results | array of SegmentQoSProfileBindingMap | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
SegmentRequestParameter (schema)
Segment request rarameter for HAPI
Segment request parameter, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| force | Force segment update. | boolean | Required |
| resource_type | Must be set to the value SegmentRequestParameter | string | Required |
SegmentSecurityProfile (schema)
Segment Security Profile
Security features extended by policy operations for securing logical segments.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| bpdu_filter_allow | Disable BPDU filtering on this whitelist Pre-defined list of allowed MAC addresses to be excluded from BPDU filtering. List of allowed MACs - 01:80:c2:00:00:00, 01:80:c2:00:00:01, 01:80:c2:00:00:02, 01:80:c2:00:00:03, 01:80:c2:00:00:04, 01:80:c2:00:00:05, 01:80:c2:00:00:06, 01:80:c2:00:00:07, 01:80:c2:00:00:08, 01:80:c2:00:00:09, 01:80:c2:00:00:0a, 01:80:c2:00:00:0b, 01:80:c2:00:00:0c, 01:80:c2:00:00:0d, 01:80:c2:00:00:0e, 01:80:c2:00:00:0f, 00:e0:2b:00:00:00, 00:e0:2b:00:00:04, 00:e0:2b:00:00:06, 01:00:0c:00:00:00, 01:00:0c:cc:cc:cc, 01:00:0c:cc:cc:cd, 01:00:0c:cd:cd:cd, 01:00:0c:cc:cc:c0, 01:00:0c:cc:cc:c1, 01:00:0c:cc:cc:c2, 01:00:0c:cc:cc:c3, 01:00:0c:cc:cc:c4, 01:00:0c:cc:cc:c5, 01:00:0c:cc:cc:c6, 01:00:0c:cc:cc:c7 |
array of MACAddress | Minimum items: 0 Maximum items: 32 |
| bpdu_filter_enable | BPDU filtering status Indicates whether BPDU filter is enabled. BPDU filtering is enabled by default. |
boolean | Default: "True" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| dhcp_client_block_enabled | Enable DHCP client block Filters DHCP server and/or client traffic. DHCP server blocking is enabled and client blocking is disabled by default. |
boolean | Default: "False" |
| dhcp_client_block_v6_enabled | Enable DHCP client block v6 Filters DHCP server and/or client IPv6 traffic. DHCP server blocking is enabled and client blocking is disabled by default. |
boolean | Default: "False" |
| dhcp_server_block_enabled | Enable DHCP server block Filters DHCP server and/or client traffic. DHCP server blocking is enabled and client blocking is disabled by default. |
boolean | Default: "True" |
| dhcp_server_block_v6_enabled | Enable DHCP server block v6 Filters DHCP server and/or client IPv6 traffic. DHCP server blocking is enabled and client blocking is disabled by default. |
boolean | Default: "True" |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| non_ip_traffic_block_enabled | Enable non IP traffic block A flag to block all traffic except IP/(G)ARP/BPDU. |
boolean | Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| ra_guard_enabled | Enable Router Advertisement Guard Enable or disable Router Advertisement Guard. |
boolean | Default: "False" |
| rate_limits | Rate limiting configuration Allows configuration of rate limits for broadcast and multicast traffic. Rate limiting is disabled by default |
TrafficRateLimits | |
| rate_limits_enabled | Enable Rate Limits Enable or disable Rate Limits |
boolean | Default: "False" |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value SegmentSecurityProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
SegmentSecurityProfileBindingMap (schema)
Security profile binding map for segment
Contains the binding relationship between segment and security profile.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value SegmentSecurityProfileBindingMap | string | |
| segment_security_profile_path | Segment Security Profile Path The policy path of the asscociated Segment Security profile |
string | |
| spoofguard_profile_path | SpoofGuard Profile Path The policy path of the asscociated SpoofGuard profile |
string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
SegmentSecurityProfileBindingMapListRequestParameters (schema)
Segment security profile binding map request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
SegmentSecurityProfileBindingMapListResult (schema)
Paged collection of segment security profile binding maps
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Segment security profile binding map list results | array of SegmentSecurityProfileBindingMap | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
SegmentSecurityProfileListRequestParameters (schema)
Segment security profile request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
SegmentSecurityProfileListResult (schema)
Paged collection of segment security profiles
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Segment Security profile list results | array of SegmentSecurityProfile | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
SegmentStateRequestParameters (schema)
Request Parameters for Metadata Proxy Runtime Information
Request parameters that represents a segment path and enforcement_point_path.
| Name | Description | Type | Notes |
|---|---|---|---|
| configuration_state | Configuration state of the segment on enforcement point | string | Enum: pending, in_progress, success, failed, partial_success, orphaned, unknown |
| enforcement_point_path | String Path of the enforcement point enforcement point path, forward slashes must be escaped using %2F. |
string | |
| source | The data source, either realtime or cached. If not provided, cached data is returned. | DataSourceType |
SegmentStatistics (schema)
Segment statistics on specific Enforcement Point
Segment statistics on specific Enforcement Point.
| Name | Description | Type | Notes |
|---|---|---|---|
| dropped_by_security_packets | PacketsDroppedBySecurity | Readonly | |
| last_update_timestamp | Timestamp when the data was last updated; unset if data source has never updated the data. | EpochMsTimestamp | Readonly |
| logical_switch_id | The id of the logical Switch | string | Required Readonly |
| mac_learning | MacLearningCounters | Readonly | |
| rx_bytes | DataCounter | Readonly | |
| rx_packets | DataCounter | Readonly | |
| tx_bytes | DataCounter | Readonly | |
| tx_packets | DataCounter | Readonly |
SegmentSubnet (schema)
Subnet configuration for segment
| Name | Description | Type | Notes |
|---|---|---|---|
| dhcp_config | Additional DHCP configuration Additional DHCP configuration for current subnet. |
SegmentDhcpConfig (Abstract type: pass one of the following concrete types) SegmentDhcpV4Config SegmentDhcpV6Config |
|
| dhcp_ranges | DHCP address ranges for dynamic IP allocation DHCP address ranges are used for dynamic IP allocation. Supports address range and CIDR formats. First valid host address from the first value is assigned to DHCP server IP address. Existing values cannot be deleted or modified, but additional DHCP ranges can be added. |
array of IPElement | Minimum items: 1 Maximum items: 99 |
| gateway_address | Gateway IP address. Gateway IP address in CIDR format for both IPv4 and IPv6. |
string | Format: ip-cidr-block |
| network | Network CIDR for subnet Network CIDR for this subnet calculated from gateway_addresses and prefix_len. |
string | Readonly |
SelectableResourceReference (schema)
Resources to take action on
| Name | Description | Type | Notes |
|---|---|---|---|
| is_valid | Target validity Will be set to false if the referenced NSX resource has been deleted. |
boolean | Readonly |
| selected | Set to true if this resource has been selected to be acted upon | boolean | Required |
| target_display_name | Target display name Display name of the NSX resource. |
string | Readonly Maximum length: 255 |
| target_id | Target ID Identifier of the NSX resource. |
string | Maximum length: 64 |
| target_type | Target type Type of the NSX resource. |
string | Maximum length: 255 |
SelectiveSyncSettings (schema)
Directory domain selective sync settings
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| enabled | Enable or disable SelectiveSync | boolean | Required |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| selected_org_units | Selected OrgUnits for SelectiveSync If SelectiveSync is enabled, this contains 1 or more OrgUnits, which NSX will synchronize with in LDAP server. The full distiguished name (DN) should be used for OrgUnit. If SelectiveSync is disabled, do not define this or specify an empty list. |
array of string | |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
SelfResourceLink (schema)
Link to this resource
The server will populate this field when returing the resource. Ignored on PUT and POST.
| Name | Description | Type | Notes |
|---|---|---|---|
| action | Optional action | string | Readonly |
| href | Link to resource | string | Required Readonly |
| rel | Link relation type Custom relation type (follows RFC 5988 where appropriate definitions exist) |
string | Required Readonly |
SelfSignedActionParameter (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| days_valid | Number of days the certificate will be valid, default 825 days | integer | Required Minimum: 1 Maximum: 10000 Default: "825" |
Service (schema)
Contains the information related to a service
Used while defining a CommunicationEntry. A service may have multiple
service entries.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildServiceEntry |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| is_default | Flag for default services The flag, if true, indicates that service is created in the system by default. Such default services can't be modified/deleted. |
boolean | Readonly Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value Service | string | |
| service_entries | Service type | array of ServiceEntry (Abstract type: pass one of the following concrete types) ALGTypeServiceEntry EtherTypeServiceEntry ICMPTypeServiceEntry IGMPTypeServiceEntry IPProtocolServiceEntry L4PortSetServiceEntry NestedServiceServiceEntry |
|
| service_type | Type of service, EITHER or NON_ETHER | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ServiceEntry (schema)
A Service entry that describes traffic
This is an abstract type. Concrete child types:
ALGTypeServiceEntry
EtherTypeServiceEntry
ICMPTypeServiceEntry
IGMPTypeServiceEntry
IPProtocolServiceEntry
L4PortSetServiceEntry
NestedServiceServiceEntry
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ServiceEntry | string | Required Enum: IPProtocolServiceEntry, IGMPTypeServiceEntry, ICMPTypeServiceEntry, ALGTypeServiceEntry, L4PortSetServiceEntry, EtherTypeServiceEntry, NestedServiceServiceEntry |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ServiceEntryListRequestParameters (schema)
Service entry list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
ServiceEntryListResult (schema)
Paged Collection of Service entries
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Service entry list results | array of ServiceEntry (Abstract type: pass one of the following concrete types) ALGTypeServiceEntry EtherTypeServiceEntry ICMPTypeServiceEntry IGMPTypeServiceEntry IPProtocolServiceEntry L4PortSetServiceEntry NestedServiceServiceEntry |
Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ServiceInstanceEndpoint (schema)
Service EndPoint for Byod Policy Service Instance
A ServiceInstanceEndpoint belongs to one ByodPolicyServiceInstance and is attached to one ServiceInterface. A ServiceInstanceEndpoint represents a redirection target for a RedirectionPolicy.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ServiceInstanceEndpoint | string | Required Enum: VirtualEndpoint, ServiceInstanceEndpoint |
| service_interface_path | Service Interface path Path of Service Interface to which this ServiceInstanceEndpoint is connected. |
string | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| target_ips | IP addresses to redirect the traffic to IPs where either inbound or outbound traffic is to be redirected. |
array of IPInfo | Required Minimum items: 1 Maximum items: 1 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ServiceInterface (schema)
Service interface configuration
Service interface configuration for internal connectivity.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| dhcp_relay_path | policy path of referenced dhcp-relay-config Policy path of dhcp-relay-config to be attached to this Interface. |
string | |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ServiceInterface | string | |
| subnets | IP address and subnet specification for interface Specify IP address and network prefix for interface. |
array of InterfaceSubnet | Required Minimum items: 1 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ServiceInterfaceListResult (schema)
Paged collection of Service Interfaces
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Service Interface list results | array of ServiceInterface | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ServiceListRequestParameters (schema)
Service list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| default_service | Fetch all default services If set to true, then it will display only default services. If set to false, then it will display all user defined services. If it is not provided, then complete (default as well as user defined) list of services will be displayed. |
boolean | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
ServiceListResult (schema)
Paged Collection of Services
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Service list results | array of Service | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ServiceReference (schema)
An anchor object representing the intent to consume a given 3rd party service.
An anchor object representing the intent to consume a given 3rd party service.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | Operational state of the Service. A Service's operational state can be enabled or disabled. Note that would work only for NetX type of services and would not work for Guest Introsp- ection type of Services. TRUE - The Service should be enabled FALSE - The Service should be disabled |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| partner_service_name | Name of Partner Service Unique name of Partner Service to be consumed for redirection. |
string | Required |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ServiceReference | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ServiceSegment (schema)
Service Segment configuration
Service Segment configuration to attach Service Insertion VM.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| lr_paths | Policy paths of logical routers Policy paths of logical routers or ports | to which this Service Segment can be connected. |
array of string | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ServiceSegment | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| transport_zone_path | Policy path to the transport zone Policy path to transport zone. Only overlay transport zone is supported. |
string | Required |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ServiceType (schema)
Supported service types, that are using certificates.
| Name | Description | Type | Notes |
|---|---|---|---|
| ServiceType | Supported service types, that are using certificates. | string | Enum: MGMT_CLUSTER, MGMT_PLANE, API, NOTIFICATION_COLLECTOR, SYSLOG_SERVER, RSYSLOG_CLIENT, APH, APH_TN, GLOBAL_MANAGER, LOCAL_MANAGER, CLIENT_AUTH, RMQ, K8S_MSG_CLIENT, WEB_PROXY, CBM_API, CBM_CCP, CBM_CSM, CBM_MP, CBM_GM, CBM_AR, CBM_MONITORING, CBM_IDPS_REPORTING, CBM_CM_INVENTORY, CBM_MESSAGING_MANAGER, CBM_UPGRADE_COORDINATOR, CBM_SITE_MANAGER, CBM_CLUSTER_MANAGER, CBM_CORFU, CBM_SITE_PROXY_CLIENT, COMPUTE_MANAGER, CCP |
SessionTimerProfileBindingListResult (schema)
Paged Collection of session timer profile binding maps
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Session timer profile binding maps list results | array of SessionTimerProfileBindingMap | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
SessionTimerProfileBindingMap (schema)
Policy Session Timer Profile binding map
This entity will be used to establish association between Session Timer
profile and Logical Routers.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| profile_path | Profile Path PolicyPath of associated Profile |
string | Required |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value SessionTimerProfileBindingMap | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
SetFields (schema)
Set Fields
Set Fields is an action to set fields of the source event.
| Name | Description | Type | Notes |
|---|---|---|---|
| field_settings | Field Settings Field Settings. |
array of FieldSetting | Minimum items: 1 |
| resource_type | Must be set to the value SetFields | string | Required Enum: PatchResources, SetFields |
SetInterSiteAphCertificateRequest (schema)
Data for setting Appliance Proxy certificate for inter-site communication
| Name | Description | Type | Notes |
|---|---|---|---|
| cert_id | Certificate ID ID of the certificate that is already imported. |
string | Required Readonly |
| used_by_id | Node ID ID of the node that this certificate is used on. |
string | Required Readonly |
SetPrincipalIdentityCertificateForFederationRequest (schema)
Data for setting a principal identity certificate
| Name | Description | Type | Notes |
|---|---|---|---|
| cert_id | Id of the certificate | string | Required Readonly |
| service_type | Service type for which the certificate should be used. | PIServiceType | Required Readonly |
SftpProtocol (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| authentication_scheme | Scheme to authenticate if required | PasswordAuthenticationScheme | Required |
| name | Must be set to the value SftpProtocol | string | Required Enum: http, https, scp, sftp |
| ssh_fingerprint | SSH fingerprint of server | string | Required |
ShaDynamicPlugin (schema)
Sha dynamic Plugin
Define a kind of dynamic Sha plugin.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| applied_to_group_path | Binding Policy group path The Policy group path to apply the changes on Sha Plugin. It can be pre-defined plugin or dynamic created plugin. |
string | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| is_plugin_uploaded | Flag to show the dynamic plugin status Flag to show the dynamic plugin zip file is uploaded. |
boolean | Readonly |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ShaDynamicPlugin | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ShaDynamicPluginProfile (schema)
Dynamic created plugin profile
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| applied_to_group_path | Binding Policy group path The Policy group path to apply the changes on Sha Plugin. It can be pre-defined plugin or dynamic created plugin. |
string | |
| applied_to_ua | Plugin Enablement Flag on UA cluster nodes The on-off switch of System Health Plugin on UA cluster nodes. |
boolean | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| config | Plugin configuration Define the plugin configurtion. |
string | Required |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | Plugin Enablement Flag The on-off switch of System Health Plugin |
boolean | Required |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| plugin_path | Plugin path The policy path of Sha Plugin. It can be pre-defined plugin or dynamic created plugin. |
string | Required |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ShaDynamicPluginProfile | ShaPluginType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ShaPluginProfile (schema)
Abstract base type for System Health plugin profil of different types
The ShaPluginProfile is the base class for System Health plugin profile
This is an abstract type. Concrete child types:
ShaDynamicPluginProfile
ShaPredefinedPluginProfile
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| applied_to_group_path | Binding Policy group path The Policy group path to apply the changes on Sha Plugin. It can be pre-defined plugin or dynamic created plugin. |
string | |
| applied_to_ua | Plugin Enablement Flag on UA cluster nodes The on-off switch of System Health Plugin on UA cluster nodes. |
boolean | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | Plugin Enablement Flag The on-off switch of System Health Plugin |
boolean | Required |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| plugin_path | Plugin path The policy path of Sha Plugin. It can be pre-defined plugin or dynamic created plugin. |
string | Required |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ShaPluginProfile | ShaPluginType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ShaPluginType (schema)
Valid System Health plugin types
| Name | Description | Type | Notes |
|---|---|---|---|
| ShaPluginType | Valid System Health plugin types | string | Enum: PredefinedPlugin, DynamicPlugin |
ShaPredefinedPlugin (schema)
System pre-defined plugin config
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| config | Plugin configuration Define the plugin configurtion detail. |
ShaPredefinedPluginProfileData | Readonly |
| delay_on_reboot | The delay after reboot The corresponding plugin will wait for config seconds after reboot. |
integer | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | Profile Enablement Flag The on-off switch of Sha plugin |
boolean | Readonly |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| pre_req_conditions | The pre-req conditions Display the pre-req conditions to run the predefined plugin. |
array of PreReqCondition | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ShaPredefinedPlugin | string | |
| supported_node_types | The supported node types Display the running node types of predefined plugin. |
array of NsxtNodeType | Readonly |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ShaPredefinedPluginProfile (schema)
System predefined plugin profile
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| applied_to_group_path | Binding Policy group path The Policy group path to apply the changes on Sha Plugin. It can be pre-defined plugin or dynamic created plugin. |
string | |
| applied_to_ua | Plugin Enablement Flag on UA cluster nodes The on-off switch of System Health Plugin on UA cluster nodes. |
boolean | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| config | Plugin configuration Define the plugin configurtion. |
ShaPredefinedPluginProfileData | Required |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | Plugin Enablement Flag The on-off switch of System Health Plugin |
boolean | Required |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| plugin_path | Plugin path The policy path of Sha Plugin. It can be pre-defined plugin or dynamic created plugin. |
string | Required |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value ShaPredefinedPluginProfile | ShaPluginType | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
ShaPredefinedPluginProfileData (schema)
System Health Plugin Config Item
Describes a config item for System Health profile.
| Name | Description | Type | Notes |
|---|---|---|---|
| check_interval | The check interval The interval of plugin to check the status. |
integer | |
| report_interval | The report interval The interval of plugin to report the status. |
integer | |
| smallest_report_interval_if_change | The smallest report interval The smallest report interval if the status is changed. The value of smallest_report_interval_if_change should be less than the value of report_interval |
integer |
Share (schema)
Share
A Share is a container that shares all its contents represented by associated SharedResource entities
with Orgs or Projects represented using the 'sharedWith' property. Default share object is created by the system which
is shared with all the orgs and projects by default. Id of default share object is default.
Also, default share object per org/project will also be created as part of org/project
creation workflow. Id of org share object will be "
Id of project share object will be "
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value Share | string | |
| sharedWith | Path of the context Represents and array of the paths of the contexts (Org or Project) to which the contents of this share should be shared. A resource that is shared with a org is made accessible to the underlying Projects as well. |
array of string | Required Minimum items: 1 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
SharedResource (schema)
Policy Shared resource
A SharedResource is a child of the resource that needs to be shared. Where the resoruce is shared is determined by
the Share instance to which this shared resource refers. Default shared resource under default share object is created
by the system. All the resources under default shared resources will be available for consumption to all the orgs/projects by default.
Shared Resource for specific org will be available for consumption for that particular org only.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_objects | Path of the resource to be shared Represents the path and other properties of the resource to be shared. The entity represented by this shared resource is shared with all the Orgs or Projects contexts that the Share container references. |
array of ResourceObject | Required Minimum items: 1 |
| resource_type | Must be set to the value SharedResource | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
Site (schema)
Site
Site represents an NSX deployment having its own set of NSX clusters and
transport nodes. It may correspond to a Data Center, VMC deployment, or
NSX-Cloud deployment managed via CSM.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildEnforcementPoint |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| fail_if_rtep_misconfigured | Fail onboarding if RTEPs misconfigured Both the local site and the remote site must have edge clusters correctly configured and remote tunnel endpoint (RTEP) interfaces must be defined, or onboarding will fail. |
boolean | Default: "True" |
| fail_if_rtt_exceeded | Fail onboarding if maximum RTT exceeded Fail onboarding if maximum RTT exceeded. |
boolean | Default: "True" |
| federation_config | Federation releated config System managed federation config. |
GmFederationSiteConfig | Readonly |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| maximum_rtt | Maximum acceptable packet round trip time (RTT) If provided and fail_if_rtt_exceeded is true, onboarding of the site will fail if measured RTT is greater than this value. |
integer | Minimum: 0 Maximum: 1000 Default: "250" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value Site | string | |
| site_connection_info | Connection information To onboard a site, the connection information (username, password, and API thumbprint) for at least one NSX manager node in the remote site must be provided. Once the site has been successfully onboarded, the site_connection_info is discarded and authentication to the remote site occurs using an X.509 client certificate. |
array of SiteNodeConnectionInfo | Maximum items: 3 |
| site_number | 12-bit system generated site number | integer | Readonly |
| site_type | Persistent Site Type The site_type property identifies type of current site. |
string | Enum: ONPREM_LM, SDDC_LM |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
SiteActionParameters (schema)
Paramters for Site delete operation
If force=true then site will be deleted even if not reachable.
NOTE - Use this with caution as Global Manager will go ahead and
offboard the site forcefully.
| Name | Description | Type | Notes |
|---|---|---|---|
| force | boolean |
SiteAllocationIndexForEdge (schema)
Allocation index for edge
Index for cross site allocation for edge cluster
and its members referred by gateway.
| Name | Description | Type | Notes |
|---|---|---|---|
| index | Unique index across sites for gateway span Unqiue edge cluster node index across sites based on stretch of the Gateway. For example, if a Gateway is streched to sites S1 with one edge cluster of 3 nodes and site S2 with one edge cluster of 2 nodes, the in the Global Manager will allocate the index for 5 edge nodes and 2 cluster in the rage 0 to 7. |
integer | Readonly |
| target_resource_path | Edge cluster or edge node path | string | Readonly |
SiteCleanupPending (schema)
Details for cleanup of resource.
SiteCleanupPending contains information about the resource cleanup
from sites.
| Name | Description | Type | Notes |
|---|---|---|---|
| marked_for_delete | Indicates whether the resource is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. |
boolean | Readonly |
| pending_sites | List of SpanSiteInfos List of SpanSiteInfos representing the strech of the entity. |
array of SpanSiteInfo | Readonly |
| resource_path | Policy path of an resource. Policy resource which is either marked for delete or in process of deletion from site. |
string | Readonly |
SiteCleanupPendingListRequestParameters (schema)
SiteCleanupPending list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| intent_path | String Path of a resource. String Path of a resource. Can pass multiple values. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
SiteCleanupPendingListResult (schema)
Paged collection of SiteCleanupPending
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | SiteCleanupPending list results | array of SiteCleanupPending | Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
SiteCompatibilityInfo (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| compatibility_list | Compatibility list | array of string | |
| site_version | Site version | string |
SiteFederationConfig (schema)
Site fedeation configuration
Site fedeation configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| rtep_ips | Remote tunnel endpoint IP addresses | array of IPAddress | Readonly |
| site_id | Site UUID | string | Readonly |
| site_index | Unique site index allocated (from range 0-4095) | integer | Readonly |
| site_path | Site path | string | Readonly |
SiteInfo (schema)
Site information
Information related to Sites applicable for given Org.
| Name | Description | Type | Notes |
|---|---|---|---|
| edge_cluster_paths | PolicyPath of the edge cluster The edge cluster on which the networking elements for the Org will be created. |
array of string | |
| site_path | PolicyPath of the site This represents the path of the site which is managed by Global Manager. For the local manager, if set, this needs to point to 'default'. |
string |
SiteListRequestParameters (schema)
Site List Request Parameters
Site list request parameters.
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
SiteListResult (schema)
Paged Collection of Sites
Paged Collection of Sites.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Site List Result Site list result. |
array of Site | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
SiteNodeConnectionInfo (schema)
Site Node Connection Info
Credential info to connect to a node in the federated remote site.
| Name | Description | Type | Notes |
|---|---|---|---|
| fqdn | Fully Qualified Domain Name of the Management Node Please specify the fqdn of the Management Node of your site. |
string | Required |
| password | Password Password to connect to Site's Local Manager. |
secure_string | |
| site_uiid | id of Site Site UUID supplied for connection info |
string | |
| thumbprint | Thumbprint of Enforcement Point Thumbprint of Site's Local Manager in the form of a SHA-256 hash represented in lower case HEX. |
string | |
| username | Username Username to connect to Site's Local Manager. |
string |
SiteOnboardingPreference (schema)
User Onboarding Preference
User onboarding preference for site.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ignore_import | Ignore Import Preference Represents user's decision to ignore onboarding option for a site. User will not be shown onboarding message or will failing onboarding when ignore status is set to 'true'. |
boolean | Required Readonly |
| resource_type | Must be set to the value SiteOnboardingPreference | string | |
| site_id | Site Identifier Unique site identifier. |
string | Readonly |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
SiteOverride (schema)
IPSecVpn Site Override Parameters
IPSecVPN site specific attributes specified only on GM. This allows user to specify site specific parameters which overrides the correspondig attributes in the IPSecVpnSession Object.
| Name | Description | Type | Notes |
|---|---|---|---|
| local_endpoint_path | Local endpoint path Policy path referencing Local endpoint. |
string | Required |
| locale_service_path | Locale service policy path Policy path referencing LocateService where SiteOverride attributes will be applied |
string | Required |
| peer_address | IPV4 or IPV6 address of peer endpoint on remote site Public IPV4 or IPV6 address of the remote device terminating the VPN connection. Please note that configuring peer_address as IPv6 address is not supported in the deprecated IPSecVpnSession Patch/PUT APIs. |
IPAddress | Required |
| peer_id | Peer id Peer ID to uniquely identify the peer site. The peer ID is the public IP address of the remote device terminating the VPN tunnel. When NAT is configured for the peer, enter the private IP address of the peer. |
string | Required |
| tunnel_interfaces | IP Tunnel interfaces IP Tunnel interfaces. This property is mandatory for RouteBasedIpSecVpn session. |
array of IPSecVpnTunnelInterface | Minimum items: 1 Maximum items: 1 |
SiteRequestParameter (schema)
Request parameter to get flow to a given Site
User can get flow details from the Site where API invoked to a given
Site by specifying the Site policy path.
| Name | Description | Type | Notes |
|---|---|---|---|
| site_path | Policy path of the Site object | string |
SiteStatus (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| site_name | Site name | string | Required |
| stubs | Connection status | array of StubStatus |
SnmpServiceProperties (schema)
SNMP Service properties
| Name | Description | Type | Notes |
|---|---|---|---|
| communities | SNMP v1, v2c community strings | array of string | Maximum items: 1 |
| start_on_boot | Start when system boots | boolean | Required |
| v2_configured | SNMP v2 is configured or not | boolean | Readonly |
| v3_auth_protocol | SNMP v3 auth protocol | string | Required Enum: SHA1 Default: "SHA1" |
| v3_configured | SNMP v3 is configured or not | boolean | Readonly |
| v3_priv_protocol | SNMP v3 private protocol | string | Required Enum: AES128 Default: "AES128" |
| v3_users | V3 users SNMP v3 users information |
array of SnmpV3User | Maximum items: 1 |
SnmpV3User (schema)
SNMP v3 user
SNMP v3 user properties
| Name | Description | Type | Notes |
|---|---|---|---|
| auth_password | Auth password SNMP v3 user auth password |
secure_string | |
| priv_password | Private password SNMP v3 user private password |
secure_string | |
| user_id | User ID SNMP v3 user ID |
string | Required |
Source (schema)
Event Source
Source that is logically deemed to be the "object" upon which the
Event in question initially occurred upon. The Source is responsible
for providing information of the occurred event. Some example sources
include:
- Resource.
- API.
This is an abstract type. Concrete child types:
ApiRequestBody
ResourceOperation
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_type | Resource Type Event Source resource type. |
string | Required Enum: ResourceOperation, ApiRequestBody |
SourceFieldEvaluation (schema)
Source Field Evaluation
Source Field Evaluation represents an evaluation on resource fields.
A source field evaluation will be evaluated against an Event Source which
is of type Resource Operation. For instance, the attribute constraint could
be related to the necessity that one of the source fields equals one of the
specified values.
| Name | Description | Type | Notes |
|---|---|---|---|
| expected | Operator Arguments Expected values necessary to apply the specified operation on the source field value. |
array of string | Required Minimum items: 1 Maximum items: 1 |
| field_pointer | Field Pointer Field in the form of a pointer, describing the location of the attribute within the source of the event. |
string | Required |
| operator | Logical Operator Logical operator. |
string | Required Enum: EQ, NOT_EQ |
| resource_type | Must be set to the value SourceFieldEvaluation | string | Required Enum: SourceFieldEvaluation |
SourceIpPersistencePurge (schema)
source ip persistence purge setting
If the persistence table is full and a new connection without a matching persistence entry is received, then by default(FULL) oldest persistence entries are purged from the table to make space for new entries. Each time purging gets triggered, a small percentage of the entries are purged. If purging is disabled(NO_PURGE) and a new incoming connection requires a persistence entry to be created, then that connection is rejected even though backend servers are available.
| Name | Description | Type | Notes |
|---|---|---|---|
| SourceIpPersistencePurge | source ip persistence purge setting If the persistence table is full and a new connection without a matching persistence entry is received, then by default(FULL) oldest persistence entries are purged from the table to make space for new entries. Each time purging gets triggered, a small percentage of the entries are purged. If purging is disabled(NO_PURGE) and a new incoming connection requires a persistence entry to be created, then that connection is rejected even though backend servers are available. |
string | Enum: NO_PURGE, FULL |
SpacerWidgetConfiguration (schema)
Spacer widget Configuration
Represents configuration for spacer widget. For this widget the data source is not applicable. This widget can be use to add the space inside the dashboard container.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| condition | Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally. |
string | Maximum length: 1024 |
| datasources | Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API. |
array of Datasource | Minimum items: 0 |
| default_filter_value | Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values. |
array of DefaultFilterValue | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title. |
string | Maximum length: 255 |
| drilldown_id | Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget. |
string | Maximum length: 255 |
| feature_set | Features required to view the widget Features required to view the widget. |
FeatureSet | |
| filter | Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property. |
string | Deprecated |
| filter_value_required | Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory. |
boolean | Default: "True" |
| filters | A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget. |
array of string | |
| footer | Footer | ||
| icons | Icons Icons to be applied at dashboard for widgets and UI elements. |
array of Icon | |
| id | Unique identifier of this resource | string | Sortable |
| is_drilldown | Set as a drilldown widget Set to true if this widget should be used as a drilldown. |
boolean | Default: "False" |
| legend | Legend for the widget Legend to be displayed. If legend is not needed, do not include it. |
Legend | |
| plot_configs | List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here. |
array of WidgetPlotConfiguration | |
| resource_type | Must be set to the value SpacerWidgetConfiguration | string | Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255 |
| rowspan | Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px. |
int | Minimum: 1 |
| shared | Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users. |
boolean | Deprecated |
| show_header | This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header. |
boolean | |
| span | Horizontal span Represents the horizontal span of the widget / container. |
int | Minimum: 1 Maximum: 12 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| weight | Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details. |
int | Deprecated |
Span (schema)
Represents strech information for federated entity.
Represents the strech information for a federated entity
available only on local manager.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value Span | string | |
| sites | List of SpanSiteInfos List of SpanSiteInfos representing the strech of the entity. |
array of SpanSiteInfo | Readonly |
| span_leader | Policy resource type of span leader Represents Policy resource type streached entity's span leader. |
string | Readonly |
| span_resource | Policy resource path Represents Policy resource path of streached entity. |
string | Readonly |
| span_resource_type | Policy resource type Policy resource type of the streached entity. |
string | Readonly |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
SpanSiteInfo (schema)
Represents Site resource for Span entity.
Represents the Site resource information for a Span entity
including both the internal id as well as the site path.
| Name | Description | Type | Notes |
|---|---|---|---|
| site_id | Internal ID of the Site resource Site UUID representing the Site resource |
string | Readonly |
| site_path | Path of the Site resource Path of the Site resource |
string | Readonly |
SpoofGuardProfile (schema)
SpoofGuard Profile
SpoofGuard is a tool that is designed to prevent virtual machines in your
environment from sending traffic with IP addresses which are not authorized
to send traffic from. A SpoofGuard policy profile once enabled blocks the
traffic determined to be spoofed.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| address_binding_allowlist | Enable SpoofGuard If true, enable the SpoofGuard, which only allows VM sending traffic with the IPs in the whitelist. This value cannot conflict with whitelist. |
boolean | Required Default: "False" |
| address_binding_whitelist | Enable SpoofGuard If true, enable the SpoofGuard, which only allows VM sending traffic with the IPs in the whitelist. This field is deprecated because it has offensive terminology. Please use address_binding_allowlist. This value cannot conflict with allow list. |
boolean | Deprecated Required Default: "False" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value SpoofGuardProfile | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
SpoofGuardProfileListRequestParameters (schema)
SpoofGuard profile request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
SpoofGuardProfileListResult (schema)
Paged collection of SpoofGuard profiles
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | SpoofGuard profile list results | array of SpoofGuardProfile | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
SshFingerprintProperties (schema)
Server ssh fingerprint properties
Server properties - hostname/ip_address, port and ssh fingerprint
| Name | Description | Type | Notes |
|---|---|---|---|
| port | Server port Remote server port on which ssh connection is made. |
integer | Required Minimum: 1 Maximum: 65535 |
| server | Remote server hostname or IP address Server hostname/ip_address for which fingerprint has been retrieved. |
string | Required Pattern: "^.+$" |
| ssh_fingerprint | SSH fingerprint of server Remote server's ssh fingerprint. |
string |
SshKeyBaseProperties (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| label | SSH key label (used to identify the key) | string | Required |
| password | Current password for user (required for users root and admin) | string |
SshKeyProperties (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| label | SSH key label (used to identify the key) | string | Required |
| password | Current password for user (required for users root and admin) | string | |
| type | SSH key type | string | Required Pattern: "^(ecdsa-sha2-nistp256|ecdsa-sha2-nistp384|ecdsa-sha2-nistp521|ssh-dss|ssh-ed25519|ssh-rsa)$" |
| value | SSH key value | string | Required |
SshKeyPropertiesListResult (schema)
SSH key properties query results
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | SSH key properties query results | array of SshKeyProperties | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
SshServiceProperties (schema)
SSH Service properties
| Name | Description | Type | Notes |
|---|---|---|---|
| root_login | Permit SSH Root login | boolean | |
| start_on_boot | Start service when system boots | boolean | Required |
SslCipher (schema) (Deprecated)
SSL cipher
| Name | Description | Type | Notes |
|---|---|---|---|
| SslCipher | SSL cipher | string | Deprecated Enum: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 |
SslCipherGroup (schema) (Deprecated)
SSL cipher group
| Name | Description | Type | Notes |
|---|---|---|---|
| SslCipherGroup | SSL cipher group | string | Deprecated Enum: BALANCED, HIGH_SECURITY, HIGH_COMPATIBILITY, CUSTOM |
SslProtocol (schema) (Deprecated)
SSL protocol
| Name | Description | Type | Notes |
|---|---|---|---|
| SslProtocol | SSL protocol | string | Deprecated Enum: SSL_V2, SSL_V3, TLS_V1, TLS_V1_1, TLS_V1_2 |
StageUpgradeRequestParameters (schema)
Stage upgrade request parameters
Parameters specified during upgrade staging request
| Name | Description | Type | Notes |
|---|---|---|---|
| component_type | Component type Type of the component |
string |
StandaloneHostIdfwConfiguration (schema)
Standalone host idfw configuration
Idfw configuration for enable/disable idfw on standalone hosts.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| idfw_enabled | Idfw enabled flag If set to true, Idfw is enabled for standalone hosts |
boolean | Required |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value StandaloneHostIdfwConfiguration | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
StatItem (schema)
Statistic of an entity
Displayed as a single number. It can be used to show the characteristics of entities such as Logical Switches, Firewall Rules, and so on. For example, number of logical switches and their admin states.
| Name | Description | Type | Notes |
|---|---|---|---|
| drilldown_id | Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. |
string | |
| tooltip | Multi-line tooltip Multi-line text to be shown on tooltip while hovering over the stat. |
array of Tooltip | Minimum items: 0 |
| total | Total If expression for total is specified, it evaluates it. Total can be omitted if not needed to be shown. |
string | |
| value | Stat Expression for stat to be displayed. |
string | Required Maximum length: 1024 |
StaticARPConfig (schema)
Static ARP Config
Contains Static ARP configuration for Segment.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ip_address | IP Address | IPAddress | Required |
| mac_address | MAC Address | MACAddress | Required |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value StaticARPConfig | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
StaticFilter (schema)
Static filters
| Name | Description | Type | Notes |
|---|---|---|---|
| additional_value | An additional value for static filter An additional key-value pair for static filter. |
object | |
| display_name | Display name for static filter display name to be shown in the drop down for static filter. |
string | Maximum length: 1024 |
| info_text | Info text for the static filter. Additional information to be shown along with the static filter. It will shown on the tooltip of an info icon, |
string | |
| short_display_name | A property value to be shown once value is selected for a filter. Property value is shown in the drop down input box for a filter. If the value is not provided 'display_name' property value is used. |
string | Maximum length: 1024 |
| value | Value of static filter Value of static filter inside dropdown filter. |
string |
StaticMimeContent (schema)
Static MIME content
MIME content with text message and image path in it.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value StaticMimeContent | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| text_message | text message text message. |
string | Required |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
StaticRouteBfdPeer (schema)
Static Route Bidirectional Forwarding Detection Peer
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| bfd_profile_path | Policy path to Bfd Profile Bfd Profile is not supported for IPv6 networks. |
string | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | Enable BFD Peer Flag to enable BFD peer. |
boolean | Default: "True" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| peer_address | IP Address of static route next hop peer Both IPv4 and IPv6 addresses are supported. Only a single BFD config per peer address is allowed. |
string | Required |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value StaticRouteBfdPeer | string | |
| scope | Array of policy paths of locale services Represents the array of policy paths of locale services where this BFD peer should get relalized on. The locale service service and this BFD peer must belong to the same router. Default scope is empty. |
array of string | |
| source_addresses | List of source IP addresses Array of Tier0 external interface IP addresses. BFD peering is established from all these source addresses to the neighbor specified in peer_address. Both IPv4 and IPv6 addresses are supported. |
array of string | Minimum items: 0 Maximum items: 8 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
StaticRouteBfdPeerListResult (schema)
Paged Colleciton of StaticRouteBfdPeer
Paged collection of StaticRouteBfdPeer.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | StaticRouteBfdPeer list results StaticRouteBfdPeer list results. |
array of StaticRouteBfdPeer | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
StaticRoutes (schema)
Static routes configuration on Tier-0, Tier-1
Static routes configuration on Tier-0, Tier-1.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled_on_secondary | Flag to plumb route on secondary site When false or by default northbound routes are configured only on the primary location and not on secondary location. When true, the static route will also be configured on a secondary location. Secondary location prefers route learned from the primary location and enabling this flag secondary location can override this. This flag is not applicable if all sites are primary. |
boolean | Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| network | Network address in CIDR format Specify network address in CIDR format. |
IPElement | Required |
| next_hops | Next hop routes for network Specify next hop routes for network. |
array of RouterNexthop | Required Minimum items: 1 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value StaticRoutes | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
StaticRoutesListRequestParameters (schema)
Static Routes list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
StaticRoutesListResult (schema)
Paged collection of Static Routes
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Static Routes list results | array of StaticRoutes | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
StatisticsRequestParameters (schema)
Statistics Request Parameters
Request parameters that represents an enforcement point path. A request on statistics
can be parameterized with this path and will be evaluated as follows:
- no enforcement point path specified: the request is evaluated on all enforcement
points.
- {enforcement_point_path}: the request is evaluated only on the given enforcement
point.
- {container_cluster_path}: The request is evaluated only on the given
container cluster.
| Name | Description | Type | Notes |
|---|---|---|---|
| container_cluster_path | String Path of the Container Cluster entity Path to the container cluster entity where the request will be executed. |
string | |
| enforcement_point_path | String Path of the enforcement point enforcement point path, forward slashes must be escaped using %2F. |
string |
StatsConfiguration (schema)
Stats Configuration
Represents configuration of a statistic for an entity. Example, number of logical switches and their admin states.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| condition | Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally. |
string | Maximum length: 1024 |
| datasources | Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API. |
array of Datasource | Minimum items: 0 |
| default_filter_value | Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values. |
array of DefaultFilterValue | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title. |
string | Maximum length: 255 |
| drilldown_id | Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget. |
string | Maximum length: 255 |
| feature_set | Features required to view the widget Features required to view the widget. |
FeatureSet | |
| filter | Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property. |
string | Deprecated |
| filter_value_required | Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory. |
boolean | Default: "True" |
| filters | A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget. |
array of string | |
| footer | Footer | ||
| icons | Icons Icons to be applied at dashboard for widgets and UI elements. |
array of Icon | |
| id | Unique identifier of this resource | string | Sortable |
| is_drilldown | Set as a drilldown widget Set to true if this widget should be used as a drilldown. |
boolean | Default: "False" |
| label | Label of the Stats Configuration Displayed at the sections, by default. It labels the entities of sections. If label is not provided, the sections are not labelled. |
Label | |
| legend | Legend for the widget Legend to be displayed. If legend is not needed, do not include it. |
Legend | |
| navigation | Navigation to a specified UI page Hyperlink of the specified UI page that provides details. |
string | Maximum length: 1024 |
| plot_configs | List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here. |
array of WidgetPlotConfiguration | |
| resource_type | Must be set to the value StatsConfiguration | string | Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255 |
| rowspan | Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px. |
int | Minimum: 1 |
| sections | Sections | array of DonutSection | Minimum items: 0 |
| shared | Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users. |
boolean | Deprecated |
| show_header | This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header. |
boolean | |
| span | Horizontal span Represents the horizontal span of the widget / container. |
int | Minimum: 1 Maximum: 12 |
| stat | Expression for feching statistic of an entity Expression that fetches statistic. It can be used to show the characteristics of entities such as Logical Switches, Firewall Rules, and so on. For example, number of logical switches and their admin states. If stat is not provided, then it will not be displayed. |
StatItem | |
| sub_type | Sub-type of the StatsConfiguration A sub-type of StatsConfiguration. If sub-type is not specified the parent type is rendered. The COMPACT sub_type, conserves the space for the widget. The statistic is placed on the right side on top of the status bar and the title of the widget is placed on the left side on the top of the status bar. The COMPACT style aligns itself horizontally as per the width of the container. If multiple widgets are placed insided the container then the widgets are placed one below the other to conserve the space. |
string | Enum: COMPACT |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| weight | Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details. |
int | Deprecated |
StatusSummaryRequestParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| component_type | Component type based on which upgrade units to be filtered | string | |
| selection_status | Flag to indicate whether to return status for only selected, only deselected or both type of upgrade units | string | Enum: SELECTED, DESELECTED, ALL Default: "ALL" |
| show_history | Get upgrade activity for a given component Get details of the last 16 operations performed during the upgrade of a given component. |
boolean |
StringArrayConstraintValue (schema)
Array of String Values to perform operation
List of String values
| Name | Description | Type | Notes |
|---|---|---|---|
| resource_type | Must be set to the value StringArrayConstraintValue | string | Required Enum: StringArrayConstraintValue, CidrArrayConstraintValue, IntegerArrayConstraintValue |
| values | Array of String Array of string values |
array of string | Required Minimum items: 1 Maximum items: 100 |
StubStatus (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| address | IP/FQDN of the node | string | |
| connection_up | Is stub up | boolean | Required |
SubjectAltNames (schema)
A collection of subject alternative names
| Name | Description | Type | Notes |
|---|---|---|---|
| dns_names | DNS names A list of DNS names in subject alternative names |
array of DnsNameString | Readonly Minimum items: 1 Maximum items: 128 |
| ip_addresses | IP Addresses A list of IP addresses in subject alternative names |
array of string | Readonly Minimum items: 1 Maximum items: 64 |
SubjectPublicKeyHash (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| public_key_sha256_hashes | SHA256 hashes of Public Keys List of SHA256 hashes of the Public Key of the revoked certificates with the specified subject. |
array of string | |
| subject | Subject Distinguished Name (DN) Subject Distinguished Name of the revoked certificates. |
string |
SuccessNodeSupportBundleResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| bundle_name | Name of support bundle, e.g. nsx_NODETYPE_UUID_YYYYMMDD_HHMMSS.tgz | string | Required Readonly |
| bundle_size | Size of support bundle in bytes | integer | Required Readonly |
| node_display_name | Display name of node | string | Required Readonly |
| node_id | UUID of node | string | Required Readonly |
| node_ip | IPv4 address of node | string | Required Readonly |
| node_ipv6 | IPv6 address of node | string | Required Readonly |
| sha256_thumbprint | File's SHA256 thumbprint | string | Required Readonly |
SummaryRequest (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| summary | Flag indicating whether to return the summary | boolean | Default: "False" |
SupportBundleContainerNode (schema)
This is an abstract type. Concrete child types:
AntreaSupportBundleContainerNode
| Name | Description | Type | Notes |
|---|---|---|---|
| container_type | Support bundle container type | string | Required Enum: ANTREA |
SupportBundleFileTransferAuthenticationScheme (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| password | Password to authenticate with | string | Required |
| scheme_name | Authentication scheme name | string | Required Enum: PASSWORD |
| username | User name to authenticate with | string | Required |
SupportBundleFileTransferProtocol (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| authentication_scheme | Scheme to authenticate if required | SupportBundleFileTransferAuthenticationScheme | Required |
| name | Protocol name | string | Required Enum: SCP, SFTP |
| ssh_fingerprint | SSH fingerprint of server | string | Required |
SupportBundleQueryParameter (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| override_async_response | Override any existing support bundle async response Override an existing support bundle async response if it exists. If not set to true and an existing async response is available, the support bundle request results in 409 CONFLICT. |
boolean | Default: "False" |
| require_delete_or_override_async_response | Suppress auto-deletion of generated support bundle If the remote_file_server option has not been specified, save generated support bundle until a subsequent request either deletes or overrides the support bundle generated by the current request using the action=delete_async_response or override_async_response=true query parameters. Setting this property to true allows the NSX API client to re-download a support bundle if for example a previous download attempt fails. |
boolean | Default: "False" |
SupportBundleQueryParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| all | Include all files Include all files including files that may have sensitive information like core files. |
boolean | Default: "False" |
SupportBundleRemoteFileServer (schema)
Remote file server
| Name | Description | Type | Notes |
|---|---|---|---|
| directory_path | Remote server directory to copy bundle files to | string | Required |
| manager_upload_only | Uploads to the remote file server performed by the manager | boolean | Default: "False" |
| port | Server port | integer | Minimum: 1 Maximum: 65535 Default: "22" |
| protocol | Protocol to use to copy file | SupportBundleFileTransferProtocol | Required |
| server | Remote server hostname or IP address | string | Required |
SupportBundleRequest (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| container_nodes | List of container clusters and their nodes requiring support bundle collection | array of SupportBundleContainerNode (Abstract type: pass one of the following concrete types) AntreaSupportBundleContainerNode |
Minimum items: 1 |
| content_filters | Bundle should include content of specified type List of content filters that specify additional content or action when collecting support bundle.
By default no core dumps and audit logs are included in support bundle with filter No other content-filters can be added along with
When content-filter Note, |
array of ContentFilterValue | Minimum items: 1 Default: "['DEFAULT']" |
| dynamic_content_filters | List of content filters that decide the additional content that go into the support bundle List of dynamic content filters that specify additional content to include in the support bundle. The list of available filters available depends on your NSX-T deployment and can be determined by invoking the GET /api/v1/adminstration/support-bundles/dynamic-content-filters NSX API. For example, if NSX Intelligence is deployed, filters for collecting specific information about services are available. |
array of DynamicContentFilterValue | Default: "['ALL']" |
| log_age_limit | Include log files with modified times not past the age limit in days | integer | Minimum: 1 |
| nodes | List of cluster/fabric node UUIDs processed in specified order | array of string | Minimum items: 1 |
| remote_file_server | Remote file server to copy bundles to, bundle in response body if not specified | SupportBundleRemoteFileServer |
SupportBundleResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| failed_nodes | Nodes where bundles were not generated or not copied to remote server | array of FailedNodeSupportBundleResult | Required Readonly |
| remaining_nodes | Nodes where bundle generation is pending or in progress | array of RemainingSupportBundleNode | |
| request_properties | Request properties | SupportBundleRequest | Required Readonly |
| success_nodes | Nodes whose bundles were successfully copied to remote file server | array of SuccessNodeSupportBundleResult | Required Readonly |
SwitchingProfileType (schema) (Deprecated)
Supported switching profiles.
Supported switching profiles.
'PortMirroringSwitchingProfile' is deprecated, please turn to
"Troubleshooting And Monitoring: Portmirroring" and use
PortMirroringSession API for port mirror function.
| Name | Description | Type | Notes |
|---|---|---|---|
| SwitchingProfileType | Supported switching profiles. Supported switching profiles. 'PortMirroringSwitchingProfile' is deprecated, please turn to "Troubleshooting And Monitoring: Portmirroring" and use PortMirroringSession API for port mirror function. |
string | Deprecated Enum: QosSwitchingProfile, PortMirroringSwitchingProfile, IpDiscoverySwitchingProfile, SpoofGuardSwitchingProfile, SwitchSecuritySwitchingProfile, MacManagementSwitchingProfile |
SwitchingProfileTypeIdEntry (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| key | SwitchingProfileType | ||
| value | key value | string | Required |
SwitchoverStatus (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| current_step | Progress of each items | ProgressItem | |
| current_step_number | Current number | integer | Required |
| note | Special messages, most of the time this will be empty, i.e. If SM performing the operation went down, another SM will restart the progress. | string | Required |
| number_of_steps | Total number of steps | integer | Required |
| overall_status | Status of the operation | string | Required Enum: NOT_STARTED, RUNNING, ERROR, COMPLETE |
SyslogFacility (schema)
Syslog facility
| Name | Description | Type | Notes |
|---|---|---|---|
| SyslogFacility | Syslog facility | string | Enum: KERN, USER, MAIL, DAEMON, AUTH, SYSLOG, LPR, NEWS, UUCP, AUTHPRIV, FTP, LOGALERT, CRON, LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7 |
SystemHostname (schema)
System host name
| Name | Description | Type | Notes |
|---|---|---|---|
| SystemHostname | System host name | string | Maximum length: 255 Pattern: "^(?=.{1,255}$)[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?(?:\.[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?)*\.?$" |
Tag (schema)
Arbitrary key-value pairs that may be attached to an entity
| Name | Description | Type | Notes |
|---|---|---|---|
| scope | Tag scope Tag searches may optionally be restricted by scope |
string | Maximum length: 128 Default: "" |
| tag | Tag value Identifier meaningful to user with maximum length of 256 characters |
string | Default: "" |
TagBulkOperation (schema)
Payload to update the tag on specified objects
Tag and resource information on which tag to be applied or removed.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| apply_to | List of resources on which tag needs to be applied List of resources on which tag needs to be applied. |
array of ResourceInfo | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| remove_from | List of resources from which tag needs to be removed List of resources from which tag needs to be removed. |
array of ResourceInfo | |
| resource_type | Must be set to the value TagBulkOperation | string | |
| tag | Tag | Tag | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
TagBulkOperationStatus (schema)
Status of tag bulk operation
Status of tag bulk operation.
| Name | Description | Type | Notes |
|---|---|---|---|
| apply_to | Tag apply operation status per resource type Tag apply operation status per resource type. |
array of ResourceTypeTagStatus | |
| path | Intent path corresponding to tag operation | string | Required |
| remove_from | Tag remove operation status per resource type Tag remove operation status per resource type. |
array of ResourceTypeTagStatus | |
| status | Overall status | string | Required Enum: Success, Running, Error, Pending |
| tag | Tag | Tag | Required |
TagInfo (schema)
Information about arbitrary key-value pairs that may be attached to an entity
| Name | Description | Type | Notes |
|---|---|---|---|
| scope | Tag scope Tag searches may optionally be restricted by scope |
string | Maximum length: 128 Default: "" |
| tag | Tag value Identifier meaningful to user with maximum length of 256 characters |
string | Default: "" |
| tagged_objects_count | Number of objects with assigned with matching scope and tag values | int | Readonly |
TagInfoListRequestParameters (schema)
TagInfo list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| enforcement_point_path | String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F. |
string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| scope | Tag scope | string | |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string | |
| source | Source from which tags are synced. | string | Enum: Amazon, Azure, NSX, ANY |
| tag | Tag value | string |
TagInfoListResult (schema)
Paged Collection of Tags
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Tag info list results | array of TagInfo | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
TaggedObjectsListRequestParameters (schema)
TagInfo list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| enforcement_point_path | String Path of the enforcement point The path of the enforcement point from which the list of members needs to be fetched. Forward slashes must be escaped using %2F. |
string | |
| filter_text | Filter text to restrict tagged objects list with matching filter text. | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| scope | Tag scope | string | |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string | |
| tag | Tag value | string |
TaskProperties (schema)
Task properties
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| async_response_available | True if response for asynchronous request is available | boolean | Readonly |
| cancelable | True if this task can be canceled | boolean | Readonly |
| description | Description of the task | string | Readonly |
| end_time | The end time of the task in epoch milliseconds | EpochMsTimestamp | Readonly |
| id | Identifier for this task | string | Readonly |
| message | A message describing the disposition of the task | string | Readonly |
| progress | Task progress if known, from 0 to 100 | integer | Readonly Minimum: 0 Maximum: 100 |
| request_method | HTTP request method | string | Readonly |
| request_uri | URI of the method invocation that spawned this task | string | Readonly |
| start_time | The start time of the task in epoch milliseconds | EpochMsTimestamp | Readonly |
| status | Current status of the task | TaskStatus | Readonly |
| user | Name of the user who created this task | string | Readonly |
TaskStatus (schema)
Current status of the task
| Name | Description | Type | Notes |
|---|---|---|---|
| TaskStatus | Current status of the task | string | Enum: running, error, success, canceling, canceled, killed |
TcpHeader (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| dst_port | Destination port of tcp header | integer | Minimum: 0 Maximum: 65535 |
| src_port | Source port of tcp header | integer | Minimum: 0 Maximum: 65535 |
| tcp_flags | TCP flags (9bits) | integer | Minimum: 0 Maximum: 511 |
TcpMaximumSegmentSizeClamping (schema)
TCP MSS Clamping
TCP MSS Clamping Direction and Value.
| Name | Description | Type | Notes |
|---|---|---|---|
| direction | Maximum Segment Size Clamping Direction Specifies the traffic direction for which to apply MSS Clamping. |
string | Enum: NONE, INBOUND_CONNECTION, OUTBOUND_CONNECTION, BOTH Default: "NONE" |
| max_segment_size | Maximum Segment Size Value MSS defines the maximum amount of data that a host is willing to accept in a single TCP segment. This field is set in TCP header during connection establishment. To avoid packet fragmentation, you can set this field depending on uplink MTU and VPN overhead. This is an optional field and in case it is left unconfigured, best possible MSS value will be calculated based on effective mtu of uplink interface. Supported MSS range is 216 to 8960. |
integer | Minimum: 108 Maximum: 8902 |
Tier0 (schema)
Tier-0 configuration
Tier-0 configuration for external connectivity.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| advanced_config | Advanced configuration for tier-0 NSX specific configuration for tier-0 |
Tier0AdvancedConfig | |
| arp_limit | ARP limit per transport node Maximum number of ARP entries per transport node. |
int | Minimum: 5000 Maximum: 50000 |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildCommunityList ChildLocaleServices ChildPolicyDnsForwarder ChildPrefixList ChildStaticRoutes ChildTier0RouteMap |
|
| default_rule_logging | Enable logging for whitelisted rule Indicates if logging should be enabled for the default whitelisting rule. This field is deprecated and recommended to change Rule logging field. Note that this field is not synchronized with default logging field. |
boolean | Deprecated Default: "False" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| dhcp_config_paths | DHCP configuration for Segments connected to Tier-0 DHCP configuration for Segments connected to Tier-0. DHCP service is configured in relay mode. |
array of string | Minimum items: 0 Maximum items: 1 |
| disable_firewall | Disable gateway firewall Disable or enable gateway fiewall. |
boolean | Default: "False" |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| failover_mode | Failover mode Determines the behavior when a Tier-0 instance in ACTIVE-STANDBY high-availability mode restarts after a failure. If set to PREEMPTIVE, the preferred node will take over, even if it causes another failure. If set to NON_PREEMPTIVE, then the instance that restarted will remain secondary. This property is not used when the ha_mode property is set to ACTIVE_ACTIVE. Only applicable when edge cluster is configured in Tier0 locale-service. |
string | Enum: PREEMPTIVE, NON_PREEMPTIVE Default: "NON_PREEMPTIVE" |
| federation_config | Federation releated config Additional config for federation. |
FederationGatewayConfig | Readonly |
| force_whitelisting | Flag to add whitelisting FW rule during realization This field is deprecated and recommended to change Rule action field. Note that this field is not synchronized with default rule field. |
boolean | Deprecated Default: "False" |
| ha_mode | High-availability Mode for Tier-0 Specify high-availability mode for Tier-0. Default is ACTIVE_ACTIVE. When ha_mode is changed from ACTIVE_ACTIVE to ACTIVE_STANDBY, inter SR iBGP (in BGP) is disabled. Changing ha_mode from ACTIVE_STANDBY to ACTIVE_ACTIVE will enable inter SR iBGP (in BGP) and previously configured preferred edge nodes (in Tier0 locale-service) are removed. |
string | Enum: ACTIVE_ACTIVE, ACTIVE_STANDBY Default: "ACTIVE_ACTIVE" |
| id | Unique identifier of this resource | string | Sortable |
| internal_transit_subnets | Internal transit subnets in CIDR format Specify subnets that are used to assign addresses to logical links connecting service routers and distributed routers. Only IPv4 addresses are supported. When not specified, subnet 169.254.0.0/24 is assigned by default in ACTIVE_ACTIVE HA mode or 169.254.0.0/28 in ACTIVE_STANDBY mode. |
array of string | Maximum items: 1 |
| intersite_config | Inter site routing configuration Inter site routing configuration when the gateway is streched. |
IntersiteGatewayConfig | |
| ipv6_profile_paths | IPv6 NDRA and DAD profiles configuration IPv6 NDRA and DAD profiles configuration on Tier0. Either or both NDRA and/or DAD profiles can be configured. |
array of string | Minimum items: 0 Maximum items: 2 |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| rd_admin_field | Route distinguisher administrator address If you are using EVPN service, then route distinguisher administrator address should be defined if you need auto generation of route distinguisher on your VRF configuration. |
IPAddress | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value Tier0 | string | |
| stateful_services | Enable/disable stateful services For ACTIVE-ACTIVE, this is used to enable/disable stateful services. |
Tier0StatefulServicesConfig | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| transit_subnets | Transit subnets in CIDR format Specify transit subnets that are used to assign addresses to logical links connecting tier-0 and tier-1s. Both IPv4 and IPv6 addresses are supported. When not specified, subnet 100.64.0.0/16 is configured by default. When modifying, for stateful active-active Tier-0 number of IPs should be at least attached Tier-1s count * 16 and for other type of Tier-0 number of IPs should be at least attached Tier-1s count * 2. Modification not allowed if there are child tier-0 VRFs and there are any Tier-1s connected to those VRFs. The value in VRF tier-0 is always inherited from the parent. |
array of string | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| vrf_config | VRF config VRF config, required for VRF Tier0. |
Tier0VrfConfig | |
| vrf_transit_subnets | VRF transit subnets in CIDR format Specify subnets that are used to assign addresses to logical links connecting default T0 and child VRFs. When not specified, subnet 169.254.2.0/23 is assigned by default. |
array of string | Maximum items: 1 |
Tier0AdvancedConfig (schema)
Advanced configuration for tier-0
NSX specific configuration for tier-0
| Name | Description | Type | Notes |
|---|---|---|---|
| connectivity | Connectivity configuration Connectivity configuration to manually connect (ON) or disconnect (OFF) Tier-0/Tier1 segment from corresponding gateway. This property does not apply to VLAN backed segments. VLAN backed segments with connectivity OFF does not affect its layer-2 connectivity. |
string | Enum: ON, OFF Default: "ON" |
| forwarding_up_timer | Forwarding up timer Extra time in seconds the router must wait before sending the UP notification after the peer routing session is established. Default means forward immediately. VRF logical router will set it same as parent logical router. |
integer | Minimum: 0 Maximum: 300 Default: "0" |
Tier0DeploymentMap (schema)
Tier-0 Deployment Map
Binding of Tier-0 to the enforcement point.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enforcement_point | Absolute Path of Enforcement Point Path of enforcement point on which Tier-0 shall be deployed. |
string | Required |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value Tier0DeploymentMap | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
Tier0DeploymentMapListRequestParameters (schema)
Tier0 Deployment Map List Request Parameters
Tier Deployment Map list request parameters.
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
Tier0DeploymentMapListResult (schema)
Paged Collection of Tier-0 Deployment Map
Paged collection of Tier-0 Deployment Map.
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Tier-0 Deployment Maps Tier-0 Deployment Maps. |
array of Tier0DeploymentMap | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
Tier0GatewayState (schema)
Tier0 gateway state
| Name | Description | Type | Notes |
|---|---|---|---|
| auto_rds | Auto assigned Route Distingushers Object that holds auto assigned route distingushers for this gateway. |
AutoRds | |
| enforcement_point_path | Enforcement point path String Path of the enforcement point. When not specified, routes from all enforcement-points are returned. |
string | |
| ipv6_status | IPv6 DAD status for Tier0 interfaces IPv6 DAD status for interfaces configured on Tier0 |
array of IPv6Status | |
| tier0_state | Tier0 state Detailed realized state information for Tier0 |
LogicalRouterState | |
| tier0_status | Tier0 status Detailed realized status information for Tier0 |
LogicalRouterStatus | |
| transport_zone | Transport Zone Information Transport Zone information which got configured on Gateway. |
PolicyTransportZone |
Tier0HaVipConfig (schema)
Tier0 HA VIP Config
| Name | Description | Type | Notes |
|---|---|---|---|
| enabled | Flag to enable this HA VIP config. | boolean | Default: "True" |
| external_interface_paths | Policy paths to Tier0 external interfaces for providing redundancy Policy paths to Tier0 external interfaces which are to be paired to provide redundancy. Floating IP will be owned by one of these interfaces depending upon which edge node is Active. |
array of string | Required Minimum items: 2 |
| vip_subnets | VIP floating IP address subnets Array of IP address subnets which will be used as floating IP addresses. |
array of InterfaceSubnet | Required Minimum items: 1 Maximum items: 2 |
Tier0Interface (schema)
Tier-0 interface configuration
Tier-0 interface configuration for external connectivity.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| access_vlan_id | Vlan id Vlan id. |
VlanID | |
| admin_state | Flag to enable/disable admin_state of tier-0 service port This flag is used to enable/disable admin state on tier-0 service port. If admin_state flag value is not specified then default is UP. When set to UP then traffic on service port will be enabled and service port is enabled from routing perspective. When set to DOWN then traffic on service port will be disabled and service port is down from routing perspective. This flag is experimental because it will be used in V2T BYOT migration. This flag should not be set to UP or DOWN if EVPN is configured, and tier-0 LR is in A/S mode. Also this flag can not be set to UP or DOWN for service interfaces which are configured on vrf-lite. |
string | Enum: UP, DOWN |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| dhcp_relay_path | policy path of referenced dhcp-relay-config Policy path of dhcp-relay-config to be attached to this Interface. |
string | |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| edge_cluster_member_index | Association of interface with edge cluster member Specify association of interface with edge cluster member. This property is deprecated, use edge_path instead. When both properties are specifed, only edge_path property is used. |
int | Deprecated Minimum: 0 |
| edge_path | Policy path to edge node Policy path to edge node to handle external connectivity. Required when interface type is EXTERNAL. Edge path is required for service interface when tier0 is in ACTIVE_ACTIVE ha_mode. Edge path is required for VRF service interface when parent tier0 is in ACTIVE_ACTIVE ha_mode. |
string | |
| id | Unique identifier of this resource | string | Sortable |
| igmp_local_join_groups | IGMP local join groups configuration IGMP local join groups configuration. |
array of IPv4Address | |
| ipv6_profile_paths | IPv6 NDRA profile configuration Configuration IPv6 NDRA profile. Only one NDRA profile can be configured. |
array of string | Minimum items: 0 Maximum items: 1 |
| ls_id | Logical switch id to attach tier-0 interface Specify logical switch to which tier-0 interface is connected for external access. This property is deprecated, use segment_path instead. Both properties cannot be used together. |
string | Deprecated |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| mtu | MTU size Maximum transmission unit (MTU) specifies the size of the largest packet that a network protocol can transmit. |
int | Minimum: 64 |
| multicast | Multicast PIM configuration Multicast PIM configuration. |
Tier0InterfacePimConfig | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| ospf | OSPF configuration OSPF configuration. |
PolicyInterfaceOspfConfig | |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| proxy_arp_filters | List of proxy Address Resolution Protocol Filters Array of prefix lists used to specify filtering for ARP proxy. Prefixes in this array are used to configure ARP proxy entries on Tier-0 gateway (for uplinks). |
array of string | Minimum items: 0 Maximum items: 1 |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value Tier0Interface | string | |
| segment_path | Segment to attach tier-0 interface Specify Segment to which this interface is connected to. Either segment_path or ls_id property is required. |
string | |
| subnets | IP address and subnet specification for interface Specify IP address and network prefix for interface. |
array of InterfaceSubnet | Required Minimum items: 1 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| type | Interface type Interface type |
string | Enum: EXTERNAL, SERVICE, LOOPBACK, INTERVRF Default: "EXTERNAL" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| urpf_mode | Unicast Reverse Path Forwarding mode | string | Enum: NONE, STRICT Default: "STRICT" |
Tier0InterfaceGroup (schema)
Tier0 Interface group
Tier0 Interface group for interface grouping.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| members | Tier0/Tier1 interface memeber list List of interface reference. Interface must belong to same location. |
array of GatewayInterfaceReference | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value Tier0InterfaceGroup | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
Tier0InterfaceGroupListRequestParameters (schema)
Tier-0 Interface group list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
Tier0InterfaceGroupListResult (schema)
Paged collection of Tier-0 Interface groups
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Tier-0 Interface group list results | array of Tier0InterfaceGroup | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
Tier0InterfaceListRequestParameters (schema)
Tier-0 Interface list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
Tier0InterfaceListResult (schema)
Paged collection of Tier-0 Interfaces
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Tier-0 Interface list results | array of Tier0Interface | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
Tier0InterfacePimConfig (schema)
Multicast PIM configuration
Multicast PIM configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| enabled | enable/disable PIM configuration enable/disable PIM configuration. |
boolean | Default: "False" |
| hello_interval | PIM hello interval at interface level PIM hello interval(seconds) at interface level. |
int | Minimum: 1 Maximum: 180 Default: "30" |
| hold_interval | PIM hold interval at interface level PIM hold interval(seconds) at interface level. |
int | Minimum: 1 Maximum: 630 |
Tier0ListRequestParameters (schema)
Tier-0 list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
Tier0ListResult (schema)
Paged collection of Tier-0s
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Tier-0 list results | array of Tier0 | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
Tier0RouteMap (schema)
RouteMap for redistributing routes to BGP and other routing protocols
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| entries | Ordered list of route map entries Ordered list of route map entries. |
array of RouteMapEntry | Required Minimum items: 1 Maximum items: 1000 |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value Tier0RouteMap | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
Tier0RouteMapListResult (schema)
Paged collection of RouteMaps
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Tier0RouteMap results | array of Tier0RouteMap | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
Tier0RouteRedistributionConfig (schema)
Route Redistribution config
| Name | Description | Type | Notes |
|---|---|---|---|
| bgp_enabled | Flag to enable route redistribution for BGP. | boolean | Default: "True" |
| ospf_enabled | Flag to enable route redistribution for OSPF. | boolean | Default: "False" |
| redistribution_rules | List of redistribution rules.
|
array of Tier0RouteRedistributionRule | Minimum items: 0 Maximum items: 5 Default: "[]" |
Tier0RouteRedistributionRule (schema)
Single route redistribution rule
| Name | Description | Type | Notes |
|---|---|---|---|
| destinations | List of destination for a given redistribution rule Each rule can have more than one destinations. If destinations not specified for a given rule, default destionation will be BGP |
array of string | Enum: BGP, OSPF |
| name | Rule name | string | |
| route_map_path | Route map to be associated with the redistribution rule | string | |
| route_redistribution_types | List of redistribution types | array of Tier0RouteRedistributionTypes | Required |
Tier0RouteRedistributionTypes (schema)
Tier-0 route redistribution types
Tier-0 route redistribution types.
TIER0_STATIC: Redistribute user added static routes.
TIER0_CONNECTED: Redistribute all subnets configured on Interfaces and
routes related to TIER0_SEGMENT,
TIER0_DNS_FORWARDER_IP, TIER0_IPSEC_LOCAL_IP, TIER0_NAT types.
TIER1_STATIC: Redistribute all subnets and static routes advertised
by Tier-1s.
TIER0_EXTERNAL_INTERFACE: Redistribute external interface subnets
on Tier-0.
TIER0_LOOPBACK_INTERFACE: Redistribute loopback interface subnets
on Tier-0.
TIER0_SEGMENT: Redistribute subnets configured on Segments connected
to Tier-0.
TIER0_ROUTER_LINK: Redistribute router link port subnets on Tier-0
TIER0_SERVICE_INTERFACE: Redistribute Tier0 service interface subnets.
TIER0_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets.
TIER0_IPSEC_LOCAL_IP: Redistribute IPSec subnets.
TIER0_NAT: Redistribute NAT IPs owned by Tier-0.
TIER0_EVPN_TEP_IP: Redistribute EVPN local endpoint subnets on Tier-0.
TIER1_NAT: Redistribute NAT IPs advertised by Tier-1 instances.
TIER1_LB_VIP: Redistribute LB VIP IPs advertised by Tier-1 instances.
TIER1_LB_SNAT: Redistribute LB SNAT IPs advertised by Tier-1 instances.
TIER1_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets on Tier-1
instances.
TIER1_CONNECTED: Redistribute all subnets configured on Segments and
Service Interfaces.
TIER1_SERVICE_INTERFACE: Redistribute Tier1 service interface subnets.
TIER1_SEGMENT: Redistribute subnets configured on Segments connected
to Tier1.
TIER1_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint
subnets advertised by TIER1.
INTER_VRF_STATIC: Redistribute IPs advertised by TIER0/VRF instances
Route redistribution destination is BGP.
| Name | Description | Type | Notes |
|---|---|---|---|
| Tier0RouteRedistributionTypes | Tier-0 route redistribution types Tier-0 route redistribution types. TIER0_STATIC: Redistribute user added static routes. TIER0_CONNECTED: Redistribute all subnets configured on Interfaces and routes related to TIER0_SEGMENT, TIER0_DNS_FORWARDER_IP, TIER0_IPSEC_LOCAL_IP, TIER0_NAT types. TIER1_STATIC: Redistribute all subnets and static routes advertised by Tier-1s. TIER0_EXTERNAL_INTERFACE: Redistribute external interface subnets on Tier-0. TIER0_LOOPBACK_INTERFACE: Redistribute loopback interface subnets on Tier-0. TIER0_SEGMENT: Redistribute subnets configured on Segments connected to Tier-0. TIER0_ROUTER_LINK: Redistribute router link port subnets on Tier-0 TIER0_SERVICE_INTERFACE: Redistribute Tier0 service interface subnets. TIER0_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets. TIER0_IPSEC_LOCAL_IP: Redistribute IPSec subnets. TIER0_NAT: Redistribute NAT IPs owned by Tier-0. TIER0_EVPN_TEP_IP: Redistribute EVPN local endpoint subnets on Tier-0. TIER1_NAT: Redistribute NAT IPs advertised by Tier-1 instances. TIER1_LB_VIP: Redistribute LB VIP IPs advertised by Tier-1 instances. TIER1_LB_SNAT: Redistribute LB SNAT IPs advertised by Tier-1 instances. TIER1_DNS_FORWARDER_IP: Redistribute DNS forwarder subnets on Tier-1 instances. TIER1_CONNECTED: Redistribute all subnets configured on Segments and Service Interfaces. TIER1_SERVICE_INTERFACE: Redistribute Tier1 service interface subnets. TIER1_SEGMENT: Redistribute subnets configured on Segments connected to Tier1. TIER1_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint subnets advertised by TIER1. INTER_VRF_STATIC: Redistribute IPs advertised by TIER0/VRF instances Route redistribution destination is BGP. |
string | Enum: TIER0_STATIC, TIER0_CONNECTED, TIER0_EXTERNAL_INTERFACE, TIER0_SEGMENT, TIER0_ROUTER_LINK, TIER0_SERVICE_INTERFACE, TIER0_LOOPBACK_INTERFACE, TIER0_DNS_FORWARDER_IP, TIER0_IPSEC_LOCAL_IP, TIER0_NAT, TIER0_EVPN_TEP_IP, TIER1_NAT, TIER1_STATIC, TIER1_LB_VIP, TIER1_LB_SNAT, TIER1_DNS_FORWARDER_IP, TIER1_CONNECTED, TIER1_SERVICE_INTERFACE, TIER1_SEGMENT, TIER1_IPSEC_LOCAL_ENDPOINT, INTER_VRF_STATIC |
Tier0SecurityFeature (schema)
T0 Security feature entity with feature details
| Name | Description | Type | Notes |
|---|---|---|---|
| enable | Flag to enable/disable true - enable the feature, false - disable the feture |
boolean | Required Default: "False" |
| feature | Tier0SecurityFeaturesSupported | Required |
Tier0SecurityFeatures (schema)
T0 Security features entity with feature details
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| features | array of Tier0SecurityFeature | Required | |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value Tier0SecurityFeatures | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
Tier0SecurityFeaturesSupported (schema)
Collection of T0 supported security features
Feature to be enabled/disabled.
IDFW - Identity Firewall
Use any one of this to enable/disabe it.
| Name | Description | Type | Notes |
|---|---|---|---|
| Tier0SecurityFeaturesSupported | Collection of T0 supported security features Feature to be enabled/disabled. IDFW - Identity Firewall Use any one of this to enable/disabe it. |
string | Readonly Enum: IDFW |
Tier0StateRequestParameters (schema)
State request parameters for Tier0 gateway
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| enforcement_point_path | Enforcement point path String Path of the enforcement point. When not specified, routes from all enforcement-points are returned. |
string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| interface_path | Interface path for interface specific state such as IPv6 DAD state String Path of interface on current Tier0 gateway for interface specified state such as IPv6 DAD state. When not specified, IPv6 NDRA state from from all interfaces is returned. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string | |
| type | Returns specific information based on the value specified. Returns specific information based on the value specified. When not specified response include gateway state, status and DAD status from interfaces. |
string | Enum: GATEWAY_STATE, GATEWAY_STATUS, IPV6_STATUS |
Tier0StatefulServicesConfig (schema)
Tier0 stateful services config
Tier0 stateful services config to define stateful
| Name | Description | Type | Notes |
|---|---|---|---|
| enabled | Flag to enable ACTIVE-ACTIVE stateful services This is used to enable or disable ACTIVE-ACTIVE stateful services. |
boolean | Default: "False" |
| redirection_policy | Redirection policy configuration Redirection policy enum types for enaling stateful services IP_HASH: Hash Source IP or destination ip to redirect packet for load sharing and stateful services. NONE: Disable redirection. It requires user to define static traffic group per edge node and expects external router to forward return packet back to the same edge node. |
string | Enum: IP_HASH, NONE Default: "IP_HASH" |
Tier0VrfConfig (schema)
Tier-0 vrf configuration
Tier-0 vrf configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| evpn_l2_vni_config | VRF configurations required for EVPN service in ROUTE_SERVER mode. It is required for VRF to participate in the EVPN service in ROUTE_SERVER mode. |
VrfEvpnL2VniConfig | |
| evpn_transit_vni | L3 VNI associated with the VRF for overlay traffic L3 VNI associated with the VRF for overlay traffic of ethernet virtual private network (EVPN). It must be unique and available from the VNI pool defined for EVPN service. It is required for VRF to participate in the EVPN service in INLINE mode. |
int | |
| route_distinguisher | Route distinguisher Route distinguisher with format in IPAddress: |
string | |
| route_targets | Route targets Route targets. |
array of VrfRouteTargets | Minimum items: 1 Maximum items: 1 |
| tier0_path | Tier0 path Default tier0 path. Cannot be modified after realization. |
string | Required |
Tier1 (schema)
Tier-1
Tier-1 instance configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| arp_limit | ARP limit per transport node Maximum number of ARP entries per transport node. |
int | Minimum: 5000 Maximum: 50000 |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource (Abstract type: pass one of the following concrete types) ChildLocaleServices ChildPolicyDnsForwarder ChildSegment ChildStaticRoutes |
|
| default_rule_logging | Enable logging for whitelisted rule Indicates if logging should be enabled for the default whitelisting rule. This field is deprecated and recommended to change Rule logging field. Note that this field is not synchronized with default logging field. |
boolean | Deprecated Default: "False" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| dhcp_config_paths | DHCP configuration for Segments connected to Tier-1 DHCP configuration for Segments connected to Tier-1. DHCP service is enabled in relay mode. |
array of string | Minimum items: 0 Maximum items: 1 |
| disable_firewall | Disable gateway firewall Disable or enable gateway fiewall. |
boolean | Default: "False" |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enable_standby_relocation | Flag to enable standby service router relocation. Flag to enable standby service router relocation. Standby relocation is not enabled until edge cluster is configured for Tier1. |
boolean | Default: "False" |
| failover_mode | Failover mode Determines the behavior when a Tier-1 instance restarts after a failure. If set to PREEMPTIVE, the preferred node will take over, even if it causes another failure. If set to NON_PREEMPTIVE, then the instance that restarted will remain secondary. Only applicable when edge cluster is configured in Tier1 locale-service. |
string | Enum: PREEMPTIVE, NON_PREEMPTIVE Default: "NON_PREEMPTIVE" |
| federation_config | Federation releated config Additional config for federation. |
FederationGatewayConfig | Readonly |
| force_whitelisting | Flag to add whitelisting FW rule during realization This field is deprecated and recommended to change Rule action field. Note that this field is not synchornied with default rule field. |
boolean | Deprecated Default: "False" |
| ha_mode | High-availability Mode for Tier-1 Specify high-availability mode for Tier-1. |
string | Enum: ACTIVE_STANDBY, ACTIVE_ACTIVE |
| id | Unique identifier of this resource | string | Sortable |
| intersite_config | Inter site routing configuration Inter site routing configuration when the gateway is streched. |
IntersiteGatewayConfig | |
| ipv6_profile_paths | IPv6 NDRA and DAD profiles configuration Configuration IPv6 NDRA and DAD profiles. Either or both NDRA and/or DAD profiles can be configured. |
array of string | Minimum items: 0 Maximum items: 2 |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| pool_allocation | Edge node allocation size Supports edge node allocation at different sizes for routing and load balancer service to meet performance and scalability requirements. ROUTING: Allocate edge node to provide routing services. LB_SMALL, LB_MEDIUM, LB_LARGE, LB_XLARGE: Specify size of load balancer service that will be configured on TIER1 gateway. |
string | Enum: ROUTING, LB_SMALL, LB_MEDIUM, LB_LARGE, LB_XLARGE Default: "ROUTING" |
| qos_profile | Gateway QoS Profile configuration QoS Profile configuration for Tier1 router link connected to Tier0 gateway. |
GatewayQosProfileConfig | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value Tier1 | string | |
| route_advertisement_rules | Route advertisement rules and filtering | array of RouteAdvertisementRule | |
| route_advertisement_types | Enable different types of route advertisements Enable different types of route advertisements. When not specified, routes to IPSec VPN local-endpoint subnets (TIER1_IPSEC_LOCAL_ENDPOINT) are automatically advertised. |
array of Tier1RouteAdvertisentTypes | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tier0_path | Tier-1 connectivity to Tier-0 Specify Tier-1 connectivity to Tier-0 instance. |
string | |
| type | Tier1 type Tier1 connectivity type for reference. Property value is not validated with Tier1 configuration. ROUTED: Tier1 is connected to Tier0 gateway and routing is enabled. ISOLATED: Tier1 is not connected to any Tier0 gateway. NATTED: Tier1 is in ROUTED type with NAT configured locally. |
string | Enum: ROUTED, ISOLATED, NATTED |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
Tier1DeploymentMap (schema)
Tier-1 Deployment Map
Binding of Tier-1 to the enforcement point.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enforcement_point | Absolute path of Enforcement Point Path of enforcement point on which Tier-1 shall be deployed. |
string | Required |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value Tier1DeploymentMap | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
Tier1GatewayState (schema)
Tier1 gateway state
| Name | Description | Type | Notes |
|---|---|---|---|
| enforcement_point_path | Enforcement point path String Path of the enforcement point. When not specified, routes from all enforcement-points are returned. |
string | |
| ipv6_status | IPv6 DAD status for Tier1 interfaces IPv6 DAD status for interfaces configured on Tier1 |
array of IPv6Status | |
| tier1_state | Tier1 state Detailed realized state information for Tier1 |
LogicalRouterState | |
| tier1_status | Tier1 status Detailed realized status information for Tier1 |
LogicalRouterStatus | |
| transport_zone | Transport Zone Information Transport Zone information which got configured on Gateway. |
PolicyTransportZone |
Tier1Interface (schema)
Tier-1 interface configuration
Tier-1 interface configuration for attaching services.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| admin_state | Flag to enable/disable admin_state of tier-1 service port This flag is used to enable/disable admin state on tier-1 service port. If admin_state flag value is not specified then default is UP. When set to UP then traffic on service port will be enabled and service port is enabled from routing perspective. When set to DOWN then traffic on service port will be disabled and service port is down from routing perspective. This flag is experimental because it will be used in V2T BYOT migration. |
string | Enum: UP, DOWN |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| dhcp_relay_path | policy path of referenced dhcp-relay-config Policy path of dhcp-relay-config to be attached to this Interface. |
string | |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ipv6_profile_paths | IPv6 NDRA profile configuration Configrue IPv6 NDRA profile. Only one NDRA profile can be configured. |
array of string | Minimum items: 0 Maximum items: 1 |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| mtu | MTU size Maximum transmission unit (MTU) specifies the size of the largest packet that a network protocol can transmit. |
int | Minimum: 64 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value Tier1Interface | string | |
| segment_path | Policy path of Segment to attach interface Policy path of Segment to which interface is connected to. |
string | Required |
| subnets | IP address and subnet specification for interface Specify IP address and network prefix for interface. |
array of InterfaceSubnet | Required Minimum items: 1 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| urpf_mode | Unicast Reverse Path Forwarding mode | string | Enum: NONE, STRICT Default: "STRICT" |
Tier1InterfaceGroup (schema)
Tier1 Interface group
Tier1 Interface group for interface grouping.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| members | Tier0/Tier1 interface memeber list List of interface reference. Interface must belong to same location. |
array of GatewayInterfaceReference | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value Tier1InterfaceGroup | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| type | Interface group type Interface group type. It is readonly. Always type SERVICE. |
string | Readonly Enum: SERVICE Default: "SERVICE" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
Tier1InterfaceGroupListRequestParameters (schema)
Tier-1 Interface group list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
Tier1InterfaceGroupListResult (schema)
Paged collection of Tier-1 Interface groups
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Tier-1 Interface group list results | array of Tier1InterfaceGroup | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
Tier1InterfaceListResult (schema)
Paged collection of Tier-1 Interfaces
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Tier-1 Interface list results | array of Tier1Interface | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
Tier1ListRequestParameters (schema)
Tier-1 list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
Tier1ListResult (schema)
Paged collection of Tier-1 instances
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Tier-1 list results | array of Tier1 | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
Tier1RouteAdvertisentTypes (schema)
Control routes advertised by Tier-1 instance.
TIER1_STATIC_ROUTES: Advertise all STATIC routes.
TIER1_CONNECTED: Advertise all subnets configured on connected
Interfaces and Segments.
TIER1_NAT: Advertise all NAT IP addresses.
TIER1_LB_VIP: Advertise all Load-balancer VIPs.
TIER1_LB_SNAT: Advertise all Loadbalancer SNAT IP addresses.
TIER1_DNS_FORWARDER_IP: Advertise DNS forwarder source and listener IPs
TIER1_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint subnets.
| Name | Description | Type | Notes |
|---|---|---|---|
| Tier1RouteAdvertisentTypes | Control routes advertised by Tier-1 instance.
TIER1_STATIC_ROUTES: Advertise all STATIC routes. TIER1_CONNECTED: Advertise all subnets configured on connected Interfaces and Segments. TIER1_NAT: Advertise all NAT IP addresses. TIER1_LB_VIP: Advertise all Load-balancer VIPs. TIER1_LB_SNAT: Advertise all Loadbalancer SNAT IP addresses. TIER1_DNS_FORWARDER_IP: Advertise DNS forwarder source and listener IPs TIER1_IPSEC_LOCAL_ENDPOINT: Redistribute IPSec VPN local-endpoint subnets. |
string | Enum: TIER1_STATIC_ROUTES, TIER1_CONNECTED, TIER1_NAT, TIER1_LB_VIP, TIER1_LB_SNAT, TIER1_DNS_FORWARDER_IP, TIER1_IPSEC_LOCAL_ENDPOINT |
Tier1StateRequestParameters (schema)
State request parameters for Tier1 gateway
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| enforcement_point_path | Enforcement point path String Path of the enforcement point. When not specified, routes from all enforcement-points are returned. |
string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| interface_path | Interface path for interface specific state such as IPv6 DAD state String Path of interface on current Tier1 gateway for interface specified state such as IPv6 DAD state. When not specified, IPv6 NDRA state from from all interfaces is returned. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string | |
| type | Returns specific information based on the value specified. Returns specific information based on the value specified. When not specified response include gateway state, status and DAD status from interfaces. |
string | Enum: GATEWAY_STATE, GATEWAY_STATUS, IPV6_STATUS |
TimeRangeDropdownFilterWidgetConfiguration (schema)
Time Range Dropdown Filter widget Configuration
Represents configuration for dropdown filter widget for Time Range.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| alias | Alias to be used when emitting filter value Alias to be used when emitting filter value. |
string | |
| condition | Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally. |
string | Maximum length: 1024 |
| datasources | Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API. |
array of Datasource | Minimum items: 0 |
| default_filter_value | Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values. |
array of DefaultFilterValue | |
| default_value | Expression to specify default value Expression to specify default value of filter. |
string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title. |
string | Maximum length: 255 |
| drilldown_id | Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget. |
string | Maximum length: 255 |
| dropdown_filter_plot_config | Dropdown filter plotting configuration Dropdown filter plotting configuration. This plotting configuration will be applicable for the Dropdown filter only. |
DropdownFilterPlotConfiguration | |
| dropdown_item | Definition for item of a dropdown Defines the item of a dropdown. |
DropdownItem | |
| feature_set | Features required to view the widget Features required to view the widget. |
FeatureSet | |
| filter | Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property. |
string | Deprecated |
| filter_value_required | Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory. |
boolean | Default: "True" |
| filters | A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget. |
array of string | |
| footer | Footer | ||
| icons | Icons Icons to be applied at dashboard for widgets and UI elements. |
array of Icon | |
| id | Unique identifier of this resource | string | Sortable |
| is_drilldown | Set as a drilldown widget Set to true if this widget should be used as a drilldown. |
boolean | Default: "False" |
| legend | Legend for the widget Legend to be displayed. If legend is not needed, do not include it. |
Legend | |
| placeholder_msg | Placeholder message to be shown in filter Placeholder message to be displayed in dropdown filter. |
string | |
| plot_configs | List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here. |
array of WidgetPlotConfiguration | |
| resource_type | Must be set to the value TimeRangeDropdownFilterWidgetConfiguration | string | Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255 |
| rowspan | Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px. |
int | Minimum: 1 |
| shared | Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users. |
boolean | Deprecated |
| show_header | This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header. |
boolean | |
| span | Horizontal span Represents the horizontal span of the widget / container. |
int | Minimum: 1 Maximum: 12 |
| static_filter_condition | Expression for evaluating condition If the condition is met then the static filter will be added. If no condition is provided, then the static filters will be applied unconditionally. |
string | |
| static_filters | Additional static items to be added in dropdown filter Additional static items to be added in dropdown filter. Example can be 'ALL'. |
array of StaticFilter | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| time_range_filter_info | Definition for time range filter. Defines the time range filter configuration. |
TimeRangeFilterInfo | |
| weight | Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details. |
int | Deprecated |
TimeRangeFilterInfo (schema)
time range filter information
| Name | Description | Type | Notes |
|---|---|---|---|
| from_param_name | from parameter name for time range filter. from parameter name used for time range filter from date value. |
string | Maximum length: 1024 Default: "fromDate" |
| to_param_name | to parameter name for time range filter to parameter name used for time range filter to date value. |
string | Maximum length: 1024 Default: "toDate" |
| value_type | type of time range filter value type of time range filter value can be epoch, ISO date Format. |
string | Enum: EPOCH Default: "EPOCH" |
TlsCertificate (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| details | list of X509Certificates. | array of X509Certificate | Readonly |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| has_private_key | whether we have the private key for this certificate. | boolean | Required Readonly Default: "False" |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| pem_encoded | pem encoded certificate data. | string | Required |
| purpose | Purpose of this certificate. Can be empty or set to "signing-ca". | string | Readonly Enum: signing-ca |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value TlsCertificate | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tls_certificate_type | Classification of the TlsCertificate helps differentiate how a TlsCertificate could be
used for various components either as a client trust certificate; CERTIFICATE_CA, or as a server identity certificate; CERTIFICATE_SIGNED,or CERTIFICATE_SELF_SIGNED. |
string | Readonly Enum: CERTIFICATE_CA, CERTIFICATE_SIGNED, CERTIFICATE_SELF_SIGNED |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
TlsCertificateList (schema)
Certificate queries result
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | TlsCertificate list. | array of TlsCertificate | Required Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
TlsCiphers (schema)
TLS balanced cipher
| Name | Description | Type | Notes |
|---|---|---|---|
| TlsCiphers | TLS balanced cipher | string | Enum: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA |
TlsConfigProfileBindingMap (schema)
Policy TLS Config Profile binding map
This entity will be used to establish association between TLS Config
profile and Logical Routers.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| profile_path | Profile Path PolicyPath of associated Profile |
string | Required |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value TlsConfigProfileBindingMap | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
TlsConfigSettings (schema)
TLS config settings
Pre-defined config settings. Settings could be one of Balanced, High Fidelity, High Security, Custom
| Name | Description | Type | Notes |
|---|---|---|---|
| TlsConfigSettings | TLS config settings Pre-defined config settings. Settings could be one of Balanced, High Fidelity, High Security, Custom |
string | Required Enum: BALANCED, HIGH_FIDELITY, HIGH_SECURITY, CUSTOM |
TlsCrl (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| crl_type | Type of CRL The type of the CRL. It can be "OneCRL" or "X509" (default). |
string | Enum: OneCRL, X509 Default: "X509" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| details | Details of the X509Crl object Details of the X509Crl object. |
X509Crl | Readonly |
| details_revoked_by_issuer_and_serial_number | Certificates revoked by issuer and serial number | array of IssuerSerialNumber | Readonly |
| details_revoked_by_subject_and_public_key_hash | Certificates revoked by subject and public key hash | array of SubjectPublicKeyHash | Readonly |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| one_crl | JSON-encoded OneCRL-like object | string | |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| pem_encoded | Pem encoded crl data Pem encoded crl data. |
string | |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value TlsCrl | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
TlsCrlListResult (schema)
Paged Collection of TlsCrl
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | TlsCrl list results | array of TlsCrl | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
TlsCsr (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| algorithm | Cryptographic algorithm (asymmetric) used by the public key for data encryption. | string | Enum: RSA Default: "RSA" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| is_ca | Whether the CSR is for a CA certificate. | boolean | Default: "False" |
| key_size | Size measured in bits of the public key used in a cryptographic algorithm. | integer | Default: "4096" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| pem_encoded | PEM encoded certificate data. | string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value TlsCsr | string | |
| subject | The certificate owner's information. (CN, O, OU, C, ST, L) | Principal | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
TlsCsrListResult (schema)
Paged Collection of TlsCsr
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | TlsCsr list results | array of TlsCsr | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
TlsCsrWithDaysValid (schema)
CSR data with days valid
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| algorithm | Cryptographic algorithm (asymmetric) used by the public key for data encryption. | string | Enum: RSA Default: "RSA" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| days_valid | Number of days the certificate will be valid, default 825 days | integer | Minimum: 1 Maximum: 10000 Default: "825" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| is_ca | Whether the CSR is for a CA certificate. | boolean | Default: "False" |
| key_size | Size measured in bits of the public key used in a cryptographic algorithm. | integer | Default: "4096" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| pem_encoded | PEM encoded certificate data. | string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value TlsCsrWithDaysValid | string | |
| subject | The certificate owner's information. (CN, O, OU, C, ST, L) | Principal | Required |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
TlsInspectionExternalProfile (schema)
TLS inspection external profile
External inspection profile is used when the TLS connection is destined to a service not owned by the enterprise.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| attention | TLS Pre-defined settings mis-match Used to indicate an TLS version or Cipher version pre-defined settings mis-match. |
string | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| client_cipher_suite | List of cipher suites client supports Client's list of cipher suites. Required if CryptoEnforcement is ENFORCE. e.g. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. |
array of TlsCiphers | Maximum items: 128 Default: "['TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384', 'TLS_RSA_WITH_AES_128_GCM_SHA256', 'TLS_RSA_WITH_AES_128_CBC_SHA256', 'TLS_RSA_WITH_AES_256_GCM_SHA384', 'TLS_RSA_WITH_AES_256_CBC_SHA256']" |
| client_max_tls_version | Maximum TLS version client supports Client's maximum TLS version to enforce. Required if CryptoEnforcement is ENFORCE. Supported TLS versions are TLS1.1 and TLS1.2. |
TlsProtocol | Default: "TLS_V1_2" |
| client_min_tls_version | Minimum TLS version client supports Client's minimum TLS version to enforce. Required if CryptoEnforcement is ENFORCE. Supported TLS versions are TLS1.1 and TLS1.2. |
TlsProtocol | Default: "TLS_V1_1" |
| crls | Certificate Revocation List Ids Bypass profile - CRL is required if the "invalid_certificate" action is allow. External profile - CRL is always required. Internal profile - CRL is required if "certificate_validation" is turned on. |
array of string | Maximum items: 100 Default: "['/infra/crls/default_public_crl']" |
| crypto_enforcement | CryptoEnforcement | Default: "ENFORCE" | |
| decryption_fail_action | DecryptionFailAction | Default: "BYPASS" | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| idle_connection_timeout | Idle connection timeout in seconds Timeout the connection when kept idle. Default is 90 minutes. |
int | Minimum: 1 Maximum: 4320000 Default: "5400" |
| invalid_cert_action | InvalidCertificateAction | Default: "ALLOW" | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| ocsp_must_staple | Flag to enable/disable ocsp must staple true - enable the ocsp must staple, false - disable it. |
boolean | Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| proxy_trusted_ca_cert | Proxy trusted ca cert and key Proxy trusted ca cert and key used to issue valid ca certificate. This is the subordinate CA cert (referred to as Proxy CA) by the Enterprise Issuing CA. |
string | Required |
| proxy_untrusted_ca_cert | Proxy untrusted ca cert and key Proxy untrusted ca cert and key used to issue invalid ca certificate |
string | Required |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value TlsInspectionExternalProfile | string | Required Enum: TlsInspectionBypassProfile, TlsInspectionExternalProfile, TlsInspectionInternalProfile |
| server_cipher_suite | List of cipher suites server support Server's list of cipher suites. Required if CryptoEnforcement is ENFORCE. e.g. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. |
array of TlsCiphers | Maximum items: 128 Default: "['TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384', 'TLS_RSA_WITH_AES_128_GCM_SHA256', 'TLS_RSA_WITH_AES_128_CBC_SHA256', 'TLS_RSA_WITH_AES_256_GCM_SHA384', 'TLS_RSA_WITH_AES_256_CBC_SHA256']" |
| server_max_tls_version | Maximum TLS version server supports Server's maximum TLS version to enforce. Required if CryptoEnforcement is ENFORCE. Supported versions are TLS1.1 and TLS1.2. |
TlsProtocol | Default: "TLS_V1_2" |
| server_min_tls_version | Minimum TLS version server supports Server's minimum TLS version to enforce. Required if CryptoEnforcement is ENFORCE. Supported versions are TLS1.1 and TLS1.2. |
TlsProtocol | Default: "TLS_V1_1" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tls_config_setting | TlsConfigSettings | Default: "BALANCED" | |
| trusted_ca_bundles | List of CA bundle Ids Bypass profile - CA bundle is required if the "invalid_certificate" action is allow. External profile - CA bundle is always required. Internal profile - CA bundle is required if "certificate_validation" is turned on. |
array of string | Maximum items: 100 Default: "['/infra/cabundles/default_trusted_public_ca_bundle']" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
TlsInspectionInternalProfile (schema)
TLS inspection internal profile
Internal inspection Profile is used when the TLS connection is destined to a service not owned by the enterprise.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| attention | TLS Pre-defined settings mis-match Used to indicate an TLS version or Cipher version pre-defined settings mis-match. |
string | Readonly |
| certificate_validation | Flag to enable/disable certificate validation true - enable the certificate validation; false - disable it. |
boolean | Default: "False" |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| client_cipher_suite | List of cipher suites client supports Client's list of cipher suites. Required if CryptoEnforcement is ENFORCE. e.g. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. |
array of TlsCiphers | Maximum items: 128 Default: "['TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384', 'TLS_RSA_WITH_AES_128_GCM_SHA256', 'TLS_RSA_WITH_AES_128_CBC_SHA256', 'TLS_RSA_WITH_AES_256_GCM_SHA384', 'TLS_RSA_WITH_AES_256_CBC_SHA256']" |
| client_max_tls_version | Maximum TLS version client supports Client's maximum TLS version to enforce. Required if CryptoEnforcement is ENFORCE. Supported versions are TLS1.1 and TLS1.2. |
TlsProtocol | Default: "TLS_V1_2" |
| client_min_tls_version | Minimum TLS version client supports Client's minimum TLS version to enforce. Required if CryptoEnforcement is ENFORCE. Supported versions are TLS1.1 and TLS1.2. |
TlsProtocol | Default: "TLS_V1_1" |
| crls | Certificate Revocation List Ids Bypass profile - CRL is required if the "invalid_certificate" action is allow. External profile - CRL is always required. Internal profile - CRL is required if "certificate_validation" is turned on. |
array of string | Maximum items: 100 Default: "['/infra/crls/default_public_crl']" |
| crypto_enforcement | CryptoEnforcement | Default: "ENFORCE" | |
| decryption_fail_action | DecryptionFailAction | Default: "BYPASS" | |
| default_cert_key | One of the actual server certificate presented to the client Default server certificate presented to the user. |
string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| idle_connection_timeout | Idle connection timeout in seconds Timeout the connection when kept idle. Default is 90 minutes. |
int | Minimum: 1 Maximum: 4320000 Default: "5400" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| ocsp_must_staple | Flag to enable/disable ocsp must staple true - enable the ocsp must staple, false - disable it. |
boolean | Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value TlsInspectionInternalProfile | string | Required Enum: TlsInspectionBypassProfile, TlsInspectionExternalProfile, TlsInspectionInternalProfile |
| server_certs_key | Actual server certificate key Server certificate presented to the client. |
array of string | Required Maximum items: 100 |
| server_cipher_suite | List of cipher suites server support Server's list of cipher suites. Required if CryptoEnforcement is ENFORCE. e.g. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. |
array of TlsCiphers | Maximum items: 128 Default: "['TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA', 'TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256', 'TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384', 'TLS_RSA_WITH_AES_128_GCM_SHA256', 'TLS_RSA_WITH_AES_128_CBC_SHA256', 'TLS_RSA_WITH_AES_256_GCM_SHA384', 'TLS_RSA_WITH_AES_256_CBC_SHA256']" |
| server_max_tls_version | Maximum TLS version server supports Server's maximum TLS version to enforce. Required if CryptoEnforcement is ENFORCE. Supported versions are TLS1.0, TLS1.1 and TLS1.2 |
TlsProtocol | Default: "TLS_V1_2" |
| server_min_tls_version | Minimum TLS version server supports Server's minimum TLS version to enforce. Required if CryptoEnforcement is ENFORCE. supported versions are TLS1.1 and TLS1.2. |
TlsProtocol | Default: "TLS_V1_1" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tls_config_setting | TlsConfigSettings | Default: "BALANCED" | |
| trusted_ca_bundles | List of CA bundle Ids Bypass profile - CA bundle is required if the "invalid_certificate" action is allow. External profile - CA bundle is always required. Internal profile - CA bundle is required if "certificate_validation" is turned on. |
array of string | Maximum items: 100 Default: "['/infra/cabundles/default_trusted_public_ca_bundle']" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
TlsListenerCertificate (schema)
Remote TLS Listener Certificate
Returns the certificate and thumbprint of a remote TLS listener, if the
listener is running and accepting requests. If the certificate cannot be
retrieved, the result property describes the problem.
| Name | Description | Type | Notes |
|---|---|---|---|
| certificate | The certificate of the TLS listener The certificate of the TLS listener. |
X509Certificate | Readonly |
| result | Result of get certificate operation Result of get certificate operation. |
string | Enum: SUCCESS, CONNECTION_TIMEOUT, NO_ROUTE_TO_HOST, CONNECTION_REFUSED |
| thumbprint | The SHA-256 thumbprint of the TLS listener The SHA-256 thumbprint of the TLS listener. |
string | Readonly |
TlsListenerEndpointAddressRequestParameters (schema)
TLS Listener Endpoint Address Request Parameters
The hostname or IP, and TCP port number of the listener to connect to.
| Name | Description | Type | Notes |
|---|---|---|---|
| address | Host name or IP address of TLS listener Host name or IP address of TLS listener. |
string | Required Format: hostname-or-ip |
| port | TCP port number of the TLS listener TCP port number of the TLS listener |
int | Required Minimum: 0 Maximum: 65535 |
TlsPolicy (schema)
Contains ordered list of Rules for TLSPolicy
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| category | A way to classify a security policy, if needed. - Distributed Firewall - Policy framework provides five pre-defined categories for classifying a security policy. They are "Ethernet","Emergency", "Infrastructure" "Environment" and "Application". There is a pre-determined order in which the policy framework manages the priority of these security policies. Ethernet category is for supporting layer 2 firewall rules. The other four categories are applicable for layer 3 rules. Amongst them, the Emergency category has the highest priority followed by Infrastructure, Environment and then Application rules. Administrator can choose to categorize a security policy into the above categories or can choose to leave it empty. If empty it will have the least precedence w.r.t the above four categories. - Edge Firewall - Policy Framework for Edge Firewall provides six pre-defined categories "Emergency", "SystemRules", "SharedPreRules", "LocalGatewayRules", "AutoServiceRules" and "Default", in order of priority of rules. All categories are allowed for Gatetway Policies that belong to 'default' Domain. However, for user created domains, category is restricted to "SharedPreRules" or "LocalGatewayRules" only. Also, the users can add/modify/delete rules from only the "SharedPreRules" and "LocalGatewayRules" categories. If user doesn't specify the category then defaulted to "Rules". System generated category is used by NSX created rules, for example BFD rules. Autoplumbed category used by NSX verticals to autoplumb data path rules. Finally, "Default" category is the placeholder default rules with lowest in the order of priority. |
string | |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| comments | SecurityPolicy lock/unlock comments Comments for security policy lock/unlock. |
string | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| internal_sequence_number | Internal sequence number This field is to indicate the internal sequence number of a policy with respect to the policies across categories. |
int | Readonly |
| is_default | Default policy flag A flag to indicate whether policy is a default policy. |
boolean | Readonly |
| lock_modified_by | User who locked the security policy ID of the user who last modified the lock for the secruity policy. |
string | Readonly |
| lock_modified_time | SecuirtyPolicy locked/unlocked time SecurityPolicy locked/unlocked time in epoch milliseconds. |
EpochMsTimestamp | Readonly |
| locked | Lock a security policy Indicates whether a security policy should be locked. If the security policy is locked by a user, then no other user would be able to modify this security policy. Once the user releases the lock, other users can update this security policy. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value TlsPolicy | string | |
| rule_count | Rule count The count of rules in the policy. |
int | Readonly |
| rules | Rules that are a part of this TLSPolicy | array of TlsRule | |
| scheduler_path | Path to the scheduler for time based scheduling Provides a mechanism to apply the rules in this policy for a specified time duration. |
string | |
| scope | The list of group paths where the rules in this policy will get
applied. This scope will take precedence over rule level scope. Supported only for security and redirection policies. In case of RedirectionPolicy, it is expected only when the policy is NS and redirecting to service chain. |
array of string | Maximum items: 128 |
| sequence_number | Sequence number to resolve conflicts across Domains This field is used to resolve conflicts between security policies across domains. In order to change the sequence number of a policy one can fire a POST request on the policy entity with a query parameter action=revise The sequence number field will reflect the value of the computed sequence number upon execution of the above mentioned POST request. For scenarios where the administrator is using a template to update several security policies, the only way to set the sequence number is to explicitly specify the sequence number for each security policy. If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple policies with the same sequence number then their order is not deterministic. If a specific order of policies is desired, then one has to specify unique sequence numbers or use the POST request on the policy entity with a query parameter action=revise to let the framework assign a sequence number. The value of sequence number must be between 0 and 999,999. |
int | Minimum: 0 |
| stateful | Stateful nature of the entries within this security policy. Stateful or Stateless nature of security policy is enforced on all rules in this security policy. When it is stateful, the state of the network connects are tracked and a stateful packet inspection is performed. Layer3 security policies can be stateful or stateless. By default, they are stateful. Layer2 security policies can only be stateless. |
boolean | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tcp_strict | Enforce strict tcp handshake before allowing data packets Ensures that a 3 way TCP handshake is done before the data packets are sent. tcp_strict=true is supported only for stateful security policies. If the tcp_strict flag is not specified and the security policy is stateful, then tcp_strict will be set to true. |
boolean | |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
TlsProfile (schema)
This is an abstract type. Concrete child types:
TlsInspectionExternalProfile
TlsInspectionInternalProfile
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| attention | TLS Pre-defined settings mis-match Used to indicate an TLS version or Cipher version pre-defined settings mis-match. |
string | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| crls | Certificate Revocation List Ids Bypass profile - CRL is required if the "invalid_certificate" action is allow. External profile - CRL is always required. Internal profile - CRL is required if "certificate_validation" is turned on. |
array of string | Maximum items: 100 Default: "['/infra/crls/default_public_crl']" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| idle_connection_timeout | Idle connection timeout in seconds Timeout the connection when kept idle. Default is 90 minutes. |
int | Minimum: 1 Maximum: 4320000 Default: "5400" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value TlsProfile | string | Required Enum: TlsInspectionBypassProfile, TlsInspectionExternalProfile, TlsInspectionInternalProfile |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| trusted_ca_bundles | List of CA bundle Ids Bypass profile - CA bundle is required if the "invalid_certificate" action is allow. External profile - CA bundle is always required. Internal profile - CA bundle is required if "certificate_validation" is turned on. |
array of string | Maximum items: 100 Default: "['/infra/cabundles/default_trusted_public_ca_bundle']" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
TlsProtocol (schema)
TLS protocol
| Name | Description | Type | Notes |
|---|---|---|---|
| TlsProtocol | TLS protocol | string | Enum: TLS_V1_2, TLS_V1_1, TLS_V1_0 |
TlsRule (schema)
A rule specifies the TLS policy rule between the workload groups
A rule indicates the decryption actions to be performed for various types of traffic flowing between workload groups.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| destination_groups | Destination group paths We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| destinations_excluded | Negation of destination groups If set to true, the rule gets applied on all the groups that are NOT part of the destination groups. If false, the rule applies to the destination groups |
boolean | Default: "False" |
| direction | Direction Define direction of traffic. |
string | Enum: IN, OUT, IN_OUT Default: "IN_OUT" |
| disabled | Flag to disable the rule Flag to disable the rule. Default is enabled. |
boolean | Default: "False" |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| ip_protocol | IPv4 vs IPv6 packet type Type of IP packet that should be matched while enforcing the rule. The value is set to IPV4_IPV6 for Layer3 rule if not specified. For Layer2/Ether rule the value must be null. |
string | Enum: IPV4, IPV6, IPV4_IPV6 |
| is_default | Default rule flag A flag to indicate whether rule is a default rule. |
boolean | Readonly |
| logged | Enable logging flag Flag to enable packet logging. Default is disabled. |
boolean | Default: "False" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| notes | Text for additional notes on changes Text for additional notes on changes. |
string | Maximum length: 2048 |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| profiles | Layer 7 service profiles or TLS action profile Holds the list of layer 7 service profile paths. These profiles accept attributes and sub-attributes of various network services (e.g. L4 AppId, encryption algorithm, domain name, etc) as key value pairs. Instead of Layer 7 service profiles you can use a L7 access profile. One of either Layer 7 service profiles or L7 Access Profile can be used in firewall rule. In case of L7 access profile only one is allowed. |
array of string | Maximum items: 128 |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value TlsRule | string | |
| rule_id | Unique rule ID This is a unique 4 byte positive number that is assigned by the system. This rule id is passed all the way down to the data path. The first 1GB (1000 to 2^30) will be shared by GM and LM with zebra style striped number space. For E.g 1000 to (1Million -1) by LM, (1M - 2M-1) by GM and so on. |
integer | Readonly |
| scope | The list of policy paths where the rule is applied
LR/Edge/T0/T1/LRP etc. Note that a given rule can be applied on multiple LRs/LRPs. |
array of string | Maximum items: 128 |
| sequence_number | Sequence number of the this Rule This field is used to resolve conflicts between multiple Rules under Security or Gateway Policy for a Domain If no sequence number is specified in the payload, a value of 0 is assigned by default. If there are multiple rules with the same sequence number then their order is not deterministic. If a specific order of rules is desired, then one has to specify unique sequence numbers or use the POST request on the rule entity with a query parameter action=revise to let the framework assign a sequence number |
int | Minimum: 0 |
| service_entries | Raw services In order to specify raw services this can be used, along with services which contains path to services. This can be empty or null. |
array of ServiceEntry (Abstract type: pass one of the following concrete types) ALGTypeServiceEntry EtherTypeServiceEntry ICMPTypeServiceEntry IGMPTypeServiceEntry IPProtocolServiceEntry L4PortSetServiceEntry NestedServiceServiceEntry |
Maximum items: 128 |
| services | Names of services In order to specify all services, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the services array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| source_groups | Source group paths We need paths as duplicate names may exist for groups under different domains. Along with paths we support IP Address of type IPv4 and IPv6. IP Address can be in one of the format(CIDR, IP Address, Range of IP Address). In order to specify all groups, use the constant "ANY". This is case insensitive. If "ANY" is used, it should be the ONLY element in the group array. Error will be thrown if ANY is used in conjunction with other values. |
array of string | Maximum items: 128 |
| sources_excluded | Negation of source groups If set to true, the rule gets applied on all the groups that are NOT part of the source groups. If false, the rule applies to the source groups |
boolean | Default: "False" |
| tag | Tag applied on the rule User level field which will be printed in CLI and packet logs. Even though there is no limitation on length of a tag, internally tag will get truncated after 32 characters. |
string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| tls_profile | TLS inspection action profile path TLS profile path. |
string | Required |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
TlsServiceEndpoint (schema)
TLS service endpoint
The hostname or IP and port number of a TLS service endpoint.
| Name | Description | Type | Notes |
|---|---|---|---|
| host | Hostname or IP of the endpoint The hostname or IP address of the TLS service endpoint. |
string | Format: hostname-or-ip |
| port | TCP port number The TCP port number of the endpoint. |
int | Minimum: 0 Maximum: 65535 |
TlsTrustData (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| key_algo | Key algorithm contained in this certificate. | string | |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| passphrase | Password for private key encryption. | secure_string | |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| pem_encoded | pem encoded certificate data. | string | Required |
| private_key | private key data | secure_string | |
| purpose | Purpose of this certificate. Can be empty or set to "signing-ca". | string | Enum: signing-ca |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value TlsTrustData | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
TokenBasedPrincipalIdentity (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| is_protected | Protection indicator Indicator whether the entities created by this principal should be protected. |
boolean | |
| name | Name Name of the principal. This will be matched to the name provided in the token. |
string | Required Maximum length: 255 Pattern: "^[a-zA-Z0-9]+([-._@]?[a-zA-Z0-9]+)*$" |
| node_id | Unique node-id Unique node-id of a principal. This is used primarily in the case where a cluster of nodes is used to make calls to the NSX Manager and the same 'name' is used so that the nodes can access and modify the same data while still accessing NSX through their individual secret (certificate or JWT). In all other cases this can be any string. |
string | Required Maximum length: 255 Pattern: "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$" |
| resource_type | Must be set to the value TokenBasedPrincipalIdentity | string | |
| roles_for_paths | Roles for Paths The roles that are associated with this PI, limiting them to a path. In case the path is '/', the roles apply everywhere. |
array of RolesForPath | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
TokenBasedPrincipalIdentityListResult (schema)
Token-based PrincipalIdentity query result
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | TokenBasedPrincipalIdentity list. | array of TokenBasedPrincipalIdentity | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
Tooltip (schema)
Tooltip
Tooltip to be shown while hovering over the dashboard UI element.
| Name | Description | Type | Notes |
|---|---|---|---|
| condition | Expression for evaluating condition If the condition is met then the tooltip will be applied. If no condition is provided, then the tooltip will be applied unconditionally. Examples of expression syntax are provided under 'example_request' section of 'CreateWidgetConfiguration' API. |
string | Maximum length: 1024 |
| heading | Tooltip will be treated as header. If true, displays tooltip text in bold |
boolean | |
| text | Textbox shown at tooltip Text to be shown on tooltip while hovering over UI element. The text would be wrapped if it exceeds 80 chars. |
string | Required Maximum length: 1024 |
Traceflow (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| analysis | Traceflow result analysis notes | array of string | Readonly |
| counters | observation counters | TraceflowObservationCounters | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | The id of the traceflow round | string | Required Readonly |
| logical_counters | counters of observations from logical components | TraceflowObservationCounters | Readonly |
| lport_id | id of the source logical port used for injecting the traceflow packet | string | Readonly |
| operation_state | Represents the traceflow operation state | string | Required Readonly Enum: IN_PROGRESS, FINISHED, FAILED |
| request_status | Traceflow request status The status of the traceflow RPC request. SUCCESS - The traceflow request is sent successfully. TIMEOUT - The traceflow request gets timeout. SOURCE_PORT_NOT_FOUND - The source port of the request cannot be found. DATA_PATH_NOT_READY - The datapath component cannot be ready to receive request. CONNECTION_ERROR - There is connection error on datapath component. UNKNOWN - The status of traceflow request cannot be determined. |
string | Readonly Enum: SUCCESS, TIMEOUT, SOURCE_PORT_NOT_FOUND, DATA_PATH_NOT_READY, CONNECTION_ERROR, UNKNOWN |
| resource_type | Must be set to the value Traceflow | string | |
| result_overflowed | A flag, when set true, indicates some observations were deleted from the result set. | boolean | Readonly |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | Timeout (in ms) for traceflow observations result list Maximum time (in ms) the management plane will be waiting for this traceflow round. Upper limit for federation case is 90000, for non-federation case is 15000, the maximum is set to 90000 as the higher of the two cases. |
integer | Readonly Minimum: 5000 Maximum: 90000 |
TraceflowComponentSubType (schema)
This field specifies the traceflow component sub type that reports the observation
LR_TIER0
- Tier-0 Gateway
LR_TIER1
- Tier-1 Gateway
LR_VRF_TIER0
- Tier-0 VRF Gateway
LS_TRANSIT
- Transit Switch
SI_CLASSIFIER
- Service Insertion Classifier
SI_PROXY
- Service Insertion Proxy
VDR
- Virtual Distributed Router
ENI
- Elastic Network Interface
AWS_GATEWAY
- Amazon Gateway
TGW_ROUTE
- Transit Gateway
EDGE_UPLINK
- Edge Uplink
DELL_GATEWAY
- Dell Gateway
LGW_ROUTE
- Local Gateway
LR_KNI
- Kernel NIC Interface
UNKNOWN
- Unknown component sub type
| Name | Description | Type | Notes |
|---|---|---|---|
| TraceflowComponentSubType | This field specifies the traceflow component sub type that reports the observation
LR_TIER0 - Tier-0 Gateway LR_TIER1 - Tier-1 Gateway LR_VRF_TIER0 - Tier-0 VRF Gateway LS_TRANSIT - Transit Switch SI_CLASSIFIER - Service Insertion Classifier SI_PROXY - Service Insertion Proxy VDR - Virtual Distributed Router ENI - Elastic Network Interface AWS_GATEWAY - Amazon Gateway TGW_ROUTE - Transit Gateway EDGE_UPLINK - Edge Uplink DELL_GATEWAY - Dell Gateway LGW_ROUTE - Local Gateway LR_KNI - Kernel NIC Interface UNKNOWN - Unknown component sub type |
string | Readonly Enum: LR_TIER0, LR_TIER1, LR_VRF_TIER0, LS_TRANSIT, SI_CLASSIFIER, SI_PROXY, VDR, ENI, AWS_GATEWAY, TGW_ROUTE, EDGE_UPLINK, DELL_GATEWAY, LGW_ROUTE, LR_KNI, UNKNOWN |
TraceflowComponentType (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| TraceflowComponentType | string | Enum: PHYSICAL, LR, LS, DFW, BRIDGE, EDGE_TUNNEL, EDGE_HOSTSWITCH, FW_BRIDGE, EDGE_RTEP_TUNNEL, LOAD_BALANCER, NAT, IPSEC, SERVICE_INSERTION, VMC, SPOOFGUARD, EDGE_FW, DLB, ANTREA_SPOOFGUARD, ANTREA_LB, ANTREA_ROUTING, ANTREA_DFW, ANTREA_FORWARDING, HOST_SWITCH, UNKNOWN |
TraceflowConfig (schema)
Traceflow configuration
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| is_transient | Marker to indicate if intent is transient This field indicates if intent is transient and will be cleaned up by the system if set to true |
boolean | Default: "True" |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| packet | Packet configuration Configuration of packet data |
PacketData (Abstract type: pass one of the following concrete types) BinaryPacketData FieldsPacketData |
Required |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value TraceflowConfig | string | |
| segment_port_path | Segment Port Path or UUID Policy path or UUID of segment port to start traceflow from. Auto-plumbed ports don't have corresponding policy path. Ports auto-created by policy as part of connecting segment to Tier-0 or Tier-1 or DHCP server cannot be used. UUID is validated for syntax only. This configuration will be cleaned up by the system after two hours of inactivity. |
string | Deprecated |
| source_id | Segment Port Path or UUID Policy path or UUID of segment port to start traceflow from. Auto-plumbed ports don't have corresponding policy path. UUID is validated for syntax only. This configuration will be cleaned up by the system after two hours of inactivity. |
string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| timeout | Timeout for traceflow observation results Maximum time in seconds the management plane will wait for observation result to be generated. The default, minimum and maximum timeout values, in seconds, for: Single site environment - minimum 5, default 10, maximum 15. Federated enviroment - minimum 15, default 30, maximum 60. These values are validated by the system based on type of environment. |
integer | Minimum: 5 Maximum: 60 Default: "10" |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
TraceflowConfigListResult (schema)
Paged Collection of TraceflowConfigs
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | TraceflowConfig list results | array of TraceflowConfig | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
TraceflowObservation (schema)
This is an abstract type. Concrete child types:
PolicyTraceflowObservationDelivered
PolicyTraceflowObservationDropped
PolicyTraceflowObservationDroppedLogical
PolicyTraceflowObservationForwardedLogical
PolicyTraceflowObservationReceivedLogical
PolicyTraceflowObservationRelayedLogical
TraceflowObservationDelivered
TraceflowObservationDropped
TraceflowObservationDroppedLogical
TraceflowObservationForwarded
TraceflowObservationForwardedLogical
TraceflowObservationProtected
TraceflowObservationReceived
TraceflowObservationReceivedLogical
TraceflowObservationRelayedLogical
TraceflowObservationReplicationLogical
| Name | Description | Type | Notes |
|---|---|---|---|
| component_name | The name of the component that issued the observation. | string | Readonly |
| component_sub_type | The sub type of the component that issued the observation. | TraceflowComponentSubType | Readonly |
| component_type | The type of the component that issued the observation. | TraceflowComponentType | Readonly |
| resource_type | TraceflowObservationType | Required Default: "TraceflowObservationReceived" |
|
| sequence_no | the sequence number is the traceflow observation hop count the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation. |
integer | Required Readonly |
| site_path | Policy path of the federated site This field contains the site path where this observation was generated. |
string | Readonly |
| timestamp | Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (milliseconds epoch) |
EpochMsTimestamp | Readonly |
| timestamp_micro | Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (microseconds epoch) |
integer | Readonly |
| transport_node_id | id of the transport node that observed a traceflow packet | string | Readonly |
| transport_node_name | name of the transport node that observed a traceflow packet | string | Readonly |
| transport_node_type | type of the transport node that observed a traceflow packet | TransportNodeType | Readonly |
TraceflowObservationCounters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| delivered_count | Delivered observation count Total number of delivered observations for this traceflow round. |
integer | Readonly |
| dropped_count | Dropped observation count Total number of dropped observations for this round. |
integer | Readonly |
| forwarded_count | Forwarded observation count Total number of forwarded observations for this traceflow round. |
integer | Readonly |
| protected_count | Protected observation count Total number of protected observations for this traceflow round, which current user does not have access. |
integer | Readonly |
| received_count | Received observation count Total number of received observations for this traceflow round. |
integer | Readonly |
TraceflowObservationDelivered (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| component_name | The name of the component that issued the observation. | string | Readonly |
| component_sub_type | The sub type of the component that issued the observation. | TraceflowComponentSubType | Readonly |
| component_type | The type of the component that issued the observation. | TraceflowComponentType | Readonly |
| lport_id | The id of the logical port into which the traceflow packet was delivered | string | Readonly |
| lport_name | The name of the logical port into which the traceflow packet was delivered | string | Readonly |
| resolution_type | The resolution type of the delivered message for ARP This field specifies the resolution type of ARP ARP_SUPPRESSION_PORT_CACHE - ARP request is suppressed by IP table. ARP_SUPPRESSION_TABLE - ARP request is suppressed by ARP table. ARP_SUPPRESSION_CP_QUERY - ARP request is suppressed by info derived from CP. ARP_VM - No suppression and the ARP request is resolved by VM. ARP_LRP - No suppression and the ARP request is resolved by logical router. |
string | Readonly Enum: UNKNOWN, ARP_SUPPRESSION_PORT_CACHE, ARP_SUPPRESSION_TABLE, ARP_SUPPRESSION_CP_QUERY, ARP_VM, ARP_LRP |
| resource_type | Must be set to the value TraceflowObservationDelivered | TraceflowObservationType | Required Default: "TraceflowObservationReceived" |
| sequence_no | the sequence number is the traceflow observation hop count the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation. |
integer | Required Readonly |
| site_path | Policy path of the federated site This field contains the site path where this observation was generated. |
string | Readonly |
| target_mac | MAC address of the resolved IP by ARP The source MAC address of form: "^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$". For example: 00:00:00:00:00:00. |
string | Readonly |
| timestamp | Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (milliseconds epoch) |
EpochMsTimestamp | Readonly |
| timestamp_micro | Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (microseconds epoch) |
integer | Readonly |
| transport_node_id | id of the transport node that observed a traceflow packet | string | Readonly |
| transport_node_name | name of the transport node that observed a traceflow packet | string | Readonly |
| transport_node_type | type of the transport node that observed a traceflow packet | TransportNodeType | Readonly |
| vlan_id | VLAN on bridged network | VlanID |
TraceflowObservationDropped (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| acl_rule_id | The id of the L3 firewall rule that was applied to drop the traceflow packet This field is specified when the traceflow packet matched a L3 firewall rule. |
integer | Readonly |
| arp_fail_reason | The detailed drop reason of ARP traceflow packet This field specifies the ARP fails reason ARP_TIMEOUT - ARP failure due to query control plane timeout ARP_CPFAIL - ARP failure due post ARP query message to control plane failure ARP_FROMCP - ARP failure due to deleting ARP entry from control plane ARP_PORTDESTROY - ARP failure due to port destruction ARP_TABLEDESTROY - ARP failure due to ARP table destruction ARP_NETDESTROY - ARP failure due to overlay network destruction |
string | Readonly Enum: ARP_UNKNOWN, ARP_TIMEOUT, ARP_CPFAIL, ARP_FROMCP, ARP_PORTDESTROY, ARP_TABLEDESTROY, ARP_NETDESTROY |
| component_name | The name of the component that issued the observation. | string | Readonly |
| component_sub_type | The sub type of the component that issued the observation. | TraceflowComponentSubType | Readonly |
| component_type | The type of the component that issued the observation. | TraceflowComponentType | Readonly |
| ipsec_fail_reason | The detailed drop reason of IPSec VPN traceflow packet This field specifies the IPSec VPN fails reason IPSEC_SA_NOT_FOUND - IPSec SA required for processing the packet does not exist IPSEC_UDP_ENC_STATE_MISMATCH - ESP packet is UDP encapsulated but IPsec SA does not expect UDP encapsulation IPSEC_SEQ_ROLLOVER - IPSec SA sequence number has exceeded the maximum value IPSEC_FRAG_NEEDED - Received packet has DF bit set in IP header but requires fragmentation due to ESP encapsulation IPSEC_TUN_IFACE_DOWN - IPSec tunnel interface is down IPSEC_POLICY_NOMATCH - Received packet does not match IPSec policy IPSEC_POLICY_BLOCK - IPSec packet processing failed IPSEC_POLICY_ERROR - IPSec packet processing failed IPSEC_REPLAY_SEQ_NUM_REPEAT - IPSec packet is dropped due to replay IPSEC_REPLAY_RECV_DELAY - IPSec packet is dropped due to replay IPSEC_REPLAY_PROC_DELAY - IPSec packet is dropped due to replay IPSEC_ZERO_SEQ_NUM_RECVD - ESP packet is received with sequence number as zero IPSEC_ENQUEUE_FAIL - Packet processing failed during crypto operation IPSEC_AUTH_DGST_MISMATCH - Packet integrity check failed due to digest mismatch IPSEC_AUTH_DGST_SIZE_MISMATCH - Packet integrity check failed due to invalid digest length IPSEC_AUTH_UNSUPPORTED_ALGO - Packet integrity check failed due to unsupported hash algorithm IPSEC_CRYPTO_FAIL - Packet processing failed during crypto operation IPSEC_CRYPTO_PROC_INCOMPLETE - Packet processing failed during crypto operation IPSEC_CRYPTO_SESSION_INV - Packet processing failed during crypto operation IPSEC_CRYPTO_ARGS_INV - Packet processing failed during crypto operation IPSEC_CRYPTO_PROC_ERROR - Packet processing failed during crypto operation IPSEC_CRYPTO_NO_BUF_SPACE - Packet processing failed during crypto operation IPSEC_CRYPTO_UNSUPPORTED_CIPHER - Packet processing failed during crypto operation IPSEC_MALFORMED - Received ESP packet is malformed IPSEC_MALFORMED_INV_PADDING - Received ESP packet is malformed IPSEC_PADDING_REMOVAL_FAILED - Received ESP packet is malformed IPSEC_INNER_MALFORMED - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_IP - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_UDP - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_TCP - IP packet after ESP decryption is malformed IPSEC_UNKNOWN - IPSec VPN failure reason is unknown |
string | Readonly Enum: IPSEC_SA_NOT_FOUND, IPSEC_UDP_ENC_STATE_MISMATCH, IPSEC_SEQ_ROLLOVER, IPSEC_FRAG_NEEDED, IPSEC_TUN_IFACE_DOWN, IPSEC_POLICY_NOMATCH, IPSEC_POLICY_BLOCK, IPSEC_POLICY_ERROR, IPSEC_REPLAY_SEQ_NUM_REPEAT, IPSEC_REPLAY_RECV_DELAY, IPSEC_REPLAY_PROC_DELAY, IPSEC_ZERO_SEQ_NUM_RECVD, IPSEC_ENQUEUE_FAIL, IPSEC_AUTH_DGST_MISMATCH, IPSEC_AUTH_DGST_SIZE_MISMATCH, IPSEC_AUTH_UNSUPPORTED_ALGO, IPSEC_CRYPTO_FAIL, IPSEC_CRYPTO_PROC_INCOMPLETE, IPSEC_CRYPTO_SESSION_INV, IPSEC_CRYPTO_ARGS_INV, IPSEC_CRYPTO_PROC_ERROR, IPSEC_CRYPTO_NO_BUF_SPACE, IPSEC_CRYPTO_UNSUPPORTED_CIPHER, IPSEC_MALFORMED, IPSEC_MALFORMED_INV_PADDING, IPSEC_PADDING_REMOVAL_FAILED, IPSEC_INNER_MALFORMED, IPSEC_INNER_MALFORMED_IP, IPSEC_INNER_MALFORMED_UDP, IPSEC_INNER_MALFORMED_TCP, IPSEC_UNKNOWN |
| jumpto_rule_id | The ID of the jump-to rule that was applied to the traceflow packet This field is specified when the traceflow packet matched a jump-to rule. |
integer | Readonly |
| l2_rule_id | The ID of the l2 rule that was applied to the traceflow packet This field is specified when the traceflow packet matched a l2 rule. |
integer | Readonly |
| lport_id | The id of the logical port at which the traceflow packet was dropped | string | Readonly |
| lport_name | The name of the logical port at which the traceflow packet was dropped | string | Readonly |
| nat_rule_id | The ID of the NAT rule that was applied to drop the traceflow packet This field is specified when the traceflow packet matched a NAT rule. |
integer | Readonly |
| reason | The reason traceflow packet was dropped This field specifies the drop reason of traceflow packet. ARP_FAIL - ARP request fails for some reasons, please refer arp_fail_reason for detail BFD - BFD packet is dropped because traversed by non-operative interface or encountering internal error (e.g., memory insufficient) BROADCAST - Packet is dropped during traversing the interface (e.g., Edge uplink, Edge centralized service port) which disallow ethernet broadcast DHCP - DHCP packet is malformed DLB - The packet is disallowed by distributed load balancing FW_RULE - The packet matches a drop or reject rule of DFW or Edge firewall GENEVE - GENEVE packet is malformed GRE - GRE packet is malformed or traverses a non-operative interface IFACE - Packet traverses a non-operative interface IP - Packet is dropped because of IP related causes (e.g., ICMPv4/ICMPv6 packet is malformed, or DF flag is set but fragment must be performed for the packet) or corresponding interface is not found or inoperative IP_REASS - Packet is dropped during IP reassembly IPSEC - IPsec protocol related packet is dropped IPSEC_VTI - IPsec required SA is not found or traversing inoperative interface cause packet dropped L2VPN - VLAN id of GRE packet is invalid L4PORT - Layer 4 packet (e.g., BFD, DHCP) is dropped LB - Packet is dropped by load balancing rule LROUTER - Packet is dropped by logical router LSERVICE - Packet is malformed or traverses inoperative logical service interface LSWITCH - Packet is dropped by logical switch MANAGEMENT - Packet is dropped by Edge datapath MANAGEMENT service port MD_PROXY - Packet is dropped by metadata proxy NAT - Packet is dropped by NAT rule RTEP_TUNNEL - Unused drop reason ND_NS_FAIL - Neighbor Discovery packet fails NEIGH - ARP or Neighbor Discovery packet fails NO_EIP_FOUND - Destination IP is not an elastic IP NO_EIP_ASSOCIATION - Elastic IP is not associated with active edge VDR ENI NO_ENI_FOR_IP - There is no ENI found for the destination IP NO_ENI_FOR_LIF - Cannot find an ENI associated with uplink LIF NO_ROUTE - Cannot find route for destination IP NO_ROUTE_TABLE_FOUND - Cannot find associated route table NO_UNDERLAY_ROUTE_FOUND - Cannot find AWS route to destination NOT_VDR_DOWNLINK - Packet is not forwarded to VMC unmanaged VDR downlink NO_VDR_FOUND - VMC unmanaged VDR associated with Edge uplink is not found NO_VDR_ON_HOST - Cannot find VMC unmanaged VDR list on this host NOT_VDR_UPLINK - Packet is not forwarded to VDR uplink SERVICE_INSERT - Packet from guest VM to service VM or from service VM to guest VM is dropped by firewall rule SPOOFGUARD - Packet is blocked by SpoofGuard policy TTL_ZERO - The IPv4 time to live field or the IPv6 hop limit field of packet is zero TUNNEL - Overlay tunnel management packet (VNI value of GENEVE header is 0, e.g., BFD) is dropped VLAN - VLAN id of packet is disallowed by the given port VXLAN - VXLAN packet is malformed or cannot find tunnel port for it VXSTT - Unused drop reason VMC_NO_RESPONSE - Failed to query VMC observations as no response from VMC app WRONG_UPLINK - Packet is not routed to the expected Edge uplink by VMC unmanaged VDR FW_STATE - Packet is dropped by stateful firewall NO_MAC - Drop by vswitch as no destination MAC hit MAC Table. FILTERED_UPLINK - Filtering applied at the corresponding UPLINK having no aggregation. |
string | Readonly Enum: ARP_FAIL, BFD, BROADCAST, DHCP, DLB, FW_RULE, GENEVE, GRE, IFACE, IP, IP_REASS, IPSEC, IPSEC_VTI, L2VPN, L4PORT, LB, LROUTER, LSERVICE, LSWITCH, MANAGEMENT, MD_PROXY, NAT, RTEP_TUNNEL, ND_NS_FAIL, NEIGH, NO_EIP_FOUND, NO_EIP_ASSOCIATION, NO_ENI_FOR_IP, NO_ENI_FOR_LIF, NO_ROUTE, NO_ROUTE_TABLE_FOUND, NO_UNDERLAY_ROUTE_FOUND, NOT_VDR_DOWNLINK, NO_VDR_FOUND, NO_VDR_ON_HOST, NOT_VDR_UPLINK, SERVICE_INSERT, SPOOFGUARD, TTL_ZERO, TUNNEL, VLAN, VXLAN, VXSTT, VMC_NO_RESPONSE, WRONG_UPLINK, FW_STATE, NO_MAC, UNKNOWN, FILTERED_UPLINK |
| resource_type | Must be set to the value TraceflowObservationDropped | TraceflowObservationType | Required Default: "TraceflowObservationReceived" |
| sequence_no | the sequence number is the traceflow observation hop count the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation. |
integer | Required Readonly |
| site_path | Policy path of the federated site This field contains the site path where this observation was generated. |
string | Readonly |
| timestamp | Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (milliseconds epoch) |
EpochMsTimestamp | Readonly |
| timestamp_micro | Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (microseconds epoch) |
integer | Readonly |
| transport_node_id | id of the transport node that observed a traceflow packet | string | Readonly |
| transport_node_name | name of the transport node that observed a traceflow packet | string | Readonly |
| transport_node_type | type of the transport node that observed a traceflow packet | TransportNodeType | Readonly |
TraceflowObservationDroppedLogical (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| acl_rule_id | The id of the L3 firewall rule that was applied to drop the traceflow packet This field is specified when the traceflow packet matched a L3 firewall rule. |
integer | Readonly |
| arp_fail_reason | The detailed drop reason of ARP traceflow packet This field specifies the ARP fails reason ARP_TIMEOUT - ARP failure due to query control plane timeout ARP_CPFAIL - ARP failure due post ARP query message to control plane failure ARP_FROMCP - ARP failure due to deleting ARP entry from control plane ARP_PORTDESTROY - ARP failure due to port destruction ARP_TABLEDESTROY - ARP failure due to ARP table destruction ARP_NETDESTROY - ARP failure due to overlay network destruction |
string | Readonly Enum: ARP_UNKNOWN, ARP_TIMEOUT, ARP_CPFAIL, ARP_FROMCP, ARP_PORTDESTROY, ARP_TABLEDESTROY, ARP_NETDESTROY |
| component_id | The id of the component that dropped the traceflow packet. | string | Readonly |
| component_name | The name of the component that issued the observation. | string | Readonly |
| component_sub_type | The sub type of the component that issued the observation. | TraceflowComponentSubType | Readonly |
| component_type | The type of the component that issued the observation. | TraceflowComponentType | Readonly |
| ipsec_fail_reason | The detailed drop reason of IPSec VPN traceflow packet This field specifies the IPSec VPN fails reason IPSEC_SA_NOT_FOUND - IPSec SA required for processing the packet does not exist IPSEC_UDP_ENC_STATE_MISMATCH - ESP packet is UDP encapsulated but IPsec SA does not expect UDP encapsulation IPSEC_SEQ_ROLLOVER - IPSec SA sequence number has exceeded the maximum value IPSEC_FRAG_NEEDED - Received packet has DF bit set in IP header but requires fragmentation due to ESP encapsulation IPSEC_TUN_IFACE_DOWN - IPSec tunnel interface is down IPSEC_POLICY_NOMATCH - Received packet does not match IPSec policy IPSEC_POLICY_BLOCK - IPSec packet processing failed IPSEC_POLICY_ERROR - IPSec packet processing failed IPSEC_REPLAY_SEQ_NUM_REPEAT - IPSec packet is dropped due to replay IPSEC_REPLAY_RECV_DELAY - IPSec packet is dropped due to replay IPSEC_REPLAY_PROC_DELAY - IPSec packet is dropped due to replay IPSEC_ZERO_SEQ_NUM_RECVD - ESP packet is received with sequence number as zero IPSEC_ENQUEUE_FAIL - Packet processing failed during crypto operation IPSEC_AUTH_DGST_MISMATCH - Packet integrity check failed due to digest mismatch IPSEC_AUTH_DGST_SIZE_MISMATCH - Packet integrity check failed due to invalid digest length IPSEC_AUTH_UNSUPPORTED_ALGO - Packet integrity check failed due to unsupported hash algorithm IPSEC_CRYPTO_FAIL - Packet processing failed during crypto operation IPSEC_CRYPTO_PROC_INCOMPLETE - Packet processing failed during crypto operation IPSEC_CRYPTO_SESSION_INV - Packet processing failed during crypto operation IPSEC_CRYPTO_ARGS_INV - Packet processing failed during crypto operation IPSEC_CRYPTO_PROC_ERROR - Packet processing failed during crypto operation IPSEC_CRYPTO_NO_BUF_SPACE - Packet processing failed during crypto operation IPSEC_CRYPTO_UNSUPPORTED_CIPHER - Packet processing failed during crypto operation IPSEC_MALFORMED - Received ESP packet is malformed IPSEC_MALFORMED_INV_PADDING - Received ESP packet is malformed IPSEC_PADDING_REMOVAL_FAILED - Received ESP packet is malformed IPSEC_INNER_MALFORMED - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_IP - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_UDP - IP packet after ESP decryption is malformed IPSEC_INNER_MALFORMED_TCP - IP packet after ESP decryption is malformed IPSEC_UNKNOWN - IPSec VPN failure reason is unknown |
string | Readonly Enum: IPSEC_SA_NOT_FOUND, IPSEC_UDP_ENC_STATE_MISMATCH, IPSEC_SEQ_ROLLOVER, IPSEC_FRAG_NEEDED, IPSEC_TUN_IFACE_DOWN, IPSEC_POLICY_NOMATCH, IPSEC_POLICY_BLOCK, IPSEC_POLICY_ERROR, IPSEC_REPLAY_SEQ_NUM_REPEAT, IPSEC_REPLAY_RECV_DELAY, IPSEC_REPLAY_PROC_DELAY, IPSEC_ZERO_SEQ_NUM_RECVD, IPSEC_ENQUEUE_FAIL, IPSEC_AUTH_DGST_MISMATCH, IPSEC_AUTH_DGST_SIZE_MISMATCH, IPSEC_AUTH_UNSUPPORTED_ALGO, IPSEC_CRYPTO_FAIL, IPSEC_CRYPTO_PROC_INCOMPLETE, IPSEC_CRYPTO_SESSION_INV, IPSEC_CRYPTO_ARGS_INV, IPSEC_CRYPTO_PROC_ERROR, IPSEC_CRYPTO_NO_BUF_SPACE, IPSEC_CRYPTO_UNSUPPORTED_CIPHER, IPSEC_MALFORMED, IPSEC_MALFORMED_INV_PADDING, IPSEC_PADDING_REMOVAL_FAILED, IPSEC_INNER_MALFORMED, IPSEC_INNER_MALFORMED_IP, IPSEC_INNER_MALFORMED_UDP, IPSEC_INNER_MALFORMED_TCP, IPSEC_UNKNOWN |
| jumpto_rule_id | The ID of the jump-to rule that was applied to the traceflow packet This field is specified when the traceflow packet matched a jump-to rule. |
integer | Readonly |
| l2_rule_id | The ID of the l2 rule that was applied to the traceflow packet This field is specified when the traceflow packet matched a l2 rule. |
integer | Readonly |
| lport_id | The id of the logical port at which the traceflow packet was dropped | string | Readonly |
| lport_name | The name of the logical port at which the traceflow packet was dropped | string | Readonly |
| nat_rule_id | The ID of the NAT rule that was applied to drop the traceflow packet This field is specified when the traceflow packet matched a NAT rule. |
integer | Readonly |
| reason | The reason traceflow packet was dropped This field specifies the drop reason of traceflow packet. ARP_FAIL - ARP request fails for some reasons, please refer arp_fail_reason for detail BFD - BFD packet is dropped because traversed by non-operative interface or encountering internal error (e.g., memory insufficient) BROADCAST - Packet is dropped during traversing the interface (e.g., Edge uplink, Edge centralized service port) which disallow ethernet broadcast DHCP - DHCP packet is malformed DLB - The packet is disallowed by distributed load balancing FW_RULE - The packet matches a drop or reject rule of DFW or Edge firewall GENEVE - GENEVE packet is malformed GRE - GRE packet is malformed or traverses a non-operative interface IFACE - Packet traverses a non-operative interface IP - Packet is dropped because of IP related causes (e.g., ICMPv4/ICMPv6 packet is malformed, or DF flag is set but fragment must be performed for the packet) or corresponding interface is not found or inoperative IP_REASS - Packet is dropped during IP reassembly IPSEC - IPsec protocol related packet is dropped IPSEC_VTI - IPsec required SA is not found or traversing inoperative interface cause packet dropped L2VPN - VLAN id of GRE packet is invalid L4PORT - Layer 4 packet (e.g., BFD, DHCP) is dropped LB - Packet is dropped by load balancing rule LROUTER - Packet is dropped by logical router LSERVICE - Packet is malformed or traverses inoperative logical service interface LSWITCH - Packet is dropped by logical switch MANAGEMENT - Packet is dropped by Edge datapath MANAGEMENT service port MD_PROXY - Packet is dropped by metadata proxy NAT - Packet is dropped by NAT rule RTEP_TUNNEL - Unused drop reason ND_NS_FAIL - Neighbor Discovery packet fails NEIGH - ARP or Neighbor Discovery packet fails NO_EIP_FOUND - Destination IP is not an elastic IP NO_EIP_ASSOCIATION - Elastic IP is not associated with active edge VDR ENI NO_ENI_FOR_IP - There is no ENI found for the destination IP NO_ENI_FOR_LIF - Cannot find an ENI associated with uplink LIF NO_ROUTE - Cannot find route for destination IP NO_ROUTE_TABLE_FOUND - Cannot find associated route table NO_UNDERLAY_ROUTE_FOUND - Cannot find AWS route to destination NOT_VDR_DOWNLINK - Packet is not forwarded to VMC unmanaged VDR downlink NO_VDR_FOUND - VMC unmanaged VDR associated with Edge uplink is not found NO_VDR_ON_HOST - Cannot find VMC unmanaged VDR list on this host NOT_VDR_UPLINK - Packet is not forwarded to VDR uplink SERVICE_INSERT - Packet from guest VM to service VM or from service VM to guest VM is dropped by firewall rule SPOOFGUARD - Packet is blocked by SpoofGuard policy TTL_ZERO - The IPv4 time to live field or the IPv6 hop limit field of packet is zero TUNNEL - Overlay tunnel management packet (VNI value of GENEVE header is 0, e.g., BFD) is dropped VLAN - VLAN id of packet is disallowed by the given port VXLAN - VXLAN packet is malformed or cannot find tunnel port for it VXSTT - Unused drop reason VMC_NO_RESPONSE - Failed to query VMC observations as no response from VMC app WRONG_UPLINK - Packet is not routed to the expected Edge uplink by VMC unmanaged VDR FW_STATE - Packet is dropped by stateful firewall NO_MAC - Drop by vswitch as no destination MAC hit MAC Table. FILTERED_UPLINK - Filtering applied at the corresponding UPLINK having no aggregation. |
string | Readonly Enum: ARP_FAIL, BFD, BROADCAST, DHCP, DLB, FW_RULE, GENEVE, GRE, IFACE, IP, IP_REASS, IPSEC, IPSEC_VTI, L2VPN, L4PORT, LB, LROUTER, LSERVICE, LSWITCH, MANAGEMENT, MD_PROXY, NAT, RTEP_TUNNEL, ND_NS_FAIL, NEIGH, NO_EIP_FOUND, NO_EIP_ASSOCIATION, NO_ENI_FOR_IP, NO_ENI_FOR_LIF, NO_ROUTE, NO_ROUTE_TABLE_FOUND, NO_UNDERLAY_ROUTE_FOUND, NOT_VDR_DOWNLINK, NO_VDR_FOUND, NO_VDR_ON_HOST, NOT_VDR_UPLINK, SERVICE_INSERT, SPOOFGUARD, TTL_ZERO, TUNNEL, VLAN, VXLAN, VXSTT, VMC_NO_RESPONSE, WRONG_UPLINK, FW_STATE, NO_MAC, UNKNOWN, FILTERED_UPLINK |
| resource_type | Must be set to the value TraceflowObservationDroppedLogical | TraceflowObservationType | Required Default: "TraceflowObservationReceived" |
| sequence_no | the sequence number is the traceflow observation hop count the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation. |
integer | Required Readonly |
| service_path_index | The index of service path The index of service path that is a chain of services represents the point where the traceflow packet was dropped. |
integer | Readonly |
| site_path | Policy path of the federated site This field contains the site path where this observation was generated. |
string | Readonly |
| timestamp | Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (milliseconds epoch) |
EpochMsTimestamp | Readonly |
| timestamp_micro | Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (microseconds epoch) |
integer | Readonly |
| transport_node_id | id of the transport node that observed a traceflow packet | string | Readonly |
| transport_node_name | name of the transport node that observed a traceflow packet | string | Readonly |
| transport_node_type | type of the transport node that observed a traceflow packet | TransportNodeType | Readonly |
TraceflowObservationForwarded (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| component_name | The name of the component that issued the observation. | string | Readonly |
| component_sub_type | The sub type of the component that issued the observation. | TraceflowComponentSubType | Readonly |
| component_type | The type of the component that issued the observation. | TraceflowComponentType | Readonly |
| context | The 64bit tunnel context carried on the wire | integer | |
| dst_transport_node_id | The id of the transport node to which the traceflow packet is forwarded This field will not be always available. Use remote_ip_address when this field is not set. |
string | Readonly |
| dst_transport_node_name | The name of the transport node to which the traceflow packet is forwarded | string | Readonly |
| local_ip_address | IP address of the source end of the tunnel | IPAddress | |
| remote_ip_address | IP address of the destination end of the tunnel | IPAddress | |
| resource_type | Must be set to the value TraceflowObservationForwarded | TraceflowObservationType | Required Default: "TraceflowObservationReceived" |
| sequence_no | the sequence number is the traceflow observation hop count the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation. |
integer | Required Readonly |
| site_path | Policy path of the federated site This field contains the site path where this observation was generated. |
string | Readonly |
| timestamp | Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (milliseconds epoch) |
EpochMsTimestamp | Readonly |
| timestamp_micro | Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (microseconds epoch) |
integer | Readonly |
| transport_node_id | id of the transport node that observed a traceflow packet | string | Readonly |
| transport_node_name | name of the transport node that observed a traceflow packet | string | Readonly |
| transport_node_type | type of the transport node that observed a traceflow packet | TransportNodeType | Readonly |
| uplink_name | The name of the uplink the traceflow packet is forwarded on | string | |
| vtep_label | The virtual tunnel endpoint label | integer |
TraceflowObservationForwardedLogical (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| acl_rule_id | The id of the L3 firewall rule that was applied to forward the traceflow packet This field is specified when the traceflow packet matched a L3 firewall rule. |
integer | Readonly |
| component_id | The id of the component that forwarded the traceflow packet. | string | Readonly |
| component_name | The name of the component that issued the observation. | string | Readonly |
| component_sub_type | The sub type of the component that issued the observation. | TraceflowComponentSubType | Readonly |
| component_type | The type of the component that issued the observation. | TraceflowComponentType | Readonly |
| dst_component_id | The id of the destination component to which the traceflow packet was forwarded. | string | Readonly |
| dst_component_name | The name of the destination component to which the traceflow packet was forwarded. | string | Readonly |
| dst_component_type | The type of the destination component to which the traceflow packet was forwarded. | TraceflowComponentType | Readonly |
| ipsec_vpn | IPSec VPN on which the traceflow packet was forwarded This field is specified when the traceflow packet was forwarded through IPSec VPN. |
TraceflowObservationIpsecVpn | Readonly |
| jumpto_rule_id | The ID of the jump-to rule that was applied to the traceflow packet This field is specified when the traceflow packet matched a jump-to rule. |
integer | Readonly |
| l2_rule_id | The ID of the l2 rule that was applied to the traceflow packet This field is specified when the traceflow packet matched a l2 rule. |
integer | Readonly |
| lport_id | The id of the logical port through which the traceflow packet was forwarded. | string | Readonly |
| lport_name | The name of the logical port through which the traceflow packet was forwarded. | string | Readonly |
| nat_rule_id | The ID of the NAT rule that was applied to forward the traceflow packet This field is specified when the traceflow packet matched a NAT rule. |
integer | Readonly |
| next_hop | Next hop IP address of matched routing entry This field is specified when the traceflow packet was routed by logical router. |
IPAddress | Readonly |
| resend_type | The type of packet resending ARP_UNKNOWN_FROM_CP - Unknown ARP query result emitted by control plane ND_NS_UNKNOWN_FROM_CP - Unknown neighbor solicitation query result emitted by control plane UNKNOWN - Unknown resend type |
string | Readonly Enum: UNKNOWN, ARP_UNKNOWN_FROM_CP, ND_NS_UNKNWON_FROM_CP |
| resource_type | Must be set to the value TraceflowObservationForwardedLogical | TraceflowObservationType | Required Default: "TraceflowObservationReceived" |
| route_prefix | Prefix of matched routing entry This field is specified when the traceflow packet was routed by logical router. |
IPCIDRBlock | Readonly |
| sequence_no | the sequence number is the traceflow observation hop count the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation. |
integer | Required Readonly |
| service_index | The index of the service insertion component | integer | Readonly |
| service_path_index | The path index of the service insertion component | integer | Readonly |
| service_ttl | The ttl of the service insertion component | integer | Readonly |
| site_path | Policy path of the federated site This field contains the site path where this observation was generated. |
string | Readonly |
| spoofguard_ip | Prefix IP address matched in the whitelist in spoofguard This field specified the prefix IP address a traceflow packet matched in the whitelist in spoofguard. |
IPCIDRBlock | Readonly |
| spoofguard_mac | MAC address matched in the whitelist in spoofguard The source MAC address of form: "^([0-9A-Fa-f]{2}[:-]){5}([0-9A-Fa-f]{2})$". For example: 00:00:00:00:00:00. |
MACAddress | Readonly |
| spoofguard_vlan_id | VLAN id matched in the whitelist in spoofguard This field specified the VLAN id a traceflow packet matched in the whitelist in spoofguard. |
VlanID | Readonly |
| svc_nh_mac | MAC address of nexthop MAC address of nexthop for service insertion(SI) in service VM(SVM) where the traceflow packet was received. |
string | Readonly |
| timestamp | Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (milliseconds epoch) |
EpochMsTimestamp | Readonly |
| timestamp_micro | Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (microseconds epoch) |
integer | Readonly |
| translated_dst_ip | The translated destination IP address of VNP/NAT | IPAddress | Readonly |
| translated_src_ip | The translated source IP address of VPN/NAT | IPAddress | Readonly |
| transport_node_id | id of the transport node that observed a traceflow packet | string | Readonly |
| transport_node_name | name of the transport node that observed a traceflow packet | string | Readonly |
| transport_node_type | type of the transport node that observed a traceflow packet | TransportNodeType | Readonly |
| vlan | VLAN for the logical network on which the traceflow packet was forwarded This field is specified when the traceflow packet was forwarded by a VLAN logical network. |
VlanID | Readonly |
| vni | VNI for the logical network on which the traceflow packet was forwarded. This field is specified when the traceflow packet was forwarded by an overlay logical network. |
int | Readonly |
TraceflowObservationIpsecVpn (schema)
IPSec VPN traceflow observation
IPSec VPN traceflow observation.
| Name | Description | Type | Notes |
|---|---|---|---|
| inner_dst_ip | Inner destination IP Inner destination IP Address. |
IPAddress | Readonly |
| inner_src_ip | Inner source IP Inner source IP Address. |
IPAddress | Readonly |
| local_ip | Local VPN endpoint IP Local VPN endpoint IP Address. |
IPAddress | Readonly |
| policy_id | IPSec tunnel interface UUID in case of Policy-based IPSec VPN IPSec tunnel interface universally unique identifier in case of Policy-based IPSec VPN. |
string | Readonly |
| remote_ip | Peer VPN endpoint IP Peer VPN endpoint IP Address. |
IPAddress | Readonly |
| session_id | VPN session UUID IPSec VPN session universally unique identifier. |
string | Readonly |
| spi | Security Parameter Index Security Parameter Index is used to uniquely identify a particular IPSec Security Association. |
integer | Readonly Minimum: 1 Maximum: 4294967295 |
| vti_id | Virtual tunnel interface UUID in case of Route-based IPSec VPN Virtual tunnel interface universally unique identifier in case of Route-based IPSec VPN. |
string | Readonly |
TraceflowObservationListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | TraceflowObservation list results | array of TraceflowObservation (Abstract type: pass one of the following concrete types) PolicyTraceflowObservationDelivered PolicyTraceflowObservationDropped PolicyTraceflowObservationDroppedLogical PolicyTraceflowObservationForwardedLogical PolicyTraceflowObservationReceivedLogical PolicyTraceflowObservationRelayedLogical TraceflowObservationDelivered TraceflowObservationDropped TraceflowObservationDroppedLogical TraceflowObservationForwarded TraceflowObservationForwardedLogical TraceflowObservationProtected TraceflowObservationReceived TraceflowObservationReceivedLogical TraceflowObservationRelayedLogical TraceflowObservationReplicationLogical |
|
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
TraceflowObservationProtected (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| component_name | The name of the component that issued the observation. | string | Readonly |
| component_sub_type | The sub type of the component that issued the observation. | TraceflowComponentSubType | Readonly |
| component_type | The type of the component that issued the observation. | TraceflowComponentType | Readonly |
| original_type | Type of observation before converted to protected. Holding the type of observation before converted to protected type. |
TraceflowObservationType | Required |
| resource_type | Must be set to the value TraceflowObservationProtected | TraceflowObservationType | Required Default: "TraceflowObservationReceived" |
| sequence_no | the sequence number is the traceflow observation hop count the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation. |
integer | Required Readonly |
| site_path | Policy path of the federated site This field contains the site path where this observation was generated. |
string | Readonly |
| timestamp | Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (milliseconds epoch) |
EpochMsTimestamp | Readonly |
| timestamp_micro | Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (microseconds epoch) |
integer | Readonly |
| transport_node_id | id of the transport node that observed a traceflow packet | string | Readonly |
| transport_node_name | name of the transport node that observed a traceflow packet | string | Readonly |
| transport_node_type | type of the transport node that observed a traceflow packet | TransportNodeType | Readonly |
TraceflowObservationReceived (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| component_name | The name of the component that issued the observation. | string | Readonly |
| component_sub_type | The sub type of the component that issued the observation. | TraceflowComponentSubType | Readonly |
| component_type | The type of the component that issued the observation. | TraceflowComponentType | Readonly |
| local_ip_address | IP address of the destination end of the tunnel | IPAddress | |
| remote_ip_address | IP address of the source end of the tunnel | IPAddress | |
| resource_type | Must be set to the value TraceflowObservationReceived | TraceflowObservationType | Required Default: "TraceflowObservationReceived" |
| sequence_no | the sequence number is the traceflow observation hop count the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation. |
integer | Required Readonly |
| site_path | Policy path of the federated site This field contains the site path where this observation was generated. |
string | Readonly |
| timestamp | Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (milliseconds epoch) |
EpochMsTimestamp | Readonly |
| timestamp_micro | Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (microseconds epoch) |
integer | Readonly |
| transport_node_id | id of the transport node that observed a traceflow packet | string | Readonly |
| transport_node_name | name of the transport node that observed a traceflow packet | string | Readonly |
| transport_node_type | type of the transport node that observed a traceflow packet | TransportNodeType | Readonly |
| uplink_name | The name of the uplink the traceflow packet is received on | string | |
| vtep_label | The virtual tunnel endpoint label | integer |
TraceflowObservationReceivedLogical (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| component_id | The id of the component that received the traceflow packet. | string | Readonly |
| component_name | The name of the component that issued the observation. | string | Readonly |
| component_sub_type | The sub type of the component that issued the observation. | TraceflowComponentSubType | Readonly |
| component_type | The type of the component that issued the observation. | TraceflowComponentType | Readonly |
| ipsec_vpn | IPSec VPN on which the traceflow packet was received. This field is specified when the traceflow packet was received on IPSec VPN. |
TraceflowObservationIpsecVpn | Readonly |
| lport_id | The id of the logical port at which the traceflow packet was received | string | Readonly |
| lport_name | The name of the logical port at which the traceflow packet was received | string | Readonly |
| resource_type | Must be set to the value TraceflowObservationReceivedLogical | TraceflowObservationType | Required Default: "TraceflowObservationReceived" |
| sequence_no | the sequence number is the traceflow observation hop count the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation. |
integer | Required Readonly |
| site_path | Policy path of the federated site This field contains the site path where this observation was generated. |
string | Readonly |
| src_component_id | The id of the source component from which the traceflow packet was received. | string | Readonly |
| src_component_name | The name of source component from which the traceflow packet was received. | string | Readonly |
| src_component_type | The type of the source component from which the traceflow packet was received. | TraceflowComponentType | Readonly |
| svc_mac | MAC address of SAN volume controller MAC address of SAN volume controller for service insertion(SI) in service VM(SVM) where the traceflow packet was received. |
string | Readonly |
| timestamp | Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (milliseconds epoch) |
EpochMsTimestamp | Readonly |
| timestamp_micro | Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (microseconds epoch) |
integer | Readonly |
| transport_node_id | id of the transport node that observed a traceflow packet | string | Readonly |
| transport_node_name | name of the transport node that observed a traceflow packet | string | Readonly |
| transport_node_type | type of the transport node that observed a traceflow packet | TransportNodeType | Readonly |
| vlan | VLAN for the logical network on which the traceflow packet was received. This field is specified when the traceflow packet was received by a VLAN logical network. |
VlanID | Readonly |
| vni | VNI for the logical network on which the traceflow packet was received. This field is specified when the traceflow packet was received by an overlay logical network. |
int | Readonly |
TraceflowObservationRelayedLogical (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| component_name | The name of the component that issued the observation. | string | Readonly |
| component_sub_type | The sub type of the component that issued the observation. | TraceflowComponentSubType | Readonly |
| component_type | The type of the component that issued the observation. | TraceflowComponentType | Readonly |
| dst_server_address | The IP address of the destination This field specified the IP address of the destination which the packet will be relayed. |
IPAddress | Required Readonly |
| logical_comp_uuid | The id of the component which relay service located This field specified the logical component that relay service located. |
string | Readonly |
| message_type | The type of the relay service This field specified the message type of the relay service REQUEST - The relay service will relay a request message to the destination server REPLY - The relay service will relay a reply message to the client |
string | Required Readonly Enum: REQUEST, REPLY Default: "REQUEST" |
| relay_server_address | The IP address of relay service This field specified the IP address of the relay service. |
IPAddress | Required Readonly |
| resource_type | Must be set to the value TraceflowObservationRelayedLogical | TraceflowObservationType | Required Default: "TraceflowObservationReceived" |
| sequence_no | the sequence number is the traceflow observation hop count the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation. |
integer | Required Readonly |
| site_path | Policy path of the federated site This field contains the site path where this observation was generated. |
string | Readonly |
| timestamp | Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (milliseconds epoch) |
EpochMsTimestamp | Readonly |
| timestamp_micro | Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (microseconds epoch) |
integer | Readonly |
| transport_node_id | id of the transport node that observed a traceflow packet | string | Readonly |
| transport_node_name | name of the transport node that observed a traceflow packet | string | Readonly |
| transport_node_type | type of the transport node that observed a traceflow packet | TransportNodeType | Readonly |
TraceflowObservationReplicationLogical (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| component_name | The name of the component that issued the observation. | string | Readonly |
| component_sub_type | The sub type of the component that issued the observation. | TraceflowComponentSubType | Readonly |
| component_type | The type of the component that issued the observation. | TraceflowComponentType | Readonly |
| local_ip_address | Local IP address of the component that replicates the packet. | IPAddress | Readonly |
| replication_type | The replication type of the message This field specifies the type of replication message TX_VTEP - Transmit replication to all VTEPs TX_MTEP - Transmit replication to all MTEPs RX - Receive replication |
string | Readonly Enum: TX_VTEP, TX_MTEP, RX |
| resource_type | Must be set to the value TraceflowObservationReplicationLogical | TraceflowObservationType | Required Default: "TraceflowObservationReceived" |
| sequence_no | the sequence number is the traceflow observation hop count the hop count for observations on the transport node that a traceflow packet is injected in will be 0. The hop count is incremented each time a subsequent transport node receives the traceflow packet. The sequence number of 999 indicates that the hop count could not be determined for the containing observation. |
integer | Required Readonly |
| site_path | Policy path of the federated site This field contains the site path where this observation was generated. |
string | Readonly |
| timestamp | Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (milliseconds epoch) |
EpochMsTimestamp | Readonly |
| timestamp_micro | Timestamp when the observation was created by the transport node Timestamp when the observation was created by the transport node (microseconds epoch) |
integer | Readonly |
| transport_node_id | id of the transport node that observed a traceflow packet | string | Readonly |
| transport_node_name | name of the transport node that observed a traceflow packet | string | Readonly |
| transport_node_type | type of the transport node that observed a traceflow packet | TransportNodeType | Readonly |
| uplink_name | The name of uplink | string | Readonly |
| vtep_label | The label of VTEP | integer | Readonly |
TraceflowObservationType (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| TraceflowObservationType | string | Enum: TraceflowObservationForwarded, TraceflowObservationDropped, TraceflowObservationDelivered, TraceflowObservationReceived, TraceflowObservationForwardedLogical, TraceflowObservationDroppedLogical, TraceflowObservationReceivedLogical, TraceflowObservationReplicationLogical, TraceflowObservationRelayedLogical, TraceflowObservationProtected |
TraceflowRequestParameter (schema)
Traceflow request parameter, used in hierarchical API.
| Name | Description | Type | Notes |
|---|---|---|---|
| enforcement_point_path | Enforcement point path Policy path of enforcement point on which traceflow session was created. |
string | Required |
| resource_type | Must be set to the value TraceflowRequestParameter | string | Required |
TraceflowStatusRequest (schema)
Traceflow request status
| Name | Description | Type | Notes |
|---|---|---|---|
| enforcement_point_path | Enforcement point path Policy path of enforcement point on which traceflow session was created. |
string |
TrafficRateLimits (schema)
Rate limiting configuration
Enables traffic limit for incoming/outgoing broadcast and multicast packets. Use 0 to disable rate limiting for a specific traffic type
| Name | Description | Type | Notes |
|---|---|---|---|
| rx_broadcast | Broadcast receive limit Incoming broadcast traffic limit in packets per second |
int | Minimum: 0 Default: "0" |
| rx_multicast | Multicast receive limit Incoming multicast traffic limit in packets per second |
int | Minimum: 0 Default: "0" |
| tx_broadcast | Broadcast transmit limit Outgoing broadcast traffic limit in packets per second |
int | Minimum: 0 Default: "0" |
| tx_multicast | Multicast transmit limit Outgoing multicast traffic limit in packets per second |
int | Minimum: 0 Default: "0" |
TransportInfo (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| dst_port | Destination port | integer | Minimum: 0 Maximum: 65535 |
| protocol | Protocol type over IP layer | string | Enum: TCP, UDP, ICMPv4, ICMPv6, ESP |
| spi | Security Parameter Index Security Parameter Index is to uniquely identify a particular IPSec Security Association |
integer | Minimum: 1 Maximum: 4294967295 |
| src_port | Source port | integer | Minimum: 0 Maximum: 65535 |
TransportNodeIdParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| source | The data source, either realtime or cached. If not provided, cached data is returned. | DataSourceType | |
| transport_node_id | TransportNode Id | string |
TransportNodeSpanEnforcedStatus (schema)
Enforced Realized Status across Transport Nodes
Detailed Realized Status of an Intent on a span of Transport Nodes.
| Name | Description | Type | Notes |
|---|---|---|---|
| enforced_status_per_transport_node | List of Enforced Realized Status per Transport Node List of Detailed Realized Status per Transport Node. |
array of EnforcedStatusPerTransportNode | Readonly |
| resource_type | Must be set to the value TransportNodeSpanEnforcedStatus | string | Required Readonly Enum: TransportNodeSpanEnforcedStatus |
TransportNodeType (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| TransportNodeType | string | Enum: ESX, RHELKVM, UBUNTUKVM, CENTOSKVM, RHELCONTAINER, CENTOSCONTAINER, RHELSERVER, UBUNTUSERVER, CENTOSSERVER, SLESKVM, SLESSERVER, WINDOWSSERVER, RHELSMARTNIC, OELSERVER, UBUNTUSMARTNIC, EDGE, PUBLIC_CLOUD_GATEWAY_NODE, OTHERS, HYPERV |
TransportProtocolHeader (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| dhcp_header | DHCP header | DhcpHeader | |
| dhcpv6_header | DHCP v6 header | Dhcpv6Header | |
| dns_header | DNS header | DnsHeader | |
| icmp_echo_request_header | ICMP echo request header | IcmpEchoRequestHeader | |
| ndp_header | Neighbor discovery protocol header | NdpHeader | |
| tcp_header | TCP header | TcpHeader | |
| udp_header | UDP header | UdpHeader |
TriggerUcUpgradeParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| product_version | Target upgrade coordinator version. Target upgrade coordinator version. |
string | Pattern: "^[a-zA-Z0-9-.]+$" |
TrustManagementData (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| supported_algorithms | List of supported algorithms. | array of CryptoAlgorithm | Readonly |
TrustObjectData (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| key_algo | Key algorithm contained in this certificate. | string | |
| passphrase | Password for private key encryption. | secure_string | |
| pem_encoded | PEM encoded certificate data. | string | Required |
| private_key | Private key data. | secure_string | |
| purpose | Purpose of this certificate. Can be empty or set to "signing-ca". | string | Enum: signing-ca |
| resource_type | Must be set to the value TrustObjectData | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
TunnelInterfaceIPSubnet (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_addresses | IPv4 or IPv6 Addresses | array of IPAddress | Required Minimum items: 1 Maximum items: 1 |
| prefix_length | Subnet Prefix Length maximum prefixlen for IPv4 address - 31, IPv6 address - 127. | integer | Required Minimum: 1 Maximum: 127 |
TunnelSubnet (schema) (Deprecated)
| Name | Description | Type | Notes |
|---|---|---|---|
| ip_addresses | Subnet ip addresses | array of IPv4Address | Required Minimum items: 1 Maximum items: 1 |
| prefix_length | Subnet Prefix Length | integer | Required Minimum: 1 Maximum: 31 |
UcFunctionalState (schema)
Uc Functional State
Upgrade coordinator Uc functional State.
| Name | Description | Type | Notes |
|---|---|---|---|
| error_message | error message error message that explains why UC is on standby mode. |
string | Readonly |
| state | State of UC UI function state of the upgrade coordinator |
string | Required Readonly Enum: RUNNING, STANDBY |
UcStateProperties (schema)
Upgrade Coordinator state properties
| Name | Description | Type | Notes |
|---|---|---|---|
| update_uc_state_properties | Flag for updating upgrade-coodinator state properties to database | boolean | Default: "True" |
UcUpgradeStatus (schema)
UC Upgrade status
Upgrade status of upgrade-coordinator
| Name | Description | Type | Notes |
|---|---|---|---|
| errors | List of failure messages List of failure messages. |
array of string | Readonly |
| progress_messages | Progress messages List of progress messages. |
array of string | Readonly |
| progress_percentage | Upgrade Coordinator Upgrade Progress Percentage | int | Readonly |
| state | State of UC upgrade Current state of UC upgrade |
string | Readonly Enum: NOT_STARTED, IN_PROGRESS, SUCCESS, FAILED |
| status | Status of UC upgrade Status of UC upgrade. |
string | Readonly |
UdpHeader (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| dst_port | Destination port of udp header | integer | Minimum: 0 Maximum: 65535 Default: "0" |
| src_port | Source port of udp header | integer | Minimum: 0 Maximum: 65535 Default: "0" |
UnaryOperation (schema)
Unary Operation
Unary Operation.
| Name | Description | Type | Notes |
|---|---|---|---|
| operand | Operand Represents an argument of the operation pointing to a specific field value. |
ResourceFieldPointer | Required |
| operator | Operator Logical Operator describing the operation to apply to the operand. |
string | Required Enum: APPEND, SUBTRACT |
UnaryOperationBasedInjectionValue (schema)
Operation based Injection Value
Operation based Injection Value.
| Name | Description | Type | Notes |
|---|---|---|---|
| initial_value | Intitial value Resource field pointer representing the initial value for the injection value. If an operation is supplied, the value is handed to the operation function to produce a final result. |
ResourceFieldPointer | Required |
| operation | Operation Function Represents an optional operation to be done on the initial value. |
UnaryOperation | |
| resource_type | Must be set to the value UnaryOperationBasedInjectionValue | string | Required Enum: UnaryOperationBasedInjectionValue |
UnboundedKeyValuePair (schema)
A key-value pair with no limitations on size
| Name | Description | Type | Notes |
|---|---|---|---|
| key | Key | string | Required |
| value | Value | string | Required |
UnsupportedFeature (schema)
Unsupported features
List of unsupported features for configuration onboarding on global manager.
| Name | Description | Type | Notes |
|---|---|---|---|
| UnsupportedFeature | Unsupported features List of unsupported features for configuration onboarding on global manager. |
string | Enum: LB |
UpdateOidcEndPointThumbprintRequest (schema)
Request to update the thumbprint of an OpenId Connect end-point
Request to update the thumbprint of an OpenID Connect end-point with a new thumbprint.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| oidc_uri | OpenID Connect end-point URI URI where to download the meta-data of the OIDC end-point. |
string | Required Maximum length: 255 |
| resource_type | Must be set to the value UpdateOidcEndPointThumbprintRequest | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| thumbprint | Thumbprint Thumbprint of the OIDC URI to make an SSL connection. |
string |
UpdatePrincipalIdentityCertificateRequest (schema)
Request to update the certificate of a principal identity
Request to update the certificate of a principal identity with a new
certificate.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| certificate_id | Id of the stored certificate Id of the stored certificate. |
string | Required Pattern: "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| principal_identity_id | Principal Identity ID Unique ID of the principal. |
string | Required Maximum length: 255 Pattern: "^[a-zA-Z0-9]+([-._]?[a-zA-Z0-9]+)*$" |
| resource_type | Must be set to the value UpdatePrincipalIdentityCertificateRequest | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
UpgradeBundle (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| file | Upgrade bundle file | multipart_file | Required |
| install | Hint to install bundle after upload | boolean |
UpgradeBundleFetchRequest (schema)
Fetch request for fetching upgrade bundle
URL and other fetch requests of upgrade bundle
| Name | Description | Type | Notes |
|---|---|---|---|
| bundle_type | Bundle type i.e. pre-upgrade bundle or main upgrade bundle. Bundle type i.e. pre-upgrade bundle or main upgrade bundle. |
string | Enum: PRE-UPGRADE, UPGRADE |
| password | Password for VMware Download Site. Password for Username provided in this request for VMware Download site. |
string | |
| url | URL of upgrade bundle URL for uploading upgrade bundle |
string | |
| username | Username for VMware Download Site. Username representing user on VMware Download site. |
string | |
| version | version to be downloaded Version available on the VMware Download site, targeted for upgrade. |
string |
UpgradeBundleId (schema)
Bundle id of upgrade bundle
Identifier of the upgrade bundle
| Name | Description | Type | Notes |
|---|---|---|---|
| bundle_id | Bundle Id of upgrade bundle uploaded Identifier of bundle upload |
string | Readonly |
UpgradeBundleInfo (schema)
Information about upgrade bundle
Information about the upgrade bundle
| Name | Description | Type | Notes |
|---|---|---|---|
| bundle_size | size of upgrade bundle | string | Readonly |
| url | URL of the upgrade bundle URL for uploading upgrade bundle |
string | Readonly |
UpgradeBundleUploadParameters (schema)
Parameters for uploading upgrade bundle
Upload request Parameters of upgrade bundle
| Name | Description | Type | Notes |
|---|---|---|---|
| install | Hint to install the bundle after upload. URL for uploading upgrade bundle |
boolean |
UpgradeBundleUploadStatus (schema)
Upload status of upgrade bundle
Upload status of upgrade bundle uploaded from url
| Name | Description | Type | Notes |
|---|---|---|---|
| detailed_status | Detailed status of bundle upload Detailed status of upgrade bundle upload |
string | Readonly |
| percent | Percent of upload completed Percent of bundle uploaded from URL |
number | Readonly |
| status | Status of upgrade bundle upload Current status of upgrade bundle upload |
string | Readonly Enum: UPLOADING, VERIFYING, SUCCESS, FAILED |
| upgradeBundleType | Type of upgrade bundle Type of upgrade bundle uploaded. \n MUB type represents upgrade bundle,\n PUB type represents pre-check bundle, \n UNKNOWN type represents the default type, \n COMPATIBILITY_MATRIX type represents the compatibility bundle. |
string | Readonly Enum: MUB, PUB, COMPATIBILITY_MATRIX, UNKNOWN |
| url | URL from which the bundle was uploaded URL for uploading upgrade bundle |
string | Readonly |
UpgradeCheck (schema)
Pre/post-upgrade check
Check to identify potential pre/post-upgrade issues
| Name | Description | Type | Notes |
|---|---|---|---|
| component_type | Component type | string | Required |
| display_name | Name of the pre/post-upgrade check | string | |
| failure_messages | List of failure messages List of failure messages. This field is deprecated now. Please use failures instead. |
array of string | Deprecated Readonly |
| failures | List of failures | array of UpgradeCheckFailureMessage | Readonly |
| status | Status of pre/post-upgrade check | string | Required Readonly Enum: SUCCESS, FAILURE, WARNING |
UpgradeCheckCsvListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| file_name | File name File name set by HTTP server if API returns CSV result as a file. |
string | |
| results | array of UpgradeCheckCsvRecord |
UpgradeCheckCsvRecord (schema)
CSV record for an upgrade-check
CSV record for a pre/post-upgrade check
| Name | Description | Type | Notes |
|---|---|---|---|
| check_description | Description of the upgrade check Description of the pre/post-upgrade check |
string | |
| check_name | Name of the upgrade check Display name of the pre/post-upgrade check |
string | Required |
| failure_messages | Failure messages Space-separated list of failure messages |
string | Readonly |
| status | Status of the upgrade check Status of the pre/post-upgrade check |
string | Required Readonly Enum: SUCCESS, FAILURE, WARNING |
| upgrade_unit_id | UUID of the upgrade unit Identifier of the upgrade unit |
string | Required Readonly |
| upgrade_unit_metadata | Meta-data of the upgrade-unit Meta-data of the upgrade-unit |
string | Readonly |
| upgrade_unit_type | Component type Component type of the upgrade unit |
string | Required |
UpgradeCheckFailure (schema)
Upgrade check failure
Pre/post-upgrade check failure
| Name | Description | Type | Notes |
|---|---|---|---|
| acked | Flag which tells if the precheck is acknowledged Flag which tells if the precheck is acknowledged |
boolean | Readonly |
| component_type | Component type Component type of the origin of failure |
string | Required Readonly |
| group_name | Name of upgrade group Name of the upgrade group of the origin of failure. Only applicable when origin_type is UPGRADE_UNIT. |
string | |
| id | precheck id of the check Precheckid of the pre upgrade check |
string | Readonly |
| message | Upgrade check failure message Pre/post-upgrade check failure message |
UpgradeCheckFailureMessage | Required Readonly |
| needs_ack | Flag which identifies if acknowledgement is required for the precheck Flag which identifies if acknowledgement is required for the precheck |
boolean | Readonly |
| needs_resolve | Flag which identifies if resolution is required for the precheck Flag which identifies if resolution is required for the precheck |
boolean | Readonly |
| origin_id | Unique id of origin of failure Unique id of origin of pre/post-upgrade check failure |
string | Required Readonly |
| origin_name | Name of origin of failure Name of origin of pre/post-upgrade check failure |
string | Required Readonly |
| origin_type | Type of origin of failure Type of origin of pre/post-upgrade check failure |
string | Required Readonly Enum: COMPONENT, UPGRADE_UNIT |
| resolution_error | Error occured while resolving Error occured while resolving precheck |
string | Readonly |
| resolution_status | Type of Resolution status Type of resolution status of precheck |
string | Readonly Enum: UNRESOLVED, RESOLVING, RESOLVED, FAILURE |
| type | Type of failure Type of the pre/post-upgrade check failure |
string | Required Readonly Enum: FAILURE, WARNING |
UpgradeCheckFailureListRequestParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| component_type | Component type Component type on which upgrade check failures are to be filtered |
string | |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| filter_text | Filter text Text to filter the results on. The filter text is matched with origin name and failure message. String matching for the filter is case-insensitive. |
string | |
| group_id | Filter on the group id Group id for filter to be applied. |
string | |
| group_name | Filter on the group name Group name for filter to be applied. |
string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| needs_ack | Filter based on acknowledgement required Filter based on if acknowledgement is required. |
boolean | |
| origin_type | Type of origin of failure Type of origin of pre/post-upgrade check failure |
string | Enum: COMPONENT, UPGRADE_UNIT |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string | |
| type | Status of the upgrade check Status of the pre/post-upgrade check to filter the results on |
string | Enum: FAILURE, WARNING |
| unit_id | Filter on the unit id Unit id for filter to be applied. |
string | |
| unit_name | Filter on the unit name Unit name for filter to be applied. |
string |
UpgradeCheckFailureListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Collection of pre/post-upgrade check failures | array of UpgradeCheckFailure | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
UpgradeCheckFailureMessage (schema)
Upgrade check failure message
Pre/post-upgrade check failure message
| Name | Description | Type | Notes |
|---|---|---|---|
| error_code | Error code Error code for the error/warning |
integer | Required Readonly |
| message | Error/warning message Error/warning message |
string | Required Readonly |
UpgradeCheckInfo (schema)
Meta-data of a pre/post-upgrade check
Meta-data of a pre/post-upgrade check
| Name | Description | Type | Notes |
|---|---|---|---|
| component_type | Component type Component type of the pre/post-upgrade check |
string | Required |
| description | Description Description of the pre/post-upgrade check |
string | Readonly |
| id | Unique identifier of the upgrade check Unique identifier of the pre/post-upgrade check |
string | Readonly |
| name | Name of the upgrade check Display name of the pre/post-upgrade check |
string | Required Readonly |
UpgradeCheckInfoListRequestParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| component_type | Component type based on which upgrade checks are to be filtered | string | |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
UpgradeCheckListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| checks | Paged Collection of pre/post-upgrade checks | array of UpgradeCheck | Required |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
UpgradeCheckListResults (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| checks_with_warnings | UpgradeCheckListResult | Readonly | |
| failed_checks | UpgradeCheckListResult | Readonly | |
| successful_checks | UpgradeCheckListResult | Readonly |
UpgradeCheckSuccess (schema)
Upgrade check success
Pre/post-upgrade check success
| Name | Description | Type | Notes |
|---|---|---|---|
| acked | Flag which tells if the precheck is acknowledged Flag which tells if the precheck is acknowledged |
boolean | Readonly |
| component_type | Component type Component type of the origin of success |
string | Required Readonly |
| group_name | Name of upgrade group Name of the upgrade group of the origin of success. Only applicable when origin_type is UPGRADE_UNIT. |
string | |
| id | Precheck id of the check Precheck id of the upgrade check |
string | Readonly |
| message | Upgrade check failure message Pre/post-upgrade check failure message |
UpgradeCheckSuccessMessage | Required Readonly |
| needs_ack | Flag which identifies if acknowledgement is required for the precheck Flag which identifies if acknowledgement is required for the precheck |
boolean | Readonly |
| needs_resolve | Flag which identifies if resolution is required for the precheck Flag which identifies if resolution is required for the precheck |
boolean | Readonly |
| origin_id | Unique id of origin of sucess Unique id of origin of pre/post-upgrade check success |
string | Required Readonly |
| origin_name | Name of origin of success Name of origin of pre/post-upgrade check success |
string | Required Readonly |
| origin_type | Type of origin of success Type of origin of pre/post-upgrade check success |
string | Required Readonly Enum: COMPONENT, UPGRADE_UNIT |
| resolution_error | Error occured while resolving Error occured while resolving precheck |
string | Readonly |
| resolution_status | Type of Resolution status Type of resolution status of precheck |
string | Readonly Enum: UNRESOLVED, RESOLVING, RESOLVED, FAILURE |
| type | Type of success Type of the pre/post-upgrade check success |
string | Required Readonly Enum: SUCCESS |
UpgradeCheckSuccessListRequestParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| component_type | Component type Component type on which upgrade check successes are to be filtered |
string | |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| filter_text | Filter text Text to filter the results on. The filter text is matched with origin name and success message. String matching for the filter is case-insensitive. |
string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| origin_type | Type of origin of success Type of origin of pre/post-upgrade check success |
string | Enum: COMPONENT, UPGRADE_UNIT |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string | |
| type | Status of the upgrade check Status of the pre/post-upgrade check to filter the results on |
string | Enum: SUCCESS |
UpgradeCheckSuccessListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Collection of pre/post-upgrade check success | array of UpgradeCheckSuccess | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
UpgradeCheckSuccessMessage (schema)
Upgrade check success message
Pre/post-upgrade check success message
| Name | Description | Type | Notes |
|---|---|---|---|
| message | success message success message |
string | Required Readonly |
UpgradeChecksExecutionStatus (schema)
Execution status of pre/post-upgrade checks
Execution status of pre/post-upgrade checks
| Name | Description | Type | Notes |
|---|---|---|---|
| details | Details about current execution of pre/post-upgrade checks | string | Readonly |
| end_time | Time (in milliseconds since epoch) when the execution of pre/post-upgrade checks completed | EpochMsTimestamp | |
| error_count | Failure count Total count of generated Failures in last execution of pre/post upgrade checks |
int | Readonly |
| failure_count | Failure count Total count of generated failures or warnings in last execution of pre/post-upgrade checks |
int | Readonly |
| node_with_issues_count | Number of nodes with failures/warnings Number of nodes which generated failures or warnings in last execution of pre/post-upgrade checks. This field has been deprecated. Please use failure_count instead. |
int | Deprecated Readonly |
| start_time | Time (in milliseconds since epoch) when the execution of pre/post-upgrade checks started | EpochMsTimestamp | |
| status | Status of execution of pre/post-upgrade checks | string | Required Readonly Enum: NOT_STARTED, IN_PROGRESS, ABORTING, ABORTED, COMPLETED |
| warning_count | Warning count Total count of generated warnings in last execution of pre/post upgrade checks. |
int | Readonly |
UpgradeComponentType (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| component_type | Type of the component | string | Readonly |
UpgradeHistory (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| initial_version | Initial Version Version before the upgrade started |
string | Required |
| target_version | Target Version Version being upgraded to |
string | Required |
| timestamp | Timestamp (in milliseconds since epoch) when the upgrade was performed | EpochMsTimestamp | Required |
| upgrade_status | Status of the upgrade | string | Required Enum: STARTED, SUCCESS, FAILED |
UpgradeHistoryList (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Upgrade history list | array of UpgradeHistory | Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
UpgradePlanResetRequest (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| component_type | Component type | string | Required |
UpgradePlanSettings (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| parallel | Upgrade Method to specify whether the upgrade is to be performed serially or in parallel | boolean | Default: "True" |
| pause_after_each_group | Flag to indicate whether to pause the upgrade after upgrade of each group is completed | boolean | Default: "False" |
| pause_on_error | Flag to indicate whether to pause the upgrade plan execution when an error occurs | boolean | Default: "False" |
UpgradeProgressStatus (schema)
Upgrade progress status
| Name | Description | Type | Notes |
|---|---|---|---|
| last_upgrade_step_status | Status of last upgrade step | object | |
| upgrade_bundle_present | True if upgrade bundle is present | boolean | |
| upgrade_metadata | Meta info of upgrade | object |
UpgradeStatus (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| ccp_status | CCP upgrade status | CCPUpgradeStatus | Readonly |
| component_status | List of component statuses | array of ComponentUpgradeStatus | Required Readonly |
| edge_status | Edge upgrade status | EdgeUpgradeStatus | Readonly |
| host_status | Host upgrade status | HostUpgradeStatus | Readonly |
| overall_upgrade_status | Status of upgrade | string | Required Readonly Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED |
UpgradeStatusSummary (schema)
Upgrade status summry
| Name | Description | Type | Notes |
|---|---|---|---|
| upgrade_bundle_present | True if upgrade bundle is present | boolean | |
| upgrade_metadata | Meta info of upgrade | object | |
| upgrade_steps | List of all upgrade steps performed | array of object |
UpgradeSummary (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| component_target_versions | array of ComponentTargetVersion | Readonly | |
| pre_upgrade_bundle_version | Current version of pre-upgrade bundle | string | Required Readonly |
| system_version | Current system version | string | Required Readonly |
| target_version | Target system version | string | Required Readonly |
| upgrade_bundle_file_name | Name of the last successfully uploaded upgrade bundle file | string | Readonly |
| upgrade_coordinator_updated | Has upgrade coordinator been updated after upload of upgrade bundle file | boolean | Readonly |
| upgrade_coordinator_version | Current version of upgrade coordinator | string | Required Readonly |
| upgrade_status | Status of upgrade | string | Required Readonly Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED |
UpgradeTaskActionParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| action | Upgrade task The upgrade task to perform. |
string | Pattern: "^[^/]+$" |
UpgradeTaskProperties (schema)
Task properties
| Name | Description | Type | Notes |
|---|---|---|---|
| bundle_name | Name of Bundle | string | Required |
| parameters | Bundle arguments | object | Readonly |
| step | Step name | string |
UpgradeTaskStatusQueryParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| bundle_name | Bundle Name Provide a bundle name |
string | Pattern: "^[a-zA-Z0-9-.]+$" |
| upgrade_task_id | Upgrade Task ID Provide a task id |
string | Pattern: "^[a-z0-9-]+$" |
UpgradeUnit (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| current_version | Current version of upgrade unit This is component version e.g. if upgrade unit is of type edge, then this is edge version. |
string | Readonly |
| display_name | Name of the upgrade unit | string | |
| group | Info of the group to which this upgrade unit belongs | UpgradeUnitGroupInfo | Readonly |
| id | UUID of the upgrade unit Identifier of the upgrade unit |
string | Required Readonly |
| metadata | Metadata about upgrade unit | array of KeyValuePair | Readonly |
| type | Upgrade unit type | string | |
| warnings | List of warnings indicating issues with the upgrade unit that may result in upgrade failure | array of string | Readonly |
UpgradeUnitAggregateInfo (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| current_version | Current version of upgrade unit This is component version e.g. if upgrade unit is of type edge, then this is edge version. |
string | Readonly |
| display_name | Name of the upgrade unit | string | |
| errors | List of errors occurred during upgrade of this upgrade unit | array of string | Readonly |
| group | Info of the group to which this upgrade unit belongs | UpgradeUnitGroupInfo | Readonly |
| id | Identifier of the upgrade unit Identifier of the upgrade unit |
string | Required Readonly |
| metadata | Metadata about upgrade unit | array of KeyValuePair | Readonly |
| percent_complete | Indicator of upgrade progress in percentage | number | Required Readonly |
| post_upgrade_checks | UpgradeCheckListResults | Readonly | |
| pre_upgrade_checks | UpgradeCheckListResults | Readonly | |
| status | Status of upgrade unit | string | Required Readonly Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED |
| type | Upgrade unit type | string | |
| warnings | List of warnings indicating issues with the upgrade unit that may result in upgrade failure | array of string | Readonly |
UpgradeUnitAggregateInfoListRequestParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| component_type | Component type based on which upgrade units to be filtered | string | |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| group_id | Identifier of group based on which upgrade units to be filtered | string | |
| has_errors | Flag to indicate whether to return only upgrade units with errors | boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| metadata | Metadata about upgrade unit to filter on | string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| selection_status | Flag to indicate whether to return only selected, only deselected or both type of upgrade units | string | Enum: SELECTED, DESELECTED, ALL Default: "ALL" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string | |
| upgrade_unit_display_name | Display name of upgrade unit Display name of upgrade unit to filter the results on. String matching for the filter is case-insensitive. |
string |
UpgradeUnitAggregateInfoListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paged collection of UpgradeUnit AggregateInfo | array of UpgradeUnitAggregateInfo | Required Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
UpgradeUnitGroup (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | Flag to indicate whether upgrade of this group is enabled or not | boolean | Default: "True" |
| extended_configuration | Extended configuration for the group Extended configuration for the group. Following extended_configuration is supported: Key: upgrade_mode Supported values: maintenance_mode, in_place, stage_in_vlcm Key: maintenance_mode_config_vsan_mode Supported values: evacuate_all_data, ensure_object_accessibility, no_action Key: maintenance_mode_config_evacuate_powered_off_vms Supported values: true, false Key: rebootless_upgrade Supported values: true, false |
array of KeyValuePair | Maximum items: 100 |
| id | Unique identifier of this resource | string | Sortable |
| parallel | Upgrade method to specify whether the upgrade is to be performed in parallel or serially | boolean | Default: "True" |
| pause_after_each_upgrade_unit | Flag to indicate whether upgrade should be paused after upgrade of each upgrade-unit | boolean | Default: "False" |
| resource_type | Must be set to the value UpgradeUnitGroup | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| type | Component type | string | Required |
| upgrade_unit_count | Count of upgrade units in the group Number of upgrade units in the group |
int | Readonly |
| upgrade_units | List of upgrade units in the group | array of UpgradeUnit | Maximum items: 100 |
UpgradeUnitGroupAggregateInfo (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| enabled | Flag to indicate whether upgrade of this group is enabled or not | boolean | Default: "True" |
| extended_configuration | Extended configuration for the group | array of KeyValuePair | Maximum items: 100 |
| failed_count | Number of nodes in the upgrade unit group that failed upgrade | int | Readonly |
| group_level_failure | Reports failures that occured at the group or cluster level. | array of string | Readonly |
| id | Unique identifier of this resource | string | Sortable |
| parallel | Upgrade method to specify whether the upgrade is to be performed in parallel or serially | boolean | Default: "True" |
| percent_complete | Indicator of upgrade progress in percentage | number | Required Readonly |
| post_upgrade_status | Post-upgrade status of group | UpgradeChecksExecutionStatus | Readonly |
| resource_type | Must be set to the value UpgradeUnitGroupAggregateInfo | string | |
| status | Upgrade status of upgrade unit group | string | Required Readonly Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| type | Component type | string | Required |
| upgrade_unit_count | Count of upgrade units in the group Number of upgrade units in the group |
int | Readonly |
| upgrade_units | List of upgrade units in the group | array of UpgradeUnit | Maximum items: 100 |
UpgradeUnitGroupAggregateInfoListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paged collection of upgrade status for upgrade unit groups | array of UpgradeUnitGroupAggregateInfo | Required Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
UpgradeUnitGroupInfo (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| display_name | Name of the group | string | Required Readonly |
| id | UUID of group Identifier of group |
string | Required Readonly |
UpgradeUnitGroupListRequestParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| component_type | Component type based on which upgrade unit groups to be filtered | string | |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string | |
| summary | Flag indicating whether to return summary | boolean | Default: "False" |
| sync | Synchronize before returning upgrade unit groups If true, synchronize with the management plane before returning upgrade unit groups |
boolean | Default: "False" |
UpgradeUnitGroupListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paged Collection of Upgrade unit groups | array of UpgradeUnitGroup | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
UpgradeUnitGroupStatus (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| failed_count | Number of nodes in the upgrade unit group that failed upgrade | int | Readonly |
| group_id | UUID of upgrade unit group Identifier for upgrade unit group |
string | Required Readonly |
| group_name | Upgrade unit group Name Name of the upgrade unit group |
string | Required Readonly |
| percent_complete | Indicator of upgrade progress in percentage | number | Required Readonly |
| status | Upgrade status of upgrade unit group | string | Required Readonly Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED |
| upgrade_unit_count | Number of upgrade units in the group | int | Required Readonly |
UpgradeUnitGroupStatusListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paged collection of upgrade status for upgrade unit groups | array of UpgradeUnitGroupStatus | Required Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
UpgradeUnitList (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| list | Collection of Upgrade units | array of UpgradeUnit | Required |
UpgradeUnitListRequestParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| component_type | Component type based on which upgrade units to be filtered | string | |
| current_version | Current version of upgrade unit based on which upgrade units to be filtered | string | |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| group_id | UUID of group based on which upgrade units to be filtered | string | |
| has_warnings | Flag to indicate whether to return only upgrade units with warnings | boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| metadata | Metadata about upgrade unit to filter on | string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string | |
| upgrade_unit_type | Upgrade unit type based on which upgrade units to be filtered | string |
UpgradeUnitListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paged Collection of Upgrade units | array of UpgradeUnit | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
UpgradeUnitStatus (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| display_name | Name of upgrade unit | string | Required Readonly |
| errors | List of errors occurred during upgrade of this upgrade unit | array of string | Readonly |
| id | UUID of upgrade unit Identifier of upgrade unit |
string | Required Readonly |
| metadata | Metadata about upgrade unit | array of KeyValuePair | Readonly |
| percent_complete | Indicator of upgrade progress in percentage | number | Required Readonly |
| status | Status of upgrade unit | string | Required Readonly Enum: SUCCESS, FAILED, IN_PROGRESS, NOT_STARTED, PAUSING, PAUSED |
UpgradeUnitStatusListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | Paged Collection of upgrade units status | array of UpgradeUnitStatus | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
UpgradeUnitTypeStats (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| node_count | Number of nodes | int | Required Readonly |
| node_with_issues_count | Number of nodes with issues that may cause upgrade failure | int | Readonly |
| type | Type of upgrade unit | string | Required Readonly |
| upgrade_unit_subtype | UpgradeUnit sub type | string | Readonly Enum: RESOURCE, ACTION |
| version | Version of the upgrade unit | string | Required Readonly |
UpgradeUnitTypeStatsList (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | List of upgrade unit type stats | array of UpgradeUnitTypeStats | Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
UpgradeUnitsStatsRequestParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string | |
| sync | Synchronize before returning upgrade unit stats If true, synchronize with the management plane before returning upgrade unit stats |
boolean | Default: "False" |
UploadFileRequestParameters (schema)
Import file request parameters
This holds the requests parameters required to multipart-upload a file.
| Name | Description | Type | Notes |
|---|---|---|---|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| file | File to be uploaded | multipart_file | Required |
UploadTlsCrlRequestParameters (schema)
Upload TlsCrl request parameters
Holds the requests parameters required to multipart-upload a TlsCrl objecta
| Name | Description | Type | Notes |
|---|---|---|---|
| crl_type | Type of CRL The type of the CRL. It can be "OneCRL" or "X509" (default). |
string | Enum: OneCRL, X509 Default: "X509" |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| file | File to be uploaded | multipart_file | Required |
UrlAlias (schema)
Url Alias
Short name or alias of a url. It is used to represent the url.
| Name | Description | Type | Notes |
|---|---|---|---|
| alias | Url Alias Name Short name or alias of url, if any. If not specified, the url can be referenced by its index in the array of urls of the datasource instance as $ |
string | Maximum length: 255 |
| keystore_info | Key Store Info for the URLAlias Key Store information for the URLAlias.Use this property if key store information is different for each url alias. |
KeyStoreInfo | |
| query | Search query of the search api, if any Search query to be applied, if any. If query string is not provided, it will be ignored. |
string | Maximum length: 1024 |
| request_body | A raw request body in the form json format for a given url. This request body will be submitted along with request while giving a post api call. | object | |
| request_headers | A raw request header in the form json format for a given url. This request header will be submitted along with request while giving a api call. | object | |
| request_method | Type of http method Type of the http method (Get, Post) to be used while invoking the given url through dashboard datasource framework. |
string | Enum: Get, Post Default: "Get" |
| url | Url Url to fetch data from. |
string | Required Maximum length: 1024 |
UserInfo (schema)
Authenticated User Info
| Name | Description | Type | Notes |
|---|---|---|---|
| roles | Permissions | array of NsxRole | Required Readonly |
| roles_for_paths | Roles for Paths The roles that are associated with the user, limiting them to a path. In case the path is null, the roles apply everywhere i.e. it is same as the deprecated property roles. |
array of RolesForPath | |
| user_name | User Name | string | Required Readonly |
UserRequestParameters (schema)
Request parameters for user APIs.
Request parameters for user APIs like the /aaa/user-info/* APIs
| Name | Description | Type | Notes |
|---|---|---|---|
| provide_flat_listing | Whether the output provides flat listing of all roles at each level or not | boolean | Default: "False" |
| root_path | Prefix path of the context | string |
VIFGroupAssociationRequestParams (schema)
List request parameters containing virtual network interface external ID and enforcement point path
List request parameters containing virtual network interface external ID and enforcement point path
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| enforcement_point_path | String Path of the enforcement point The path of the enforcement point from which the list of groups needs to be fetched. Forward slashes must be escaped using %2F. If no enforcement point path is specified, the default enforcement point is considered |
string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string | |
| vif_external_id | Virtual network interface external ID | string | Required |
VMDeploymentProgressState (schema)
Deployment progress of node VM
Deployment progress state of node VM. This Object contains name of current deployment step and overall progress percentage.
| Name | Description | Type | Notes |
|---|---|---|---|
| current_step_title | Name of the current step Name of the current running step of deployment |
string | Readonly |
| progress | Progress percentage Overall progress percentage of deployment completed |
integer | Readonly |
VMGroupAssociationRequestParams (schema)
List request parameters containing virtual machine external ID and enforcement point path
List request parameters containing virtual machine external ID and enforcement point path
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| enforcement_point_path | String Path of the enforcement point The path of the enforcement point from which the list of groups needs to be fetched. Forward slashes must be escaped using %2F. If no enforcement point path is specified, the default enforcement point is considered |
string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string | |
| vm_external_id | Virtual machine external ID | string | Required |
VMTagReplicationPolicy (schema)
A policy to replicate tags from once site to other
A policy to replicate tags from once site to other sites.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| groups | Paths of groups Paths of groups (VM tag-based, VM name-based, etc.) that translates into VMs to be replicated from protected site to recovery sites. If no group is specified, none of the VM tag will be replicated from protected site to recovery sites. |
array of string | |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| protected_site | A path of protected site A path of protected site, from where tags of selected VMs will be replicated to recovery sites. |
string | Required |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| recovery_sites | Paths of recovery sites Paths of recovery sites, where tags of selected VMs will be replicated to, from protected site. |
array of string | Required Minimum items: 1 Maximum items: 1 |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value VMTagReplicationPolicy | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
| vm_match_criteria | Matching criteria used for associating VMs Matching criteria used for associating VMs from protected site to VMs on recovery sites. - MATCH_NSX_ATTACHMENT_ID : Associate VMs from the protected site and recovery sites based on NSX attachment ID. - MATCH_BIOS_UUID_NAME : Associate VMs from the protected site and recovery sites based on (VM BIOS UUID + VM Name). |
string | Enum: MATCH_NSX_ATTACHMENT_ID, MATCH_BIOS_UUID_NAME Default: "MATCH_NSX_ATTACHMENT_ID" |
VMTagReplicationPolicyListRequestParameters (schema)
VM tag replication policy list request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| include_mark_for_delete_objects | Include objects that are marked for deletion in results If true, resources that are marked for deletion will be included in the results. By default, these resources are not included. |
boolean | Default: "False" |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
VMTagReplicationPolicyListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of the VM tag replication policies in the results array | integer | Readonly |
| results | Collection of VM tag replication policies | array of VMTagReplicationPolicy | Readonly |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
ValidateCertificateParameters (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| usage | Certificate Usage Type Usage Type of the Certificate, SERVER or CLIENT. Default is SERVER |
CertificateUsageType |
ValueConstraintExpression (schema)
Represents the leaf level value constraint.
Represents the leaf level value constraint to constrain specified attribute
value to the set of values to be allowed/not-allowed.
Example - sourceGroups allowed to have only with list of groups.
{
"operator":"INCLUDES",
"values":["/infra/services/HTTP", "/infra/services/HTTPS"]
}
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| operator | Operation to check for value list for resource attribute of constraint. | string | Required Enum: INCLUDES, EXCLUDES, EQUALS |
| resource_type | Must be set to the value ValueConstraintExpression | string | Required Enum: ValueConstraintExpression, RelatedAttributeConditionalExpression, EntityInstanceCountConstraintExpression, FieldSanityConstraintExpression |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| values | Array of values to perform operation. List of values. |
array of string | Deprecated |
| values_with_type | Array of values to perform operation. List of values. |
ConstraintValue (Abstract type: pass one of the following concrete types) CidrArrayConstraintValue IntegerArrayConstraintValue StringArrayConstraintValue |
VerifyScimUserOrGroupExistsResult (schema)
Verify user/group exists result
| Name | Description | Type | Notes |
|---|---|---|---|
| exists | True if the user/group exists | boolean |
VerifyScimUserOrGroupParameters (schema)
SCIM user/group existence query parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| name | User or group name to search for | string | Required |
VersionList (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| acceptable_versions | List of component versions | array of string | Required |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| resource_type | Must be set to the value VersionList | string | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
VidmInfo (schema)
Vidm Info
| Name | Description | Type | Notes |
|---|---|---|---|
| display_name | User's Full Name Or User Group's Display Name | string | Required Readonly |
| name | Username Or Groupname | string | Required Readonly |
| type | Type | string | Required Readonly Enum: remote_user, remote_group |
VidmInfoListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | List results | array of VidmInfo | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
VidmInfoSearchRequestParameters (schema)
Vidm information search request parameters
| Name | Description | Type | Notes |
|---|---|---|---|
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | |
| included_fields | Comma separated list of fields that should be included in query result Note - this parameter currently only works when used with the search APIs /policy/api/v1/search/query and /policy/api/v1/search/dsl. It is ignored for other list APIs. |
string | |
| page_size | Maximum number of results to return in this page (server may return fewer) | integer | Minimum: 0 Maximum: 1000 Default: "1000" |
| search_string | Search string to search for.
This is a substring search that is case insensitive. |
string | Required |
| sort_ascending | boolean | ||
| sort_by | Field by which records are sorted | string |
View (schema)
Dashboard View
Describes the configuration of a view to be displayed on the dashboard.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Widget Title Title of the widget. |
string | Required Maximum length: 255 |
| exclude_roles | Roles to which the shared view is not visible Comma separated list of roles to which the shared view is not visible. Allows user to prevent the visibility of a shared view to the specified roles. User defined roles can also be specified in the list. The roles can be obtained via GET /api/v1/aaa/roles. Please visit API documentation for details about roles. If include_roles is specified then exclude_roles cannot be specified. |
string | Maximum length: 1024 |
| id | Unique identifier of this resource | string | Sortable |
| include_roles | Roles to which the shared view is visible Comma separated list of roles to which the shared view is visible. Allows user to specify the visibility of a shared view to the specified roles. User defined roles can also be specified in the list. The roles can be obtained via GET /api/v1/aaa/roles. Please visit API documentation for details about roles. |
string | Maximum length: 1024 |
| resource_type | Must be set to the value View | string | |
| shared | Share the view with other users Defaults to false. Set to true to publish the view to other users. The widgets of a shared view are visible to other users. |
boolean | Default: "False" |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| weight | Weightage or placement of the view Determines placement of view relative to other views. The lower the weight, the higher it is in the placement order. |
int | Default: "10000" |
| widgets | Widgets Array of widgets that are part of the view. |
array of WidgetItem | Required Minimum items: 0 |
ViewList (schema)
List of Views
Represents a list of views.
| Name | Description | Type | Notes |
|---|---|---|---|
| views | Array of views Array of views |
array of View | Required Readonly |
ViewQueryParameters (schema)
Parameters for querying views
| Name | Description | Type | Notes |
|---|---|---|---|
| tag | The tag for which associated views to be queried. The tag for which associated views to be queried. For tags specified on views, scope is automatically set to 'nsx-dashboard' and hence scope is ignored for searching views based on tag. |
string | Readonly |
| view_ids | Ids of the Views Comma separated ids of views to be queried. |
string | Readonly Maximum length: 8192 |
| widget_id | Id of widget configuration Id of widget to be queried for all the views it is part of. |
string | Readonly Maximum length: 255 |
VirtualEndpoint (schema)
This endpoint is strictly of the type Virtual
A VirtualEndpoint represents an IP (or nexthop) which is outside
SDDC. It represents a redirection target for RedirectionPolicy.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value VirtualEndpoint | string | Required Enum: VirtualEndpoint, ServiceInstanceEndpoint |
| service_names | Services for which this endpoint to be created One VirtualEndpoint will be created per service name. |
array of string | Required Minimum items: 1 Maximum items: 1 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| target_ips | IP addresses to redirect the traffic to IPs where either inbound or outbound traffic is to be redirected. |
array of IPInfo | Required Minimum items: 1 Maximum items: 1 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
VirtualNetworkInterface (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _last_sync_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| device_key | Device key of the virtual network interface. | string | Required |
| device_name | Device name of the virtual network interface. | string | |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| external_id | External Id of the virtual network inferface. | string | Required |
| host_id | Id of the host on which the vm exists. | string | Required |
| ip_address_info | IP Addresses of the the virtual network interface, from various sources. | array of IpAddressInfo | |
| lport_attachment_id | LPort Attachment Id of the virtual network interface. | string | |
| mac_address | MAC address of the virtual network interface. | string | Required |
| owner_vm_id | Id of the vm to which this virtual network interface belongs. | string | Required |
| owner_vm_type | Owner virtual machine type; Edge, Service VM or other. | string | Readonly Enum: EDGE, SERVICE, REGULAR |
| resource_type | Must be set to the value VirtualNetworkInterface | string | Required |
| scope | List of scopes for discovered resource Specifies list of scope of discovered resource. e.g. if VHC path is associated with principal identity, who owns the discovered resource, then scope id will be VHC path and scope type will be VHC. |
array of DiscoveredResourceScope | |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| uptv2_enabled | Flag to indicate if UPT is enabled Specifies if UPTv2 (Universal Pass-through version 2) compatibility is enabled for the virtual network interface or not. |
boolean | Readonly |
| vm_local_id_on_host | Id of the vm unique within the host. | string | Required |
VirtualNetworkInterfaceListResult (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| cursor | Opaque cursor to be used for getting next page of records (supplied by current result page) | string | Readonly |
| result_count | Count of results found (across all pages), set only on first page | integer | Readonly |
| results | VirtualNetworkInterface list results | array of VirtualNetworkInterface | Required |
| sort_ascending | If true, results are sorted in ascending order | boolean | Readonly |
| sort_by | Field by which records are sorted | string | Readonly |
VlanID (schema)
Virtual Local Area Network Identifier
| Name | Description | Type | Notes |
|---|---|---|---|
| VlanID | Virtual Local Area Network Identifier | integer | Minimum: 0 Maximum: 4094 |
VlanVniRangePair (schema)
Vlan Vni pair resource
Vlan-Vni mapping pair resource in EvpnTenantConfig for ROUTE-SERVER Evpn mode
| Name | Description | Type | Notes |
|---|---|---|---|
| vlans | List of VLAN ids List of VLAN ids and VLAN ranges (specified with '-'). |
string | Required |
| vnis | List of VNI ids List of VNI ids and VNI ranges (specified with '-'). The vni id is used for VXLAN transmission for a given tenant Vlan ID in ROUTE-SERVER Evpn. |
string | Required |
VniPoolConfig (schema)
Vni Pool Config
Vni Pool Configuration.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| children | Subtree for this type within policy tree Subtree for this type within policy tree containing nested elements. Note that this type is applicable to be used in Hierarchical API only. |
array of ChildPolicyConfigResource Children are not allowed for this type |
|
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Identifier to use when displaying entity in logs or GUI Defaults to ID if not set |
string | Maximum length: 255 Sortable |
| end | End value of VNI Pool range | int | Required Minimum: 75001 Maximum: 16777215 |
| id | Unique identifier of this resource | string | Sortable |
| marked_for_delete | Indicates whether the intent object is marked for deletion Intent objects are not directly deleted from the system when a delete is invoked on them. They are marked for deletion and only when all the realized entities for that intent object gets deleted, the intent object is deleted. Objects that are marked for deletion are not returned in GET call. One can use the search API to get these objects. |
boolean | Readonly Default: "False" |
| origin_site_id | A unique identifier assigned by the system for knowing which site owns an object This is a UUID generated by the system for knowing which site owns an object. This is used in Pmaas |
string | Readonly |
| overridden | Indicates whether this object is the overridden intent object Global intent objects cannot be modified by the user. However, certain global intent objects can be overridden locally by use of this property. In such cases, the overridden local values take precedence over the globally defined values for the properties. |
boolean | Readonly Default: "False" |
| owner_id | A unique identifier assigned by the system for the ownership of an object This is a UUID generated by the system for knowing whoes owns this object. This is used in Pmaas |
string | Readonly |
| parent_path | Path of its parent Path of its parent |
string | Readonly |
| path | Absolute path of this object Absolute path of this object |
string | Readonly |
| realization_id | A unique identifier assigned by the system for realizing intent This is a UUID generated by the system for realizing the entity object. In most cases this should be same as 'unique_id' of the entity. However, in some cases this can be different because of entities have migrated thier unique identifier to NSX Policy intent objects later in the timeline and did not use unique_id for realization. Realization id is helpful for users to debug data path to correlate the configuration with corresponding intent. |
string | Readonly |
| relative_path | Relative path of this object Path relative from its parent |
string | Readonly |
| remote_path | Path of the object on the remote end. This is the path of the object on the local managers when queried on the PMaaS service, and path of the object on PMaaS service when queried from the local managers. |
string | Readonly |
| resource_type | Must be set to the value VniPoolConfig | string | |
| start | Start value of VNI Pool range | int | Required Minimum: 75001 Maximum: 16777215 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| unique_id | A unique identifier assigned by the system This is a UUID generated by the GM/LM to uniquely identify entites in a federated environment. For entities that are stretched across multiple sites, the same ID will be used on all the stretched sites. |
string | Readonly |
VrfEvpnL2VniConfig (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| enable_vtep_groups | Flag to enable or disable the creation of vtep groups This is used to enable or disable the creation of vtep groups. Each vtep group is used to group vteps with the same MAC for L2 ECMP usage. |
boolean | Default: "False" |
| l2_vni_configs | L2 VNI configurations associated with the VRF Define L2 VNI and its related route distinguiser and route targets. |
array of VrfL2VniConfig | Required Minimum items: 1 Maximum items: 1 |
VrfL2VniConfig (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| l2_vni | L2 VNI associated with the VRF L2 VNI associated with the VRF. It must be unique and available from the VNI pool defined for EVPN service. |
int | Required |
| route_distinguisher | The unique route distinguisher for the virtual routing and forwarding instance This is a 64 bit number which disambiguates overlapping logical networks, with format in IPAddress: |
string | Required |
| route_targets | Route targets Route targets. |
array of VrfRouteTargets | Required Minimum items: 1 Maximum items: 1 |
VrfRouteTargets (schema)
Vrf Route Targets
Vrf Route Targets for import/export.
| Name | Description | Type | Notes |
|---|---|---|---|
| address_family | Address family Address family. |
string | Enum: L2VPN_EVPN Default: "L2VPN_EVPN" |
| export_route_targets | Export route targets Export route targets with format in ASN: |
array of string | |
| import_route_targets | Import route targets Import route targets with format in ASN: |
array of string |
VrniGlobalCollector (schema)
NSX global configs for VRNI global collector
| Name | Description | Type | Notes |
|---|---|---|---|
| collector_ip | IP address for the global collector collector IP address for the global collector. |
IPAddress | Required |
| collector_port | Port for the global collector Port for the global collector. |
int | Required Minimum: 0 Maximum: 65535 |
| collector_type | Must be set to the value VrniGlobalCollector | GlobalCollectorType | Required |
| report_interval | Report interval for operation data in seconds Report interval for operation data in seconds. |
int | Required Minimum: 1 Maximum: 1800 Default: "30" |
VsphereClusterNodeVMDeploymentConfig (schema)
Deployment config on the Vsphere platform
The Vsphere deployment configuration determines where to deploy the
cluster node VM through a vCenter server. It contains settings that are
applied during install time.
If using DHCP, the following fields must be left unset - dns_servers,
management_port_subnets, and default_gateway_addresses
| Name | Description | Type | Notes |
|---|---|---|---|
| allow_ssh_root_login | Allow root SSH logins If true, the root user will be allowed to log into the VM. Allowing root SSH logins is not recommended for security reasons. |
boolean | Default: "False" |
| compute_id | Cluster identifier or resourcepool identifier The cluster node VM will be deployed on the specified cluster or resourcepool for specified VC server. |
string | Required |
| default_gateway_addresses | Default IPv4 gateway for the VM The default IPv4 gateway for the VM to be deployed must be specified if all the other VMs it communicates with are not in the same subnet. Do not specify this field and management_port_subnets to use only IPv6. Note: only single IPv4 default gateway address is supported and it must belong to management network. IMPORTANT: VMs deployed using DHCP are currently not supported, so this parameter should be specified in case of IPv4. |
array of IPv4Address | Minimum items: 1 Maximum items: 1 |
| default_ipv6_gateway_addresses | Default IPv6 gateway for the VM The default IPv6 gateway for the VM to be deployed must be specified if all the other VMs it communicates with are not in the same subnet. Do not specify this field and management_port_ipv6_subnets to use only IPv4. Note: only single IPv6 default gateway address is supported and it must belong to management network. IMPORTANT: VMs deployed using DHCP are currently not supported, so this parameter should be specified in case of IPv6. |
array of IPv6Address | Minimum items: 1 Maximum items: 1 |
| disk_provisioning | Disk provitioning type Specifies the disk provisioning type of the VM. |
DiskProvisioning | Default: "THIN" |
| dns_servers | DNS servers List of DNS servers. If DHCP is used, the default DNS servers associated with the DHCP server will be used instead. Required if using static IP. |
array of IPAddress | Minimum items: 1 |
| enable_ssh | Enable SSH If true, the SSH service will automatically be started on the VM. Enabling SSH service is not recommended for security reasons. |
boolean | Default: "False" |
| folder_id | Folder identifier Specifies the folder in which the VM should be placed. |
string | |
| host_id | Host identifier The cluster node VM will be deployed on the specified host in the specified VC server within the cluster if host_id is specified. Note: User must ensure that storage and specified networks are accessible by this host. |
string | |
| hostname | Host name or FQDN for the VM Desired host name/FQDN for the VM to be deployed |
string | Required Pattern: "^(?=.{1,255}$)[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?(?:\.[0-9A-Za-z](?:(?:[0-9A-Za-z]|-){0,61}[0-9A-Za-z])?)*?$" |
| management_network_id | Portgroup identifier for management network connectivity Distributed portgroup identifier to which the management vnic of cluster node VM will be connected. |
string | Required |
| management_port_ipv6_subnets | IPv6 port subnets for management port IPv6 Address and subnet configuration for the management port. Do not specify this field and default_ipv6_gateway_addresses to use only IPv4. Note: only one IPv6 address is supported for the management port. IMPORTANT: VMs deployed using DHCP are currently not supported, so this parameter should be specified in case of IPv6. |
array of IPSubnet | Minimum items: 1 Maximum items: 1 |
| management_port_subnets | IPv4 port subnets for management port IPv4 Address and subnet configuration for the management port. Do not specify this field and default_gateway_addresses to use only IPv6. Note: only one IPv4 address is supported for the management port. IMPORTANT: VMs deployed using DHCP are currently not supported, so this parameter should be specified in case of IPv4. |
array of IPSubnet | Minimum items: 1 Maximum items: 1 |
| ntp_servers | NTP servers List of NTP servers. To use hostnames, a DNS server must be defined. If not using DHCP, a DNS server should be specified under dns_servers. |
array of HostnameOrIPAddress | |
| placement_type | Must be set to the value VsphereClusterNodeVMDeploymentConfig | string | Required Enum: VsphereClusterNodeVMDeploymentConfig |
| search_domains | DNS search domain names List of domain names that are used to complete unqualified host names. |
array of string | |
| storage_id | Storage/datastore identifier The cluster node VM will be deployed on the specified datastore in the specified VC server. User must ensure that storage is accessible by the specified cluster/host. |
string | Required |
| vc_id | Vsphere compute identifier for identifying VC server The VC-specific identifiers will be resolved on this VC, so all other identifiers specified in the config must belong to this vCenter server. |
string | Required |
WaveFrontGlobalCollector (schema)
NSX global configs for WAVE_FRONT global collector
| Name | Description | Type | Notes |
|---|---|---|---|
| collector_ip | IP address for the global collector collector IP address for the global collector. |
IPAddress | Required |
| collector_port | Port for the global collector Port for the global collector. |
int | Required Minimum: 0 Maximum: 65535 |
| collector_type | Must be set to the value WaveFrontGlobalCollector | GlobalCollectorType | Required |
| tracing_port | Port for the Wavefront tracing Port for the Wavefront tracing. |
int | Minimum: 0 Maximum: 65535 Default: "30001" |
WeeklyBackupSchedule (schema)
Schedule to specify day of the week and time to take automated backup
| Name | Description | Type | Notes |
|---|---|---|---|
| days_of_week | Days of week when backup is taken. 0 - Sunday, 1 - Monday, 2 - Tuesday, 3 - Wednesday ... | array of integer | Required Minimum items: 1 Maximum items: 7 |
| hour_of_day | Time of day when backup is taken | integer | Required Minimum: 0 Maximum: 23 |
| minute_of_day | Time of day when backup is taken | integer | Required Minimum: 0 Maximum: 59 |
| resource_type | Must be set to the value WeeklyBackupSchedule | string | Required Enum: WeeklyBackupSchedule, IntervalBackupSchedule |
WidgetConfiguration (schema)
Dashboard Widget Configuration
Describes the configuration of a widget to be displayed on the dashboard. WidgetConfiguration is a base type that provides attributes of a widget in-general.
| Name | Description | Type | Notes |
|---|---|---|---|
| _create_time | Timestamp of resource creation | EpochMsTimestamp | Readonly Sortable |
| _create_user | ID of the user who created this resource | string | Readonly |
| _last_modified_time | Timestamp of last modification | EpochMsTimestamp | Readonly Sortable |
| _last_modified_user | ID of the user who last modified this resource | string | Readonly |
| _links | References related to this resource The server will populate this field when returing the resource. Ignored on PUT and POST. |
array of ResourceLink | Readonly |
| _protection | Indicates protection status of this resource Protection status is one of the following: PROTECTED - the client who retrieved the entity is not allowed to modify it. NOT_PROTECTED - the client who retrieved the entity is allowed to modify it REQUIRE_OVERRIDE - the client who retrieved the entity is a super user and can modify it, but only when providing the request header X-Allow-Overwrite=true. UNKNOWN - the _protection field could not be determined for this entity. |
string | Readonly |
| _revision | Generation of this resource config The _revision property describes the current revision of the resource. To prevent clients from overwriting each other's changes, PUT operations must include the current _revision of the resource, which clients should obtain by issuing a GET operation. If the _revision provided in a PUT request is missing or stale, the operation will be rejected. |
int | |
| _schema | Schema for this resource | string | Readonly |
| _self | Link to this resource | SelfResourceLink | Readonly |
| _system_owned | Indicates system owned resource | boolean | Readonly |
| condition | Expression for evaluating condition If the condition is met then the widget will be displayed to UI. If no condition is provided, then the widget will be displayed unconditionally. |
string | Maximum length: 1024 |
| datasources | Array of Datasource Instances with their relative urls The 'datasources' represent the sources from which data will be fetched. Currently, only NSX-API is supported as a 'default' datasource. An example of specifying 'default' datasource along with the urls to fetch data from is given at 'example_request' section of 'CreateWidgetConfiguration' API. |
array of Datasource | Minimum items: 0 |
| default_filter_value | Default filter value to be passed to datasources Default filter values to be passed to datasources. This will be used when the report is requested without filter values. |
array of DefaultFilterValue | |
| description | Description of this resource | string | Maximum length: 1024 Sortable |
| display_name | Widget Title Title of the widget. If display_name is omitted, the widget will be shown without a title. |
string | Maximum length: 255 |
| drilldown_id | Id of drilldown widget Id of drilldown widget, if any. Id should be a valid id of an existing widget. A widget is considered as drilldown widget when it is associated with any other widget and provides more detailed information about any data item from the parent widget. |
string | Maximum length: 255 |
| feature_set | Features required to view the widget Features required to view the widget. |
FeatureSet | |
| filter | Id of filter widget for subscription Id of filter widget for subscription, if any. Id should be a valid id of an existing filter widget. Filter widget should be from the same view. Datasource URLs should have placeholder values equal to filter alias to accept the filter value on filter change. This field is deprecated instead use 'filters' property. |
string | Deprecated |
| filter_value_required | Flag to indicate if filter value is necessary Flag to indicate that widget will continue to work without filter value. If this flag is set to false then default_filter_value is manadatory. |
boolean | Default: "True" |
| filters | A List of filter ids applied to this widget configuration A List of filter applied to this widget configuration. This will be used to identify the filters applied to this widget. |
array of string | |
| footer | Footer | ||
| icons | Icons Icons to be applied at dashboard for widgets and UI elements. |
array of Icon | |
| id | Unique identifier of this resource | string | Sortable |
| is_drilldown | Set as a drilldown widget Set to true if this widget should be used as a drilldown. |
boolean | Default: "False" |
| legend | Legend for the widget Legend to be displayed. If legend is not needed, do not include it. |
Legend | |
| plot_configs | List of plotting configuration for a given widget. List of plotting configuration for a given widget. Widget plotting configurations which are common across all the widgets types should be define here. |
array of WidgetPlotConfiguration | |
| resource_type | Must be set to the value WidgetConfiguration | string | Required Readonly Enum: LabelValueConfiguration, DonutConfiguration, MultiWidgetConfiguration, ContainerConfiguration, StatsConfiguration, GridConfiguration, GraphConfiguration, CustomWidgetConfiguration, CustomFilterWidgetConfiguration, TimeRangeDropdownFilterWidgetConfiguration, DropdownFilterWidgetConfiguration, SpacerWidgetConfiguration, LegendWidgetConfiguration Maximum length: 255 |
| rowspan | Vertical span Represents the vertical span of the widget / container. 1 Row span is equal to 20px. |
int | Minimum: 1 |
| shared | Visiblity of widgets to other users Please use the property 'shared' of View instead of this. The widgets of a shared view are visible to other users. |
boolean | Deprecated |
| show_header | This decides to show the container header or not. If the value of this field is set to true then card header will be displayed otherwise only card will be displayed without header. |
boolean | |
| span | Horizontal span Represents the horizontal span of the widget / container. |
int | Minimum: 1 Maximum: 12 |
| tags | Opaque identifiers meaningful to the API user | array of Tag | Maximum items: 30 |
| weight | Weightage or placement of the widget or container Specify relavite weight in WidgetItem for placement in a view. Please see WidgetItem for details. |
int | Deprecated |
WidgetConfigurationList (schema)
List of Widget Configurations
Represents a list of widget configurations.
| Name | Description | Type | Notes |
|---|---|---|---|
| widgetconfigurations | Array of widget configurations Array of widget configurations |
array of WidgetConfiguration (Abstract type: pass one of the following concrete types) ContainerConfiguration CustomFilterWidgetConfiguration CustomWidgetConfiguration DonutConfiguration DropdownFilterWidgetConfiguration FilterWidgetConfiguration GraphConfiguration GridConfiguration LabelValueConfiguration LegendWidgetConfiguration MultiWidgetConfiguration SpacerWidgetConfiguration StatsConfiguration TimeRangeDropdownFilterWidgetConfiguration WidgetConfiguration |
Required Readonly |
WidgetItem (schema)
Widget held by MultiWidgetConfiguration or Container or a View
Represents a reference to a widget that is held by a container or a multi-widget or a View.
| Name | Description | Type | Notes |
|---|---|---|---|
| alignment | Alignment of widget inside container Aligns widget either left or right. |
string | Enum: LEFT, RIGHT Default: "LEFT" |
| label | Label of the the report Applicable for 'DonutConfiguration' and 'StatsConfiguration' reports only. If label is not specified, then it defaults to the label of the donut or stats report. |
Label | |
| rowspan | Vertical span Represents the vertical span of the widget / container |
int | Minimum: 1 |
| separator | A separator after this widget If true, separates this widget in a container. |
boolean | Default: "False" |
| span | Horizontal span Represents the horizontal span of the widget / container. |
int | Minimum: 1 Maximum: 12 |
| weight | Weightage or placement of the widget or container Determines placement of widget or container relative to other widgets and containers. The lower the weight, the higher it is in the placement order. |
int | Default: "10000" |
| widget_id | Id of the widget configuration Id of the widget configuration that is held by a multi-widget or a container or a view. |
string | Required Maximum length: 255 |
WidgetPlotConfiguration (schema)
Base type for widget plot config
Base type for widget plot config.
| Name | Description | Type | Notes |
|---|---|---|---|
| allow_maximize | Allow maximize capability for this widget Allow maximize capability for this widget |
boolean | |
| condition | Expression for evaluating condition for this chart config If the condition is met then the given chart config is applied to the widget configuration. |
string | Maximum length: 1024 |
WidgetQueryParameters (schema)
Parameters for querying widget configurations
| Name | Description | Type | Notes |
|---|---|---|---|
| container | Id of the container Id of the container whose widget configurations are to be queried. |
string | Readonly Maximum length: 255 |
| widget_ids | Ids of the WidgetConfigurations Comma separated ids of WidgetConfigurations to be queried. |
string | Readonly Maximum length: 8192 |
X509Certificate (schema)
| Name | Description | Type | Notes |
|---|---|---|---|
| dsa_public_key_g | One of the DSA cryptogaphic algorithm's strength parameters, base. | string | Readonly |
| dsa_public_key_p | One of the DSA cryptogaphic algorithm's strength parameters, prime. | string | Readonly |
| dsa_public_key_q | One of the DSA cryptogaphic algorithm's strength parameters, sub-prime. | string | Readonly |
| dsa_public_key_y | One of the DSA cryptogaphic algorithm's strength parameters. | string | Readonly |
| ecdsa_curve_name | ECDSA Curve Name The Curve name for the ECDSA certificate. |
string | Readonly |
| ecdsa_ec_field | ECDSA Elliptic Curve Finite Field Represents an elliptic curve (EC) finite field in ECDSA. |
string | Readonly Enum: F2M, FP |
| ecdsa_ec_field_f2mks | ECDSA Elliptic Curve F2MKS The order of the middle term(s) of the reduction polynomial in elliptic curve (EC) | characteristic 2 finite field.| Contents of this array are copied to protect against subsequent modification in ECDSA. |
array of integer | Readonly |
| ecdsa_ec_field_f2mm | ECDSA Elliptic Curve F2MM The first coefficient of this elliptic curve in elliptic curve (EC) | characteristic 2 finite field for ECDSA. |
integer | Readonly |
| ecdsa_ec_field_f2mrp | ECDSA Elliptic Curve F2MRP The value whose i-th bit corresponds to the i-th coefficient of the reduction polynomial | in elliptic curve (EC) characteristic 2 finite field for ECDSA. |
string | Readonly |
| ecdsa_ec_field_f2pp | ECDSA Elliptic Curve F2PP The specified prime for the elliptic curve prime finite field in ECDSA. |
string | Readonly |
| ecdsa_public_key_a | ECDSA Elliptic Curve Public Key A The first coefficient of this elliptic curve in ECDSA. |
string | Readonly |
| ecdsa_public_key_b | ECDSA Elliptic Curve Public Key B The second coefficient of this elliptic curve in ECDSA. |
string | Readonly |
| ecdsa_public_key_cofactor | ECDSA Elliptic Curve Public Key Cofactor The co-factor in ECDSA. |
integer | Readonly |
| ecdsa_public_key_generator_x | ECDSA Elliptic Curve Public Key X X co-ordinate of G (the generator which is also known as the base point) in ECDSA. |
string | Readonly |
| ecdsa_public_key_generator_y | ECDSA Elliptic Curve Public Key Y Y co-ordinate of G (the generator which is also known as the base point) in ECDSA. |
string | Readonly |
| ecdsa_public_key_order | ECDSA Elliptic Curve Public Key Order The order of generator G in ECDSA. |
string | Readonly |
| ecdsa_public_key_seed | ECDSA Elliptic Curve Public Key Seed The bytes used during curve generation for later validation in ECDSA.| Contents of this array are copied to protect against subsequent modification. |
array of string | Readonly |
| is_ca | True if this is a CA certificate. | boolean | Required Readonly |
| is_valid | True if this certificate is valid. | boolean | Required Readonly |
| issuer | The certificate issuers complete distinguished name. | string | Required Readonly |
| issuer_cn | The certificate issuer's common name. | string | Readonly |
| not_after | The time in epoch milliseconds at which the certificate becomes invalid. | EpochMsTimestamp | Required Readonly |
| not_before | The time in epoch milliseconds at which the certificate becomes valid. | EpochMsTimestamp | Required Readonly |
| public_key_algo | Public Key Algorithm Cryptographic algorithm used by the public key for data encryption. |
string | Required Readonly |
| public_key_length | Size measured in bits of the public/private keys used in a cryptographic algorithm. | integer | Readonly |
| rsa_public_key_exponent | An RSA public key is made up of the modulus and the public exponent. Exponent is a power number. | string | Readonly |
| rsa_public_key_modulus | An RSA public key is made up of the modulus and the public exponent. Modulus is wrap around number. | string | Readonly |
| serial_number | Certificate's serial number. | string | Required Readonly |
| sha_256_thumbprint | SHA256 thumbprint, in hex The SHA256 thumbprint of the certificate, in hexadecimal notation. |
string | Readonly |
| signature | The signature value(the raw signature bits) used for signing and validate the cert. | string | Required Readonly |
| signature_algorithm | The algorithm used by the Certificate Authority to sign the certificate. | string | Required Readonly |
| subject | The certificate owners complete distinguished name. | string | Required Readonly |
| subject_cn | The certificate owner's common name. | string | Readonly |
| version | Certificate version (default v1). | string | Required Readonly |
X509Crl (schema)
A CRL is a time-stamped list identifying revoked certificates.
| Name | Description | Type | Notes |
|---|---|---|---|
| crl_entries | List of X509CrlEntry. | array of X509CrlEntry | Readonly |
| issuer | Issuer's distinguished name. (DN) | string | Readonly |
| next_update | Next update time for the CRL. | string | Readonly |
| version | CRL's version number either 1 or 2. | string | Readonly |
X509CrlEntry (schema)
Each revoked certificate is identified in a CRL by its certificate serial number.
| Name | Description | Type | Notes |
|---|---|---|---|
| revocation_date | Revocation date. | string | Readonly |
| serial_number | The revoked certificate's serial number. | string | Readonly |